H:\NAWARAJ\sap-international\cyber crime research\Cyber crime
Transcription
H:\NAWARAJ\sap-international\cyber crime research\Cyber crime
Cyber Cafes of Nepal Passage to ? Cyber Crime STUDY REPORT SOUTH ASIA PARTNERSHIP -INTERNATIONAL & BELLANET ASIA (BELLASAP) Kathmandu, Nepal March 2007 1 This report is published under Creative Commons Attribution - NonCommercial -ShareAlike 2.5 You are free: • to copy, distribute, display, and perform the work • to make derivative works Under the following conditions: Attribution. You must attribute the work in the manner specified by the author or licensor. NonCommercial. You may not use this work for commercial purposes. ShareAlike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. • For any reuse or distribution, you must make clear to others the license terms of this work. • Any of these conditions can be waived if you get permission form the copyright holder. Your fair use and other rights are in no way affected by the above. Full License: http://creativecommons.org/licenses/by-nc-sa/2.5/legalcode copyright 2006 SAP International, Nepal Editor: Mr. Prakash Shrestha Layout design: Mr. Nawaraj Puri Cover design: Mr. Anjan Shrestha Published in Nepal 2006 by: SAP International and Bellanet Asia P.O. Box 23025 Lalitpur, Nepal Tel: 977-1-5522234 Email: [email protected] Website: www.bellanet.org www.sapint.org 2 Preface I nformation and Communication Technologies (ICTs) is changing the way we do business or deal with people. A very common example is that of communication. Communication by posts that took days has now been substituted by emails that can be done on a click of a mouse. People can easily converse with each other despite the geographical isolation of many places. ICTs have also brought changes in social behavior. It has supported in promoting access of information to optimize livelihood options. Grameen Phones of Bangladesh is one of such prominent examples where ICT has played a complementary role in changing living status of poor and marginalized Bengali women. School Net of Malaysia has used ICTs as a tool for promoting learning environment of children so that they can transform into visionary and creative citizens. Each and every coin has two sides. There are not only positive aspects in proliferation of ICTs, but negative aspects as well. Several cases of misuse of these technologies for vested interest of some people have been observed. These technologies have also been widely used for spreading terrorism as well as other criminal activities. There are various incidents of bank robberies as well as sending of socially harmful mails. Recently, there was news that website of Ministry of Health and Population of Nepal had been hacked and turned into a pornographic site. Strong monitoring mechanisms to avoid such incidents in future has become imperative. Cybercafes are major public browsing centers found commonly in cities and semi urban areas of Nepal. These places are vulnerable from cybercrime point of view. However, no study has been conducted to analyze the extent of their vulnerability so far. BellaSAP, a consolidated structure of SAP International and Bellanet Asia, has realized the urgent need to raise this issue with some valid facts and figures for drawing attention of responsive and relevant stakeholders. In this context, this study on "Cybercafes of Nepal: Passage to Cybercrime?" has been conducted in coordination with Mr. Deepak Rauniar who is Internet Security Expert of Nepal. We extend our gratitude towards Mr. Rauniar for his hard work in coordinating the study process. We are hopeful that this study might contribute in minimizing vulnerability of these cybercafés as the passage for cybercrime. We have also provided some recommendations that need to be implemented by concerned stakeholders for ensuring safe computing environment in the country. The secure cyber world would support in process of making best use of these technologies for promoting development as well as strengthening democratic movement of Nepal. Dr. Rohit Kumar Nepali Executive Director SAP International 3 4 1. Introduction 1.1 ICT Fact Sheet of Nepal 1.2 Rationale of the Research 1.3 Scope and Limitations of the Research 1.4 Methodology of the Research 1 1 3 4 4 2. Cybercafés and Cybercrime 2.1 Unleashing the Perspectives 2.2 Cyber Law of Nepal: Electronic Transaction Act (ETA) 5 5 7 3. Cybercafés of Nepal Unearthed! 3.1 Registration and Supervision Status 3.2 Infrastructure of Cybercafes 3.3 Visitor Profiles 3.4 Visitors’ Supervision 3.5 Understanding of Cybercrime 3.6 Security and Control of Cybercafes 10 10 11 13 14 17 17 4. Cybercafés as Passage to Cybercrime 19 5. Strategic Directions 5.1 Recommendation for the Government 5.2 Recommendation for the Civil Society 5.3 Recommendation for the Cybercafé Operators and Users 21 21 23 24 6. Conclusion 25 Appendixes 28 Appendix A: Survey Instrument Appendix B: Survey Tabulation Appendix C: List of Cybercafés visited for the survey Appendix D: Essential Policy Components to ensure cyber safe environment 5 6 Executive Summary T hough Nepal was able to make an early beginning in Information and Communication Technologies (ICT), it could not benefit on the early start. It has only been in recent times (the last decade) that the real proliferation of ICT has taken place. In modern Nepal, one finds a wide-spectrum of Nepalese enterprises that have not only been successful in pursuing their ICT agenda including integration with the global economy but also in exploiting ICT as an engine of growth. While it is true that technologies including the Internet open doors to numerous opportunities for enterprises, it has also a dark side, which involves not only hacking and cracking, fraud and theft, pervasive pornography, pedophile rings etc. but also extortion, money laundering, pirating, corporate espionage, drug trafficking and criminal organizations. And these are commonly known as cyber crimes. Cybercafés are public places of Internet access and thus an important tool of a society for access to information and e-services of all kinds. In Nepal, one finds numerous cybercafés in operation that offer cheap, reliable and relatively fast (compared to dial up connections) alternatives to the Internet. They accordingly attract significant visitors with different needs. However, considering cybercafés to be public places and thus the perceived anonymity arising out of it, unfortunately they are also most vulnerable to cyber crimes. Research on the cybercafés of Nepal was done with the objectives of determining their overall conditions in the country, and this paper accordingly looks at the prospects of cyber crimes in these places of public Internet access. Based on our research findings, we also provide appropriate recommendations that we feel can help to strengthen the overall position of cybercafés in the country and address the issue of cyber crime in Nepali cybercafés. 