H:\NAWARAJ\sap-international\cyber crime research\Cyber crime

Transcription

H:\NAWARAJ\sap-international\cyber crime research\Cyber crime
Cyber Cafes
of Nepal
Passage to
?
Cyber Crime
STUDY REPORT
SOUTH ASIA PARTNERSHIP -INTERNATIONAL
&
BELLANET ASIA (BELLASAP)
Kathmandu, Nepal
March 2007
1
This report is published under Creative Commons Attribution - NonCommercial
-ShareAlike 2.5
You are free:
•
to copy, distribute, display, and perform the work
•
to make derivative works
Under the following conditions:
Attribution. You must attribute the work in the manner specified by the author
or licensor.
NonCommercial. You may not use this work for commercial purposes.
ShareAlike. If you alter, transform, or build upon this work, you may distribute
the resulting work only under a license identical to this one.
•
For any reuse or distribution, you must make clear to others the
license terms of this work.
•
Any of these conditions can be waived if you get permission form
the copyright holder.
Your fair use and other rights are in no way affected by the above.
Full License: http://creativecommons.org/licenses/by-nc-sa/2.5/legalcode
copyright 2006 SAP International, Nepal
Editor: Mr. Prakash Shrestha
Layout design: Mr. Nawaraj Puri
Cover design: Mr. Anjan Shrestha
Published in Nepal 2006 by:
SAP International and Bellanet Asia
P.O. Box 23025
Lalitpur, Nepal
Tel: 977-1-5522234
Email: [email protected]
Website: www.bellanet.org
www.sapint.org
2
Preface
I
nformation and Communication Technologies (ICTs) is changing the way
we do business or deal with people. A very common example is that of
communication. Communication by posts that took days has now been
substituted by emails that can be done on a click of a mouse. People can easily
converse with each other despite the geographical isolation of many places.
ICTs have also brought changes in social behavior. It has supported in promoting
access of information to optimize livelihood options. Grameen Phones of
Bangladesh is one of such prominent examples where ICT has played a
complementary role in changing living status of poor and marginalized Bengali
women. School Net of Malaysia has used ICTs as a tool for promoting learning
environment of children so that they can transform into visionary and creative
citizens.
Each and every coin has two sides. There are not only positive aspects in
proliferation of ICTs, but negative aspects as well. Several cases of misuse of
these technologies for vested interest of some people have been observed.
These technologies have also been widely used for spreading terrorism as well
as other criminal activities. There are various incidents of bank robberies as
well as sending of socially harmful mails. Recently, there was news that website
of Ministry of Health and Population of Nepal had been hacked and turned
into a pornographic site. Strong monitoring mechanisms to avoid such incidents
in future has become imperative.
Cybercafes are major public browsing centers found commonly in cities and
semi urban areas of Nepal. These places are vulnerable from cybercrime point
of view. However, no study has been conducted to analyze the extent of their
vulnerability so far. BellaSAP, a consolidated structure of SAP International
and Bellanet Asia, has realized the urgent need to raise this issue with some
valid facts and figures for drawing attention of responsive and relevant
stakeholders. In this context, this study on "Cybercafes of Nepal: Passage to
Cybercrime?" has been conducted in coordination with Mr. Deepak Rauniar
who is Internet Security Expert of Nepal. We extend our gratitude towards Mr.
Rauniar for his hard work in coordinating the study process.
We are hopeful that this study might contribute in minimizing vulnerability of
these cybercafés as the passage for cybercrime. We have also provided some
recommendations that need to be implemented by concerned stakeholders for
ensuring safe computing environment in the country. The secure cyber world
would support in process of making best use of these technologies for
promoting development as well as strengthening democratic movement of
Nepal.
Dr. Rohit Kumar Nepali
Executive Director
SAP International
3
4
1. Introduction
1.1 ICT Fact Sheet of Nepal
1.2 Rationale of the Research
1.3 Scope and Limitations of the Research
1.4 Methodology of the Research
1
1
3
4
4
2. Cybercafés and Cybercrime
2.1 Unleashing the Perspectives
2.2 Cyber Law of Nepal: Electronic Transaction Act (ETA)
5
5
7
3. Cybercafés of Nepal Unearthed!
3.1 Registration and Supervision Status
3.2 Infrastructure of Cybercafes
3.3 Visitor Profiles
3.4 Visitors’ Supervision
3.5 Understanding of Cybercrime
3.6 Security and Control of Cybercafes
10
10
11
13
14
17
17
4. Cybercafés as Passage to Cybercrime
19
5. Strategic Directions
5.1 Recommendation for the Government
5.2 Recommendation for the Civil Society
5.3 Recommendation for the Cybercafé Operators and Users
21
21
23
24
6. Conclusion
25
Appendixes
28
Appendix A: Survey Instrument
Appendix B: Survey Tabulation
Appendix C: List of Cybercafés visited for the survey
Appendix D: Essential Policy Components to ensure cyber safe environment
5
6
Executive Summary
T
hough Nepal was able to make an early beginning in Information
and Communication Technologies (ICT), it could not benefit on
the early start. It has only been in recent times (the last decade)
that the real proliferation of ICT has taken place. In modern Nepal, one
finds a wide-spectrum of Nepalese enterprises that have not only been
successful in pursuing their ICT agenda including integration with the
global economy but also in exploiting ICT as an engine of growth.
While it is true that technologies including the Internet open doors to
numerous opportunities for enterprises, it has also a dark side, which
involves not only hacking and cracking, fraud and theft, pervasive
pornography, pedophile rings etc. but also extortion, money laundering,
pirating, corporate espionage, drug trafficking and criminal organizations.
And these are commonly known as cyber crimes.
Cybercafés are public places of Internet access and thus an important
tool of a society for access to information and e-services of all kinds. In
Nepal, one finds numerous cybercafés in operation that offer cheap, reliable
and relatively fast (compared to dial up connections) alternatives to the
Internet. They accordingly attract significant visitors with different needs.
However, considering cybercafés to be public places and thus the perceived
anonymity arising out of it, unfortunately they are also most vulnerable to
cyber crimes.
Research on the cybercafés of Nepal was done with the objectives of
determining their overall conditions in the country, and this paper
accordingly looks at the prospects of cyber crimes in these places of
public Internet access. Based on our research findings, we also provide
appropriate recommendations that we feel can help to strengthen the overall
position of cybercafés in the country and address the issue of cyber crime
in Nepali cybercafés.
7
8
1.1 ICT Fact Sheet of Nepal
Nepal had its first exposure to computer and computer systems as early
as 1971. However, despite such an early start, the country could not build
on the opportunities and prospects of ICT and ICT in the country developed
slowly.
The real progress in the ICT arena of the country can be considered to
have happened only after 1995 (Chapagain, 2006), when a large number
of enterprises went for automation. To support this drive, universities and
colleges started offering courses in computer science and computer
engineering, while the country saw a number of policy initiatives and
liberalization by the government. The private sector started to play its
anticipated dominant role.
Though Nepal has a relatively long experience of ICT (since 1971), it is
only in recent times (last decade) that the real proliferation of ICT (in
terms of increased usage and awareness) has taken place in the country.
While in modern Nepal one finds that the younger generation at large is
enthused with the latest in technology and the Internet, there is a significant
interest among the general masses including the government about ICT. It
is also true that the country still has a long way to go to harness technology
in its truest sense for overall socio-economic development.
Today, there is a wide-spectrum of Nepalese enterprises, which has been
successful in pursuing the ICT agenda, including integration with the global
economy and exploiting it as an engine of growth. Most of the significant
institutions like basic utility providers; banking and financial institutions;
tourism related institutions like hotels, airlines, travel agencies etc.; transport
e.g. airline, long distance buses etc.; industries etc., use ICT.
