The Kathmandu Post, 5 Nov 2017
A supposed Palestinian hacker group that goes by “Hacker CWNE” has claimed to have breached the websites of at least 19 agencies of Nepal government.
The latest cyberattack comes just months after hackers compromised 58 government websites. On July 23, a group that called itself “Paradox Cyber Ghost” had broken into 58 sites in the name of “vulnerability test”.
The websites that were broken into this time were that of Ministry of Physical Infrastructure and Transport, Office of the Attorney General, Nepal Engineering Council, Regional Agricultural Directorate, Department of Urban Development and Building Construction, Nepal Seismological Centre, and Solid Waste Management Technical Support Centre, among others, according to a Facebook post on the page of Hacker CWNE published on Wednesday night.
Most of these websites were recovered by Friday evening.
Of the said compromised websites, 16 have IP addresses in Nepal, two in Canada and one in the United States.
Earlier this year, hackers had also breached the website of the Department of Passports in June.
Before that the official website of President of Nepal was compromised in July 2015.
According to Rajan Raj Panta, president of Information Technology Security Emergency Response Team, Nepal (ITSERT-NP), hacking of government websites depends on the level of security provided by the Government Integrated Data Centre, which hosts these websites, and is maintained by the National Information Technology Centre.
“Security of hosting servers and loopholes in the security system determines the safety of any websites. Hackers always look for ways to enter inside the servers by accessing weaker username and passwords,” said Panta. “Hiring of inexperienced IT officers and hosting through fragile servers just for the sake of saving some money makes websites more vulnerable to such attacks. Poor audit of website security and contents are another factors behind frequent hacking of websites in Nepal.”