Why Is The Cybersecurity Of Nepalese Banks So Weak?

Share It On:

The hacking case that occurred on 18th October 2017 (1st Kartik 2074) has been revealed to be the carelessness of the staff and management of NIC Asia Bank. The report published by the bank itself suggests that the cybersecurity of the bank is too weak and handled carelessly.

The bank in co-operation with Rastrya Bank ordered an Indian company named KMPG to study and prepare a report accordingly about the flaws of the system by bypassing the Nepal Police’s Central Investigation Bureau(CIB).

The report submitted by KMPG through Rastrya Bank to the CIB has concealed the fault of the staff and management of NIC Asia Bank. However, the bank’s cybersecurity has been proven to be inadequate.

During the investigation, the higher ranked staff members and management weren’t under the police radar, the Indian company only talked about the technical issues with the bank staff, one of the employees said, “The fact that the bank that safely keeps the money of citizens is careless can be seen clearly on the report provided by KMPG.”

The same report points out that a legal case has been filed at Patan high court against 13 account holders from foreign banks located at eight countries. A 69 paged prosecution provided by the court to Nepal Live claims that not just the management heads but also the IT department of the bank think cyber security isn’t reliable and responsive.

The 11th and 12th pages of the prosecution include the ‘Hack Timeline’ prepared by KMPG, India. It mentions that the wrong information delivered by the cyber combination of the bank along with the frequent cyber attacks that occurred. In addition to these, the timeline includes the use of ‘Keylogger’ software by one of the users along with numerous ‘Malware’ to ‘Smokescreen’ attacks.

The timeline also says that the emails used by the bank were attacked a few days before the bank hack. Usernames and passwords of Mohan Ranjit, Pradhumna Nepali and Patina Pradhan were used to transfer 46 Crore 56 Lakh 50 thousand 5 hundred 5 rupees via swift message. The employees that were mentioned in the prosecution letter stated that they reported the various issues with the cyber system to the concerned authority.

Employees working in the IT department said that they weren’t well trained about swift technology which suggests the carelessness of the bank. The late response is shown by the bank to check the security issues even after knowing that the attacks occurred on 1st of Kartik add up to the negligence shown by the authorities.

The CEO during the hack, and present Deputy CEO, Sudhir Kumar Pandey stated, “No fixed scheduled swift training is conducted for the staff members.” He added Nepal lacks the organizations to provide swift training. His statement mentions, “Training in Nepal are conducted rarely by International companies.”

Roshan Kumar Neupane, recently appointed as the CEO stated, “Sudhir Kumar Pandey takes operational department’s reports”. He added that the swift password and its privacy is the priority of the staff themselves. He says that generally computers are bought with the Windows OS installed. However, cracked OS are also installed sometimes.

Cracked OS being used in computers of banks where electronic payment is carried out is a simple invitation for hackers to hack the system.

Deputy Governor of Rastrya Bank, Chintamadi Sapkota says, “Cracked windows should not be used at banks. The bank is a highly sensitive organization, so using pirated software can prove to be dangerous. There are IT guidelines for the banks to follow, but most banks don’t seem to follow it.”

The hacking case of NIC Asia bank isn’t being investigated the way it should have been. The conclusion of prosecution letter provided by the court raises a question on the sincerity of the employees. This incident portrays the lack of proper cybersecurity in many banks of Nepal.


Share It On:

Recent Posts

Child Online Protection in Nepal: Insights From UNICEF and ChildSafeNet Dialogue

Child Online Protection in Nepal: Insights From UNICEF and ChildSafeNet

Share It On:21st December 2024, Kathmandu A high-level dialogue on child online protection organized by UNICEF, in partnership with ChildSafeNet,

Support Your NPL Team With Ncell’s Exclusive PRBTs

Support Your NPL Team With Ncell’s Exclusive PRBTs

Share It On:20th December 2024, Kathmandu As the finale of the Nepal Premier League (NPL), the ‘Festival of the Himalayas,’

Garima Bank Cash Dividend Proposal: 5% for Shareholders

Garima Bank Cash Dividend Proposal: 5% for Shareholders

Share It On: 20th December 2024, Kathmandu Garima Bikas Bank has announced its decision to offer a cash dividend to

Citizens Bank and SM Dental Partnership: Exclusive Discounts for Digital Payment Users

Citizens Bank and SM Dental Partnership: Exclusive Discounts for Digital

Share It On: 20th December 2024, kathmandu Citizens Bank International Limited has formed a strategic partnership with SM Dental and

Nabil Bank Toll-Free Number for Easy Banking Support: 24/7 Access to Assistance

Nabil Bank Toll-Free Number for Easy Banking Support: 24/7 Access

Share It On: 20th December 2024, kathmandu Nabil Bank Limited has rolled out a new initiative to improve customer support

Ncell Unlimited Data Saapati: 1-Day Internet for Prepaid Users with Low Balance

Ncell Unlimited Data Saapati: 1-Day Internet for Prepaid Users with

Share It On:20th December 2024, kathmandu  Ncell has started to provide Unlimited Data as Saapati, enabling customers to stay online