Modern banking facilities like the ATM are common place while a couple
of banks also offer electronic banking through the Internet (e.g. for
1
statement viewing). SMS based applications are still at their very primitive
stages. However, the number of organizations on this front is slowly
growing. Mobile and on-demand applications are yet to make their mark
in the market.
In the absence of a necessary Public Key Infrastructure (PKI), Nepal is
yet to acquire true electronic transaction level capabilities. Thus a number
of e-commerce applications with transaction level capabilities such as
online banking, e-trading, e-auction, online payment etc.; and e-governance
applications such as e-registration, e-procurement, e-voting, online
application for connections, licenses etc. are yet to make their mark in
Nepal (Report 4, 2005).
The level of ICT Penetration within different segments of the society is
as follows (Report 1, 2005; Report 2, 2005): Government 10%,
International NGOs 100%, MNCs 100%, Large Business Houses 70%,
Medium Companies 50%, SMEs 10%, Financial Sector 80%, Travel Trade
80%, Distribution 30%.
In recent times, a number of government enterprises have also undertaken
considerable efforts to computerize their services. The computerization
of telecom, the electricity authority, the provident fund and tax
departments, etc. are some notable examples. Though most notable
government and public agencies have websites, they largely disseminate
static information and downloadable files, which are often very stale (Report
3, 2005).
In the last decade, there has been a considerable effort and commitment
by the Government of Nepal towards ICT and its incorporation into the
development mainstream. The High Level Commission for Information
Technology (HLCIT), formed in 2003, is chaired by the Prime Minister
himself, and strives to demonstrate the strength its commitment. The
primary objective of the HLCIT is to oversee national ICT policies and
provide strategic directions to the Government.
The National Information Technology Center (NITC), a Nepal government
initiative is seen more as an implementing body of the government (as
opposed to HLICT). It has been involved in a number of initiative including
hosting and maintaining websites of the different ministries and government
agencies. In pursuit of the e-governance agenda of the government, it has
very recently unveiled the e-governance Master Plan of Nepal, that aims
to guide investments in e-governance in Nepal (Rauniar, 2006).
With the objectives of bridging the urban–rural digital divide, in the recent
past there has been considerable emphasis towards establishing ruraltelecenters. The Tenth Plan targets to establish rural telecenters in at least
2
1,500 village development committees all over the country. These
information centers resemble the Multipurpose Community Telecenters
concept promoted by the International Telecommunication Union. At
present, there are about 60 such telecenters in 23 districts under the aegis
of different agencies (Report 5, 2006). There are different cybercafés
established for providing easy access to these technologies.
1.2 Rationale of the Research
In the major cities of Nepal, a cybercafé can be found in almost all
important streets and buildings. Further, a significant number of the
numerous hotels and tourist lodges also maintain Browsing Centers or
cybercafés, targeted towards guests and visitors. In most instances, the
cybercafé is typically a room with a couple of computers and Internet
connectivity. Since, most of them are not registered one does not know
the exact number of cybercafés that operates in the country, and thus
their contribution to the economy and society.
The per hour charges of using the Internet at cybercafés in Nepal varies
from as low as Nepali Rs. 10 (12 US cents) to Rs.40 (60 US cents). Since
high speed internet including cable internets are yet to make their mark in
Nepal, accessing the Internet from cybercafés is often a cheaper and
faster proposition (than dialup connections) for many Nepalese, who are
generally youths.
There is no designated authority for the registration of cybercafés. Similarly,
none exist for their monitoring and supervision. Further, there is no policy
interventions specific to the cybercafés operating in the country. The net
result is that the cybercafés in the country operate with total independence
according to their wish and what they can afford. Essentials like secured
infrastructures, ideal operating norms, sound computing practices etc.
usually take a back seat. Accordingly, they are also mostly disorganized in
terms of resources including human resources and knowledge.
Cybercafés are public places of Internet access and thus are important
tools of a society for access to information and e-services of all kinds.
Unfortunately, considering cybercafés to be public places and thus with
the perceived anonymity arising out of it, they are also most vulnerable
places to commit cyber crimes.
Given the fact that unregistered, unregulated and unsupervised cybercafés
are undesirable as they provide enough incentives to persons looking for
safe heavens to commit cybercrime and get away uncaught. It is very
evident that these cybercafés are vulnerable to be the easy passage to the
cybercrime in the country. However, there has not been any attempt
3
analyzing the vulnerability of these centers. In this context, BellaSAP in
coordination with Mr. Deepak Rauniar undertook a research of the
cybercafés of Nepal with the objectives of finding the exact scenario of
their operations and the prospect of them being exploited by persons/
criminals intent on committing cybercrime.
1.3 Scope and Limitations of the Research
This is a preliminary study conducted to analyze vulnerability of cybercafés
as a passage to cybercrime. Due to resource and time constraint, the team
confined the research to the three cities of Kathmandu valley (Kathmandu,
Lalitpur and Bhaktapur). The research was conducted on a sample basis
covering 100 cybercafés situated in the valley. Thus, the limited district
coverage and number of the cybercafés is one of the major limitations of
the study.
Cybercafés are not only avenues for providing internet and communication
access. There are different telecenters and multimedia centers established
in different parts of the country. The study could not cover these centers
in this preliminary phase.
The team members selected major physical parameters related to
vulnerability of the cybercafés with regard to cybercrime viz: general
information, infrastructure, usages, operating practices, legal understanding
of cybercrime and cyber laws. These are not complete set of all the
parameters related to security of cybercafés. Therefore, this limited selection
of the security can also be considered as another limitation of the research.
1.4 Methodology of the Research
The data required for the study were obtained both from primary and
secondary sources. The secondary sources of the data comprised of the
reference documents indicated in the reference section. The primary data
was collected from the cybercafés situated in three cities of Kathmandu
valley (Kathmandu, Lalitpur and Bhaktapur).
Questionnaires were designed with the objectives of determining selected
parameters of security as mentioned in the above section. A sample survey
was done in ten cybercafés in Kathmandu city based on the questionnaire.
Based on the experience and the feedback received, the questionnaires
was refined (mainly to address the clarity issue of the questions) and
given the final shape (Appendix A). The final survey was done in 100
cybercafés of the country.
4
2.1 Unleashing the Perspectives
Cybercafés are public places of Internet access. These are an important
tool of a society for access to information and e-services of all kinds.
However, being public places and thus the perceived anonymity arising
out of it, unfortunately they also stand as one the most vulnerable places
to commit cybercrime.
Nepal has a significant number of cybercafés. Cybercafés can be found
in almost all important streets and buildings of major cities. However,
many of them are not registered and in the absence of a designated authority
to monitor and supervise them, all of them remain unsupervised. Further,
there are no policy interventions to regulate them.
Thus, the cybercafés of the country operate with complete freedom
accordingly to their wishes and what they can afford. The same is the
case with the visitors visiting these browsing centers. This raises serious
concerns in the light of cyber crimes as they provide enough incentives
for people looking for opportunities to commit cybercrime and get away
uncaught.
Cybercrime is often defined as an unlawful act, wherein a computer can
either be a tool, a target or both of the crime. Cybercrime may involve
criminal activities that are traditional in nature, such as theft, fraud, forgery,
defamation and mischief etc., or non-traditional activities such as hacking
(cracking), disrupting computer systems, infecting systems virus etc.
[10].
5
Instances of cybercrime, where a computer can be used as a tool for
unlawful acts usually involve modification of conventional crimes by using
a computer and/or the Internet. Some examples of such crimes are:
Financial Crimes - such as cheating, credit card frauds, money laundering
etc.; Cyber pornography - which includes pornographic websites;
pornographic magazines produced using computers and transmitted/
distributed through the Internet; Sale of illegal article - which includes
the sale of narcotics, weapons and wildlife etc., by posting information
on websites, auction websites, and bulletin boards or simply by using
email communication; Online gambling; Intellectual Property crimes which includes software piracy, copyright infringement, trademarks
violations, theft of computer source code etc.; Email spoofing - which
includes sending emails using spoofed email addresses; Forgery - which
includes producing counterfeit currency notes, postage and revenue stamps,
mark sheets using sophisticated computers, printers and scanners; Cyber
Defamation - which includes defaming someone, websites etc. with the
help of computers and/or the Internet; Cyber Stalking - which is defined
as the repeated acts of harassment or threatening behavior towards the
victim by using internet services.
