A year after the serious cyber-attack that struck nearly 58 government departments, Nepal again fell prey to international hackers in the last week of September 2018.
In a latest move, a hacker (suspected to be operating) from Indonesia has reportedly hacked the country’s only international airport’s, the Tribhuvan International Airport (TIA), official website on September 28, 2018, resulting in its shutdown continuously for two working days.
However, the site was finally restored on September 30, 2018.
At around 1.32 PM on September 28, 2018, the hacker took onto the social networking site to announce that the site was hacked.
He posted “Tribhuvan International Airport Hacked!” a status message along with a weblink, redirecting to the airport’s official site, attached to the account named ‘Typical Idiot Security’.
Besides TIA, Public Service Commission was another government department that witnessed the jolt in the last week.
The latest incident questions the security robustness of Nepal’s government websites that were upgraded in 2017 after a similar attack on nearly 58 government departments, which also resulted in formation of a three-member panel to address the scenario.
The latest hack was reported despite the safeguard measures taken by the special panel. However, the Director General at the Department of Information and Technology Laxmi Prasad Yadav disagrees to that.
“It is not that we have not done anything to safeguard the digital presence of the government. The challenge in the field of information and technology, however, is so severe that one cannot guarantee 100 percent safety,” Yadav adds.
Aftermath 2017 Cyber Attack
After the security breach of 58 government websites in July 2017, the Government of Nepal had issued a circular to all government departments and agencies to get their security audits done.
Eventually, all those departmental websites were brought under the Government Integrated Data Centre to safeguard their data.
While Yadav says the government’s decision could control the menace to some extent, another department official says that many government agencies haven’t fulfilled the circular requirements.
“There are certain agencies whose digital presence are regularly monitored and some others who do not feel necessary to comply with the circular,” adds the official, informing that only some government agencies undergo safety and security audits before and after implementation of procedures.
“Like financial audit, security audit of websites too needs to be considered seriously. The government should make necessary arrangements to look at server-side threat, security status of web content as well as the hosting agency,” says Rajan Raj Panta Cyber Security Expert.
Panta feels that analyzing and staying updated to hacking trends is utmost important to avoid such incidents.