User:Skelor/sandbox

Nepal's websites either gov or corporate or even personal all of them have been victims of hack done by script kiddies all due to low web security. So lets take some look inside what is up with Nepal's web security and hackers targeting the site. Before we get into deep about hacking and how it has affected Nepal Government or events its website security, it is important that we distinguish who script kiddies are. Script Kiddie is a derogatory term given to hackers who utilize tools and programs built by sophisticated hackers to hack sites and applications. These hackers most of the time use sql injection tools like Havik, sqlmap, sqlninja to hack vuln websites and then upload shell created by others to target their "penetrated" websites. Some script kiddies are also of such types that they beg with other hackers for shells and then use it to hack website claiming they hacked it themselves without giving credits to hackers who actually worked for it. Nepalese hackers are also of such types that has been defined above. It is believed that there are dozens of hacking group that operate in Nepal and one group that has gained fame with their strikes on government website is Anonymous #opnep. This hacking group gained fame after Nepal Earthquake as they rapidly started to hack and deface several government websites of Nepal. Even though the group was famous before they gained more fame after hacker name Craxer Bikash joined the team. Who is Craxer Bikash? Craxer Bikash is a "leet hacker" of Nepal. His real name is Bikash Paudel and he is a 16 yrs old teenage hacker who just finished SLC examination. If you are a newbie hacker and you glance at Craxer Bikash's facebook profile you might consider him a "leet". He claims to be leet but a small social engineering on him can reflect that he is also a script kiddie like other hackers from Nepal. He was the one behind most of the defacements done to government websites of Nepal including the one of President of Nepal. Even though he has hacked extensive amount of Nepalese websites he never tends to hide his IP. His IP has been tracked and according to Living With ICT is located in Kathmandu city realm. A hacker who grew his roots in Nepali hacking groups by starting cyber attacks on Governments websites of Nepal, craxer is that type of hacker who tends to beg for shells with other hackers. But, why are the websites of Nepal Government being hacked and does the Government actually care? Most of Nepal Government websites once designed are directly uploaded to the hosting server without focusing on website security. Many of them tend to to have common OWASP vuln which is SQL injection vuln. This allows hacker to inject into the site database and then if the website has admin panel, upload a shell and deface the website. Even though the process looks sophisticated we should not forget that Nepal's website are most of the times poorly coded making it easily hackable with tools like Havij, sqlmap and sqlninja. Website security companies and hosting companies like Rigo Technology and NITC are working hand to hand to protect such vuln websites but responsibility to prevent such attacks goes to the websited admin who need to start audits on the websites before they are launched onto the WWW world. Even though it is highly recommended and necessary that a government protects it website and digital presence from getting hacked, it does not tend to play vital in case of Nepal gov and its digital presence. Nepal gov sites include nothing more than officials name and their position and also some usernames and passwords for the sites that are injected. Unllike, other nations Nepal gov keeps its official and secret files as hard copy in the lockers rather than computers minimizing the cost of cyber attack. Secondly, literally telling Nepal gov does not give a damn about the websites getting hacked because a which Nepal gov websites have been a playground for script kiddies. Now lets mention some script kiddies of Nepal. 1) Bikash Paudel(Craxer Bikash) Location: Kritipur Age: 16 Education: College Freshmen Devices used for Hacking: Symbian and iOS Admin of Anonymous #opnep Email address:bikashpaudel66@gmail.com

2) Nirmal Thapa

Cyber name: Marlin Member of NCA(NEPAL CYBER ARMY) Location: kathmandu Education: SLC passed, currently in college

3)Avian Chettri

Cyber Name: Avian Leader of Cyber Wolf Pack Nepal Education: 9th Grade Location: Anjuli Secondary Boarding Shcool, Pokhara

4)Nirmal Dahal

Cyber name: #nittam Work: Website Designing (company name coming soon) Education: 12 fail Youtube Link: Nittam NHN

5)Himanshu Kandel

Cyber name: Nephaxor Location: Pokhara Member of Xploit World Education: 12

6)Avisek KC(Teenage Worms leader)

Cyber name: IOXTOX Location: Bhadrapur, Nepal Phone number: +977 981-4012632 +977 981-7974714 Email: borntodie632@gmail.com