7 8 1.1 ICT Fact Sheet of Nepal Nepal had its first exposure to computer and computer systems as early as 1971. However, despite such an early start, the country could not build on the opportunities and prospects of ICT and ICT in the country developed slowly. The real progress in the ICT arena of the country can be considered to have happened only after 1995 (Chapagain, 2006), when a large number of enterprises went for automation. To support this drive, universities and colleges started offering courses in computer science and computer engineering, while the country saw a number of policy initiatives and liberalization by the government. The private sector started to play its anticipated dominant role. Though Nepal has a relatively long experience of ICT (since 1971), it is only in recent times (last decade) that the real proliferation of ICT (in terms of increased usage and awareness) has taken place in the country. While in modern Nepal one finds that the younger generation at large is enthused with the latest in technology and the Internet, there is a significant interest among the general masses including the government about ICT. It is also true that the country still has a long way to go to harness technology in its truest sense for overall socio-economic development. Today, there is a wide-spectrum of Nepalese enterprises, which has been successful in pursuing the ICT agenda, including integration with the global economy and exploiting it as an engine of growth. Most of the significant institutions like basic utility providers; banking and financial institutions; tourism related institutions like hotels, airlines, travel agencies etc.; transport e.g. airline, long distance buses etc.; industries etc., use ICT. Modern banking facilities like the ATM are common place while a couple of banks also offer electronic banking through the Internet (e.g. for 1 statement viewing). SMS based applications are still at their very primitive stages. However, the number of organizations on this front is slowly growing. Mobile and on-demand applications are yet to make their mark in the market. In the absence of a necessary Public Key Infrastructure (PKI), Nepal is yet to acquire true electronic transaction level capabilities. Thus a number of e-commerce applications with transaction level capabilities such as online banking, e-trading, e-auction, online payment etc.; and e-governance applications such as e-registration, e-procurement, e-voting, online application for connections, licenses etc. are yet to make their mark in Nepal (Report 4, 2005). The level of ICT Penetration within different segments of the society is as follows (Report 1, 2005; Report 2, 2005): Government 10%, International NGOs 100%, MNCs 100%, Large Business Houses 70%, Medium Companies 50%, SMEs 10%, Financial Sector 80%, Travel Trade 80%, Distribution 30%. In recent times, a number of government enterprises have also undertaken considerable efforts to computerize their services. The computerization of telecom, the electricity authority, the provident fund and tax departments, etc. are some notable examples. Though most notable government and public agencies have websites, they largely disseminate static information and downloadable files, which are often very stale (Report 3, 2005). In the last decade, there has been a considerable effort and commitment by the Government of Nepal towards ICT and its incorporation into the development mainstream. The High Level Commission for Information Technology (HLCIT), formed in 2003, is chaired by the Prime Minister himself, and strives to demonstrate the strength its commitment. The primary objective of the HLCIT is to oversee national ICT policies and provide strategic directions to the Government. The National Information Technology Center (NITC), a Nepal government initiative is seen more as an implementing body of the government (as opposed to HLICT). It has been involved in a number of initiative including hosting and maintaining websites of the different ministries and government agencies. In pursuit of the e-governance agenda of the government, it has very recently unveiled the e-governance Master Plan of Nepal, that aims to guide investments in e-governance in Nepal (Rauniar, 2006). With the objectives of bridging the urban–rural digital divide, in the recent past there has been considerable emphasis towards establishing ruraltelecenters. The Tenth Plan targets to establish rural telecenters in at least 2 1,500 village development committees all over the country. These information centers resemble the Multipurpose Community Telecenters concept promoted by the International Telecommunication Union. At present, there are about 60 such telecenters in 23 districts under the aegis of different agencies (Report 5, 2006). There are different cybercafés established for providing easy access to these technologies. 1.2 Rationale of the Research In the major cities of Nepal, a cybercafé can be found in almost all important streets and buildings. Further, a significant number of the numerous hotels and tourist lodges also maintain Browsing Centers or cybercafés, targeted towards guests and visitors. In most instances, the cybercafé is typically a room with a couple of computers and Internet connectivity. Since, most of them are not registered one does not know the exact number of cybercafés that operates in the country, and thus their contribution to the economy and society. The per hour charges of using the Internet at cybercafés in Nepal varies from as low as Nepali Rs. 10 (12 US cents) to Rs.40 (60 US cents). Since high speed internet including cable internets are yet to make their mark in Nepal, accessing the Internet from cybercafés is often a cheaper and faster proposition (than dialup connections) for many Nepalese, who are generally youths. There is no designated authority for the registration of cybercafés. Similarly, none exist for their monitoring and supervision. Further, there is no policy interventions specific to the cybercafés operating in the country. The net result is that the cybercafés in the country operate with total independence according to their wish and what they can afford. Essentials like secured infrastructures, ideal operating norms, sound computing practices etc. usually take a back seat. Accordingly, they are also mostly disorganized in terms of resources including human resources and knowledge. Cybercafés are public places of Internet access and thus are important tools of a society for access to information and e-services of all kinds. Unfortunately, considering cybercafés to be public places and thus with the perceived anonymity arising out of it, they are also most vulnerable places to commit cyber crimes. Given the fact that unregistered, unregulated and unsupervised cybercafés are undesirable as they provide enough incentives to persons looking for safe heavens to commit cybercrime and get away uncaught. It is very evident that these cybercafés are vulnerable to be the easy passage to the cybercrime in the country. However, there has not been any attempt 3 analyzing the vulnerability of these centers. In this context, BellaSAP in coordination with Mr. Deepak Rauniar undertook a research of the cybercafés of Nepal with the objectives of finding the exact scenario of their operations and the prospect of them being exploited by persons/ criminals intent on committing cybercrime. 