“Hacking: A critical study in emerging Cyber Crime in Nepal”


If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.

Research Question

  1. Does Nepal have any system to track down convicts for online misuse of an information system?
  2. Does the law help to control cybercrime?

Objective of Study

To explore the best legal provision in regard to cyber law

To make an analogy between Nepalese and the international legal regime of cyber law.

To find out the lacunas of the existing legal provisions in cyber law in Nepal

To explore the issues & challenges in relation to cyber law and its administration in Nepal.

The rationale of the study

This study aims to come up with research-based findings on the legal problems and challenges faced by the private sector in the electronic transaction system. The study will benefit the researchers, the government and private stakeholders in the electronic transaction sector, the academicians, professors, and students to understand where changes are required in the near future. The study, through its findings, will also help to induce changes in the laws where it is required

History of Cyber Crime

It is difficult to determine when the first crime involving a computer actually occurred. The computer has been around in some form since the abacus, which is known to have existed in 3500 B.C. in Japan, China, and India. In1801 profit motives encouraged Joseph Jacquard, a textile manufacturer in France, to design the forerunner of the computer card. This device allowed the repetition of a series of steps in the weaving of special fabric s. So concerned were Jacquard’s employees with the threat to their traditional employment and livelihood that acts of sabotage were committed to discouraging Mr. Jacquard from further use of the new technology. A computer

crime had been committed. (O’Brien n.d.) Certainly, all crimes strictly related

to the Internet can only be as old as the Internet is, but crimes such as fraud and embezzlement perpetrated with the help of a computer have clearly been

around for some time. August Bequai wrote a book, ‘Computer Crime in1978. In the book’s preface, Bequai provides us with a brief reminder that computer crime has been around for decades. Though more importantly, in the excerpt from the preface below, Bequai also provided an early warning in1978 of what would happen if law enforcement did not evolve at the same rate as technology and its illicit exploitation. Like gunpowder, the computer is here to stay. Its positive impact has been immense and will continue to grow with time. However, on the negative side of the ledger, the computer enables a small group of individuals to steal sums of money that would have the gangsters of the 1920s blush. Computer technology has enabled groups, of political zealots or criminals, to terrorize cities at the push of a button. A product of the electronic revolution, the computer criminal strikes anywhere and everywhere. Our laws are challenged by cyber criminal , and our jurists are left stunned. What makes this criminal more dangerous than any before them is that, if our system of laws fail to meet this new threat, it may, infact, ring the death knoll of our entire system of justice. The stakes are high indeed.As a planet panning network, the internet offers criminals multiple hiding places in the real world as well as in the networks itself. However, just as individuals walking on the ground leave marks that a skilled tracker follows,cyber criminals leave clues as to their identity and location, despite their best efforts to cover their tracks. In order to follows such clues across national boundaries, though international cybercrime treaties must be rectified


Information and Communication Technologies (ICTs) comprises complex and heterogeneous set of goods, applications and services used to produce, process, distribute and transform Information. ICTs in India, contribute to change at various levels-social, political and economic and open up many unexplored areas. The use of ICTs has increased exponentially. According tothe India Telecom Industry Report, 2008 telephone coverage in India rose 34.50% in Jan, 2009 from 33.23% in Dec, 2008. The cell phone subscribers increased 10.81 million in Dec, 2008 and 15.40 million in Jan, 2009. Up to the end of Jan, 2009, the total number of cell phone subscribers in India had reached 362.3 million, the fixed phone subscribers dropped to 37.75 million from 37.9million in Dec, 2008, and the broadband subscribers increased to5.65 million from 5.45million. This is a clear indication of the exponential growth of ICT tools and the Internet in India as well. Kerala has core strengths to emerge as leader in the area of ICT. Kerala’s traditional advantages like total literacy and high density of telecom usage make it a fertile ground for ICT to drive. As on July 31, 2007, Kerala state ranks second, registering urban and rural telephone density of 80 and 73.8 percent, respectively against a national average of 52.3and 6.5 percent. According to COAI statistics on August 2009Mobile subscribers in Kerala has figured as 1.46 crore. It is estimated that about 80,000 people are directly or indirectly employed in ICT-related activities in the State. All these trends primarily disclosed penetration of various ICT tools and devices in the State, particularly to the disadvantaged sections of the society. Broadly, the state has been experiencing the powerful impact of ICTs shaping organizations and social relations.

