SlideShare una empresa de Scribd logo

Report on data breach and privacy in nepal during covid19 by shreedeep rayamajhi

S
Shreedeep Rayamajhi

This report analyzes data breaches and privacy issues in Nepal during the COVID-19 pandemic. It discusses several high-profile cases where hackers accessed and leaked personal information from major organizations, including food delivery service Foodmandu, internet provider Vianet, money transfer service Prabhu Money Transfer, and government websites. The report argues there is a lack of awareness and proper implementation of privacy laws in Nepal, as well as insufficient cybersecurity practices among many organizations. Improving cybersecurity culture and legal protections for personal data is needed to address the ongoing risks of data breaches during the pandemic.

Internet
1 de 16
Descargar para leer sin conexión
Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 1
Summary The present crisis situation of COVID19 has pressured different sectors with various issues and challenges directly affecting the technological and physiological behavior of users. These behavioral and psychological changes are subjected to the values and condition of individual users and their presence of mind. This has hugely impacted and questioned the current status of Cyber security situation in developing nations. This report is subjective to the case study done in context of Nepal during the COVID19 where the number of cases of data breach and hacking extensively increased. Data Breach and Privacy are two sides of a coin. Data in technical terms represent the series of numbers or sequences of variables which needs an algorithm or program to be processed and breaching means using tools for unauthorized access of information without consent where as Privacy is a fundamental right of safeguarding personal information related to a person or individual. With the limitation of knowledge and capacity, currently developing nations are struggling to differentiate between the ongoing data breach and data protection issue where personal information of users are stolen and are posted in open forums in regards to the neglected and unsecured system. The hackers blame it to the private companies and the companies blame to the government showcasing a lack of infrastructure and policy. Despite the fact that there is “Privacy Act” which has been legally adopted in Nepal, the citizens of Nepal have not been able to understand and adopt its use. If you look at the current situation there is a gaps of awareness of Privacy Act and its enactment. Even at government level where personal information of citizen are openly shared in different official website of the Nepal Government in the name of communication. Looking at the local culture, technology is upgraded but when it comes to securing the system, the organizations opt for cheaper options and the system is compromised. The basic problem is the culture of underestimating importance of people’s information and undue valuation of system security. It’s the culture vs the behavior where most of the time, system is compromised in lack of values and evolves into a greater nuisance of Cyber hygiene in individual behavior. The recent data breaches cases highlight a wide range of scenario and scope of Cyber security position of the country especially at times of crisis. At organizational level more hackers are attacking the value chain system where as in individual level various phishing and malware are targeted. Data Breach is a dynamic topic which has no radical solution except improving the values and culture of an organization. A lot of the times the problems comes from security laps and carelessness that happens due to ignorance. The problem that is currently seen during the COVID19 crisis may be differential to time and situation but more or less in context of the Cyber security, it is part of the strategy of utilizing the loop hole left behind with the value chain system. At this time of crisis especially in developing nations the problem of data privacy and data protection has become a greater issue. In most of the developing countries Data Privacy law has been pushed due to the enactment of the GDPR but significantly the launching has not change the attitude of the government and people. Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 2
According to Google, “Our systems have detected 18 million malware and phishing Gmail messages per day related to COVID-19, in addition to more than 240 million COVID-related daily spam messages. Our machine learning models have evolved to understand and filter these threats, and we continue to block more than 99.9 percent of spam, phishing and malware from reaching our users.” Cyber security has evolved as a major challenges in developing nation in terms of practice and definition. The standard definition may defines a systematic approach of procedure and series of tasks to be performed but a lot of the time, it demands intuitiveness and promptness. Likewise, in today's world of technology, everything is changing. With this change the definition and practice of Cyber security is also changing and adaptation user behaviors and safeguarding people’s interest in the most effective and efficient way. PRIVACY VS DATA PROTECTION Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 3
Current Law in Nepal Privacy Act of Nepal Chapter-6, Privacy Relating to Data Article 12 To have privacy of data: (1) Every person shall have the right to keep the personal data or details related to him or her confidential. (2) While collecting personal or family data of any person, his or her consent shall be obtained. (3) The data collected by a public body or body corporate upon obtaining the consent of the concerned person shall be used only for the purpose for which such data have been collected. Provided that if any data are demanded for the national security or peace and order, it shall not be deemed to bar to provide such data in accordance with the prevailing law. Link: http://www.lawcommission.gov.np/en/archives/20704 Chapter-10 Collection and Protection of Personal Information Article 25 Protection of collected information: (1) The personal information that has been collected by any public body or remained under the responsibility or control of such a body shall be protected by such body. (2) For the purpose of sub-section (1), the public body shall have to make appropriate arrangement against unauthorized access likely to occur to personal information, or against the possible risk of unauthorized use, change, disclosure, publication or transmission of such information. (3) Notwithstanding anything contained elsewhere in this Section, the public body may disclose or get any personal information disclosed under the prevailing law. Not to use personal information without consent: (1) Except in the following circumstances, the personal information collected by or remained under the responsibility or control of a public body or body corporate shall not be used or given to any one without the consent of the concerned person: (a) It has been published or distributed for the purpose of which the personal information has been collected, (b) If demanded in written form, in the course of investigation or prosecution of a criminal case, by the official authorized for making such investigation or prosecution, (c) If an order is made by the court in the course of taking action on a sub-judice case, (d) If question is to be solved, when it is raised about the qualification or any other matter of the person, who is holding a public post under the prevailing law, (e) If the authorized official demands for any particular kind of information in written form, in order to solve the question raised on any particular matter. Link: http://www.lawcommission.gov.np/en/archives/20694 Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 4
Foodmandu App Hacking Issue Personal Information Cyber Security Issue Hacking | Data Breach | Data Privacy | No of Victims 50,000 March 8, 2019, Foodmandu, an e-commerce company providing on-demand food delivery service across Kathmandu valley encountered data breach on Saturday night. According to a statement released by the company on Sunday, they detected a cyber- attack by a hacker which resulted in unauthorized access of customer data. Names, mailing addresses, email addresses and phone numbers of the users were exposed to cyber attack, according to CEO Nidhaan Shrestha. A Twitter handle by the name of Mr. Mugger revealed the dump of data of 50 thousand Foodmandu users and also disclosed the link associated with the data. Foodmandu, on the other hand, informed that they fixed the loophole in their web application immediately after the incident was noticed. They further stated that they are in regular contact with the Cyber Crime Division and also requested for the security of the dumped data. Claiming that there is no impact on their commercial operations, Foodmandu in the statement assured to resolve the issue at the earliest. Link: https://myrepublica.nagariknetwork.com/news/foodmandu-s-website-hacked-50-thousand- users-data-dumped/ Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 5