1.3 Scope and Limitations of the Research This is a preliminary study conducted to analyze vulnerability of cybercafés as a passage to cybercrime. Due to resource and time constraint, the team confined the research to the three cities of Kathmandu valley (Kathmandu, Lalitpur and Bhaktapur). The research was conducted on a sample basis covering 100 cybercafés situated in the valley. Thus, the limited district coverage and number of the cybercafés is one of the major limitations of the study. Cybercafés are not only avenues for providing internet and communication access. There are different telecenters and multimedia centers established in different parts of the country. The study could not cover these centers in this preliminary phase. The team members selected major physical parameters related to vulnerability of the cybercafés with regard to cybercrime viz: general information, infrastructure, usages, operating practices, legal understanding of cybercrime and cyber laws. These are not complete set of all the parameters related to security of cybercafés. Therefore, this limited selection of the security can also be considered as another limitation of the research. 1.4 Methodology of the Research The data required for the study were obtained both from primary and secondary sources. The secondary sources of the data comprised of the reference documents indicated in the reference section. The primary data was collected from the cybercafés situated in three cities of Kathmandu valley (Kathmandu, Lalitpur and Bhaktapur). Questionnaires were designed with the objectives of determining selected parameters of security as mentioned in the above section. A sample survey was done in ten cybercafés in Kathmandu city based on the questionnaire. Based on the experience and the feedback received, the questionnaires was refined (mainly to address the clarity issue of the questions) and given the final shape (Appendix A). The final survey was done in 100 cybercafés of the country. 4 2.1 Unleashing the Perspectives Cybercafés are public places of Internet access. These are an important tool of a society for access to information and e-services of all kinds. However, being public places and thus the perceived anonymity arising out of it, unfortunately they also stand as one the most vulnerable places to commit cybercrime. Nepal has a significant number of cybercafés. Cybercafés can be found in almost all important streets and buildings of major cities. However, many of them are not registered and in the absence of a designated authority to monitor and supervise them, all of them remain unsupervised. Further, there are no policy interventions to regulate them. Thus, the cybercafés of the country operate with complete freedom accordingly to their wishes and what they can afford. The same is the case with the visitors visiting these browsing centers. This raises serious concerns in the light of cyber crimes as they provide enough incentives for people looking for opportunities to commit cybercrime and get away uncaught. Cybercrime is often defined as an unlawful act, wherein a computer can either be a tool, a target or both of the crime. Cybercrime may involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief etc., or non-traditional activities such as hacking (cracking), disrupting computer systems, infecting systems virus etc. [10]. 5 Instances of cybercrime, where a computer can be used as a tool for unlawful acts usually involve modification of conventional crimes by using a computer and/or the Internet. Some examples of such crimes are: Financial Crimes - such as cheating, credit card frauds, money laundering etc.; Cyber pornography - which includes pornographic websites; pornographic magazines produced using computers and transmitted/ distributed through the Internet; Sale of illegal article - which includes the sale of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or simply by using email communication; Online gambling; Intellectual Property crimes which includes software piracy, copyright infringement, trademarks violations, theft of computer source code etc.; Email spoofing - which includes sending emails using spoofed email addresses; Forgery - which includes producing counterfeit currency notes, postage and revenue stamps, mark sheets using sophisticated computers, printers and scanners; Cyber Defamation - which includes defaming someone, websites etc. with the help of computers and/or the Internet; Cyber Stalking - which is defined as the repeated acts of harassment or threatening behavior towards the victim by using internet services. When a computer is the target of the offense, the criminal’s goal is to steal information from, or cause damage to, a computer, computer system, or computer networks. Some examples of cybercrime where computers can be the target (or both) of unlawful acts are Cracking (though hacking is a misnomer in Nepal) - which is defined as the illegal intrusion into a computer system and/or network. This can lead to malicious sabotage of computer systems including networks, disruption of services, stealing of data and information including confidential information, privacy violations, identity theft, extortions etc. to name some. Other examples of the above include Data/Information Theft - which includes theft of information stored in computer hard disks, removable storage media etc. in electronic form; Email Bombing - which refers to sending a large number of emails to the victim filling his/her mail boxes; Salami Attacks - which is often used for the commission of financial crimes; Denial of Service Attack - which involves flooding a computer resource with more requests than it can handle; Virus/Worm/Trojans/Logic Bombs/Rabbi/Bacterium Attacks - which refers to infecting computer systems with malicious software codes; Phishing – which is the act of falsely claiming to be