When a computer is the target of the offense, the criminal’s goal is to steal
information from, or cause damage to, a computer, computer system, or
computer networks. Some examples of cybercrime where computers can
be the target (or both) of unlawful acts are Cracking (though hacking is a
misnomer in Nepal) - which is defined as the illegal intrusion into a computer
system and/or network. This can lead to malicious sabotage of computer
systems including networks, disruption of services, stealing of data and
information including confidential information, privacy violations, identity
theft, extortions etc. to name some.
Other examples of the above include Data/Information Theft - which
includes theft of information stored in computer hard disks, removable
storage media etc. in electronic form; Email Bombing - which refers to
sending a large number of emails to the victim filling his/her mail boxes;
Salami Attacks - which is often used for the commission of financial
crimes; Denial of Service Attack - which involves flooding a computer
resource with more requests than it can handle; Virus/Worm/Trojans/Logic
Bombs/Rabbi/Bacterium Attacks - which refers to infecting computer
systems with malicious software codes; Phishing – which is the act of
falsely claiming to be an established legitimate enterprise to a user in an
attempt to scam the user into surrendering private information that can be
used for identity theft.; Web Jacking i.e. forceful control of a website by
6
some one; Theft or Physically Damaging of a computer system; etc [14],
[15], [16], [17].
It is to be noted that the above is not an exhaustive list of examples of
cyber crimes. Numerous others exist. Further, as technology advances
opening new frontiers for humanity, there is always a possibility that these
will be exploited in new ways creating new forms and instances of
cybercrime.
The perpetrators of cybercrime range from teenage “cyber-joyriders” to
organized crime operations and international terrorists. The motives can
be many [1].
Some of the tools and techniques used by these people are: packet sniffing,
key logging, cracking (hacking), password attacks, overflowing buffers,
malicious code infections, denial of service attacks, distributed denial of
service attacks etc..
Given the sheer amount of economic and non-economic (social and national
security) impacts associated with cybercrime, today they stand as a
challenging and not to be neglected proposition for all countries that intend
to benefit from the realms of ICT. There should be strong policy
frameworks for reducing the darker impact of these technology
proliferations.
Some of the policies and acts of importance to the ICT sector of the
country are National Communication Policy (1992), Telecommunication
Act (1197), Information Policy (IT) Policy 2000, The Tenth Plan (20022007), Long Term Policy on Information and Communication Sector
(2002), Telecommunication Policy (2004), Electronic Transactions
Ordinance (2004), Electronic Transactions Act (2006) (URL1, 2006;
URL2, 2006; URL3, 2006).
2.2 Cyber Law of Nepal: Electronic Transaction
Act (ETA)
The recent developments in ICT and the emergence of modern ICT
concepts and applications such as e-governance, e-commerce, e-finance
etc. have made significant business and social impacts in Nepal as well. In
line with the anticipated benefits of ICT, a wide-spectrum of Nepalese
enterprises (from all sectors including the government), have not only
been successful in integrating ICT, including the Internet, with their
businesses processes, but have also been successful in exploiting it as an
7
engine of growth.
While technologies including the Internet open doors to numerous
opportunities to enterprises in terms of ease, speed, wider coverage, variety,
reduced costs etc.; it is also true that like a double edged sword, they also
provide significant opportunities and multiplier benefits for illicit businesses
as well. The sheer fact is that as brick-and-mortar companies move their
enterprises on to the World Wide Web seeking new opportunities for profits,
so too have criminal enterprises.
The other or dark side of the Internet involves not only hacking and
cracking, fraud and theft, pervasive pornography, pedophile rings etc. but
also extortion, money laundering, pirating, corporate espionage, drug
trafficking and criminal organizations. And these are commonly known as
cyber crimes. The perpetrators of cyber crimes range from teenage “cyberjoyriders” to organized crime operations and international terrorists.
Considering cyber crimes to be a special (and often non-traditional) type
of crime, many countries have come out with specific cyber laws to deal
with them. Electronic Transaction Action (ETA) is one of the major cyber
laws of the country. With the objectives of providing legal recognition to
electronic transactions i.e. transactions carried out by means of electronic
data interchange and other means of electronic communication, as an
alternative to paper-based methods of transactions, communication and
storage of information; and the sanctity of such electronic transactions
against unauthorized usage and illegal modification, the government of
Nepal has re-enacted the ETA in November of 2006.
The ETA is also known as the Cyber Law of Nepal and provides for the
legal recognition of electronic records and digital signatures and their
security. Broadly, the act consists of three significant aspects: (i) legal
recognition of electronic records and communications, which includes
contractual framework, evidentiary aspects, digital signatures as a method
of authentication, rules for determining the time and place of dispatch and
receipt of electronic records, (ii) regulation of Certifying Authorities (CAs),
which includes appointment of a Controller of CAs, granting of licenses
to CAs, duties vis-à-vis subscribers of digital signature certificates,
recognition of foreign CAs and (iii) cyber contraventions, which includes
civil and criminal violations, penalties, establishment of an adjudicating
authority etc. It also defines the security of electronic transactions in
terms of cryptographic techniques.
8
Under the ETA, the office of the Controller of Certifying Authority (CCA)
assumes responsibilities towards establishing the necessary Public Key
Infrastructure (PKI) required for online electronic transactions. Its
responsibilities also include appointing CAs from where subscribers can
obtain their digital signature certificates, authentication of entities in
cyberspace, security of electronic transactions and on issues pertaining
to computer related crimes.
In terms of cybercrime, the act discourages computer related crimes in
the country and makes specific provisions of penalty for damage to
computer, computer systems or computer networks - applicable to a person
or group of persons. It provides for offences of hacking; of destroying or
altering data; secrecy violations; furnishing wrong information and
furnishing wrong license or digital certificates. It also seeks to regulate
the Internet in some form by making publication of obscene information
in electronic form an offence. It provides necessary powers to the Nepal
Police and provisions for a special cyber court for such prosecutions.
The act even applies for computer related crimes made from outside Nepal
(Rauniar, 2006).
9
3.1 Registration and Supervision Status
Registration of the cybercafés can be regarded as one of the indicators
for tracing existence of these cafes. It also provides easy access to
government institutions to monitor and supervise tasks undertaken in these
centers. The research tried to analyze registration status of these cafes
present in Kathmandu valley. It was found that 45% of the surveyed
cybercafés of the country were not registered with any authority including
the tax offices (for taxation purposes). Of the 55% cybercafés that were
found to be registered, 55% were found to be registered with the respective
municipality of their city, 35 % with the tax office (PAN) and the rest with
the cottage industry etc.
The survey tried to analyze if there is any supervision and monitoring
performed to ensure secure cyber environment in the country. It was
found that none of the cybercafés were ever supervised or regulated by
any authority. In other words, all the cybercafés in the country are
unsupervised and unregulated.
10
3.2 Infrastructure of Cybercafes
The cybercafés that are concerned about the security of their centers are
equipped with the security infrastructures. In this study, the analysis was
done both in terms of the infrastructures present like computer and
multimedia services as well as security infrastructures present like server
security, computer operating system, patch management and internet
infrastructures. It is found that highly equipped centers are more concerned
about the security issues be it physical security of their equipments or
cyber security of internet world.
It is found that 55% of the cybercafés were using a separate server device.
The reasons for using a server varied and included such things as for
proxy, caching, network sharing, administration, etc. Windows XP was
found to be the most popular operating systems in these servers (83%).