Cybercrime encompasses criminal acts that involve computers and networks. Thus, “Cybercrime” is a broad term that describes everything from electronic hacking to denial of service attacks that cause e-business websites to lose money. Cybercrimes are essentially criminal activities where computers, networks or electronic information technology devices are the source, tool, target or place of crime. Cybercrimes are affected by way of illegal access into another’s data base, illegal interception, data interference, system interference, misuse of devices, forgery and electronic scams.

Generally, cybercrimes may be divided into two categories:

  1. Crimes that target computer networks or devices directly.
  2. Crimes facilitated by computer networks or devices, the primary target of which is independent of the computer network or device.

Cyber Crime Definitions in India

The definition by with the era of modernization and growth in India, use of internet has also grown rapidly. With the rapid increase in the use of internet, there is also an increase in illegal activities and crime that is committed through internet. No doubt with the advent of internet facility work has become easier and efficient in every field be it entertainment, business, sports, academics anything, but with this advantage it also bought with it a disadvantage in the form of illegal activities commonly known as cybercrime.

Types of cyber crime

  • Child Pornography and Luring
  • Cyber Stalking/ Harassment
  • Identity Theft
  • Spoofing and Phishing
  • Dissemination of Offensive Materials
  • Cyber Terrorism
  • Spamming
  • Computer Viruses


Although the term Hacker predates computer and was used as early as the mid 1950 in connection with the electronic hobbyist the first recorded instances of its uses in connection with computer programmer who were adept at writing or “Hacking” computer code seem to have been in a 1963 article in a student newspaper at the Massachusetts Institute of Technology (MIT). After the first computer system were linked to multiple users through telephone lines in the early 1960s, hackers came to refer to individuals who gained unauthorized access to computers networks, whether from another computer networks.

Hackers form the first breed of criminals to take advantage of technology to further their needs. There are several types of hackers in cyber space. Hacking is a successful or unsuccessful attempt to gain unauthorized use or unauthorized access to a computer system33.However, a lack of consensus over the connotation of the term ‘hacker’ has been evident over the years. Originally, the term denoted outstanding and radical programmers in the computer science fields who hailed usually from Berkley, Stanford or MIT Later, the concept underwent radical metamorphosis. Hollinger (1988), based on a progression ranging from less skilled to technically elite computer crimes, divided hackers into three categories: pirates, browsers, and crackers. Pirates, the least technically proficient hackers, confine their activities to copyright violations through software piracy. The browsers, with a moderate technical ability, gain unauthorized access to other people’s files but do not usually damage or copy the files. The crackers, the most proficient hackers, abuse their technical abilities by copying files or damaging programs and systems. McAfee Corporation adopts the classification of hackers into White Hats and Black Hats

Electronic transaction Act 200664

Offence Relating To Computer To Pirate, Destroy or Alter computer source code: When computer source code is required to be kept as it is position for the time being the prevailing law, if any person, knowingly or with malafide intention, pirates, destroys, alters computer sources code to be used for any computer, computer programme, computer system or computer network or cause, other to do so, he/she shall be liable to the punishment with imprisonment not exceeding three years or with a fine not exceeding two hundred thousand Rupees or with both. Explanation: For the purpose of this section “computer source code” means the listing of programmer, computer command, and computer design and layout and programme analysis of the computer resource in any form.

If there is Unauthorized Access in Computer Materials then any person with an intention to have access in any programme, information or data of any computer, uses such a computer without authorization of the owner of or the person responsible for such a computer or even in the case of authorization, performs any act with an intention to have access in any program me, information or data contrary to from such authorization, such a person shall be liable to the punishment with the fine not exceeding Two Hundred Thousand Rupees or with imprisonment not exceeding three years or with both depending on the seriousness of the offence.

American case

A police officer obtained criminal history information from the National Crime Information Center database (“NCIC”), a sensitive and tightly[1]controlled law enforcement database which has stringent rules and regulations restricting access for official purposes. The officer then leaked the information to a defense investigator in a drug trafficking case. This unlawful conduct resulted in the conviction of the officer under the CFAA, with the Court of Appeals noting specifically that the evidence was sufficient to demonstrate that the defendant had “exceeded his authority by accessing [NCIC] for an improper purpose.” (United States v. Salum, 257 Fed. Appx. 225, 230 (11th Cir.2007)). It prohibits insiders from using their otherwise legitimate access to a computer system to engage in improper and often malicious activities.