an established legitimate enterprise to a user in an attempt to scam the user into surrendering private information that can be used for identity theft.; Web Jacking i.e. forceful control of a website by 6 some one; Theft or Physically Damaging of a computer system; etc [14], [15], [16], [17]. It is to be noted that the above is not an exhaustive list of examples of cyber crimes. Numerous others exist. Further, as technology advances opening new frontiers for humanity, there is always a possibility that these will be exploited in new ways creating new forms and instances of cybercrime. The perpetrators of cybercrime range from teenage “cyber-joyriders” to organized crime operations and international terrorists. The motives can be many [1]. Some of the tools and techniques used by these people are: packet sniffing, key logging, cracking (hacking), password attacks, overflowing buffers, malicious code infections, denial of service attacks, distributed denial of service attacks etc.. Given the sheer amount of economic and non-economic (social and national security) impacts associated with cybercrime, today they stand as a challenging and not to be neglected proposition for all countries that intend to benefit from the realms of ICT. There should be strong policy frameworks for reducing the darker impact of these technology proliferations. Some of the policies and acts of importance to the ICT sector of the country are National Communication Policy (1992), Telecommunication Act (1197), Information Policy (IT) Policy 2000, The Tenth Plan (20022007), Long Term Policy on Information and Communication Sector (2002), Telecommunication Policy (2004), Electronic Transactions Ordinance (2004), Electronic Transactions Act (2006) (URL1, 2006; URL2, 2006; URL3, 2006). 2.2 Cyber Law of Nepal: Electronic Transaction Act (ETA) The recent developments in ICT and the emergence of modern ICT concepts and applications such as e-governance, e-commerce, e-finance etc. have made significant business and social impacts in Nepal as well. In line with the anticipated benefits of ICT, a wide-spectrum of Nepalese enterprises (from all sectors including the government), have not only been successful in integrating ICT, including the Internet, with their businesses processes, but have also been successful in exploiting it as an 7 engine of growth. While technologies including the Internet open doors to numerous opportunities to enterprises in terms of ease, speed, wider coverage, variety, reduced costs etc.; it is also true that like a double edged sword, they also provide significant opportunities and multiplier benefits for illicit businesses as well. The sheer fact is that as brick-and-mortar companies move their enterprises on to the World Wide Web seeking new opportunities for profits, so too have criminal enterprises. The other or dark side of the Internet involves not only hacking and cracking, fraud and theft, pervasive pornography, pedophile rings etc. but also extortion, money laundering, pirating, corporate espionage, drug trafficking and criminal organizations. And these are commonly known as cyber crimes. The perpetrators of cyber crimes range from teenage “cyberjoyriders” to organized crime operations and international terrorists. Considering cyber crimes to be a special (and often non-traditional) type of crime, many countries have come out with specific cyber laws to deal with them. Electronic Transaction Action (ETA) is one of the major cyber laws of the country. With the objectives of providing legal recognition to electronic transactions i.e. transactions carried out by means of electronic data interchange and other means of electronic communication, as an alternative to paper-based methods of transactions, communication and storage of information; and the sanctity of such electronic transactions against unauthorized usage and illegal modification, the government of Nepal has re-enacted the ETA in November of 2006. The ETA is also known as the Cyber Law of Nepal and provides for the legal recognition of electronic records and digital signatures and their security. Broadly, the act consists of three significant aspects: (i) legal recognition of electronic records and communications, which includes contractual framework, evidentiary aspects, digital signatures as a method of authentication, rules for determining the time and place of dispatch and receipt of electronic records, (ii) regulation of Certifying Authorities (CAs), which includes appointment of a Controller of CAs, granting of licenses to CAs, duties vis-à-vis subscribers of digital signature certificates, recognition of foreign CAs and (iii) cyber contraventions, which includes civil and criminal violations, penalties, establishment of an adjudicating authority etc. It also defines the security of electronic transactions in terms of cryptographic techniques. 8 Under the ETA, the office of the Controller of Certifying Authority (CCA) assumes responsibilities towards establishing the necessary Public Key Infrastructure (PKI) required for online electronic transactions. Its responsibilities also include appointing CAs from where subscribers can obtain their digital signature certificates, authentication of entities in cyberspace, security of electronic transactions and on issues pertaining to computer related crimes. In terms of cybercrime, the act discourages computer related crimes in the country and makes specific provisions of penalty for damage to computer, computer systems or computer networks - applicable to a person or group of persons. It provides for offences of hacking; of destroying or altering data; secrecy violations; furnishing wrong information and furnishing wrong license or digital certificates. It also seeks to regulate the Internet in some form by making publication of obscene information in electronic form an offence. It provides necessary powers to the Nepal Police and provisions for a special cyber court for such prosecutions. The act even applies for computer related crimes made from outside Nepal (Rauniar, 2006). 9 3.1 Registration and Supervision Status Registration of the cybercafés can be regarded as one of the indicators for tracing existence of these cafes. It also provides easy access to government institutions to monitor and supervise tasks undertaken in these centers. The research tried to analyze registration status of these cafes present in Kathmandu valley. It was found that 45% of the surveyed cybercafés of the country were not registered with any authority including the tax offices (for taxation purposes). Of the 55% cybercafés that were found to be registered, 55% were found to be registered with the respective municipality of their city, 35 % with the tax office (PAN) and the rest with the cottage industry etc. The survey tried to analyze if there is any supervision and monitoring performed to ensure secure cyber environment in the country. It was found that none of the cybercafés were ever supervised or regulated by any authority. In other words, all the cybercafés in the country are unsupervised and unregulated. 