This was followed by Windows 2000/2003 (11%), Windows 98 (4%)
and Linux (2%). Thus, Microsoft was found to dominate the server side
operating systems in the cybercafés of Nepal (98%) and the primary reason
for this was attributed to ease of use and learning. Only 9% of the
cybercafés were found to be using genuine software.
The management of server and server resources were found to be very
weak. Only 4% of the cybercafés were found to be managing patches/
software upgrades for their resources on a routine basis. 79% of these
resources were found to be very weak in their overall security (physical,
logical and others).
In terms of computer infrastructure available for visitors in cybercafés,
the average number of computers in a cybercafé was found to be 9. Only
27% of cybercafés were found to be offering multimedia resources to
their visitors. Of the surveyed cybercafés, 47% had PIV computers, while
53% offered PIII computers for Internet access to their visitors.
11
Windows XP (81%) was again found to be the most popular desktop
operating system. This was followed by Windows 2000 (7%), Windows
98(11%) and Windows Millennium (1%). Thus all i.e. 100% of the
cybercafés were found to be using Windows operating system in their
desktop computers. In terms of originality of software, like in servers,
only 9% of the software was found to be genuine. While there was very
little regards for routine patch management and software upgrades (3%)
for desktop computers.
On the internet infrastructure front, all major Internet Service Providers
(ISPs) were found to be involved as service providers to the cybercafés
of the country. Cable Internet was found to be the most used means of
Internet connectivity (52%),. This was followed by broadband (21%),
wireless (18%), dialup (7%) and others (2%) that included fiber optics,
DSL etc.. The subscribed bandwidth by the cybercafés was found to be
as follows: less than 64kbps-13%, 64kbps-48%, 128kbps-20% and more
than 128 kbps-19%. None of the cybercafés offered wireless (wifi)
connectivity.
12
3.3 Visitor Profiles
Visitor supervision can be considered as the major aspect regarding
cybercrime. This aspect of the survey tried to explore the average number
of visitors that visited cybercafés, their profiles and the purpose of their
visits, etc.
It was found that the average number of visitors was 309 visitors per
cybercafé per week. Thus, if one considers the average per hour cybercafé
usage charges to be Rs.20 per hour and the average usage to be equal to
one hour per visitor, the per week total revenue of cybercafés of Nepal
can be estimated to be Nepali Rupees 6,180 (around USD 87).
Of the visitors to cybercafés, 77% were found to be local visitors and the
rest (13%) to be foreigners. On the gender perspective, 56% of the visitors
were found to be male, while 44% of them to be female visitors.
The age group distribution of the visitors was found to be as follows:
Under 14 Years – 4 %, 14 Years to 19 Years – 35%, 20 Years to 29 Years
– 35%, 30 Years to 39 Years – 18%, 40 Years and above – 8%. Accordingly,
one can reason that of the total visitors to cyber cafes of Nepal, 70%
were youth i.e. in the age group of 14 – 29 Yrs.
13
As mentioned above, the survey tried to analyze visitor’s purpose of visiting
these cybercafés. Top five user activities recorded in the survey were
email, chatting, web browsing, printing, software downloads and gaming.
The survey also explored operator’s perception of their facility usage.
The finding of the survey was as follows: communication - 30% (i.e.
30% of the cybercafé operators thought that people visited their premise
for communication needs), social – 24%, entertainment – 22%, education
– 12% and business – 12%.
3.4 Visitors’ Supervision
It was found that a whopping 89% of the surveyed cybercafés of Nepal
did not maintain any Visitor Log Register. Therefore, tracing a visitor later
(e.g. with regards to cybercrime investigation etc.) would be very difficult.
Of the 11% that did maintain a Visitor Log Register, 100% were found to
make a log entry. However, these log entries were found to be more suited
14
for accounting purposes than for tracing a visitor in the event of a cyber
crime. None (i.e. 0 %) of the cybercafés required a photo identity of the
visitor for the Visitor Log or access to cybercafé resources.
83% of the surveyed cybercafés did not supervise the activities of their
visitors. While of the 17% that did supervise user activities, 82% were
found to be doing so manually. The remaining 18% only used software or
other forms of user activity supervision. None of the cybercafés had
Close Circuit Television (CCTV) cameras installed in their premises for
this purpose.
In 71% of the cybercafés of Nepal, it was found that visitors could easily
install any software they wished. Though, 70% of the cybercafés did
demand that prior permission be obtained by the visitor before installing
their software. While in the remaining 30% of the cybercafés, no prior
permission was required by visitors to install their software.
15
Further, 94% of the cybercafés allowed visitors to bring with them outside
devices and attach them to the system (e.g. USB drives etc.). Of such
cybercafés, only 42% performed a security check by scanning the devices
with an antivirus software before allowing such devices to be used in
their systems. The survey revealed that 92% of the cybercafés allowed
visitors to browse any website that they wished including sites of
unwarranted nature. However, a significant 67% of the cybercafés did
block adwares, popups etc.
It was found that 88% of the cybercafés allowed children to use their
facilities, while the remaining 12% did not allow children. Of the cybercafés
that allowed children to use their facilities, only 24% required that they
access the facilities under adult supervision. A whopping 76% freely allowed
children to use their facilities. Of the above, only 48% of the cybercafés
monitored children’s activities including the sites they were visiting. The
remaining 52% did not bother to do so.
16
3.5 Understanding of Cybercrime
The survey finding showed that there are relatively few major taken to
ensure cyber secure environment. The study also tried to analyze general
and legal understanding of these cyber operators regarding the threat of
cybercrime.
It was found that only 23% of the cybercafé operators knew about
cybercrime. A large 77% of the operators were ignorant of it. When asked
to name some cyber crimes the results were Hacking – 74%, Spam –
13%, Fraud – 8% and Others – 5%.
Though, a significant 48% of the operators did say that they knew that
their facility could be used by someone to perform cyber crimes, only 4%
said that they had taken precautions to deal with it. It clearly proved
vulnerability of these cybercafés which can be used as an easy passage to
cybercrime by the criminals.
When asked to list some of the issues that they faced: monopoly of ISPs,
quality of services of ISPs, increased competition, low profitability, high
cost of operations, an unorganized sector were found to be the most
common answers.
When asked, whether they knew about the legal provisions of cybercrime
in the country, 98% of the cybercafé operators were ignorant about it.
However, 99% of the operators did say that they would support government
regulations for cybercafés. It indicates an urgent need for legal provisions
to be ensured for protecting the cyber world.
3.6 Security and Control of Cybercafes
There is very inadequate understanding on the acuteness of the problems
related to cybercrime in the cybercafés. In this context, it is very natural
to have inadequate measures to prevent these crimes in these centers. The
survey tried to analyze level of security and control majors adopted in
these cybercafés. It was found that the cybercafés of Nepal were very
poor raising grave concerns. Only 2% of the cybercafés were found to
have implemented operating system (O/S) controls (through operating
systems or others) to secure their critical O/S and other files. A whopping
98% of cybercafés did not have any O/S controls, thereby exposing their
critical systems and other files and making them vulnerable to misuse.
It was found that 49% of the cybercafés did have password controls for
access to computing resources by visitors. However, this was a shared
resource and only 14% periodically changed their passwords on a routine
basis.
17
Antivirus was found to be quite a popular security control among all
cybercafés of the country. 90% of the cybercafés had antivirus software
installed in their systems. Of this 94% updated their antirust software on
a routine basis. It was revealed that only 15% of the cybercafés used
firewalls (hardware/software) to filter network traffic.
The survey also tried to look into the possibility of cybercafés using any
other security controls to secure their assets and provide a safe computing
environment to their visitors. We found that 3% of the cybercafés used
filters to block unwarranted websites, while 6% were found to be using
anti-spam controls. It was revealed that only 36% of the cybercafés backed
up their important files, while none had any controls for physical security.
