National
How Nepalis’ vulnerability grows amid changing nature of cyber crimes
While the organised sector is impacted by cyber attacks, the effect of hackers on individuals is no less significant.Anup Ojha
Cyber crimes have become a global, borderless phenomena. The rapid growth of internet connectivity and information technology has created ample opportunities for criminals. Nepal too is at a high risk of cyber crimes as the country does not have proper legal procedures to address the ever-evolving cyber crimes. In the past few years the country has faced many security breaches on government websites; in late January, about 1,500 government websites were shut down.
The impact of cybercrimes on an individual level is still more alarming. According to the Bhotahity-based cyber bureau of Nepal Police, in the past four years a total of 16,190 complaints have been lodged. It gets an average of 60 to 70 complaints a day, the majority of them related to the hacking of email, social media passwords and other general issues. Officials at the bureau say they are struggling to tackle complex cyber cases without the aid of specialised technical analysis as well as certified experts.
Here is what you need to know about the changing trend of cyber crimes in Nepal:
What are cyber crimes?
Cyber crimes refer to criminal activities that are done with the help of computers, the internet and digital technologies. These include activities like digital identity theft, hacking, cyberstalking, cyberbullying, phishing and other forms of fraud with the use of the internet and electronic devices. They have emerged as a new challenge to the economy, security, social harmony as well as individual well-being.
According to Statista, an online platform specialised in market and consumer data which offers statistics and reports, as of January this year, there were 5.16 billion internet users worldwide, which is 64.4 percent of the global population. Cybercrime statistics show that by 2022, a minimum of 422 million individuals had been impacted.
The internet and new technologies have made peoples’ lives easier. However, they have also brought many negative consequences due to weak cybersecurity measures and lax law enforcement. As technology continues to advance, cyber crimes are likely to be a more persistent threat.
Recently, cyberspace has also been used for geo-political attacks. The recent distributed denial of service (DDoS) attack on Nepal’s websites has mostly been used in geo-political conflicts, notably in the Russian-Ukraine war. Netscout, a US-based cybersecurity company, reported over six million DDoS attacks in the first half of 2022, most of which corresponded with national or regional tensions. DDoS attacks in Finland increased by 258 percent year-on-year in response to its announcement to apply for NATO membership.
Nepal’s National Information Technology Centre (NITC) reported that no data was compromised in the recent attack but given the gravity of DDoS attacks, experts highlight the necessity of thorough digital forensic examinations. As per the Global Cybersecurity Index, which measures the commitments of countries to assess legal, technical, and organisational measures, and capacity development and cooperation, Nepal moved up to the 94th position in 2020 from 106th in 2018. But the country’s overall score remains low at 44.99 (out of 100 points) among 182 countries indexed.
How have cyber crimes evolved in Nepal?
Initially, they started with cases of email and SMS blackmails. But as social media platforms such as Facebook, Twitter, WhatsApp, Skype and LinkedIn became popular, people with criminal mindsets were encouraged to target governments, institutions and individuals.
In January 2017, Nepal saw one of the biggest breaches of the government computer systems, with as many as 58 government websites hacked by a group called “Paradox CyberGhost”. Just two years ago the official website of the President of Nepal was also hacked. And the most recent attack was in Singha Durbar. In late January, about 1,500 government websites were shut, which also affected flights from the Tribhuvan International Airport, raising questions over Nepal’s cybersecurity infrastructure.
Meanwhile, in the past four years, the cyber bureau has recorded 16,190 cases of cyber crimes under different categories like online financial fraud, revenge porn, ransomware attack, defamation, hacking, unauthorised access, among others.
The bureau’s data shows that in the fiscal year 2019-2020 there were only 2,301 cases of cyber crimes lodged. This fiscal year, the number has increased three-fold, to 6,297.
“The number of cyber crimes is steadily inching up, and we are struggling to address all complaints,” said Pashupati Kumar Ray, the bureau’s spokesperson.
Most recorded cybercrimes in Nepal in the past four years are linked to Facebook (4,730), followed by Tik-Tok (447), Instagram (434) and WhatsApp (181). Other platforms such as Twitter, Viber, IMO, and digital wallets are also used by digital fraudsters. Website and email hacking have also become headaches for the victims and the police.
Emerging trends in Nepal
According to the bureau’s data for the past eight months, IT-related financial frauds were the most common cybercrimes. At 955, financial frauds made up 20 percent of the total online crimes in the country, followed by 901 cases of revenge porn, according to Ray. Financial crimes include phishing (attempting to acquire sensitive data such as bank account numbers under a guise), lottery scam including fraudulent offers of work from home and online shopping.
Cases of fake profiles on social media come third, with 898 complaints registered. There were 799 complaints for online blackmailing, and 700 cases of online defamation aimed at assassinating the complainant’s character. In the same period, 648 cases of online harassment and 36 cases of online child sexual abuse were filed.
Why are more Nepalis being targeted?
Cyber crime and Information and Communication Technology (ICT) experts say many people are victimised mainly because they are not literate about cyber security or lack digital awareness. They pointed out Nepalis’ negligence to adopt security measures as another reason.
Cyber security expert Vivek Rana said the youths in the IT sector who used to outsource work are now jobless. They are now looking to make some quick bucks. “We also don’t have cyber regulations and laws to punish offenders. Most of all, the carefree nature of Nepali internet users is to blame.”
Besides that, the lure of easy money has led Nepalis into the traps of online fraudsters.
Who is more vulnerable?
According to cyber bureau, of the total complaints in the past eight months, 36 were of online child sexual abuse.
“Children are more vulnerable because we have found many predators grooming children through online gaming, gifts, and then abusing or exploiting them in some way,” said bureau spokesperson Ray.
There were 38.38 million internet subscribers in the country as of mid-October 2022, according to the Nepal Telecommunications Authority. Internet penetration in the country has now reached far and wide.
Rana says teenagers in rural parts of the country, plus elderly people, are more vulnerable. Many elderly people use mobile phones without understanding the implications of random clicks. The same is true of children. This is why cyber criminals often prey on them.
“They don’t know much about digital safety. Most of the elderly people share their one time passport [OTP], which is a dangerous practice,” said Rana.
Nepal’s laws and manpower
The country has the Electronic Transaction Act, 2008 as its cyber law. But due to lack of necessary amendments, it fails to cover the ever-evolving cyber crimes or to add to the security of a country’s online infrastructure. The Cybercrime Act-2018 is yet to see the light of the day. With weak laws on online security, Nepal’s cyberspace has become a gold mine for innovative hackers.
Although the government in the first week of March formed a high-level panel to draft a cyber security policy, no one knows when the panel will start working.
What is the way ahead?
Cyber experts say the best way out is to make people digitally aware, for which the government should play a proactive role. ICT expert Satish Krishna Kharel said there should be a nationwide awareness campaign to check the rise in cybercrimes.
He says awareness should start from schools, while the government should also train and mobilise digital forensic experts in all the seven provinces to prevent large-scale cybercrimes.
Experts further stress the need to give jurisdiction over cybercrimes to all district courts. Plus, all district police offices should have at least a small unit to handle cases of cyber crime locally.
Rana says the banking service providers and digital wallets should adopt and implement online fraud management systems to decrease the risk of financial cybercrimes.
Similarly, the focus should be on creating opportunities for adept ethical hackers who can keep abreast of current evolutions in cybercrimes.