A very famous and powerful hacking group of Nepal yesterday announced that they have hacked the Nepal Telecom servers. They also claim that the database is in their control. The group named Anonymous #opnep posted a photo with a list of mobile phone numbers. They said that they are watching NTC and the corruption. The group stated that they aren’t against the Nepali citizen but they are against the corruption and the government. The vulnerable Nepal Telecom servers are compromised now and this is bad for the company and users.
Anonymous #opnep posted the image in their Facebook page. The group said that they will provide the information or details related to customer’s mobile phone number. They were providing personal details stored in the database as per users request from private message from Facebook. The group regularly defaces many Nepali governmental websites. They also hack other websites and brings many facts to surface. This incident proves that the NTC servers are very vulnerable and at weak state.
Hackers say that they aren’t going to take down the servers. This is because that would eventually be loss of NTC, government and common people. Hackers just want to show how vulnerable is NTC servers and system are. They are providing users with the proof of it as well. They want the authorities to fix such security issues, holes and make the system better. Nepal Telecom hasn’t said anything official on this matter.
NTC Hack and Service Issues
Group also said that they are monitoring the low bandwidth being transferred through ADSL in name of broadband. Therefore it seems they are very concerned about the low quality service as well. In addition, Nepal is second country with world’s slowest internet connections. It is obvious that the company needs serious overhaul to maintain its competition in market. They are loosing customer in broadband very fast and they need something new to overcome it.
Condition: In our own inspection we found some problems in ADSL speed, up time, activation period, security issues in customer care page and internal page links problem.
The customer care interface is very sensitive part of site because people can control their bandwidth and other option of the service. This page has login interface with a messed up SSL certificate. The SSL certificate is not matching the site and invalid. This is a security issue. The notification itself says that it is not strong and other people can view the information transfer.
Also the user ID and password can be easily guessed. If anyone guesses the credentials of a volume based user, they can even control bandwidth. The link to the telephone search used to work few years ago but isn’t working now. In addition to all this the site is not quite updated.
Aftermath of attack
Nepal Telecom recently claimed that it wasn’t a hack. Instead it was unauthorized access to the records from private SIM distribution center. Anonymous #opnep said that the the security vulnerability has been patched. Whatever the company says, they need good audit and system maintenance. Last time the system couldn’t handle high traffic of balance recharge. Therefore NTC was giving bonus rechrage to compensate and make make users happy.
This is the problem with many of the Nepali websites and mainly government sites. They seriously need to maintain and reinforce the security. The hackers are always pointing these security issues so that they should be fixed. By learning from the accidents and attacks, the companies and authorities should act swiftly towards fixing the problem and making the system strong for future. Nepal telecom servers can are constantly in risk of attack. They are of the biggest telecom operators. Therefore they should be on top of security game more than ever.