Kathmandu Press Website Unauthorized Access: Issue Privacy | Unauthorized Access Cyber Security Issue Unauthorized Access | Hacking | Press Freedom | Data Privacy | No of Victims 1 April 02, KATHMANDU: Online news portal Kathmandu Press [kathmandupress.com] today issued a statement regarding the unauthorised removal of a published content on their website on Tuesday evening. The news outlet’s Chief Editor Kosmos Biswokarma says their team started receiving a volley of responses after publishing a report on involvement of Defence Minister and Prime Minister’s Chief Advisor’s sons in expensive medical equipment procurement deal. “On Wednesday morning, we received a call from Biswas Dhakal and Subhash Sharma from F1Soft, a parent company of Shiran Technologies who manage the development and design of our website. They asked us to remove the report stating there’s immense pressure from ‘above’,” Biswokarma says in the statement. According to the Editor, they explained to Dhakal and Sharma that a published content cannot be taken down but the parties that have issues with the content or have to refute the claims can send a written dissent response. Later at 10:30, they received a call from Shiran Technologies to remove the content. The team warned the developers to not mess with their site, however, despite the warning, the report was taken down. “We tried contacting Biswas Dhakal, Subhash Sharma and Prajwal Maharjan many times after that but to no avail.” Instead of restoring the removed item, the developers jammed the site for almost two hours between 2:00-4:00 pm on the same day, according to the statement. “They finally allowed content upload on being warned with a legal action. “This is perhaps the first instance wherein the web-developers have taken the liberty to remove a published content from the news portal,” Biswokarma says in the statement. Kathmandu Press says it has taken this act as a move to control media and an attack on press freedom. The laws are clear on measures to be taken if someone does not agree to a published report. “We are ready to correct ourselves or face action if our content is misleading or incorrect,” the portal said adding, “we are now consulting with legal experts on how to move forward in this matter.” Link: https://thehimalayantimes.com/kathmandu/kathmandu-press-issues-statement-on- unauthorised-content-removal/ Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 6
Vianet Website Hacked Issue Personal Information Cyber Security Issue Hacking | Data Breach| Data Privacy | No of Victims 160,000 KATHMANDU, April 9: In yet another breach of customer data, Vianet Communications – one of the largest internet service providers in Nepal – suffered a 'serious hack' on Wednesday. Data belonging to more than 160,000 consumers was leaked by a hacker through Twitter. This is the second such data breach incident in a month. Data of Foodmandu – a popular e-commerce food delivery service – was breached by hackers exactly a month ago. On Wednesday, data was leaked by a twitter handle @paapi_kto_mah attaching a link, where the personal data of more than 160,000 Vianet users was made public. The data included emails, phone numbers and addresses. “The data of more than 160,000 users has been compromised. We [Vianet] found out about the situation today [Wednesday] afternoon,” Binay Bohra, managing director of Vianet Communications, told Republica, adding that the company has already informed the Cyber Bureau of Nepal Police. The company also informed that hackers had started to dig the consumer data from Tuesday. “The incident is similar to the hacking of a food delivery company a month ago. It is not clear the Vianet data was compromised by the same group,” said Bohra, adding that Vianet is also investigating the incident. Bohra confirmed that personal information of consumers including phone numbers, addresses and email addresses were made public by the hackers. “The link shared by the hackers has already been taken down with the help of Nepal Telecommunications Authority (NTA),” Bohra added. Meanwhile, the company has accepted that it needs to make the system more powerful to better secure users' information. A month ago, a Twitter user going by the username Mr Mugger had leaked personal information of almost 50,000 users of Foodmandu. Meanwhile, the Cyber Bureau of Nepal Police informed that the company informed about the incident late in the afternoon after several online portals broke the news. The cyber bureau said police have already started investigations into the case. Link: https://myrepublica.nagariknetwork.com/news/hackers-leak-personal-info-of-vianet-users/ Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 7
Prabhu Money Transfer Attack Issue Personal Information Cyber Security Issue Hacking | Data Breach | Data Privacy No of Victims 500 Kathmandu, 10 April,2020 The story has been repeated again with Prabhu Money Transfer being victim. A twitter handle Cyber_hell_god today posted a tweet that said:After the warning, the alleged hacker- as promised tweeted a tweet from a new twitter id where he has added a link which leads to the data dump of around 500 users that includes IP address, E-mail address, name, and phone number. Looking at the user data it seems those of the money senders and recievers.However, there is no any official response from Prabhu Money Transfer on this data breach yet. So we can’t be sure that the data leaked by the alleged hacker is 100% correct. All we can do now is wait for the official response from Prabhu Money Transfer. Such data breach cases have been increasing day by day. First Foodmandu, then Vianet communications and now Prabhu Money Transfer have been the victim. As the alleged hackers say, these companies need to work on increasing cyber securities. User’s data shouldn’t be treated useless and stored inside a weak firewall. Link: https://nepstuff.com/prabhu-money-transfer-user-data-compromised-after-a-leak/ TU engineering Website hacked Issue Personal Information Cyber Security Issue Hacking | Data Breach | Data Privacy | No of Victims 406 April 10, 2020, Kathmandu, Nepal, SATAN (@satan_cyber_god), a twitter sensation hacker has leaked data of Tribhuwan University Teachers and Staffs. Recently, through a Twitter handle with username @satan_cyber_god, the hacker made public the names, departments and email addresses of teachers of Tribhuvan University and CTEVT. Blood groups with their designations have also been made public. Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 8
The hacker has also warned CTEVT to secure its data. He leaked data of 69 people through Pastebin. The link to the Pastebin had been shared to Twitter. Although the data of different departments have been leaked, leaked data contains data from Medicine Department the most.Earlier, the hacker claimed to have leaked the data of Prabhu Money Transfer under Prabhu Group as a demo data. The leaked data included 406 people’s data including, Name, Email Address, Phone Number and IP Address.The same person has also warned Nepali Congress to secure its system else he’d leak the data along with donations received. Link: https://ictframe.com/satan-leaked-data-of-tribhuvan-university-teaching-staffs/ SATAN: Leaking Government Websites’ Data And Threatening Others Issue Personal Information | Login information Cyber Security Issue Hacking | Data Breach | Data Privacy | No of Victims unknown After three days of unavailability on Twitter, SATAN (@satan_cyber_god) tweeted a tweet yesterday. After his return to Twitter, he started posting the website bugs and warning them to fix it as soon as possible. He also leaked the login credentials of some government websites through his twitter handle. He tweeted threatening Kantipur Daily, a pioneer news media in Nepal. In his tweet, he stated that Firebase JSON file’s permission is not set properly in Kantipur Daily’s website. He added, if they don’t fix it, he has to. In his other tweet, he informed Daraz that its site is vulnerable to XSS and possibly more attacks. He then warned them to fix it soon else he would make them fix it.The things got worse when he tweeted the picture saying he was in Mercantile’s system then. He challenged it to do whatever it wanted to do. In case you didn’t know, Mercantile is the official registrar of .np domains. It registers all .np domains. Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 9
After a short time, he again tweeted on the same case. He tweeted saying, “woops! Did i just got access to each and every .np domains of Nepal?” In the same tweet, he uploaded the picture of the database of .np domains. Then, he retweeted the tweet of TechPatro, a tech news portal of Nepal, in which it had said that SATAN was threatening Kantipur Daily, Daraz and Mercantile by saying that he didn’t threaten anyone. He added he was just informing the companies before a black hat exploits the loopholes and harms the website and was doing for fun. He then warned to think before posting such things again.TechPatro responded to its tweet saying that he leaked CTEVT information which can harm a lot of people and recent data breaches triggered phishing attempts to many Viber users recently. After some time, TechPatro noticed a login attempt to its system with a fake IP address of Beijing.He then added a photo saying, “See some more internal images of Nepal’s official domain registrar! GB’s of data! But it’s all safe.”After some time, he shared the login credentials of some government websites and asked if people still take him as a joke.The last tweet of the day threatened Nepal Electricity Authority, an electricity supplier of Nepal. He said, “Nepal electricity authority <3 you will be notified tomorrow!”