Further, only 3% of the cybercafés monitored user activities (though
manually), while only 6% logged user activities.
18
From our research, it can be stated that the cybercafés of Nepal do not
provide a happy picture with regards to cybercrime. Our research shows
that for cyber criminals looking for opportunities of locations to commit
cybercrime and get away uncaught, the cybercafés of Nepal appear lucrative
for the following reasons.
45% of the cybercafés in Nepal are not registered with any authority
while none of the cybercafés are either supervised or regulated by any
authority. Further, of the 55% cybercafés that we found to be registered
with some authority, only 55% was registered with a proper authority (if
we consider the municipality to be a proper authority). Thus, almost 70%
of the cybercafés of Nepal were not registered. And they operated with
complete freedom with regards to the selection and use of resources.
Accordingly, it can be indicated that any one including criminal
organizations looking for safe havens to commit cybercrime can easily
set up infrastructures in the name of a cybercafé in Nepal.
In the absence of appropriate regulations; secured infrastructures; security
controls and practices; standard operating procedures like the maintenance
of visitor logs, photo identity checks, the supervision and monitoring of
visitor activities, logging of visitor usages, access restrictions to resources;
and the technical skills and capability of the operators, we also conclude
that one can exploit the cybercafés of Nepal to commit cybercrime and
get away with very chance of being caught.
And the reason that we say so is that we have found that most (94%) of
the cybercafés in Nepal allow visitors to bring with them outside devices
and use with their systems. Further, again a vast majority of them (71%)
19
allow visitors to install software that they wish. The only security check
carried out was the scanning of the device with an antivirus software.
Thus, a person can easily install any software (trojans, keyboard loggers,
packet sniffers, cracking tools etc.) in the cybercafés of Nepal and use it
to his advantage (hacking/cracking, financial crimes, defaming, spoofing,
forgery, online gambling, pornography, denial of service attacks, threatening
someone etc.).
Most (89%) of the cybercafés in Nepal do not maintain any (rest aside
proper) Visitor Log Register. None of them requires a photo identity check/
validation of visitors. Accordingly, it would become very difficult for any
investigating agency to trace a person committing a cybercrime from the
cybercafés of Nepal.
The study also revealed that a large number (88%) of cybercafés in Nepal
allowed children to use their facilities. Of this, 76% allowed children without
requiring any supervision for access and usage, while only 48% monitored
their activities. Given the fact that a majority (92%) of cybercafés in
Nepal do not block or filter web sites, we conclude that the risks to children
towards exposure to pornography, undesirable information etc. is very
high in Nepal.
Considering the general trend of crime investigation (conventional) in Nepal,
and the general ignorance of cybercafé operators with regards to technology,
cybercrime, law etc, it is realized that in the event of a cyber crime and its
investigations, the operators of cybercafés are also at risks of unwarranted
harassment, trouble etc. from the investigating agencies
20
The survey results and analysis showed that strong mechanisms need to
be established to monitor and maintain the situation of cybercafés in Nepal
in order to reduce the vulnerability of these cafes to exploitation to commit
cybercrime.
Given the fact that in recent times the country is also making significant
attempts towards electronic transactions (e-governance, e-commerce etc.),
by addressing the issue of cybercrime and initiating sound computing
practices, we feel that our recommendations will help to strengthen this
proposition as well.
A collective effort is required to transform the present situation of vulnerable
cyber space into a safe and secure cyber world. Some of the major
stakeholders that can support in promoting security of the internet space
are: government, civil society, cybercafé operators and cybercafé visitors/
users. Specific strategic directions for the identified stakeholders can be
presented as follows:
5.1 Recommendation for the Government
• Ensure appropriate policies, guidelines and regulatory
framework
Government should develop policies, guidelines and regulatory
frameworks for reducing cybercrime in the country. The policy
frameworks should focus on supervising computing interventions
of visitors in cybercafés. There should be mechanisms developed
to trace these visitors as and when required. The security of the
cybercafés should be enhanced so that these centers cannot be
used as the site for pornography, terrorism and other crime related
activities. The policy document should enable licensing apparatus
of these cybercafés as a mechanism to ensure cybercrime resistant
areas. Please refer Appendix D for detailed information.
21
• Develop mechanism for the registration and supervision of
Browsing Centers
All Browsing Centers (cybercafés, telecenters, and other browsing
centers opened in private premises such as hotels etc.) in the country
should compulsorily be required to register themselves with the
authority and obtain a valid license for operations which they should
put on display in their premises (along with the other licenses such
as company registration certificate, tax registration etc. that
companies normally display in their premises). Any Browsing Center
without license or an invalid license should be barred.
The authority should also be responsible for conducting periodic
as well as non-periodic supervision of Browsing Centers. The
authority should be adequately equipped in terms of resources and
skills to carry out their responsibilities. There should be reward
mechanisms for promoting role models in the cyber secure
environment.
• Strengthen licensing process of Cybercafés
The licensing process of cybercafés should require Browsing Center
owners to give an undertaking and an indemnity bond before
obtaining a license. The licenses issued to cybercafés should be
periodic in nature (requiring renewal on specific time period, which
as per established practice can be one year). Renewal of the same
should be subject to the compliance of established rules and
regulations, policies, norms etc.
• Establish cybercrime investigations and prosecution
mechanisms
Computer Emergency Response Teams (CERTs) as well as Cyber
Courts should be established as provisioned in the Electronic
Transaction Act of the country. There should also be capacity
enhancement interventions targeted to Nepal Police so that they are
competent enough to prosecute cybercrime investigations. The
government should not view the above as costs but as a key enabling
factor of electronic transactions (e-governance, e-commerce etc.)
in the country.
• Strengthen capacity of cybercafés and browsing centers to deal
with cybercrime
Cybercafé operators and users should have adequate knowledge
on legal provisions with regard to cybercrime prevention. They
should support government in implementing these rules and
regulations. They should cooperate with government authorities
during monitoring and supervision for preventing and detecting
cybercrime in their cafes. They should provide recommendations
and suggestions for reducing policy gaps of the government so
22
that secure cyber space can be created in the country. In order to
perform these roles, government should support in building their
capacities as well as investigation and monitoring skills. Government
should recognize best cybercafés who had worked in reducing
these cyber crimes and promoting cyber secure environment.
5.2 Recommendation for the Civil Society
• Encourage wider research on prevalence of Cybercrime
There should be in-depth analysis for reviewing prevalence of
cybercrime and their impact in socio economic development of the
country. This research has been able to cover only limited scope of
cybercafés as well as cybercrime. There should be extensive research
conducted on vulnerability of all browsing centers available in the
country along with rural telecenters. There should also be research
conducted to analyze policy gaps. These research documents should
be taken as a reference for providing policy recommendations to
the government. These studies also support in the process of
understanding critical issues of cybercrime and solutions to
overcome these challenges.
• Increase awareness on acuteness of vulnerability of Browsing
Center
Civil Society including media can play a strong role in sensitizing
communities and wider mass about negative impact of cybercrime
as well as vulnerable situation of Browsing Centers. There should
be awareness camps, interactions and workshops organized to
discuss issues of vulnerability of these centers and criticality of
cybercrime in the country. These gathering will also support in
building common understanding on various aspects of insecure
environment of the cyber space.
• Enhance capacity of Browsing Center
Civil society organizations should work towards building capacity
of browsing centers. These centers should be made aware on the
vulnerability of these centers. They should also be equipped with
skills to overcome these vulnerable situations. There should be
training programs focused on improving their income level thereby
supporting cyber secure environment. It can be done by sharing
best practices and models present in South Asia as well as in the
global level.
