Online system hacked and purchase of tickets worth 35 lakhs, cyber bureau alerted

by | June 8, 2023 | Articles |

The work of providing service through online system is increasing day by day in Nepal. Government services, private sector and media world and industries, banks and travel agencies are doing their daily business entirely online. However, while these services are being effective, they have been targeted by foreign hackers.


ad

Recently, it has been found that a foreign hacker targeted various Nepali travel agencies and stole bank funds. The secret was revealed after the travel agency operators filed a complaint with the cyber bureau of the Nepal Police saying that money had been stolen.

On June 4, a travel agency called C Links Holidays in Kathmandu received a ticket bill of 35 lakh rupees, which was deducted by various airlines. Even those bills were not deducted for air travel from Nepal.

They were cut off to go to Iraq from India, China, Qatar, UAE etc. The company requested information from the airlines after receiving the bill for the tickets that they had not booked. It was only then that it was discovered that so many bills and tickets were cut by the hacker and not by the company.

Cyber ​​Bureau of Police wrote a letter to the Nepal Tourism Board on Tuesday after other travel agencies like C Links also complained that the travel agencies that sell and distribute tickets of various airlines in Nepal are under the target of foreign hackers, says Cyber ​​Bureau spokesperson and Superintendent of Police Pashupati Kumar Rai.

He says, ‘Like Sea Links, other types of travel also came with a complaint, then it was found out that the foreign hacker had started an attack on travel bookings. And we alerted Nepal Tourism Board by writing a letter.

According to him, for a few days, four or five travel agency operators had come to lodge a complaint saying that money had been stolen from the bank and that foreign tickets had been issued. According to him, during the investigation, it was found that foreign hackers stole money by using username and password in a phishing attack.

‘Rs 50 lakh is missing from the bank accounts of the operators who come to the Cyber ​​Bureau to file complaints,’ he says, ‘travel agencies have huge amounts of money. That’s why travel agencies are targeted by hackers. The Cyber ​​Bureau has alerted us early because a large amount of money is stolen at once.’

According to him, the bureau has also asked the travel agency that conducts ticketing in this matter to provide the information requested by the police in coordination with the related airlines and software companies.

He says, ‘Our work is also public awareness, so we have asked the agencies to be aware through the concerned bodies so that no further damage occurs. This matter will be revealed only after further investigation.’

On the other hand, according to cyber security experts, foreign hackers target banks, financial institutions, government websites, and travel agencies with large amounts of money.

Vijay Senihang Limbu, CEO of Bhairav ​​Technologies and cyber security expert, says, ‘Hackers are coming up with new ways every day and keep changing the seasons of the game. Phishing hackers send requests for games to the websites they want to hack through email, and give lures such as saying there is a prize. When the client clicks, all their data goes to the hacker.’

Therefore, if you receive an email from someone you don’t know or if you receive an advertisement for a prize, you should be alert. ‘You should stay away from and be aware of attractive advertisements such as the chance to win a prize or if you click on it, you will know everything about the future.’

Earlier, on 1st Kartik 2074, a hacker sent 460 million to a foreign bank through swift hacking in NIC Asia Bank. The incident was the product of gross negligence on the part of the bank staff and management team. After the hacking, the cyber security of the bank was very weak and negligent even in the report that NIC Asia Bank had to prepare itself.

After the hack incident, the leadership of the bank management brought a team of KPMG company from India to bypass the Central Investigation Bureau (CIB) of the Nepal Police to investigate the incident and prepare a customized report in coordination with the Rashtra Bank.

KPMG’s late submission to the CIB through the Rashtra Bank showed that the bank’s cyber security was weak even though the bank employees and management were cleared.

Based on the same information received by CIB, a government case was registered in the High Court against 13 account holders of 8 countries in foreign banks.

“During the investigation at that time, the high-ranking officials and employees of the bank management were not brought under the police lens of the investigation, people from a private company brought from India only discussed technical matters with the bank employees,” said one of the bank employees, “The extent of negligence in the bank that holds the public’s money can be seen from the KPMG report. .’

Based on the same information received by CIB, a government case was registered in the High Court against 13 account holders of 8 countries in foreign banks.

Under the forensic report on the hack prepared by KPMG Pvt Ltd, India, attached on pages 11 and 12 of the charge sheet, the ‘attack timeline’ presented the bad signals seen in the bank’s cyber infrastructure before the hack and a series of repeated cyber attacks. Not only was a user’s ‘key logger’ hacked and used, but computers were subjected to attacks ranging from ‘malware’ to ‘smoke screens’.

What are you fishing?

Phishing is a type of cyber crime. Phishing attacks are used to steal personal information such as bank account information and passwords.

Phishing attacks are carried out through emails, messages, websites and social networks. For phishing, information is placed on you in any social network, email, message in such a way that it looks like official. But actually it is not official. There is a trick to steal your information.

How is fishing going on in Nepal?

In Nepal, various phishing incidents are happening on social media. In this, Facebook, Viber, WhatsApp, Imo are ahead. Phishing is being done by using the names and logos of reputed companies including Nepal Telecom and Ncell on Facebook. At a glance, the official pages of companies like Telecom, Ncell, Xiaomi can be seen, but they are not official.

They are just fake pages designed to steal your personal information and cheat you. In the same way, there has been an increase in cheating by showing the greed of lakhs and crores by saying that you have won the lottery from Imo, Viber, WhatsApp.

Cyber ​​Bureau of Nepal Police has prosecuted some of the fraudsters and brought them under the legal ambit. In addition, phishing is being done by using the name and logo of Nepal Telecom to give free iPhone 12 and show greed for free data.

Emphasis on public awareness

Naresh Lamgade, Chief Executive Officer of Cynical Technology and founder of BugV, says that emphasis should be placed on public awareness to prevent phishing.
According to him, due to lack of public awareness, phishing incidents are increasing. Phishing posts are boosted by people doing phishing through Facebook. Lamgade said that Facebook itself could not control the phishing posts.

According to him, it is important for the user to know which link is real and which is not, which link to click and which not to click. Nepal Telecommunication Authority, the regulatory body of the telecommunication sector, does not seem to be conducting public awareness programs to prevent phishing. Some time ago, the authority gave suggestions on how to avoid phishing.

How to avoid phishing?

The Telecommunication Authority has requested not to open suspicious emails from unknown persons or addresses, not to click on links and to delete or block such suspicious emails.

The authority has also said not to reply or respond to e-mails, messages, phone calls, etc. sent with various inducements including prizes, gifts, lottery, or threats.

Emails from country domains and sub domains that are not related to you should be deleted without opening them. Similarly, do not subscribe to unnecessary mailing lists and if you have subscribed, you should unsubscribe. Do not send details like your password, OTP, bank account number and pin code by email.

Anti-virus should be used on computers and mobiles and personal information such as username, password, bank credit card number, citizenship number etc. should not be shared without properly identifying any website. You can also report it on Facebook.

Images mentioned above related to are either copyright property of ICT-Samachar or respective image owners.

Tags:

Rabins Sharma Lamichhane

Rabins Sharma Lamichhane is senior ICT professional who talks about #it, #cloud, #servers, #software, and #innovation. Rabins is also the first initiator of Digital Nepal. Facebook: rabinsxp Instagram: rabinsxp

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Best Web Hosting Deals

hostingsewa-web-host-nepal

Get your best website hosting in Nepal from HostingSewa.

You can hire me for freelancing jobs. I am open for NodeJS, NextJS, Python, MySQL, PostgreSQL and others. I'm also available for backend and frontend code/error/bug fixations.