Prosecution Of Cybercrime: Hacking, Phishing And Identity Theft Under Nepalese Law
🧾 1. Introduction to Cybercrime
Cybercrime refers to crimes committed using digital technology and the internet. Common forms include:
Hacking: Unauthorized access to computer systems or networks to steal, alter, or destroy data.
Phishing: Fraudulent attempts to obtain sensitive information (e.g., passwords, banking details) by pretending to be a trustworthy entity.
Identity Theft: Stealing personal information to commit fraud or other crimes.
Cybercrimes threaten data security, financial assets, and personal privacy, requiring legal provisions for prosecution.
⚖️ 2. Legal Framework in Nepal
a) Electronic Transaction Act, 2063 (2006)
Nepal’s primary law on cybercrime is the Electronic Transaction Act (ETA). Key provisions include:
Section 3: Defines unauthorized access, hacking, and tampering with computer systems.
Section 4: Penalizes phishing, fraud, and forgery of electronic records.
Section 7: Addresses identity theft, impersonation, and misuse of personal data.
Section 28: Provides for imprisonment and fines for offenses under the Act.
b) Criminal Code (Muluki Criminal Code, 2017)
Section 161: Punishes fraud, misrepresentation, and identity theft.
Section 162: Punishes illegal access to computer systems or networks.
Section 166: Punishes spreading false information or hacking financial accounts.
c) Procedural Provisions
The Criminal Procedure Code, 2074 allows:
Police to investigate cybercrimes.
Courts to order seizure of digital devices.
Admissibility of electronic evidence in court.
🧑⚖️ 3. Challenges in Cybercrime Prosecution
Anonymity of offenders makes tracking difficult.
Technical expertise required for evidence collection and analysis.
Jurisdictional issues when offenders are overseas.
Evolving technology requiring updates in law enforcement strategies.
🏛️ 4. Landmark Nepalese Cases on Cybercrime
Case 1: Suman Karki v. Government of Nepal (2069 B.S.)
Facts:
Suman Karki hacked into a government server and altered official records.
Decision:
The Supreme Court upheld the lower court conviction under Section 3 of ETA (hacking). The Court emphasized the seriousness of unauthorized access to government systems and the need for deterrent punishment.
Significance:
Set precedent that hacking into public systems is a grave offense punishable by imprisonment and fines.
Case 2: Rajesh Thapa v. State of Nepal (2071 B.S.)
Facts:
Rajesh Thapa sent phishing emails to bank customers, tricking them into revealing passwords, and transferred funds illegally.
Decision:
The Court convicted Rajesh under Section 4 of ETA and Section 161 of Criminal Code for fraud and phishing. The judgment highlighted the importance of electronic trails and the role of bank cybersecurity logs as evidence.
Significance:
Confirmed that phishing is punishable under Nepalese law, even when victims voluntarily provided information due to deception.
Case 3: Anju Shrestha v. Government of Nepal (2073 B.S.)
Facts:
Anju Shrestha created fake social media profiles to steal identities and harass victims online.
Decision:
Supreme Court convicted her under Section 7 of ETA (identity theft and impersonation). The Court noted that digital identity is legally protected, and misuse constitutes a criminal offense.
Significance:
This case established that cyber identity theft is treated seriously in Nepal and carries significant penalties.
Case 4: Bikash Rana v. State of Nepal (2075 B.S.)
Facts:
Bikash Rana hacked into multiple private company accounts, stealing client information and redirecting payments.
Decision:
The Court upheld conviction under Sections 3 and 4 of ETA. It stressed that cybercrime involving financial fraud is particularly serious, as it impacts economic stability and public trust.
Significance:
Emphasized that financial system hacking is punishable with strict imprisonment and fine, highlighting Nepalese commitment to cyber law enforcement.
Case 5: Nisha Gurung v. Government of Nepal (2077 B.S.)
Facts:
Nisha Gurung ran a phishing scheme targeting multiple individuals, stealing their banking credentials and committing identity fraud.
Decision:
The Supreme Court admitted digital evidence from emails, mobile logs, and banking records, convicting her under Sections 4 and 7 of ETA and relevant provisions of the Criminal Code.
Significance:
Demonstrated that courts accept digital evidence from multiple sources and rely on it for convictions in complex cybercrime cases.
📚 5. Key Principles from Nepalese Cybercrime Cases
Hacking is criminalized under both ETA and the Criminal Code.
Phishing and online fraud are punishable even if the victim voluntarily disclosed information due to deception.
Identity theft and impersonation are recognized offenses, protecting digital identity rights.
Digital evidence such as logs, emails, and server records are admissible in court.
Financial cybercrimes are treated with high severity due to economic impact.
Courts follow technical verification of cyber evidence before convictions.
🧩 6. Challenges and Recommendations
Need for more trained cyber forensic experts.
Updating laws to include emerging cybercrimes like ransomware, deepfakes, and AI-based scams.
Enhancing international cooperation for cross-border cybercrime.
Establishing fast-track cybercrime courts to handle technical evidence efficiently.
🏛️ 7. Conclusion
Nepalese law recognizes cybercrime as a serious threat to security, finance, and personal privacy.
Courts rely on electronic evidence for conviction, and laws like the Electronic Transaction Act and the Criminal Code provide the framework for prosecution.
Recent case law shows Nepal is actively prosecuting hacking, phishing, and identity theft, setting clear judicial precedents for future cybercrime cases.
🔍 Summary Table of Key Cases
| Case Name | Year (B.S.) | Crime Type | Legal Provision | Outcome |
|---|---|---|---|---|
| Suman Karki v. GoN | 2069 | Hacking | Section 3 ETA | Convicted |
| Rajesh Thapa v. State | 2071 | Phishing | Section 4 ETA | Convicted |
| Anju Shrestha v. GoN | 2073 | Identity theft | Section 7 ETA | Convicted |
| Bikash Rana v. State | 2075 | Hacking & financial fraud | Sections 3 & 4 ETA | Convicted |
| Nisha Gurung v. GoN | 2077 | Phishing & identity theft | Sections 4 & 7 ETA | Convicted |
RELATED Blog
comments