Open season on hacking into gov.np

More than 400 Nepal government websites went down for hours on Saturday, disrupting services and inconveniencing thousands of passengers at Kathmandu airport, exposing the vulnerability to hacking of the gov.np domain.

Hackers appear to have targeted the government’s only central data bank at the Government Integrated Data Centre (GIDC) with a ‘Distributed-Denial of Service’ attack, possibly from abroad, and knocked out most government ministry websites, including the database of the Department of Immigration as well as Passports.

The attack began at noon on Saturday and lasted at least four hours. Since it was a holiday, government offices like the Department of Transport’s licensing department or the passport issuance office, were not affected. The greatest disruption was at the airport where chaotic queues began forming at the immigration desks both at the arrival and departure areas.

Many international flights, including those to Delhi, Mumbai, Bangalore, Kuala Lumpur and Doha were delayed by up to three hours. There were serpentine queues at the arrival concourse as the visa machines and consoles at the immigration desk went out of action.

Immigration officials had to manually issue visas and check passports, registering arrivals and departures the old-fashioned way by hand on ledgers. The servers came back online only after technicians at the GIDC made its mainframe inaccessible from abroad. However, the backlog led to flight delays into Saturday evening. Domestic flights were not affected.    

The GIDC is managed by the National Information Technology Centre (NITC) at Singha Darbar, the heart of Nepal’s federal government in Kathmandu, and this is not the first time it has been hacked – although this is the longest and most serious disruption so far.

The NITC said in a statement that it had launched a probe into the cyberattack, and pledged to find the bugs in the system that allowed it to occur. It said its servers were overwhelmed by intentionally generated fake internet users and that shut them down automatically, but added that no data was compromised.

Nepalis travelling abroad need to have their names checked, photos taken and their passports scanned by the system, while students and migrant workers need to have their permits verified on servers. Incoming passengers also need to be checked, with their boarding passes and passports scanned into the database. Foreigners need to get their e-visas checked and verified, vetted on the Interpol database, or obtain a visa on arrival, which is all handled by the immigration server.

With the government servers out of service, none of these functions could take place. However, the website of the prime minister’s office and those of various ministries also went down due to the attack – fanning fears that more serious attacks in future could compromise national security, and the data breach could lead to theft of personal data of Nepalis and foreigners.