. He added, “Thanks for the support! Hope we can bring the change together <3”. His tweet ended with “ Operation #Justicefornirmala soon” which suggests people associated with the Nirmala Pant rape and murder case are his next targets. Link: https://ictframe.com/satan-leaking-government-websites-data-and-threatening-others/ Viber Attack Attempt Issue Communication Attack Cyber Security Issue Phising | Data Breach | Data Privacy | No of Victims unknown In recent days, the case of data breach and security threats is increasing in Nepal. With the growth of digital trends and the adaption of digital technology in the country, the risk of a data breach is also getting bigger. Data security has become one of the most needed things at the moment. Viber hack has become widespread with the recent leaks and today we will be discussing the majors taken to avoid such hacks.It has been reported that Viber users in Nepal are getting calls and SMS with Verification Code and Verification Link. Some have reported that they are getting calls from unknown foreign numbers starting with +33.Viber doesn’ send verification code or link until and unless you try to activate the Viber account in the new device. When you activate your account on a new device, Viber calls you as a verification call which ends in a certain time. Getting calls and messages fro the numbers starting with +33 in an active device with an active account is suspicious. If you are getting such calls or messages, you can be sure that someone is trying to hijack your Viber account and we do not recommend you to receive such calls. Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 10
For the convenience of the Viber users, we have gathered some techniques that hackers are trying to exploit your account and you should avoid it. Getting SMS that has a verification link or code from an unknown number or even from Viber. Getting calls from anonymous numbers from foreign countries that usually starts with +33. Randomly opening a QR scanner in your Viber App which only executes when someone tries to access your account from PC. Avoiding your account from being exploited As mentioned above that the link is incoming to your account to get access to your account on PC. Those links are authorization links that are pushed to your smartphone from the user who tries to access your account. Those links are valid for 30 minutes and if you click the link, the login attempts by the anonymous person will be authorized. Eventually, the person gets access to your account and this might get disastrous. We can avoid this situation by taking some precautions. If you are one of the victims of these malicious activities, we request you not to respond to any of these activities. If you are already a victim of such activities, then you can delete the data on your Viber account. Find the steps to follow for protecting your data. Link: https://www.nepalitelecom.com/2020/04/people-facing-viber-hack-attempts-data-leaks.html Hundreds of millions of Facebook user records were exposed on Amazon cloud server Issue Social Media Attack Cyber Security Issue Phising | Data Breach | Data Privacy | No of Victims 540 Million More than 540 million records about Facebook users were publicly exposed on Amazon's cloud computing service, according to a cybersecurity research firm. A report out Wednesday by UpGuard said two third-party Facebook app developers posted the records in plain sight, causing yet another major data breach for the world's biggest social network. According to UpGuard, a Mexico-based media company called Cultura Colectiva was responsible for the biggest leak. It exposed 146 gigabytes of Facebook user data, including account names, IDs and Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 11
details about comments and reactions to posts. It's unclear how many individual users had data exposed. Separately, an app called At the Pool exposed databases that appeared to include data about user IDs, friends, photos and location check ins, as well as unprotected Facebook passwords for 22,000 users. The app — which was meant to help people meet up for offline activities — shut down in 2014. Facebook extends hate speech ban to include white nationalism UpGuard said it alerted Cultura Colectiva and Amazon about the breaches from Cultura Colectiva in January, but no action was taken until Wednesday morning. After Bloomberg reached out to Facebook for a comment about that breach, an Amazon "storage bucket" with the data from Cultura Colectiva was secured. Link: https://www.cbsnews.com/news/millions-facebook-user-records-exposed-amazon-cloud-server/ Zoom Attack Attempt Issue Communication Attack Cyber Security Issue Unauthorize Access | Hacking No of Victims unknown Due to corona virus pandemic forced people to stay indoors and work from home, leaving voice and video calls the only way of communication. Zoom video conferencing app has seen an unprecedented level of growth in the past month or so. Because of this sudden growth, several privacy and security concerns surrounding Zoom have come to the fore. Now, a fresh report claims that over 500,000 Zoom accounts have been hacked and are being sold on the dark web. A report by Bleeping Computer states that hackers are selling these Zoom accounts for less than a penny each and in some cases, they are being given away for free. The report adds that this information about free Zoom accounts being posted on hacker forums was first pointed out by Cybersecurity intelligence firm Cyble around April 1. Change Zoom passwords if used elsewhere. These Zoom account credentials include email addresses, passwords, personal meeting URLs, and HostKeys, according to the report. It is highly advisable that users change their Zoom passwords, especially if the same password is used elsewhere. They should try to use unique passwords for each site. Link: https://reviews.com.np/article/over-500000-zoom-accounts-sold-on-hacker-forums-the-dark- web Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 12
Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 13
Recommendation and Suggestion Organization Level 1. At organization level clear values and culture of Cyber security protocols has to be set with regular training and standards defined 2. Deploy anti SPAM policy in the organization and behavior of individuals 3. Install and maintenance of firewall, antivirus solution, schedule signature updates, and monitor the antivirus status on all equipment 4. Regular update of all security systems and patches 5. Deploy a web filter to block malicious websites. 6. Encrypt all sensitive company information. 7. Secure system administrations vulnerabilities and disable third-party or outdated components that could be used as entry points Individual Level 1. At individual level, individual behavior is very important which is hugely influenced by values and cultures 2. Cyber awareness and capacity building program focusing on individual Cyber hygiene 3. Install an antivirus solution, schedule signature updates, and monitor the antivirus status on all equipment 4. Regular update of all security systems and patches 5. Use of encryption for employees that are working from home 6. Be vigilant and create easy communication and talk with your family including children about how to stay safe online 7. Update the privacy settings on your social media accounts; 8. Check and Update your passwords and ensure they strong (a mix of uppercase, lowercase, numbers and special characters); 9. Always confirm before clicking any links or open attachments in emails which you were not expecting to receive, or come from an unknown sender 10. If you feel there is something wrong talk with your technology guys or police 11. Do regular scans on your computers or mobile devices Country Level 1. Regular IT risk assessment Mechanism 2. Awareness and capacity building training on Cyber security hygiene 3. Need of the Cyber Security Operation (CSO)centers 4. Proper research and data management system 5. Securing an effective CRISIS Management System 6. Collaborating and creating favorable environment for multistakeholder dialogue 7. Creating a secure environment for building trust and collaboration Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 14
COVID19 Crisis Information Attack Matrix Types of Attack Values Remarks Cyber Attack Phishing | Ransomware | Malware Disinformation Fake News| Misinformation Social Media Crisis Racism |Hate of Speech | Violence Channeling Disinformation and communication barriers in creating crisis situation through social media Communication Attack Hacking | Data Privacy Economical Attack Strategic Attack on Economic Components Others Addiction | Domestic Violence | Gender Gap Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 15
Reference 1. The Privacy Act, 2075 (2018) http://www.lawcommission.gov.np/en/archives/20722 2. Cyber Security Issues In Nepal, Shreedeep Rayamajhi https://ictframe.com/cyber-security-issues-in-nepal-shreedeep-rayamajhi/ 3. Diplo Foundation IGCBP09 Research Phase A Synopsis of Cyber Warfare & Terrorism Course Objective https://www.researchgate.net/publication/ 313099863_Diplo_Foundation_IGCBP09_Research_Phase_A_Synopsis_of_Cyber_Warfare_Terr orism_Course_Objective 4. No privacy in Nepal http://www.shreedeeprayamajhi.com.np/2020/03/no-privacy-in-nepal.html 5. COVID-19 Cyberthreats https://www.interpol.int/en/Crimes/Cybercrime/COVID-19-cyberthreats 6. Smart Data Module 5 d drive_legislation https://www.slideshare.net/caniceconsulting/smart-data-module-5-d-drivelegislation 7. Privacy and Security issues in Internet https://shreedeeprayamajhi.blogspot.com/2009/08/privacy-and-security-issues-in- internet.html Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 16

