KATHMANDU, APR 19 -
The hacking of Nepali websites is on the rise in recent months because of the lack of proper security audit before launching websites. Hackers have defaced many Nepali sites, governmental, private and commercial.

Recently, hackers defaced the National Academy of Science and Technology website challenging the government to plug security loopholes in Nepali websites. In recent days the websites of two private banks, two telecommunication service operators and a number of industrial organisations have been preyed upon by hackers.

“The number of hacking incidents is increasing significantly along with the rise in the number of websites every year,” said Saroj Lamichhane, an internet security expert. “However, adopting security measures is

lacking. Many do not even perform the security audit, a vital step to protect a website.”

In 2001, only one government site was hacked but this year the number has already reached 19. So far, 138 governmental websites have been hacked by local and international hackers. The hacked sites include the official website of Nepal government officials in 2007 and the National Planning Commission site in February 2010.

According to experts, national and international hackers target Nepali government sites to gain popularity as most of the sites are not security protected. Experts also say that there are three to four active hacker groups in Nepal.

Apart from governmental sites, around 1,500 private dot com dot np sites are victims of hacking.

Experts said that banks with e-banking service were using international genuine software that was difficult to hack into. However, other pages of the banks are still vulnerable.      

“Most Nepali sites are hacked from outside the country though some times Nepali hackers are involved,” Jwalanta Shrestha, an internet expert said. He said that many Nepali websites were being hacked simply though SQL injection attacks.

SQL injection is a simple technique based on code injection technique to deface any website though which hackers exploit a security vulnerability occurring in the database layer of an application.

Experts underscored the need to form a regulatory body under the High Level Commission for Information and Technology to regulate and monitor Nepali websites and protect them from hackers.

Meanwhile, the government is preparing to form an Information Technology Emergency Response Team (ITERT) under the Ministry of Science and Technology to test and security audit Nepali websites before putting them on the internet. The team will comprise of IT experts, internet security experts and other professionals from IT fields.

“We were always open to audit websites but only the Ministry of Law and Justice approached us,” said Rajan Raj Pant, controller of the Office of the Controller of Certification.

 


Posted on: 2010-04-20 07:23

Post Your Comment

Please note that all the fields marked * are mandatory.

* Full Name

* Address

* Email Address

* Comment
[Some of the HTML tags you can use : <b>, <i>, <a>]

* Captcha

Get another CAPTCHA code