Criminal Liability For Cyber Hacking Of Government Portals
Legal Framework in Nepal
Electronic Transactions Act, 2063 (ETA)
Unauthorised access to computer systems, networks, or government portals is punishable.
Interference with computer programs/data (deletion, alteration, disruption) is an offence.
Punishments range from 6 months to 4 years imprisonment and fines up to NPR 300,000, depending on severity.
Muluki Criminal Code, 2017
Cyber attacks targeting national security, critical infrastructure, or public services may attract more severe charges under general criminal law.
Key Principles
Accessing government portals without permission is criminal.
Data theft, website defacement, or service disruption increases liability.
Cybercrime investigations rely on digital forensics and police cyber bureaus.
Case Studies
Case 1: Bikash Paudel – Hacking 200 Official Websites (Nepal, 2016)
Facts:
Bikash Paudel hacked over 200 official websites including government and semi-government portals such as Nepal Telecom, Dairy Development Corporation, and educational institutions.
Legal Issues:
Unauthorised access to multiple government and institutional websites.
Potential disruption of services and breach of data integrity.
Decision:
Arrested by Metropolitan Police Cyber Division.
Charged under ETA for unauthorized access and interference with computer systems.
Implications:
Shows that even “non-violent” mass hacking is criminal.
Highlights the vulnerability of multiple government portals and the importance of enforcement.
Case 2: Paradox Cyber Ghost – 58 Government Websites (Nepal, 2017)
Facts:
A hacking group “Paradox Cyber Ghost” defaced 58 government websites including Ministry of Defence and Nepal Law Commission. They claimed it was a vulnerability test.
Legal Issues:
Unauthorised access to critical government infrastructure.
Distinguishing between “ethical hacking” claims and criminal liability.
Decision:
Investigations by Nepal Police; charges filed under ETA.
Government treated it as a serious cybercrime despite hacker claims.
Implications:
Defacement and unauthorized access of critical government portals is treated as a serious offence.
Ethical hacking defense insufficient if services or security are compromised.
Case 3: Sagar Dhakal – Hacking Nepal Army Website (Nepal, 2023)
Facts:
A 21-year-old engineering student hacked the Nepal Army website, accessing sensitive military information.
Legal Issues:
Unauthorized access to government defense infrastructure.
Threat to national security due to nature of the portal.
Decision:
Arrested by Nepal Police Cyber Bureau.
Remanded for investigation; liable under ETA and potentially Muluki Criminal Code for national security concerns.
Implications:
Demonstrates criminal liability for hacking high-security government portals.
Even young individuals can face significant penalties if military or defense systems are targeted.
Case 4: DDoS Attack on National Portal & 500+ .gov.np Sites (Nepal, 2023)
Facts:
A Distributed Denial-of-Service (DDoS) attack disrupted the Nepal Government National Portal and over 500 .gov.np sites, affecting immigration and passport systems and delaying international flights.
Legal Issues:
Interference with essential government services.
Unauthorized disruption of critical infrastructure.
Decision:
Investigations initiated by Nepal Police Cyber Bureau.
Potential charges under ETA for unauthorized interference and disruption.
Implications:
Hacking that disrupts public services is treated with high severity.
Highlights the consequences of cyber attacks on essential national services.
Case 5: CBI Website Hack – India (Comparative Case, 2013)
Facts:
Unknown hackers defaced the Central Bureau of Investigation (CBI) website, claiming to be the “Pakistani Cyber Army”.
Legal Issues:
Unauthorized access to a government investigation portal.
Threat to public confidence and national security.
Decision:
Case registered under India’s IT Act; investigation initiated.
Showed cross-border hacking can have legal implications.
Implications:
Demonstrates international recognition that hacking government portals is a serious criminal offence.
Highlights potential for Nepal to handle cross-border hacking under similar provisions.
Case 6: Nepal Police Website Hacking (Nepal, 2018)
Facts:
Hackers accessed the Nepal Police official website, altering public information and posting unauthorized content.
Legal Issues:
Unauthorized access and defacement of a law enforcement portal.
Potential undermining of public trust in government services.
Decision:
Perpetrators identified and arrested.
Charged under ETA and Muluki Criminal Code provisions for interference with government systems.
Implications:
Law enforcement portals are considered critical infrastructure.
Hacking such sites can result in both cybercrime charges and criminal liability under general law.
Key Takeaways
Government Portals Are Protected:
Hacking them is criminal under Nepalese law (ETA + Criminal Code).
Severity Depends on Impact:
Data theft, service disruption, and national security risks increase liability.
Penalties Include Imprisonment and Fines:
ETA allows up to 4 years imprisonment and fines; national security breaches may add severity.
Mass Hacks or High-Value Targets:
Multiple site hacks or targeting defense/immigration systems elevate legal consequences.
Investigation and Evidence:
Digital forensics is crucial; cross-border hacking complicates jurisdiction.
RELATED Blog
comments