Recomendados

Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security Presentation
Wajahat Rajab
 
Operational Security
Operational SecurityOperational Security
Operational Security
Splunk
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
Faheem Ul Hasan
 
Critical infrastructure
Critical infrastructureCritical infrastructure
Critical infrastructure
Prof. David E. Alexander (UCL)
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Physical security
Physical securityPhysical security
Physical security
Dhani Ahmad
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
kishore golla
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 

Recomendados

Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security Presentation
Wajahat Rajab
 
Operational Security
Operational SecurityOperational Security
Operational Security
Splunk
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
Faheem Ul Hasan
 
Critical infrastructure
Critical infrastructureCritical infrastructure
Critical infrastructure
Prof. David E. Alexander (UCL)
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Physical security
Physical securityPhysical security
Physical security
Dhani Ahmad
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
kishore golla
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
MohanPandey31
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
Graham Mann
 
Society, law and ethics identitytheft
Society, law and ethics identitytheftSociety, law and ethics identitytheft
Society, law and ethics identitytheft
vikram mahendra
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
cyber security
cyber securitycyber security
cyber security
BasineniUdaykumar
 
IOT ppt
IOT pptIOT ppt
IOT ppt
Miracle Software Systems, Inc
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
Jay Nagar
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
VSAM Technologies India Private Limited
 
Cyber Hygiene
Cyber HygieneCyber Hygiene
Cyber Hygiene
GAURAV. H .TANDON
 
Incident response
Incident responseIncident response
Incident response
Anshul Gupta
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
Zaid Shabbir
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and Challenges
OWASP Delhi
 
Cyber Crime And Cyber Security
Cyber Crime And Cyber SecurityCyber Crime And Cyber Security
Cyber Crime And Cyber Security
Prashant Sharma
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
A report on cyber Crime
A report on cyber CrimeA report on cyber Crime
A report on cyber Crime
Nikhil Chaudhary
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risks
Parakum Pathirana
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplace
dougfarre
 
Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?
Druva
 
data privacy.pdf data privacy data privacy
data privacy.pdf data privacy data privacydata privacy.pdf data privacy data privacy
data privacy.pdf data privacy data privacy
JohnFelix45
 

Más contenido relacionado

La actualidad más candente

Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 

La actualidad más candente (20)

Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
 
Society, law and ethics identitytheft
Society, law and ethics identitytheftSociety, law and ethics identitytheft
Society, law and ethics identitytheft
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
cyber security
cyber securitycyber security
cyber security
 
IOT ppt
IOT pptIOT ppt
IOT ppt
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
 
Cyber Hygiene
Cyber HygieneCyber Hygiene
Cyber Hygiene
 
Incident response
Incident responseIncident response
Incident response
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and Challenges
 
Cyber Crime And Cyber Security
Cyber Crime And Cyber SecurityCyber Crime And Cyber Security
Cyber Crime And Cyber Security
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
A report on cyber Crime
A report on cyber CrimeA report on cyber Crime
A report on cyber Crime
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risks
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplace
 

Similar a Report on data breach and privacy in nepal during covid19 by shreedeep rayamajhi

data privacy.pdf data privacy data privacy
data privacy.pdf data privacy data privacydata privacy.pdf data privacy data privacy
data privacy.pdf data privacy data privacy
JohnFelix45
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
adampcarr67227
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
msdee3362
 
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Ted Myerson
 
Systems Thinking on a National Level, Part 2Drew David.docx
Systems Thinking on a National Level, Part 2Drew David.docxSystems Thinking on a National Level, Part 2Drew David.docx
Systems Thinking on a National Level, Part 2Drew David.docx
perryk1
 

Similar a Report on data breach and privacy in nepal during covid19 by shreedeep rayamajhi (20)

Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?
 
data privacy.pdf data privacy data privacy
data privacy.pdf data privacy data privacydata privacy.pdf data privacy data privacy
data privacy.pdf data privacy data privacy
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPER
 
Advanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionAdvanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protection
 
Cyber security
Cyber securityCyber security
Cyber security
 
WCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global ContextWCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global Context
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
National Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy AgendaNational Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy Agenda
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Cie 2 cyber law
Cie 2 cyber lawCie 2 cyber law
Cie 2 cyber law
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking techno
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
 
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standards
 
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdf
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdfPRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdf
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdf
 
Accenture four keys digital trust
Accenture four keys digital trustAccenture four keys digital trust
Accenture four keys digital trust
 
Cyber liability and public entities infographic
Cyber liability and public entities infographic Cyber liability and public entities infographic
Cyber liability and public entities infographic
 
Systems Thinking on a National Level, Part 2Drew David.docx
Systems Thinking on a National Level, Part 2Drew David.docxSystems Thinking on a National Level, Part 2Drew David.docx
Systems Thinking on a National Level, Part 2Drew David.docx
 

Más de Shreedeep Rayamajhi

ICANN Fellowship Interaction and Meet Up Program.pdf
ICANN Fellowship Interaction and Meet Up Program.pdfICANN Fellowship Interaction and Meet Up Program.pdf
ICANN Fellowship Interaction and Meet Up Program.pdf
Shreedeep Rayamajhi
 
Comments and suggestion on Zero-Draft-Public-Consultations-FOC-Donor-Principl...
Comments and suggestion on Zero-Draft-Public-Consultations-FOC-Donor-Principl...Comments and suggestion on Zero-Draft-Public-Consultations-FOC-Donor-Principl...
Comments and suggestion on Zero-Draft-Public-Consultations-FOC-Donor-Principl...
Shreedeep Rayamajhi
 

Más de Shreedeep Rayamajhi (20)

ICANN80 Mentoring Call 1 By Shreedeep Rayamajhi.pdf
ICANN80 Mentoring Call 1 By Shreedeep Rayamajhi.pdfICANN80 Mentoring Call 1 By Shreedeep Rayamajhi.pdf
ICANN80 Mentoring Call 1 By Shreedeep Rayamajhi.pdf
 