10 3.2 Infrastructure of Cybercafes The cybercafés that are concerned about the security of their centers are equipped with the security infrastructures. In this study, the analysis was done both in terms of the infrastructures present like computer and multimedia services as well as security infrastructures present like server security, computer operating system, patch management and internet infrastructures. It is found that highly equipped centers are more concerned about the security issues be it physical security of their equipments or cyber security of internet world. It is found that 55% of the cybercafés were using a separate server device. The reasons for using a server varied and included such things as for proxy, caching, network sharing, administration, etc. Windows XP was found to be the most popular operating systems in these servers (83%). This was followed by Windows 2000/2003 (11%), Windows 98 (4%) and Linux (2%). Thus, Microsoft was found to dominate the server side operating systems in the cybercafés of Nepal (98%) and the primary reason for this was attributed to ease of use and learning. Only 9% of the cybercafés were found to be using genuine software. The management of server and server resources were found to be very weak. Only 4% of the cybercafés were found to be managing patches/ software upgrades for their resources on a routine basis. 79% of these resources were found to be very weak in their overall security (physical, logical and others). In terms of computer infrastructure available for visitors in cybercafés, the average number of computers in a cybercafé was found to be 9. Only 27% of cybercafés were found to be offering multimedia resources to their visitors. Of the surveyed cybercafés, 47% had PIV computers, while 53% offered PIII computers for Internet access to their visitors. 11 Windows XP (81%) was again found to be the most popular desktop operating system. This was followed by Windows 2000 (7%), Windows 98(11%) and Windows Millennium (1%). Thus all i.e. 100% of the cybercafés were found to be using Windows operating system in their desktop computers. In terms of originality of software, like in servers, only 9% of the software was found to be genuine. While there was very little regards for routine patch management and software upgrades (3%) for desktop computers. On the internet infrastructure front, all major Internet Service Providers (ISPs) were found to be involved as service providers to the cybercafés of the country. Cable Internet was found to be the most used means of Internet connectivity (52%),. This was followed by broadband (21%), wireless (18%), dialup (7%) and others (2%) that included fiber optics, DSL etc.. The subscribed bandwidth by the cybercafés was found to be as follows: less than 64kbps-13%, 64kbps-48%, 128kbps-20% and more than 128 kbps-19%. None of the cybercafés offered wireless (wifi) connectivity. 12 3.3 Visitor Profiles Visitor supervision can be considered as the major aspect regarding cybercrime. This aspect of the survey tried to explore the average number of visitors that visited cybercafés, their profiles and the purpose of their visits, etc. It was found that the average number of visitors was 309 visitors per cybercafé per week. Thus, if one considers the average per hour cybercafé usage charges to be Rs.20 per hour and the average usage to be equal to one hour per visitor, the per week total revenue of cybercafés of Nepal can be estimated to be Nepali Rupees 6,180 (around USD 87). Of the visitors to cybercafés, 77% were found to be local visitors and the rest (13%) to be foreigners. On the gender perspective, 56% of the visitors were found to be male, while 44% of them to be female visitors. The age group distribution of the visitors was found to be as follows: Under 14 Years – 4 %, 14 Years to 19 Years – 35%, 20 Years to 29 Years – 35%, 30 Years to 39 Years – 18%, 40 Years and above – 8%. Accordingly, one can reason that of the total visitors to cyber cafes of Nepal, 70% were youth i.e. in the age group of 14 – 29 Yrs. 13 As mentioned above, the survey tried to analyze visitor’s purpose of visiting these cybercafés. Top five user activities recorded in the survey were email, chatting, web browsing, printing, software downloads and gaming. The survey also explored operator’s perception of their facility usage. The finding of the survey was as follows: communication - 30% (i.e. 30% of the cybercafé operators thought that people visited their premise for communication needs), social – 24%, entertainment – 22%, education – 12% and business – 12%. 3.4 Visitors’ Supervision It was found that a whopping 89% of the surveyed cybercafés of Nepal did not maintain any Visitor Log Register. Therefore, tracing a visitor later (e.g. with regards to cybercrime investigation etc.) would be very difficult. Of the 11% that did maintain a Visitor Log Register, 100% were found to make a log entry. However, these log entries were found to be more suited 14 for accounting purposes than for tracing a visitor in the event of a cyber crime. None (i.e. 0 %) of the cybercafés required a photo identity of the visitor for the Visitor Log or access to cybercafé resources. 83% of the surveyed cybercafés did not supervise the activities of their visitors. While of the 17% that did supervise user activities, 82% were found to be doing so manually. The remaining 18% only used software or other forms of user activity supervision. None of the cybercafés had Close Circuit Television (CCTV) cameras installed in their premises for this purpose. In 71% of the cybercafés of Nepal, it was found that visitors could easily install any software they wished. Though, 70% of the cybercafés did demand that prior permission be obtained by the visitor before installing their software. While in the remaining 30% of the cybercafés, no prior permission was required by visitors to install their software. 