• Pressurize government for enforcing policies to prevent
cybercrime
Civil Society should advocate for enforcing strong policies to prevent
cybercrime in the country. Policy research conducted to analyze
23
policy gaps should be shared with the government institutions for
taking strong actions to reduce these loop holes in the policies. There
should be strong pressure for ensuring strong mechanism and
competencies required for implementing cyber law in an effective
manner. Advocacy and media campaigning should be organized to
draw government attention towards the issues of vulnerability of
these browsing centers as an easy passage to cyber criminals.
5.3 Recommendation for the Cybercafé Operators
and Users
• Ensure security of Cybercafés
Cybercafé operators should understand that their facilities can be
used by criminals to commit cybercrime (with serious
repercussions), and thus they need to play pro active role to minimize
chances of exploitation of their respective cybercafés. These
operators should have knowledge on basic technologies that are in
place, how they can be exploited to commit cybercrime, and the
legal provision of cybercrime in the country.
They should develop a basic understanding of different security
resources such as filtering software, user activity logging software,
anti spam software, anti spyware, popup blockers, firewalls etc.,
which can help them secure their resources. Further, with regards
to the same developing a mindset that expenses associated with
securing resources are not costs but essential operating requirements
and a key business enabler which would help significantly.
• Strengthen visitor supervision mechanisms
Cybercafé operators should understand that supervising activities
of visitors can support in reducing probabilities of cybercrime. They
should strictly maintain visitor logs as well as store photo identity
of these visitors. It will help to trace these visitors as and when
required. The operators should also proactively monitor visitor
activities. The visitors should not be allowed to install any software,
attach devices in the computer of the Browsing Center. The
operators should be additionally vigilant with children so that they
will not be victimized. Installing CCTV cameras can also help in
this regard.
• Operate under safe computing practices
Cybercafé users should understand that when they use public places
of Internet access (cybercafés, tele-centers etc.) they are vulnerable
to a number of threats/risks. They should develop an understanding
of what these threats/risks are and how they can protect themselves
from these while still enjoying the benefits of public Browsing
Centers. Finally, they should understand safe computing practices
and follow it to remain safe.
24
With regards to ICT in modern Nepal, one finds a wide-spectrum of
Nepalese enterprises that have not only been successful in pursuing their
ICT agenda including integration with the global economy but also exploiting
it as an engine of growth. While it is true that technologies including the
Internet open doors to numerous opportunities for enterprises, it has also
a dark side that provides significant opportunities and multiplier benefits
for illicit business as well. These are commonly known as cybercrime.
The report tried to present an assessment on the conditions of cybercafés
in Nepal and provide appropriate insights on the issue of the potential of
cybercrime from these public places of Internet access. The study revealed
that these browsing centers can be easily exploited for committing
cybercrime that may threat the development process of the country. There
should be good mechanisms for ensuring tracking system of the visitors
for minimizing the potentials of the cybercrime. The study also pointed
out a need for legal provisions for promoting security of these cybercafés
including registration, supervision and control to ensure safe computing
environment in the country.
Based on the ground reality that has emerged from the survey
recommendations were also provided to major stakeholders of the
cybercrime prevention. There is a need of a consolidated effort for making
these public internet access centers secure so that people can benefit
more for the proliferations of the technologies.
25
References
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
Sinrod , E.J., & Reilly.W.P, Cyber-crimes: A Practical Approach to the
Application of Federal Computer Crime Laws, Computer and High
Technology Law Journal, 2000
Chapagain, D.P., PPP Led ICT Enabled Services in Rural Nepal,
Kathmandu/Nepal, Economic Policy Network, Ministry of Finance,
Nepal Govt., 2006
Road Map on e-payment for developing countries - Nepal, Geneva,
Report of the International Trade Center, UNCTAD/WTO, 2005
B2B e-Marketplaces – Country Profile: Nepal , Geneva, Report of the
International Trade Center UNCTAD/WTO, 2005
ICT Policy Formulation and e-Strategy Development – A
comprehensive Guidebook, Thailand, Report of the Asia-Pacific
Development Information Programme (UNDP – APDIP), 2005
An Overview of ICT Policies and e-Strategies of Select Asian
Economies, Thailand, Report of the Asia-Pacific Development
Information Programme (UNDP – APDIP), 2004
Creating Knowledge Revolution in Nepal – Swabhiman 2062, The
National Conference on Rural Telecenters in Nepal, Nepal, High Level
Commission for Information Technology, 2006
Rauniar. D, Electronic Transaction Ordinance - Country Report Nepal,
Paper presented at the meeting of the Asian Productivity Council,
Hyderabad, India, 2005
Rauniar. D, Security in the Cyber Space – Nepal Fact File, SEARCC
Annual ICT Conference - 2006, Sri Lanka, Computer Society of Sri
Lanka, 2006
Phil Williams, Organized Crime and Cybercrime: Synergies, Trends,
and Responses, Retrieved December 05, 2006 from http://
www.pitt.edu/~rcss/toc.html
Electronic Transaction Act, Retrieved December 25, 2006 from http:/
/www.hlcit.gov.np
Nepal ICT Fact File, Retrieved December 25, 2006 from http://
www.nitc.gov.np
National Telecom MIS Reports, Retrieved November 27, 2006 from
http://www.nta.gov.np/mis_report.html
White Collar Crimes, Retrieved November 27, 2006 from http://
www.cidap.gov.in/cybercrime.aspx
Karnataka to police cybercafés- The Times of India, Retrieved
November 27, 2006 from http://www1.timesofindia.indiatimes.com/
cms.dll/articleshow?art_ID=16191037
Techno-Legal Compliance In India: An Essential Requirement,
Retrieved November 27, 2006 from http://www.crime-research.org/
articles/2130/1
Cybercrime Investigation Cell Mumbai: Warning - Cyber space is
safe to use; unsafe to misuse, Retrieved November
26
Suggested Reading Materials
Balkin.J.M. (2007), Cybercrime: Digital Cops in a Networked Environment, New
York, USA, University Press
Steel.C. (2006), Windows Forensics: The Field Guide for Corporate Computer
Investigations, Wiley
Wyler.N.R, Potter.B. & Hurley.C. (2005), Aggressive Network Self-Defense, USA,
Syngress Publishing
Bayles.A.W. Hurley.C., Long.J., Brindley.E., Foster.J.C & Klaus.C.W (2005),
Infosec Career Hacking: Sell Your Skillz, Not Your Soul. USA, Syngress
Publishing
Alder.R., Hurley.C., Parker.T., Russell.R., Beale.J., Eller.R., Hatch.B. & Moss.J.
(2005), Stealing the Network: How to Own an Identity. USA, Syngress
Publishing
Caruso.K., Long.J., Hurley.C., Owad.T., Norwell.P. & Potter.B. (2005), OS X for
Hackers at Heart: The Apple of Every Hacker’s Eye, USA, Syngress Publishing
Pollitt.M. & Shenoi.S. (2005), Advances in Digital Forensics, USA, Springer
Verlag
Jones.K.J., Bejtlich.R. & Curtis.W.R. (2005), Real Digital Forensics: Computer
Security and Incident Response, USA, Addison-Wesley Professional
Carrier.B. (2005), File System Forensic Analysis, USA, Addison-Wesley
Professional
Farmer.D. & Venema.W. (2004), Forensic Discovery, USA, Addison Wesley
Professional
Carvey.H. (2004), Windows Forensics and Incident Recovery, USA, Addison
Wesley Professional
Casey.E. (2004), Digital Evidence and Computer Crime, USA, Academic Press
Long.J., Skoudis.E. & Eijkelenborg.A.V (2004), Google Hacking for Penetration
Testers, USA, Syngress Publishing
Westby, J.R. (2003), International Guide to Combating Cyber crime, USA,
American Bar Association
Westby.J. (2003), International Guide to Combating Cybercrime, USA, American
Bar Association
Shinder.T. (2002), Scene of the Cybercrime, Retrieved February 24, 2007,
from http://www.isaserver.org/articles/Deb_Shinder_releases_new_
book_on_Cybercrime.html
Furnell.S. (2001), Cybercrime, USA, Addison-Wesley Professional.
