'CyberWar'​ in regards to the tension in Nepal - as portrayed by the media and my take on this.

From my understanding, recent changes in the political tension between the two neighboring sides have been gaining heaps of local and international attention these days. The public is always curious and always will be curious to better understand the next move from both the neighboring counterparts. When it comes down to the 'cyber side' of the tension, I always find it fascinating to explore what's beneath the "talk of the town".

So, there were a couple of web page defacements happening in the background when this political tension is still being decided.

If you have been active in the infosec domain between these regions then the web page getting defaced is not really a new topic. It has been more like a normal routine is what I would say. Every other day, there are hundreds of website and servers getting hacked and defaced (which can be accessed through various public mirrors such as Zone-H and Archive records).

Now, coming back to the view. From what I see, a couple of web pages getting defaced by the southern side and the retaliation by some self-proclaimed cyber wizards (aka. The Script Kiddies) is just another lockdown effect on their tedious cunning cyber mind. "Cyber War" is really a cheap word to use as of now. I would more likely argue and disregard a couple of IT media houses alongside some of the self-proclaimed cyber pro bono journalists with extremely minimum research at their end. To speak out frankly, some of them just want a few spicy toppings on their daily news to generate more views and generate revenue through their AdSense account or so on, and nothing so far has been captivating.

The curiosity now boils down to the question, "Are we ready?". A simple answer is, No.

Let me get this from the top of my head.

Did we ever try to take security seriously and invest? Uh, probably, 'seriously' - doubtable. Did we ever try to invest in the security at the CD pipeline or on the SecDev lifecycle and continue to do so? Uh, pretty rare. Did we ever make a nationwide investment in offensive and defensive capabilities? Uh, maybe. Uh, maybe not! Or, maybe we will do it tomorrow. Alas! the "tomorrow" never came.

One of the old articles published by a Nepalese print media on "Cyberwarfare: How prepared is Nepal?" from 2017 can be found here (https://thehimalayantimes.com/opinion/cyber-warfare-how-prepared-is-nepal/) and is still relatable. There might have been some minor changes, people might have been more aware as of now. But personally, I do not still see any major changes.

The recent attacks on some high profile Internet Service Provider (ISP), attacks on some well know startup-ish organization, attacks on some endpoint of a high profile Class-A commercial bank, citizen's data being found and being made publicly available, and then the consistent data leak of thousands of users! Probably it could be an overly excited skiddo running their automated tools who brought this down, publicly made their laughable statements and yet the cyber branch never opened up in regards to their forensic investigations. You see what I see right?

That's pretty much the answer!

Nepal's VNY2020 Campaign - The Cyber Metaphor.

Nepal is expecting at least "500,000 Chinese tourists", "at least 150,000 British visitors", "target of 2 million tourists" and much more. In Nepal, the year 2020 is marked as a campaign 'Visit Nepal Year (VNY) 2020' as the program/campaign is organized to promote tourism in Nepal. The quoted numbers above are just an example and the visitors are expected from all over the globe. Let's not forget the patterns, facts, and trends of "Hacker Tourism" that have been seen rising remarkably in the previous years.

Let's just take a hypothetical assumption where there will be cyber guys willing to disguise through the border, bypassing the border forces, get inside the soil, and potentially eradicate the Cyber Economy. The assumption could be theoretically proved wrong, however, it couldn't be disregarded either. In fact, there could already be a handful of APT groups planning to proxy their route via Nepal, roll their hax and skedaddle through the foobar into the thin air! There are threats and the threats for the cyber side of VNY2020 are for 'real'.

Let us all keep an eye out for the potential cyber warriors unloading their skillset onto the VNY2020 campaign. Let's not give us a chance to read the "Mega Breach" news titles popping all over the pages and the internet this year. Let's not fall a cyber victim and watch out for potential moves in an amenable way.

Source for italic quotes:

1. https://www.nepalitimes.com/banner/chinese-tourist-influx-to-nepal-in-2020/

2. https://www.nepal24hours.com/visit-nepal-2020-campaign-kicks-off-in-uk/

3. https://www.nepalitimes.com/business/turkish-and-visit-nepal-2020-sign-mou/

(Originally, this article was published on January 6, 2020.)