International Legislation

In 1996 the council of Europe together with government representative from United State, Canada, and Japan drafted a preliminary international treaty covering computer crime. Around the world, civil libertarians group immediately protested provision in the treaty requiring internet service provider (ISP) to store information about their customer’s transaction and to turn this information over on demand work on treaty. The treaty precedes never the less and on November 23, 2001, the Council of Europe Cybercrime Convention was established76 .it was signed by 30 state. additional protocols covering terrorist activities and racists and xenophobic cybercrime were proposed in 2002.

When the issue of cyber crime is elevated to the international scene, the problems and shortfalls are magnified. ‘The development of the Internet and other new technologies has changed the nature of transnational crimes.’ With cyber crime, criminals no longer need a physical nexus with a particular country to commit a crime in that country. In order to effectively address cyber crime as a new form of transnational crime, concerted international cooperation is required. This can only happen, however, if there is a common structure for understanding what the problem is and what solutions there may be Michael O’Brien (n.d.) lists a number of problems surrounding international cooperation in the area of computer crime and criminal law:

1. The lack of global consensus on what types of conduct should constitute a computer related crime;

2. The lack of global consensus on the legal definition of criminal conduct;

3. The lack of expertise on the part of police, prosecutors and the courts in this field;

4. The inadequacy of legal powers for investigation and access to computer systems, including the inapplicability of seizure powers to intangibles such as computerized data;

5. The lack of harmonization between the different national procedural laws concerning the investigation of computer related crimes;

6. The transnational character of many computer crimes;

7. The lack of extradition and mutual assistance treaties and of synchronized law enforcement mechanisms that would permit international cooperation. Or, the inability of existing treaties to take into accounts the dynamics and special requirements of computer crime investigation.

Suggestion and Conclusion

A major hurdle in cracking down on the perpetrators of cyber crimes such as hacking is the fact that most of them are not in Nepal. Hackers can come in front of us as stalkers and misuse our facebook account or other online account so we must be able to track them down in time and inform the service holder about it. The Electronic transaction Act does give extra-territorial jurisdiction to law enforcement agencies, but such powers are largely inefficient. This is because Nepal does not have reciprocity and extradition treaties with a large number of countries.

What Nepal needs to do in this backdrop, is to be a part of the international momentum against cyber crime. The only international treaty in which on this subject is the Council of Europe’s Convention on Cyber Crime, formulated primarily by the European Union. By signing this treaty, member countries agree on a common platform for exchange of information relating to investigation, prosecution and the strategy against cyber crime, including exchange of cyber criminals.

At the last count, there are 43 member countries, including the US and South Africa. Nepal is not yet a part of this group and being a member would go a long way in addressing this issue of cross-border cyber terrorism. The Electronic transaction Act also needs to evolve with the rapidly changing technology environment that breeds new forms of crime and criminals. “We are now beginning to see new categories and varieties of cyber crimes, which have not been addressed in the ET Act. This includes cyber stalking, hacking, cyber harassment, cyber defamation and the like using legitimate access to a computer system to engage in improper and often malicious activities. The effective implementation of Cyber law is now a necessity. Nepal will not be able to regulate the information technology industries without taking the international legal context into account. The main thing is that regulations are enforced. First of all, the authorities should be self-concerned before awaking the citizens. There still needs a lot of homework to be done if Nepal expects a boom in the IT sector. Internet can be boon as well as hell .If we use it right way it gives you right to live life king size inside your house without going to office for whole day.

Anyway this law has provided new trust to the Information Technology (IT) sector, and computer and IT professionals are hopeful that it will create a favorable situation for conducting IT business. It contains a strong provision of punishment against Cyber crimes according to the nature of the crime. As per the provisions of law, the government is fully authorized to punish Cyber criminal, an individual or institution.

The Electronic transaction Act also needs to evolve with the rapidly changing technology environment that breeds new forms of crime and criminals. We are now beginning to see new categories and varieties of cyber crimes, which have not been addressed in the ET Act. Another glaring omission in the Act, which contradicts the very objective of passing such a law encouraging e[1]commerce by giving it legal validity, is the fact that the ET Act does not cover electronic payment. However, some steps must be taken to address this issue. Also in the making is a law on data protection.

Thank You

Source: PRABINDA RAJ JOSHI, Kathmandu School of Law, Bhaktapur

Leave a Comment

Your email address will not be published. Required fields are marked *