15 Further, 94% of the cybercafés allowed visitors to bring with them outside devices and attach them to the system (e.g. USB drives etc.). Of such cybercafés, only 42% performed a security check by scanning the devices with an antivirus software before allowing such devices to be used in their systems. The survey revealed that 92% of the cybercafés allowed visitors to browse any website that they wished including sites of unwarranted nature. However, a significant 67% of the cybercafés did block adwares, popups etc. It was found that 88% of the cybercafés allowed children to use their facilities, while the remaining 12% did not allow children. Of the cybercafés that allowed children to use their facilities, only 24% required that they access the facilities under adult supervision. A whopping 76% freely allowed children to use their facilities. Of the above, only 48% of the cybercafés monitored children’s activities including the sites they were visiting. The remaining 52% did not bother to do so. 16 3.5 Understanding of Cybercrime The survey finding showed that there are relatively few major taken to ensure cyber secure environment. The study also tried to analyze general and legal understanding of these cyber operators regarding the threat of cybercrime. It was found that only 23% of the cybercafé operators knew about cybercrime. A large 77% of the operators were ignorant of it. When asked to name some cyber crimes the results were Hacking – 74%, Spam – 13%, Fraud – 8% and Others – 5%. Though, a significant 48% of the operators did say that they knew that their facility could be used by someone to perform cyber crimes, only 4% said that they had taken precautions to deal with it. It clearly proved vulnerability of these cybercafés which can be used as an easy passage to cybercrime by the criminals. When asked to list some of the issues that they faced: monopoly of ISPs, quality of services of ISPs, increased competition, low profitability, high cost of operations, an unorganized sector were found to be the most common answers. When asked, whether they knew about the legal provisions of cybercrime in the country, 98% of the cybercafé operators were ignorant about it. However, 99% of the operators did say that they would support government regulations for cybercafés. It indicates an urgent need for legal provisions to be ensured for protecting the cyber world. 3.6 Security and Control of Cybercafes There is very inadequate understanding on the acuteness of the problems related to cybercrime in the cybercafés. In this context, it is very natural to have inadequate measures to prevent these crimes in these centers. The survey tried to analyze level of security and control majors adopted in these cybercafés. It was found that the cybercafés of Nepal were very poor raising grave concerns. Only 2% of the cybercafés were found to have implemented operating system (O/S) controls (through operating systems or others) to secure their critical O/S and other files. A whopping 98% of cybercafés did not have any O/S controls, thereby exposing their critical systems and other files and making them vulnerable to misuse. It was found that 49% of the cybercafés did have password controls for access to computing resources by visitors. However, this was a shared resource and only 14% periodically changed their passwords on a routine basis. 17 Antivirus was found to be quite a popular security control among all cybercafés of the country. 90% of the cybercafés had antivirus software installed in their systems. Of this 94% updated their antirust software on a routine basis. It was revealed that only 15% of the cybercafés used firewalls (hardware/software) to filter network traffic. The survey also tried to look into the possibility of cybercafés using any other security controls to secure their assets and provide a safe computing environment to their visitors. We found that 3% of the cybercafés used filters to block unwarranted websites, while 6% were found to be using anti-spam controls. It was revealed that only 36% of the cybercafés backed up their important files, while none had any controls for physical security. Further, only 3% of the cybercafés monitored user activities (though manually), while only 6% logged user activities. 18 From our research, it can be stated that the cybercafés of Nepal do not provide a happy picture with regards to cybercrime. Our research shows that for cyber criminals looking for opportunities of locations to commit cybercrime and get away uncaught, the cybercafés of Nepal appear lucrative for the following reasons. 45% of the cybercafés in Nepal are not registered with any authority while none of the cybercafés are either supervised or regulated by any authority. Further, of the 55% cybercafés that we found to be registered with some authority, only 55% was registered with a proper authority (if we consider the municipality to be a proper authority). Thus, almost 70% of the cybercafés of Nepal were not registered. And they operated with complete freedom with regards to the selection and use of resources. Accordingly, it can be indicated that any one including criminal organizations looking for safe havens to commit cybercrime can easily set up infrastructures in the name of a cybercafé in Nepal. In the absence of appropriate regulations; secured infrastructures; security controls and practices; standard operating procedures like the maintenance of visitor logs, photo identity checks, the supervision and monitoring of visitor activities, logging of visitor usages, access restrictions to resources; and the technical skills and capability of the operators, we also conclude that one can exploit the cybercafés of Nepal to commit cybercrime and get away with very chance of being caught. And the reason that we say so is that we have found that most (94%) of the cybercafés in Nepal allow visitors to bring with them outside devices and use with their systems. Further, again a vast majority of them (71%) 19 allow visitors to install software that they wish. The only security check carried out was the scanning of the device with an antivirus software. Thus, a person can easily install any software (trojans, keyboard loggers, packet sniffers, cracking tools etc.) in the cybercafés of Nepal and use it to his advantage (hacking/cracking, financial crimes, defaming, spoofing, forgery, online gambling, pornography, denial of service attacks, threatening someone etc.). Most (89%) of the cybercafés in Nepal do not maintain any (rest aside proper) Visitor Log Register. None of them requires a photo identity check/ validation of visitors. Accordingly, it would become very difficult for any investigating agency to trace a person committing a cybercrime from the cybercafés of Nepal. The study also revealed that a large number (88%) of cybercafés in Nepal allowed children to use their facilities. Of this, 76% allowed children without requiring any supervision for access and usage, while only 48% monitored their activities. Given the fact that a majority (92%) of cybercafés in Nepal do not block or filter web sites, we conclude that the risks to children towards exposure to pornography, undesirable information etc. is very high