Prosecution Of Hackers Stealing State Secrets
I. Legal Framework
Electronic Transaction Act, 2063 (2006)
Section 9: Unauthorized access to any computer, network, or information system.
Section 10: Altering, damaging, or destroying data.
Section 11: Unauthorized disclosure or transmission of confidential information.
Punishment: Up to 5 years imprisonment and/or fines depending on severity.
National Security Considerations
Hacking government systems or stealing “state secrets” can invoke provisions related to national security breaches.
Offenses may be escalated to District or Metropolitan Courts.
Cyber Bureau of Nepal Police
Handles investigation, arrests, and prosecution.
Works with IT specialists to collect digital evidence and trace unauthorized access.
II. Case Illustrations
Case 1: Bikash Paudel – Hacking Multiple Government Websites (2016)
Facts:
An 18-year-old IT student hacked multiple Nepali government websites, including telecom and public institution sites.
Stolen data included usernames, passwords, and minor confidential documents.
Legal Issues:
Unauthorized access (Electronic Transaction Act, Section 9)
Theft and exposure of sensitive government data
Outcome:
Arrested by Kathmandu Metropolitan Crime Division.
Brought to District Court; case filed under Sections 9, 10, and 11.
Minor imprisonment (3 months) and fine imposed; case highlighted enforcement against young hackers.
Significance:
Demonstrates that even individual hackers without malicious intent face criminal liability.
Case 2: Lalitpur-Pokhara Hackers Arrested (2020)
Facts:
Three individuals accessed government servers without authorization.
They attempted to extract personal and financial information from citizen databases.
Legal Issues:
Unauthorized access and attempted data theft
Potential disruption of government services
Outcome:
Arrested and case registered in District Court.
Detention during investigation; trial ongoing.
Significance:
Shows proactive monitoring by Cyber Bureau.
Illustrates enforcement against multiple perpetrators acting together.
Case 3: Paradox Cyber Ghost – Large-scale Website Defacement (2017)
Facts:
A hacker group defaced 58 government websites, including the Ministry of Defence and Auditor General Office.
Messages were displayed on the websites; some data exposure suspected.
Legal Issues:
Unauthorized access
Tampering with government digital infrastructure
Threat to national security
Outcome:
Police investigation conducted; arrests made where possible.
Sentencing details are limited publicly, but criminal liability established.
Significance:
Highlights coordinated attacks on state digital infrastructure.
Large-scale defacement qualifies as a serious cybercrime.
Case 4: Chinese Technicians Allegedly Hacked 200 Websites (2019)
Facts:
A company in Kathmandu employing Chinese technicians allegedly hacked over 200 government websites in May 2019.
Included government databases and portals for citizen information.
Legal Issues:
Cross-border unauthorized access
Theft of sensitive government data
Potential espionage elements
Outcome:
Police raided office; laptops seized.
Investigation ongoing; jurisdictional challenges due to foreign nationals.
Significance:
Demonstrates international dimension of cybercrime targeting state secrets.
Raises legal questions of extradition and prosecution.
Case 5: Nepal Public Service Commission Data Dump (2018)
Facts:
Hackers exploited a file upload vulnerability to dump thousands of records from government websites.
Sensitive candidate data exposed publicly.
Legal Issues:
Exploiting technical vulnerabilities for unauthorized access
Disclosure of confidential government data
Outcome:
Investigation by Cyber Bureau; arrests of individuals involved.
Criminal prosecution initiated under Sections 9, 10, and 11.
Significance:
Shows that even non-violent data breaches (no physical damage) carry criminal liability.
Reinforces importance of cybersecurity measures for government portals.
Case 6: Pokhara University Database Breach (2017)
Facts:
Hackers gained access to administrative servers of Pokhara University, including student and faculty data.
Attempted to modify grades and internal records.
Legal Issues:
Unauthorized access to critical administrative systems
Tampering with data affecting institutional integrity
Outcome:
Arrest of local IT students involved.
Fined and required to perform cyber awareness programs.
Significance:
Highlights that hacking offenses, even in semi-governmental institutions, are punishable.
Demonstrates combination of criminal liability and rehabilitation.
III. Observations
Pattern of Crimes:
Individual hackers (youths), organized groups, and foreign actors target government systems.
Motives range from testing skills to data theft and defacement.
Legal Enforcement:
Arrests usually made by Cyber Bureau.
Prosecution under Electronic Transaction Act.
Courts may impose imprisonment, fines, and preventive measures.
Challenges:
Many cases lack publicly available sentencing details.
Cross-border cases complicate jurisdiction.
Large-scale attacks often involve multiple unidentified actors.
Preventive Measures:
Government vulnerability testing, cyber awareness, and monitoring are emphasized.
Legal framework allows prosecution of unauthorized access, data theft, and disclosure.
IV. Conclusion
Criminal liability is clear under Nepalese law for hacking government systems and stealing state secrets.
Prosecutions are active, ranging from individual hackers to organized groups.
Village-level or district-level courts handle cases, with serious breaches escalated to higher courts.
The Electronic Transaction Act forms the backbone of prosecution, supplemented by national security considerations.
RELATED Blog
comments