Social Media Startegy for APrIGF 2024 by Shreedeep Rayamajhi.pdf
Social Media Startegy for APrIGF 2024 by Shreedeep Rayamajhi.pdfSocial Media Startegy for APrIGF 2024 by Shreedeep Rayamajhi.pdf
Social Media Startegy for APrIGF 2024 by Shreedeep Rayamajhi.pdf
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
 
Report ICANN79 At-Large Mentor of Shreedeep Rayamajhi.pdf
Report ICANN79 At-Large Mentor of Shreedeep Rayamajhi.pdfReport ICANN79 At-Large Mentor of Shreedeep Rayamajhi.pdf
Report ICANN79 At-Large Mentor of Shreedeep Rayamajhi.pdf
 
.np present and future, a civil society perspective at APTLD 85
.np present and future, a civil society perspective at APTLD 85.np present and future, a civil society perspective at APTLD 85
.np present and future, a civil society perspective at APTLD 85
 
Report ICANN78 At-Large Mentor of Shreedeep Rayamajhi.pdf
Report ICANN78 At-Large Mentor of Shreedeep Rayamajhi.pdfReport ICANN78 At-Large Mentor of Shreedeep Rayamajhi.pdf
Report ICANN78 At-Large Mentor of Shreedeep Rayamajhi.pdf
 
Introduction and AI and Future Challenges for Sri Lanka Internet Users by Sh...
Introduction and AI and Future Challenges for Sri Lanka Internet Users by Sh...Introduction and AI and Future Challenges for Sri Lanka Internet Users by Sh...
Introduction and AI and Future Challenges for Sri Lanka Internet Users by Sh...
 
ICANN Fellowship Interaction and Meet Up Program.pdf
ICANN Fellowship Interaction and Meet Up Program.pdfICANN Fellowship Interaction and Meet Up Program.pdf
ICANN Fellowship Interaction and Meet Up Program.pdf
 
Comments and suggestion on Zero-Draft-Public-Consultations-FOC-Donor-Principl...
Comments and suggestion on Zero-Draft-Public-Consultations-FOC-Donor-Principl...Comments and suggestion on Zero-Draft-Public-Consultations-FOC-Donor-Principl...
Comments and suggestion on Zero-Draft-Public-Consultations-FOC-Donor-Principl...
 
Challenges of APRALO policy Forum.pdf
Challenges of APRALO policy Forum.pdfChallenges of APRALO policy Forum.pdf
Challenges of APRALO policy Forum.pdf
 
Internet Ecosystem and challenges of IPV6 in Nepal by Shreedeep Rayamajhi.pdf
Internet Ecosystem and challenges of IPV6 in Nepal by Shreedeep Rayamajhi.pdfInternet Ecosystem and challenges of IPV6 in Nepal by Shreedeep Rayamajhi.pdf
Internet Ecosystem and challenges of IPV6 in Nepal by Shreedeep Rayamajhi.pdf
 
Art of Assertive Commnunication, how to be visible in social media by Shreed...
Art of Assertive Commnunication, how to be visible in social media by Shreed...Art of Assertive Commnunication, how to be visible in social media by Shreed...
Art of Assertive Commnunication, how to be visible in social media by Shreed...
 
Internet Ecosystem and its problems, challenges and opportunities Texas Coll...
Internet Ecosystem and its problems, challenges and opportunities Texas Coll...Internet Ecosystem and its problems, challenges and opportunities Texas Coll...
Internet Ecosystem and its problems, challenges and opportunities Texas Coll...
 
Report on Commercial Law Development Program (CLDP)2022 UN Internet Governanc...
Report on Commercial Law Development Program (CLDP)2022 UN Internet Governanc...Report on Commercial Law Development Program (CLDP)2022 UN Internet Governanc...
Report on Commercial Law Development Program (CLDP)2022 UN Internet Governanc...
 
Recommendation and Suggestion for Global Stakeholder Engagement Team.pdf
Recommendation and Suggestion for Global Stakeholder Engagement Team.pdfRecommendation and Suggestion for Global Stakeholder Engagement Team.pdf
Recommendation and Suggestion for Global Stakeholder Engagement Team.pdf
 
Shreedeep Rayamajhi Presentation on Survey Report on Disinformation and its P...
Shreedeep Rayamajhi Presentation on Survey Report on Disinformation and its P...Shreedeep Rayamajhi Presentation on Survey Report on Disinformation and its P...
Shreedeep Rayamajhi Presentation on Survey Report on Disinformation and its P...
 
How to enagage with ICANN Community presentation by Shreedeep Rayamajhi.pdf
How to enagage with ICANN Community presentation by Shreedeep Rayamajhi.pdfHow to enagage with ICANN Community presentation by Shreedeep Rayamajhi.pdf
How to enagage with ICANN Community presentation by Shreedeep Rayamajhi.pdf
 
How to enagage with ICANN Youth IGF 2022 presentation by Shreedeep Rayamajhi...
How to enagage with ICANN Youth IGF 2022 presentation by Shreedeep Rayamajhi...How to enagage with ICANN Youth IGF 2022 presentation by Shreedeep Rayamajhi...
How to enagage with ICANN Youth IGF 2022 presentation by Shreedeep Rayamajhi...
 
Recommendation on IGF Expert Group Meeting 2022 By Shreedeep Rayamajhi.pdf
Recommendation on IGF Expert Group Meeting 2022 By Shreedeep Rayamajhi.pdfRecommendation on IGF Expert Group Meeting 2022 By Shreedeep Rayamajhi.pdf
Recommendation on IGF Expert Group Meeting 2022 By Shreedeep Rayamajhi.pdf
 
Final survey on disinformation and its practice during covid 19 in developing...
Final survey on disinformation and its practice during covid 19 in developing...Final survey on disinformation and its practice during covid 19 in developing...
Final survey on disinformation and its practice during covid 19 in developing...
 

Último

VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Delhi Call girls
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
Delhi Call girls
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
SUHANI PANDEY
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
SUHANI PANDEY
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
soniya singh
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
kojalkojal131
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Chandigarh Call girls 9053900678 Call girls in Chandigarh
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
SUHANI PANDEY
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
roncy bisnoi
 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
kojalkojal131
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Delhi Call girls
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
soniya singh
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 

Último (20)

VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 

Report on data breach and privacy in nepal during covid19 by shreedeep rayamajhi

  • 1. Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 1
  • 2. Summary The present crisis situation of COVID19 has pressured different sectors with various issues and challenges directly affecting the technological and physiological behavior of users. These behavioral and psychological changes are subjected to the values and condition of individual users and their presence of mind. This has hugely impacted and questioned the current status of Cyber security situation in developing nations. This report is subjective to the case study done in context of Nepal during the COVID19 where the number of cases of data breach and hacking extensively increased. Data Breach and Privacy are two sides of a coin. Data in technical terms represent the series of numbers or sequences of variables which needs an algorithm or program to be processed and breaching means using tools for unauthorized access of information without consent where as Privacy is a fundamental right of safeguarding personal information related to a person or individual. With the limitation of knowledge and capacity, currently developing nations are struggling to differentiate between the ongoing data breach and data protection issue where personal information of users are stolen and are posted in open forums in regards to the neglected and unsecured system. The hackers blame it to the private companies and the companies blame to the government showcasing a lack of infrastructure and policy. Despite the fact that there is “Privacy Act” which has been legally adopted in Nepal, the citizens of Nepal have not been able to understand and adopt its use. If you look at the current situation there is a gaps of awareness of Privacy Act and its enactment. Even at government level where personal information of citizen are openly shared in different official website of the Nepal Government in the name of communication. Looking at the local culture, technology is upgraded but when it comes to securing the system, the organizations opt for cheaper options and the system is compromised. The basic problem is the culture of underestimating importance of people’s information and undue valuation of system security. It’s the culture vs the behavior where most of the time, system is compromised in lack of values and evolves into a greater nuisance of Cyber hygiene in individual behavior. The recent data breaches cases highlight a wide range of scenario and scope of Cyber security position of the country especially at times of crisis. At organizational level more hackers are attacking the value chain system where as in individual level various phishing and malware are targeted. Data Breach is a dynamic topic which has no radical solution except improving the values and culture of an organization. A lot of the times the problems comes from security laps and carelessness that happens due to ignorance. The problem that is currently seen during the COVID19 crisis may be differential to time and situation but more or less in context of the Cyber security, it is part of the strategy of utilizing the loop hole left behind with the value chain system. At this time of crisis especially in developing nations the problem of data privacy and data protection has become a greater issue. In most of the developing countries Data Privacy law has been pushed due to the enactment of the GDPR but significantly the launching has not change the attitude of the government and people. Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 2
  • 3. According to Google, “Our systems have detected 18 million malware and phishing Gmail messages per day related to COVID-19, in addition to more than 240 million COVID-related daily spam messages. Our machine learning models have evolved to understand and filter these threats, and we continue to block more than 99.9 percent of spam, phishing and malware from reaching our users.” Cyber security has evolved as a major challenges in developing nation in terms of practice and definition. The standard definition may defines a systematic approach of procedure and series of tasks to be performed but a lot of the time, it demands intuitiveness and promptness. Likewise, in today's world of technology, everything is changing. With this change the definition and practice of Cyber security is also changing and adaptation user behaviors and safeguarding people’s interest in the most effective and efficient way. PRIVACY VS DATA PROTECTION Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 3
  • 4. Current Law in Nepal Privacy Act of Nepal Chapter-6, Privacy Relating to Data Article 12 To have privacy of data: (1) Every person shall have the right to keep the personal data or details related to him or her confidential. (2) While collecting personal or family data of any person, his or her consent shall be obtained. (3) The data collected by a public body or body corporate upon obtaining the consent of the concerned person shall be used only for the purpose for which such data have been collected. Provided that if any data are demanded for the national security or peace and order, it shall not be deemed to bar to provide such data in accordance with the prevailing law. Link: http://www.lawcommission.gov.np/en/archives/20704 Chapter-10 Collection and Protection of Personal Information Article 25 Protection of collected information: (1) The personal information that has been collected by any public body or remained under the responsibility or control of such a body shall be protected by such body. (2) For the purpose of sub-section (1), the public body shall have to make appropriate arrangement against unauthorized access likely to occur to personal information, or against the possible risk of unauthorized use, change, disclosure, publication or transmission of such information. (3) Notwithstanding anything contained elsewhere in this Section, the public body may disclose or get any personal information disclosed under the prevailing law. Not to use personal information without consent: (1) Except in the following circumstances, the personal information collected by or remained under the responsibility or control of a public body or body corporate shall not be used or given to any one without the consent of the concerned person: (a) It has been published or distributed for the purpose of which the personal information has been collected, (b) If demanded in written form, in the course of investigation or prosecution of a criminal case, by the official authorized for making such investigation or prosecution, (c) If an order is made by the court in the course of taking action on a sub-judice case, (d) If question is to be solved, when it is raised about the qualification or any other matter of the person, who is holding a public post under the prevailing law, (e) If the authorized official demands for any particular kind of information in written form, in order to solve the question raised on any particular matter. Link: http://www.lawcommission.gov.np/en/archives/20694 Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 4
  • 5. Foodmandu App Hacking Issue Personal Information Cyber Security Issue Hacking | Data Breach | Data Privacy | No of Victims 50,000 March 8, 2019, Foodmandu, an e-commerce company providing on-demand food delivery service across Kathmandu valley encountered data breach on Saturday night. According to a statement released by the company on Sunday, they detected a cyber- attack by a hacker which resulted in unauthorized access of customer data. Names, mailing addresses, email addresses and phone numbers of the users were exposed to cyber attack, according to CEO Nidhaan Shrestha. A Twitter handle by the name of Mr. Mugger revealed the dump of data of 50 thousand Foodmandu users and also disclosed the link associated with the data. Foodmandu, on the other hand, informed that they fixed the loophole in their web application immediately after the incident was noticed. They further stated that they are in regular contact with the Cyber Crime Division and also requested for the security of the dumped data. Claiming that there is no impact on their commercial operations, Foodmandu in the statement assured to resolve the issue at the earliest. Link: https://myrepublica.nagariknetwork.com/news/foodmandu-s-website-hacked-50-thousand- users-data-dumped/ Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 5
