As e-commerce and digital governance become more commonplace, the consequences of data breaches will become more severe. Of particular concern are e-governance and financial systems. The former could be exploited to create false identities to hide black money, to misdirect bhatta and cash support, or even alter exam records and academic credentials.
As demonstrated by the massive ATM hack recently such data are already at risk. Though largely unreported, it is an open secret within the Nepali tech community that banks here have significant security vulnerabilities which do not just result from substandard technologies but also from more prosaic errors like the use of pirated cracked software by staff. As banks offer more digital products these vulnerabilities will only grow.
The three incidents of data hacking last week created a buzz amongst techies, but it was what came next that got all of us saying ‘Hail Satan’. Immediately following the 8 April hack, Satan found a security flaw on the popular e-commerce site Daraz. To Daraz’s credit, it was quickly fixed, and Satan even got a note of appreciation from its security team for pointing it out.
Satan then issued specific credible warnings to both the Nepali Congress and Kantipur Media Group on its system vulnerabilities, and made a veiled threat that they would be hacked if they did not fix it. With limited evidence, the hacker claimed to have exploited a security flaw that allowed access to data from any website or database hosted on the .gov.np domains. And as a coup de grace, screenshots proving penetration and violation of Mercantile’s IT systems were shared.
Satan’s aim for publicising vulnerability in Nepali digital systems have not been fully realised. While specialist online tech portals have followed the story, it has not been covered prominently by the mainstream press that would have generated pressure on government bodies and financial regulators to mandate stricter security standards. The media also has a major role in educating the public on personal digital hygiene to keep their own data secure.