in Nepal. Considering the general trend of crime investigation (conventional) in Nepal, and the general ignorance of cybercafé operators with regards to technology, cybercrime, law etc, it is realized that in the event of a cyber crime and its investigations, the operators of cybercafés are also at risks of unwarranted harassment, trouble etc. from the investigating agencies 20 The survey results and analysis showed that strong mechanisms need to be established to monitor and maintain the situation of cybercafés in Nepal in order to reduce the vulnerability of these cafes to exploitation to commit cybercrime. Given the fact that in recent times the country is also making significant attempts towards electronic transactions (e-governance, e-commerce etc.), by addressing the issue of cybercrime and initiating sound computing practices, we feel that our recommendations will help to strengthen this proposition as well. A collective effort is required to transform the present situation of vulnerable cyber space into a safe and secure cyber world. Some of the major stakeholders that can support in promoting security of the internet space are: government, civil society, cybercafé operators and cybercafé visitors/ users. Specific strategic directions for the identified stakeholders can be presented as follows: 5.1 Recommendation for the Government • Ensure appropriate policies, guidelines and regulatory framework Government should develop policies, guidelines and regulatory frameworks for reducing cybercrime in the country. The policy frameworks should focus on supervising computing interventions of visitors in cybercafés. There should be mechanisms developed to trace these visitors as and when required. The security of the cybercafés should be enhanced so that these centers cannot be used as the site for pornography, terrorism and other crime related activities. The policy document should enable licensing apparatus of these cybercafés as a mechanism to ensure cybercrime resistant areas. Please refer Appendix D for detailed information. 21 • Develop mechanism for the registration and supervision of Browsing Centers All Browsing Centers (cybercafés, telecenters, and other browsing centers opened in private premises such as hotels etc.) in the country should compulsorily be required to register themselves with the authority and obtain a valid license for operations which they should put on display in their premises (along with the other licenses such as company registration certificate, tax registration etc. that companies normally display in their premises). Any Browsing Center without license or an invalid license should be barred. The authority should also be responsible for conducting periodic as well as non-periodic supervision of Browsing Centers. The authority should be adequately equipped in terms of resources and skills to carry out their responsibilities. There should be reward mechanisms for promoting role models in the cyber secure environment. • Strengthen licensing process of Cybercafés The licensing process of cybercafés should require Browsing Center owners to give an undertaking and an indemnity bond before obtaining a license. The licenses issued to cybercafés should be periodic in nature (requiring renewal on specific time period, which as per established practice can be one year). Renewal of the same should be subject to the compliance of established rules and regulations, policies, norms etc. • Establish cybercrime investigations and prosecution mechanisms Computer Emergency Response Teams (CERTs) as well as Cyber Courts should be established as provisioned in the Electronic Transaction Act of the country. There should also be capacity enhancement interventions targeted to Nepal Police so that they are competent enough to prosecute cybercrime investigations. The government should not view the above as costs but as a key enabling factor of electronic transactions (e-governance, e-commerce etc.) in the country. • Strengthen capacity of cybercafés and browsing centers to deal with cybercrime Cybercafé operators and users should have adequate knowledge on legal provisions with regard to cybercrime prevention. They should support government in implementing these rules and regulations. They should cooperate with government authorities during monitoring and supervision for preventing and detecting cybercrime in their cafes. They should provide recommendations and suggestions for reducing policy gaps of the government so 22 that secure cyber space can be created in the country. In order to perform these roles, government should support in building their capacities as well as investigation and monitoring skills. Government should recognize best cybercafés who had worked in reducing these cyber crimes and promoting cyber secure environment. 5.2 Recommendation for the Civil Society • Encourage wider research on prevalence of Cybercrime There should be in-depth analysis for reviewing prevalence of cybercrime and their impact in socio economic development of the country. This research has been able to cover only limited scope of cybercafés as well as cybercrime. There should be extensive research conducted on vulnerability of all browsing centers available in the country along with rural telecenters. There should also be research conducted to analyze policy gaps. These research documents should be taken as a reference for providing policy recommendations to the government. These studies also support in the process of understanding critical issues of cybercrime and solutions to overcome these challenges. • Increase awareness on acuteness of vulnerability of Browsing Center Civil Society including media can play a strong role in sensitizing communities and wider mass about negative impact of cybercrime as well as vulnerable situation of Browsing Centers. There should be awareness camps, interactions and workshops organized to discuss issues of vulnerability of these centers and criticality of cybercrime in the country. These gathering will also support in building common understanding on various aspects of insecure environment of the cyber space. • Enhance capacity of Browsing Center Civil society organizations should work towards building capacity of browsing centers. These centers should be made aware on the vulnerability of these centers. They should also be equipped with skills to overcome these vulnerable situations. There should be training programs focused on improving their income level thereby supporting cyber secure environment. It can be done by sharing best practices and models present in South Asia as well as in the global level. • Pressurize government for enforcing policies to prevent cybercrime Civil Society should advocate for enforcing strong policies to prevent cybercrime in the country. Policy research conducted to analyze 23 policy gaps should be shared with the government institutions for taking strong actions to reduce these loop holes in the policies. There should be strong pressure for ensuring strong mechanism and competencies required for implementing cyber law in an effective manner. Advocacy and media campaigning should be organized to draw government attention towards the issues of vulnerability of these browsing centers as an easy passage to cyber criminals. 