Prosecution Of Cyber Hacking Targeting State Institutions In Nepal
Legal Framework
Cyber hacking targeting government or state institutions in Nepal is primarily addressed under:
Electronic Transactions Act, 2063 BS (2006) – criminalizes unauthorized access, hacking, tampering with electronic data, and cyber fraud.
Muluki Criminal Code, 2074 BS (2017) – addresses unauthorized computer access, data theft, hacking, and offenses against state security.
Nepal Police Cyber Bureau – responsible for investigation and enforcement of cybercrime laws against state institutions.
The key elements in prosecution include: unauthorized access, intent to manipulate or steal data, the nature of the state institution affected, and evidence linking the accused to the attack.
Detailed Case Analyses
Case 1: Hacking of Nepal Army Website (2023)
Facts: A 21-year-old engineering student accessed the Nepal Army’s website and attempted to modify its content. The intrusion caused temporary disruption of online services.
Charges: Unauthorized access under the Electronic Transactions Act; potential threat to national security under Criminal Code.
Outcome: Arrested by the Cyber Bureau; remanded for investigation. The case highlighted the seriousness of hacking military institutions, even by individuals with no prior criminal record.
Significance: First widely reported case of an individual hacking a military institution in Nepal, setting a precedent for cybercrime prosecutions against defense-related systems.
Case 2: DDoS Attack on Government Websites (2023)
Facts: Approximately 500 government websites, including the National Government Portal and immigration portals, were taken offline due to a Distributed Denial of Service (DDoS) attack.
Charges: Unauthorized interference with state computer systems under ETA and Criminal Code provisions.
Outcome: Investigation initiated by the Cyber Bureau. The attackers were not publicly identified; the case primarily emphasized vulnerability assessment.
Significance: Demonstrated large-scale cyber threats against state institutions and the need for preventive cybersecurity measures alongside prosecution.
Case 3: Kalapani-Lipulekh Border Dispute Website Hack (2020)
Facts: During the India-Nepal border dispute, 45 Nepali government websites, including Civil Aviation Authority and National Library portals, were hacked and defaced.
Charges: Unauthorized access and defacement of government websites.
Outcome: Investigation conducted; no formal prosecution details widely publicized.
Significance: Highlighted political-motivated cyber attacks targeting state institutions; showed cross-border complexities in prosecution.
Case 4: Unauthorized Access to Government Data Systems (2020)
Facts: Three individuals accessed various government information systems without authorization and leaked sensitive data.
Charges: Unauthorized computer access and data disclosure under the Electronic Transactions Act.
Outcome: Arrested and remanded by the Cyber Bureau; ongoing investigation aimed at establishing full culpability.
Significance: Demonstrated that even non-violent unauthorized access of state data is treated seriously under Nepalese law.
Case 5: Office of the Prime Minister Database Breach (2025)
Facts: Hacker “ShadowLeak” claimed access to a database of the Office of the Prime Minister and Council of Ministers containing around 100,000 records, offering it for sale on dark-web forums.
Charges: Data theft, unauthorized access, and potential endangerment of state confidentiality.
Outcome: Investigation underway; prosecution complicated by cross-border and dark-web factors.
Significance: Illustrates high-profile cybercrime targeting top-level state institutions, showing the evolving complexity of cybercrime in Nepal.
Case 6: Government Email System Breach (2021)
Facts: Several government email accounts were hacked, and confidential internal communication was leaked online.
Charges: Unauthorized access, computer hacking, and potential violation of national security provisions.
Outcome: Suspects were traced and arrested; investigation focused on both criminal liability and systemic cybersecurity lapses.
Significance: Highlighted that internal administrative systems of state institutions are vulnerable to cyber attacks, emphasizing preventive and punitive measures.
Case 7: Hacking of Local Government Portals (2022)
Facts: Hackers targeted municipal websites to alter tax records and municipal notices. Though minor in scale compared to central government systems, these attacks disrupted local governance services.
Charges: Unauthorized access and tampering with government records.
Outcome: Local police and Cyber Bureau arrested two individuals; court proceedings applied ETA and Criminal Code provisions.
Significance: Showed that even local state institutions are considered critical infrastructure under Nepalese cyber laws.
Observations
Seriousness of cyber attacks on state institutions: Nepal treats hacking of government systems as high-stakes crime due to implications for national security and public trust.
Role of Cyber Bureau: Central agency for investigation; arrests are common, but detailed court outcomes are not always publicized.
Cross-border complications: Many attacks involve foreign actors or dark-web transactions, complicating prosecution.
Proactive legal framework: ETA and Criminal Code provide grounds for prosecution, but forensic and jurisdictional challenges remain.
Preventive measures are essential: Many cases highlight that government IT infrastructure requires robust cybersecurity alongside legal enforcement.
RELATED Blog
comments