KATHMANDU, MAR 14 – Every month, over a dozen government websites are ‘hacked’ and defamed by cyber criminals. Moreover, experts say the same sites are damaged 10-20 times, taking advantage of the concerned authorities’ failure to maintain security.
Government websites that were hacked at different times include the official websites of the government (www.nepalgov.gov.np), Ministry of Finance (www.mog.gov.np), Supreme Court (www.supremecourt.gov.np), Ministry of Science and Technology (www.most.gov.np), Nepal Telecommunications Authority (www.nta.gov.np) and National Academy of Science and Technology (www.nast.edu.np). Some government sites are still under hackers’ grip.
Internet security experts said the main the weakness of Nepali websites are that they only give priority to running the sites without carrying out the security audit. Website security audit is a must to keep websites safe from hackers, but the government offices are least bothered about this vital matter. So far, only the website of the Ministry of Law and Justice has been audited for security by the Office of the Controller of Certification (OCC) under the Ministry of Science and Technology.
Website security audit is a process that examines web pages, applications used and web servers to find out security weaknesses that would give hackers an opportunity to defame a site. “Security audit should be carried out in frequent intervals,” said Saroj Lammichanne, internet security expert. He added that the trend of allowing various companies to host websites at low cost without knowing their servers’ security provided space for hackers.
Over the last decade, nearly 2,000 sites of the government, commercial banks, telecom companies and private organisations, among others, have been damaged by national and international hackers. Besides, government websites have been attacked more than 200 times (a site may have been attacked multiple times).
Supreme Court (SC) officials said they are maintaining security of the court’s website with their own internal technical team. “We are also preparing to hire two officials—one each for system/security and software section,” said Ramesh Prasad Joshi, IT director at the SC. He added that many Nepali sites were being the victims of hackers for ‘negligence’ to adopt security measures.
The government, for the last two years, has been planning to form an Information Technology Emergency Response Team (ITERT), comprising IT professionals and internet security experts, under the Ministry of Science and Technology. The team will test and carry out security audit of Nepali websites. However, the plan has not been materialised yet for the government’s indecision.
The OCC said it was ready to audit websites if government offices ask. Rajan Raj Pant, controller of the OCC, said websites and information security audit has become vital for any organisation adopting information technology and involved in online transaction such as banks. by Ramesh Shrestha from ekantipur