  • 6. Kathmandu Press Website Unauthorized Access: Issue Privacy | Unauthorized Access Cyber Security Issue Unauthorized Access | Hacking | Press Freedom | Data Privacy | No of Victims 1 April 02, KATHMANDU: Online news portal Kathmandu Press [kathmandupress.com] today issued a statement regarding the unauthorised removal of a published content on their website on Tuesday evening. The news outlet’s Chief Editor Kosmos Biswokarma says their team started receiving a volley of responses after publishing a report on involvement of Defence Minister and Prime Minister’s Chief Advisor’s sons in expensive medical equipment procurement deal. “On Wednesday morning, we received a call from Biswas Dhakal and Subhash Sharma from F1Soft, a parent company of Shiran Technologies who manage the development and design of our website. They asked us to remove the report stating there’s immense pressure from ‘above’,” Biswokarma says in the statement. According to the Editor, they explained to Dhakal and Sharma that a published content cannot be taken down but the parties that have issues with the content or have to refute the claims can send a written dissent response. Later at 10:30, they received a call from Shiran Technologies to remove the content. The team warned the developers to not mess with their site, however, despite the warning, the report was taken down. “We tried contacting Biswas Dhakal, Subhash Sharma and Prajwal Maharjan many times after that but to no avail.” Instead of restoring the removed item, the developers jammed the site for almost two hours between 2:00-4:00 pm on the same day, according to the statement. “They finally allowed content upload on being warned with a legal action. “This is perhaps the first instance wherein the web-developers have taken the liberty to remove a published content from the news portal,” Biswokarma says in the statement. Kathmandu Press says it has taken this act as a move to control media and an attack on press freedom. The laws are clear on measures to be taken if someone does not agree to a published report. “We are ready to correct ourselves or face action if our content is misleading or incorrect,” the portal said adding, “we are now consulting with legal experts on how to move forward in this matter.” Link: https://thehimalayantimes.com/kathmandu/kathmandu-press-issues-statement-on- unauthorised-content-removal/ Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 6
  • 7. Vianet Website Hacked Issue Personal Information Cyber Security Issue Hacking | Data Breach| Data Privacy | No of Victims 160,000 KATHMANDU, April 9: In yet another breach of customer data, Vianet Communications – one of the largest internet service providers in Nepal – suffered a 'serious hack' on Wednesday. Data belonging to more than 160,000 consumers was leaked by a hacker through Twitter. This is the second such data breach incident in a month. Data of Foodmandu – a popular e-commerce food delivery service – was breached by hackers exactly a month ago. On Wednesday, data was leaked by a twitter handle @paapi_kto_mah attaching a link, where the personal data of more than 160,000 Vianet users was made public. The data included emails, phone numbers and addresses. “The data of more than 160,000 users has been compromised. We [Vianet] found out about the situation today [Wednesday] afternoon,” Binay Bohra, managing director of Vianet Communications, told Republica, adding that the company has already informed the Cyber Bureau of Nepal Police. The company also informed that hackers had started to dig the consumer data from Tuesday. “The incident is similar to the hacking of a food delivery company a month ago. It is not clear the Vianet data was compromised by the same group,” said Bohra, adding that Vianet is also investigating the incident. Bohra confirmed that personal information of consumers including phone numbers, addresses and email addresses were made public by the hackers. “The link shared by the hackers has already been taken down with the help of Nepal Telecommunications Authority (NTA),” Bohra added. Meanwhile, the company has accepted that it needs to make the system more powerful to better secure users' information. A month ago, a Twitter user going by the username Mr Mugger had leaked personal information of almost 50,000 users of Foodmandu. Meanwhile, the Cyber Bureau of Nepal Police informed that the company informed about the incident late in the afternoon after several online portals broke the news. The cyber bureau said police have already started investigations into the case. Link: https://myrepublica.nagariknetwork.com/news/hackers-leak-personal-info-of-vianet-users/ Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 7
  • 8. Prabhu Money Transfer Attack Issue Personal Information Cyber Security Issue Hacking | Data Breach | Data Privacy No of Victims 500 Kathmandu, 10 April,2020 The story has been repeated again with Prabhu Money Transfer being victim. A twitter handle Cyber_hell_god today posted a tweet that said:After the warning, the alleged hacker- as promised tweeted a tweet from a new twitter id where he has added a link which leads to the data dump of around 500 users that includes IP address, E-mail address, name, and phone number. Looking at the user data it seems those of the money senders and recievers.However, there is no any official response from Prabhu Money Transfer on this data breach yet. So we can’t be sure that the data leaked by the alleged hacker is 100% correct. All we can do now is wait for the official response from Prabhu Money Transfer. Such data breach cases have been increasing day by day. First Foodmandu, then Vianet communications and now Prabhu Money Transfer have been the victim. As the alleged hackers say, these companies need to work on increasing cyber securities. User’s data shouldn’t be treated useless and stored inside a weak firewall. Link: https://nepstuff.com/prabhu-money-transfer-user-data-compromised-after-a-leak/ TU engineering Website hacked Issue Personal Information Cyber Security Issue Hacking | Data Breach | Data Privacy | No of Victims 406 April 10, 2020, Kathmandu, Nepal, SATAN (@satan_cyber_god), a twitter sensation hacker has leaked data of Tribhuwan University Teachers and Staffs. Recently, through a Twitter handle with username @satan_cyber_god, the hacker made public the names, departments and email addresses of teachers of Tribhuvan University and CTEVT. Blood groups with their designations have also been made public. Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 8
  • 9. The hacker has also warned CTEVT to secure its data. He leaked data of 69 people through Pastebin. The link to the Pastebin had been shared to Twitter. Although the data of different departments have been leaked, leaked data contains data from Medicine Department the most.Earlier, the hacker claimed to have leaked the data of Prabhu Money Transfer under Prabhu Group as a demo data. The leaked data included 406 people’s data including, Name, Email Address, Phone Number and IP Address.The same person has also warned Nepali Congress to secure its system else he’d leak the data along with donations received. Link: https://ictframe.com/satan-leaked-data-of-tribhuvan-university-teaching-staffs/ SATAN: Leaking Government Websites’ Data And Threatening Others Issue Personal Information | Login information Cyber Security Issue Hacking | Data Breach | Data Privacy | No of Victims unknown After three days of unavailability on Twitter, SATAN (@satan_cyber_god) tweeted a tweet yesterday. After his return to Twitter, he started posting the website bugs and warning them to fix it as soon as possible. He also leaked the login credentials of some government websites through his twitter handle. He tweeted threatening Kantipur Daily, a pioneer news media in Nepal. In his tweet, he stated that Firebase JSON file’s permission is not set properly in Kantipur Daily’s website. He added, if they don’t fix it, he has to. In his other tweet, he informed Daraz that its site is vulnerable to XSS and possibly more attacks. He then warned them to fix it soon else he would make them fix it.The things got worse when he tweeted the picture saying he was in Mercantile’s system then. He challenged it to do whatever it wanted to do. In case you didn’t know, Mercantile is the official registrar of .np domains. It registers all .np domains. Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 9
  • 10. After a short time, he again tweeted on the same case. He tweeted saying, “woops! Did i just got access to each and every .np domains of Nepal?” In the same tweet, he uploaded the picture of the database of .np domains. Then, he retweeted the tweet of TechPatro, a tech news portal of Nepal, in which it had said that SATAN was threatening Kantipur Daily, Daraz and Mercantile by saying that he didn’t threaten anyone. He added he was just informing the companies before a black hat exploits the loopholes and harms the website and was doing for fun. He then warned to think before posting such things again.TechPatro responded to its tweet saying that he leaked CTEVT information which can harm a lot of people and recent data breaches triggered phishing attempts to many Viber users recently. After some time, TechPatro noticed a login attempt to its system with a fake IP address of Beijing.He then added a photo saying, “See some more internal images of Nepal’s official domain registrar! GB’s of data! But it’s all safe.”After some time, he shared the login credentials of some government websites and asked if people still take him as a joke.The last tweet of the day threatened Nepal Electricity Authority, an electricity supplier of Nepal. He said, “Nepal electricity authority <3 you will be notified tomorrow!”. He added, “Thanks for the support! Hope we can bring the change together <3”. His tweet ended with “ Operation #Justicefornirmala soon” which suggests people associated with the Nirmala Pant rape and murder case are his next targets. Link: https://ictframe.com/satan-leaking-government-websites-data-and-threatening-others/ Viber Attack Attempt Issue Communication Attack Cyber Security Issue Phising | Data Breach | Data Privacy | No of Victims unknown In recent days, the case of data breach and security threats is increasing in Nepal. With the growth of digital trends and the adaption of digital technology in the country, the risk of a data breach is also getting bigger. Data security has become one of the most needed things at the moment. Viber hack has become widespread with the recent leaks and today we will be discussing the majors taken to avoid such hacks.It has been reported that Viber users in Nepal are getting calls and SMS with Verification Code and Verification Link. Some have reported that they are getting calls from unknown foreign numbers starting with +33.Viber doesn’ send verification code or link until and unless you try to activate the Viber account in the new device. When you activate your account on a new device, Viber calls you as a verification call which ends in a certain time. Getting calls and messages fro the numbers starting with +33 in an active device with an active account is suspicious. If you are getting such calls or messages, you can be sure that someone is trying to hijack your Viber account and we do not recommend you to receive such calls. Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 10