Thomas. D. (2000), Cybercrime: Law Enforcement, Security and Surveillance,
Routledge, UK, Information Age
Richards, J.R. (1999), Transnational Criminal Organizations, Cybercrime, and
Money Laundering, USA, CRC Press
Newman.J.Q. (1999), Identity Theft: The Cybercrime Of The Millennium, USA,
Loompanics Unlimited
UR1, Schneier on Security, Retrieved February, 2007, from http://
www.schneier.com/blog/
27
Appendix A: Survey Instrument
Section A: Cybercafe details
Name:
Address:
Tel:
Email Id:
Contact Person:
Registration:
Registered (Y/N)
if yes, Authority? …………………..
Supervision by any authority? (Y/N) if yes, Authority? ……………
Section B: Infrastructure
1. Server
Sever (Y/N)
Usage (proxy, firewall etc.):
Secured (Y/N)
Server O/S
Genuine (Y/N)
Patch Management (Y/N)
2. Computers
No. of Computers: Major Computer Type:
Multimedia (Y/N)
Operating System: Genuine (Y/N)
Patch Management (Y/N)
3. Internet Service Provider (ISP)
Name of ISP
Total Bandwidth
Type of connection
IP Address
28
4. Wi-Fi (Y/N)
5. Security and Controls
Computer Controls (Y/N)
Type of Control
(E.g. users are provided restricted access to system files etc.)
Software Controls (Y/N) Type of Control Patch Management (Y/N)
(E.g. domain access etc.)
Wi-Fi Controls (Y/N)
Type of Control
Other Controls
Password Controls (Y/N)
Activity Logging Software (Y/N)
User Monitoring Software (Y/N)
Antivirus - in all computers (Y/N)
Routine change of passwords (Y/N)
Software Name………………..
Software Name………………..
Software Name………………..
Routine Update of A/V (Y/N)
Filters - to block unwanted sites (Y/N)
Software Name………………..
Anti Spam Software (Y/N)
Software Name………………..
Any other controls (Y/N)
Software Name………………..
Firewalls (Y/N)
Hardware/Software Name…………..
Backups
Time Synchronization to NST in all
equipments (Y/N):
Surveillance System (CCTV etc.): Security Guards (Y/N):
Section C: Usage
Owners Perceived Usage of the Cybercafe
Business
…………………..
Communication
…………………..
Education
…………………..
Social
…………………..
Entertainment
…………………..
Average No of Visitors / Week
Local
…………….
Foreigner
…………….
Gender Profile of Visitors
Male
…………….
Female …………….
29
Age group profile of visitors
Under 14 years
14 Years – 19 Years
20 Years – 29 Years
30 Years – 39 Years
40 Years and above
…………………..
…………………..
…………………..
…………………..
…………………..
Top five Internet activities
(Browsing, email, chatting, phone calls / net phone, downloads/uploads, ecommerce, Online/offline games, documentation, printing, fax services etc.)
………………….. ………………….. …………………..
………………….. ………………….. …………………..
………………….. ………………….. …………………..
………………….. ………………….. …………………..
………………….. ………………….. …………………..
Age group wise Internet activities (please list top three in order for each
age group)
(Browsing, email, chatting, phone calls / net phone, downloads/uploads,
e-commerce, Online/offline games, documentation, printing, fax services
etc.)
Under 14 years
…………………..
14 Years – 19 Years
…………………..
20 Years – 29 Years
…………………..
30 Years – 39 Years
…………………..
40 Years and above
…………………..
Section D: Operations
Visitor Log Register (Y/N)
If, yes
Is every visitor entry strictly logged (Y/N)
Are photo identities of visitors required (Y/N)
Activity of the visitors supervised (Y/N)
If yes, how? ……………………………………………………….
Activity of the visitors supervised (Y/N)
If yes, how? ……………………………………………………….
User Activity Log maintained? ……………………………………….
30
Can visitors install their own software? (Y/N)
If yes, is permission required (Y/N)?
Is selective site blocking in place? (Y/N)
Are adwares, popups etc. blocked? (Y/N)
Are outside devices allowed (diskettes, USB drives etc.)?
If yes, is any security check done (e.g. virus scanning etc.)
Access by children
Access supervised (Y/N) Activity supervised (Y/N)
Section E: Legal Understanding
Does the operator know what cyber crime is? (Y/N)
If yes, list some cyber crimes known by the operator
Does the operator understand that their computers can be used to commit
serious cyber crimes? (Y/N)
If yes, any precautions in place?
Does the operator know about the legal provisions of cyber crimes in Nepal
(Y/N)?
Would they support regulations on cybercafés from the government (Y/N)?
Some issues of the operator with regards to running cybercafés in Nepal.
……………………………..………………………............................................
……………………………..………………………............................................
……………………………..………………………............................................
……………………………..…
Some recommendations of the operator on improving the conditions of
cybercafés in Nepal
31
Appendix B: Survey Tabulation
TABULATION OF FINDINGS OF RESEARCH ON CYBERCAFES
General Information
Team Leader : Deepak Rauniar
Team Members : Smriti Pradhan, Nitesh Agrawal, Jayant Agrawal
Research Sponsors : South Asia Partnership
Research Information
Sample Size: 100
Locations : Kathmandu Valley (Kathmandu, Lalitpur and Bhaktapur)
32
33
34
S.No
Particulars
2.04.04
Other Controls
2.04.04.01
2.04.04.02
2.04.04.03
2.04.04.04
2.04.04.05
2.04.04.06
2.04.05
Findings
Filters
Yes
No
3%
97%
Yes
No
6%
94%
Yes
No
9%
91%
Yes
No
36%
64%
Time
Synchronization
to NST
Yes
No
94%
6%
Physical Security
Yes
No
0%
100%
Antispam
OS/Protection
Backups
Controls for Visitors
2.04.05.01
2.04.05.02
User Activity
Monitoring
Yes
No
3%
97%
Yes
No
6%
94%
User Activity
Logging
3.0 Usage
3.01 Owners' perception of its facility usage
3.01.01 Percieved Usage
3.01.01.01
Business
3.01.01.02
Communication
3.01.01.03
Education
3.01.01.04
Social
3.01.01.05
Entertaintment
3.02
Visitors Profile
3.02.01 Average No. of Visitors/Week
3.02.01.01
12%
30%
12%
24%
22%
309
Local Vs.
Foreigner
Local
Foreigner
35
238
71
Remarks
36
37
38
39
40
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
S.No.
Desaymadu Ihya Cyber Club
S.P. Fass Cyber
Intel Cyber & Communication
Comtech Cyber
Om Saajha Sewa
Cyber Sansar
Global Link Service
Microworld
Peace Cyber Café
One World E-café
Grahambell Communication
Himalayan Cyber Café
Lalit Enterprises
ACBC Cyber
Metkha
Rosar Cybers
Fass Cyber
Cycom Cyber Café
Unlimited Cyber Café
SMS Cybercafe
Net Café
Cyber Communication
Patan Online
Name
Naradevi
Balkhu
Pakanajol
Tripureshwor
Bagbazar
Bagbazar
Thamel
Chhetrapati
Bagbazar
Chhetrapati
Chhetrapati
Kumaripati
Prayagpokhari, Patan
Pakanajol
Patan Dhoka
Naxal
Yatkha
Kalimati
Kalimati
Pulchowk
Thamel
Thamel
Patan D Square
Address
4261119
2200323
2200120
5540037
4700062
4263915
5534365
4230338
4301799
4268826
4268624
4247841
9841517218
4700193
4219719
4269162
4216360
4262221
5528413
5533646
4257094
5544910
Telephone
Appendix C: List of Cybercafés visited for the survey
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
E-mail
Sumit Devkota
Pravin Sharma
Bijay Rajbhandari
Suresh Shah
Shiv Shah
Rajan K. Shrestha
Ranjan Bogati
Raj Karmacharya
Akash Shrestha
Saira Banu
Rajan Maharjan
Bishwa Maharjan
Buddha Maharjan
Dhiraj Shah
Ajay Maharjan
Ramesh Rupakhati
Mukti Pandey
Mahendra Banshi
Prem Neupane
Purushottam Shrestha
Dipendra Sapkota
Mukesh Kumar
Bishwa Shakya
Contact Person
41
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
S.No.