  • 11. For the convenience of the Viber users, we have gathered some techniques that hackers are trying to exploit your account and you should avoid it. Getting SMS that has a verification link or code from an unknown number or even from Viber. Getting calls from anonymous numbers from foreign countries that usually starts with +33. Randomly opening a QR scanner in your Viber App which only executes when someone tries to access your account from PC. Avoiding your account from being exploited As mentioned above that the link is incoming to your account to get access to your account on PC. Those links are authorization links that are pushed to your smartphone from the user who tries to access your account. Those links are valid for 30 minutes and if you click the link, the login attempts by the anonymous person will be authorized. Eventually, the person gets access to your account and this might get disastrous. We can avoid this situation by taking some precautions. If you are one of the victims of these malicious activities, we request you not to respond to any of these activities. If you are already a victim of such activities, then you can delete the data on your Viber account. Find the steps to follow for protecting your data. Link: https://www.nepalitelecom.com/2020/04/people-facing-viber-hack-attempts-data-leaks.html Hundreds of millions of Facebook user records were exposed on Amazon cloud server Issue Social Media Attack Cyber Security Issue Phising | Data Breach | Data Privacy | No of Victims 540 Million More than 540 million records about Facebook users were publicly exposed on Amazon's cloud computing service, according to a cybersecurity research firm. A report out Wednesday by UpGuard said two third-party Facebook app developers posted the records in plain sight, causing yet another major data breach for the world's biggest social network. According to UpGuard, a Mexico-based media company called Cultura Colectiva was responsible for the biggest leak. It exposed 146 gigabytes of Facebook user data, including account names, IDs and Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 11
  • 12. details about comments and reactions to posts. It's unclear how many individual users had data exposed. Separately, an app called At the Pool exposed databases that appeared to include data about user IDs, friends, photos and location check ins, as well as unprotected Facebook passwords for 22,000 users. The app — which was meant to help people meet up for offline activities — shut down in 2014. Facebook extends hate speech ban to include white nationalism UpGuard said it alerted Cultura Colectiva and Amazon about the breaches from Cultura Colectiva in January, but no action was taken until Wednesday morning. After Bloomberg reached out to Facebook for a comment about that breach, an Amazon "storage bucket" with the data from Cultura Colectiva was secured. Link: https://www.cbsnews.com/news/millions-facebook-user-records-exposed-amazon-cloud-server/ Zoom Attack Attempt Issue Communication Attack Cyber Security Issue Unauthorize Access | Hacking No of Victims unknown Due to corona virus pandemic forced people to stay indoors and work from home, leaving voice and video calls the only way of communication. Zoom video conferencing app has seen an unprecedented level of growth in the past month or so. Because of this sudden growth, several privacy and security concerns surrounding Zoom have come to the fore. Now, a fresh report claims that over 500,000 Zoom accounts have been hacked and are being sold on the dark web. A report by Bleeping Computer states that hackers are selling these Zoom accounts for less than a penny each and in some cases, they are being given away for free. The report adds that this information about free Zoom accounts being posted on hacker forums was first pointed out by Cybersecurity intelligence firm Cyble around April 1. Change Zoom passwords if used elsewhere. These Zoom account credentials include email addresses, passwords, personal meeting URLs, and HostKeys, according to the report. It is highly advisable that users change their Zoom passwords, especially if the same password is used elsewhere. They should try to use unique passwords for each site. Link: https://reviews.com.np/article/over-500000-zoom-accounts-sold-on-hacker-forums-the-dark- web Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 12
  • 13. Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 13
  • 14. Recommendation and Suggestion Organization Level 1. At organization level clear values and culture of Cyber security protocols has to be set with regular training and standards defined 2. Deploy anti SPAM policy in the organization and behavior of individuals 3. Install and maintenance of firewall, antivirus solution, schedule signature updates, and monitor the antivirus status on all equipment 4. Regular update of all security systems and patches 5. Deploy a web filter to block malicious websites. 6. Encrypt all sensitive company information. 7. Secure system administrations vulnerabilities and disable third-party or outdated components that could be used as entry points Individual Level 1. At individual level, individual behavior is very important which is hugely influenced by values and cultures 2. Cyber awareness and capacity building program focusing on individual Cyber hygiene 3. Install an antivirus solution, schedule signature updates, and monitor the antivirus status on all equipment 4. Regular update of all security systems and patches 5. Use of encryption for employees that are working from home 6. Be vigilant and create easy communication and talk with your family including children about how to stay safe online 7. Update the privacy settings on your social media accounts; 8. Check and Update your passwords and ensure they strong (a mix of uppercase, lowercase, numbers and special characters); 9. Always confirm before clicking any links or open attachments in emails which you were not expecting to receive, or come from an unknown sender 10. If you feel there is something wrong talk with your technology guys or police 11. Do regular scans on your computers or mobile devices Country Level 1. Regular IT risk assessment Mechanism 2. Awareness and capacity building training on Cyber security hygiene 3. Need of the Cyber Security Operation (CSO)centers 4. Proper research and data management system 5. Securing an effective CRISIS Management System 6. Collaborating and creating favorable environment for multistakeholder dialogue 7. Creating a secure environment for building trust and collaboration Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 14
  • 15. COVID19 Crisis Information Attack Matrix Types of Attack Values Remarks Cyber Attack Phishing | Ransomware | Malware Disinformation Fake News| Misinformation Social Media Crisis Racism |Hate of Speech | Violence Channeling Disinformation and communication barriers in creating crisis situation through social media Communication Attack Hacking | Data Privacy Economical Attack Strategic Attack on Economic Components Others Addiction | Domestic Violence | Gender Gap Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 15
  • 16. Reference 1. The Privacy Act, 2075 (2018) http://www.lawcommission.gov.np/en/archives/20722 2. Cyber Security Issues In Nepal, Shreedeep Rayamajhi https://ictframe.com/cyber-security-issues-in-nepal-shreedeep-rayamajhi/ 3. Diplo Foundation IGCBP09 Research Phase A Synopsis of Cyber Warfare & Terrorism Course Objective https://www.researchgate.net/publication/ 313099863_Diplo_Foundation_IGCBP09_Research_Phase_A_Synopsis_of_Cyber_Warfare_Terr orism_Course_Objective 4. No privacy in Nepal http://www.shreedeeprayamajhi.com.np/2020/03/no-privacy-in-nepal.html 5. COVID-19 Cyberthreats https://www.interpol.int/en/Crimes/Cybercrime/COVID-19-cyberthreats 6. Smart Data Module 5 d drive_legislation https://www.slideshare.net/caniceconsulting/smart-data-module-5-d-drivelegislation 7. Privacy and Security issues in Internet https://shreedeeprayamajhi.blogspot.com/2009/08/privacy-and-security-issues-in- internet.html Report on Data Breach and PRIVACY in Nepal During COVID19 by Shreedeep Rayamajhi 16