Communication Zone & Cyber
Ratopul Cybercafe
Fass Cyber
Cyber Junction
Subm
Saj Creation
Chobato Cyber
Uno cyber
Eco Cyber Net
Global Link
Cyber World
D_LUX Cyber
Dolphin Cyber
Yo Cyber Café
Yonzon Cyber Café
Bhabhateni cyber café
S3 Cyber Café
Web Akar
Chomalung
Aroma
Smriti
Hallmark cyber
Ktm. Cyber
Sanchatgriha
Nanglo cyber
Name
Kumaripati
Kalimati
New baneshwor
maitidevi
Jawlakhel
Kalimati
Ratopul
Dillibazar
Kalikasthan
Kalikasthan
Ratopul
New Baneshwor
Koteshwor
Thamel
Thamel
Gahana Pokhari
Gahana Pokhari
Gairidhara
Bhatbateni
Bishalnagar
Bhatbateni
Naxal
Maitidevi
Ekantakuna
Address
4418986
4432484
2171292
5545040
4460727
5525546
4285821
4469260
4462829
5543817
4411899
4701647
4424442
4440391
4415702
4442532
4273101
4442699
4442699
4445410
4442162
4429870
4467514
Telephone
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
E-mail
Ujjwal Thapa
Tanka Pahadi
Sanjay Maharjan
Miss Reetu
Miss Navina
Mr Rajan KC
Mr. Lokendra
Mrs. Daya
Mr Sagar Shrestha
Mr Prajwol Shrestha
Mr. Sandeep Yonzon
Mr. Hari Dhakal
Mr. Saroj
Mr. Bimal thapa
Mr. Sherbahadur Rao
Sashi Bhuja
Bishma K. Nath
anish
Jatan sharan
Pravin sharma
Pramod Dangol
Keshav Gopali
Ramesh Limbu
Ravi Sharma
Contact
Contact Person
Person
42
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
S.No.
Boyz cyber
Safu cyber
Cyber link
Ninam cyber
MSN
Cyber net
Cyber zone
Easy cyber
Cyber.com
Universal Cybercafe
Space cyber
cyber annex
Global cyber
click cyber café
Click online
Cyber link
Fastest cyber
Cyber Village
Net café
Kailash net
namaste cyber
Himalayan
Green belt
online café
rapti communication
Name
New baneshwor
thimi
Kumaripati
ekantakuna
Pulchowk
Jawlakhel
Patan durabr square
Lagankhel
Bagbazar
Kalimati
kalimati
patan dhoka
patan dhoka
patan dhoka
mangal dhoka
Patan durabr square
Anamnagar
Thamel
Thamel
thamel
thamel
kupondole
gwarko
kumaripati
hattisar
Address
4277434
5550278
5545981
5536649
5555032
5533486
4241169
4413569
4701100
4700247
4440687
5551789
5540205
5526895
4424471
5521238
9803087651
5009044
5535924
5527033
5537319
4219302
4465257
Telephone
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
E-mail
Mr. Suraj
Gyanu shyam
chandra
Suraj maharjan
Bijay
Hemant shakya
Shyam Maharjan
Saroj kapali
Krishna dhakal
manoj
bishwash
saroj sagar
kavita bohara
aamir k.c.
harka b. thapa
Urmila gurung
Madan shrestha
Krishna gurung
Bishal thapa
Niraj raut
Suvarna maharjan
Surendra shakya
Hem thapa
Ravi hadu
Contact
Contact Person
Person
43
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
S.No.
online cyber
blackwindow
new zero point
effort communication
overseas communication
chitwan cyber
ambika communication
broadway cyber
communication cyber
Mac cyber
kumari cyber
E-Spot
Net Café
Click & Connect
Sai Communications
Cyber Street
Heritage Cyber
Kathmandu Business Center
B.R. Cyber World
Cyber Corner
Internet/Mail
Hotel Mt. Holiday
Connection Centre
Surf Internet Cafe
Durbar Square Cyber Link
Kantipur Communication Centre
Cyber Room
Name
hattisar
baneshwor
baneshwor
pulchowk
pulchowk
baneshwor
anamnagar
maitidevi
putali sadak
bagbazar
durbar square
Khichapokhari
Tripureshwor
Pako
Tahachal
Pako
Kastamandap
Thamel
Basantpur
Basantpur
Thamel
Thamel
Thamel
Thamel
Basantpur
Chhetrapati
Thamel
Address
4245853
2012015
4273827
4229420
4219104
4260833
4258537
4220680
4700599
4253555
4252541
4265358
4231627
4260186
4266079
2004990
4461336
4494541
5521894
5528367
4482074
4269088
4476659
4430612
4226918
4238522
Telephone
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
E-mail
shyam shrestha
s.p. limbu
subarna thapa
suresh chitrakar
rajendra bajracharya
madhav raj ghimire
hari sharma
govinda khatewada
dinesh maharjan
prabin pahara
gagan dangol
Rabindra
Devendra Shrestha
Navin Khadka
Sai Ram
Suraj maharjan
Suman Shahi
Bijay Shakya
Bikash Shrestha
Raj Shakya
Grish Man Pradhan
Tirtha Adhikari
Hari Khadka
Dheeraj Shrestha
Krishna
Pratik Shrestha
Komal Gurung
Contact Person
Appendix D: Essential Policy Components to ensure
cyber safe environment
Government should develop appropriate policies, guidelines and regulatory
framework for the Browsing Centers. Some of the major components of
the document are as follows:
a) Compulsory Log Register of visitors needs to be maintained by all
Browsing Centers in the prescribed format. Such Log Registers should
be maintained for one year and provided to the law enforcement
authorities on demand.
b) Every visitor needs to provide a valid photo identity card on a compulsory
basis to access the resources of the Browsing Center. Children without
card shall be accompanied by an adult with photo identity card.
c) All the computers of the Browsing Center needs to be equipped with
software to avoid access to the websites relating to pornography,
terrorism and other objectionable materials.
d) ISP certificate, IP address, total bandwidth etc. needs to be provided
to the licensing authority (at the time of obtaining a new license, license
renewal or on demand).
e) Information on hardware and storage media of the computers in the
Browsing center needs to be provided to the licensing authority. Any
replacements, repair shall be acknowledged to the licensing authority
with the code, make and numbers of the hardware.
f) Browsing Centers should not allow visitors to install any software in
the resources of the Browsing Center.
g) Browsing Centers should not allow visitors to use their devices in the
resources of the Browsing Center. Should the same be required (e.g.
to copy file downloads etc.), Browsing Centers should make appropriate
provision of the same in a secure manner.
h) All time clocks of the resources in the Browsing Center should be
synchronized to Nepal Standard Time (NST).
i) Law enforcement authorities are authorized to check or inspect
compliance.
j) Minors shall not be allowed to use cubicles or partitions.
k) Browsing Center Operators should take sufficient precautions so that
computers are not used for any illegal or criminal activity.
l) Browsing Center Operators shall cooperate with law enforcement
authorities on cybercrime investigations.
m) Browsing Center Operators would be responsible for maintaining the
following records for six months.
i. Internet Browser Cache
ii. Website History
iii. Internet Cookies
iv. Modem Logs
v. Internet Downloads
vi. Proxy logs
vii. Other logs created by Network software
viii. Personal Identification
44