5.3 Recommendation for the Cybercafé Operators and Users • Ensure security of Cybercafés Cybercafé operators should understand that their facilities can be used by criminals to commit cybercrime (with serious repercussions), and thus they need to play pro active role to minimize chances of exploitation of their respective cybercafés. These operators should have knowledge on basic technologies that are in place, how they can be exploited to commit cybercrime, and the legal provision of cybercrime in the country. They should develop a basic understanding of different security resources such as filtering software, user activity logging software, anti spam software, anti spyware, popup blockers, firewalls etc., which can help them secure their resources. Further, with regards to the same developing a mindset that expenses associated with securing resources are not costs but essential operating requirements and a key business enabler which would help significantly. • Strengthen visitor supervision mechanisms Cybercafé operators should understand that supervising activities of visitors can support in reducing probabilities of cybercrime. They should strictly maintain visitor logs as well as store photo identity of these visitors. It will help to trace these visitors as and when required. The operators should also proactively monitor visitor activities. The visitors should not be allowed to install any software, attach devices in the computer of the Browsing Center. The operators should be additionally vigilant with children so that they will not be victimized. Installing CCTV cameras can also help in this regard. • Operate under safe computing practices Cybercafé users should understand that when they use public places of Internet access (cybercafés, tele-centers etc.) they are vulnerable to a number of threats/risks. They should develop an understanding of what these threats/risks are and how they can protect themselves from these while still enjoying the benefits of public Browsing Centers. Finally, they should understand safe computing practices and follow it to remain safe. 24 With regards to ICT in modern Nepal, one finds a wide-spectrum of Nepalese enterprises that have not only been successful in pursuing their ICT agenda including integration with the global economy but also exploiting it as an engine of growth. While it is true that technologies including the Internet open doors to numerous opportunities for enterprises, it has also a dark side that provides significant opportunities and multiplier benefits for illicit business as well. These are commonly known as cybercrime. The report tried to present an assessment on the conditions of cybercafés in Nepal and provide appropriate insights on the issue of the potential of cybercrime from these public places of Internet access. The study revealed that these browsing centers can be easily exploited for committing cybercrime that may threat the development process of the country. There should be good mechanisms for ensuring tracking system of the visitors for minimizing the potentials of the cybercrime. The study also pointed out a need for legal provisions for promoting security of these cybercafés including registration, supervision and control to ensure safe computing environment in the country. Based on the ground reality that has emerged from the survey recommendations were also provided to major stakeholders of the cybercrime prevention. There is a need of a consolidated effort for making these public internet access centers secure so that people can benefit more for the proliferations of the technologies. 25 References [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] Sinrod , E.J., & Reilly.W.P, Cyber-crimes: A Practical Approach to the Application of Federal Computer Crime Laws, Computer and High Technology Law Journal, 2000 Chapagain, D.P., PPP Led ICT Enabled Services in Rural Nepal, Kathmandu/Nepal, Economic Policy Network, Ministry of Finance, Nepal Govt., 2006 Road Map on e-payment for developing countries - Nepal, Geneva, Report of the International Trade Center, UNCTAD/WTO, 2005 B2B e-Marketplaces – Country Profile: Nepal , Geneva, Report of the International Trade Center UNCTAD/WTO, 2005 ICT Policy Formulation and e-Strategy Development – A comprehensive Guidebook, Thailand, Report of the Asia-Pacific Development Information Programme (UNDP – APDIP), 2005 An Overview of ICT Policies and e-Strategies of Select Asian Economies, Thailand, Report of the Asia-Pacific Development Information Programme (UNDP – APDIP), 2004 Creating Knowledge Revolution in Nepal – Swabhiman 2062, The National Conference on Rural Telecenters in Nepal, Nepal, High Level Commission for Information Technology, 2006 Rauniar. D, Electronic Transaction Ordinance - Country Report Nepal, Paper presented at the meeting of the Asian Productivity Council, Hyderabad, India, 2005 Rauniar. D, Security in the Cyber Space – Nepal Fact File, SEARCC Annual ICT Conference - 2006, Sri Lanka, Computer Society of Sri Lanka, 2006 Phil Williams, Organized Crime and Cybercrime: Synergies, Trends, and Responses, Retrieved December 05, 2006 from http:// www.pitt.edu/~rcss/toc.html Electronic Transaction Act, Retrieved December 25, 2006 from http:/ /www.hlcit.gov.np Nepal ICT Fact File, Retrieved December 25, 2006 from http:// www.nitc.gov.np National Telecom MIS Reports, Retrieved November 27, 2006 from http://www.nta.gov.np/mis_report.html White Collar Crimes, Retrieved November 27, 2006 from http:// www.cidap.gov.in/cybercrime.aspx Karnataka to police cybercafés- The Times of India, Retrieved November 27, 2006 from http://www1.timesofindia.indiatimes.com/ cms.dll/articleshow?art_ID=16191037 Techno-Legal Compliance In India: An Essential Requirement, Retrieved November 27, 2006 from http://www.crime-research.org/ articles/2130/1 Cybercrime Investigation Cell Mumbai: Warning - Cyber space is safe to use; unsafe to misuse, Retrieved November 26 Suggested Reading Materials Balkin.J.M. (2007), Cybercrime: Digital Cops in a Networked Environment, New York, USA, University Press Steel.C. (2006), Windows Forensics: The Field Guide for Corporate Computer Investigations, Wiley Wyler.N.R, Potter.B. & Hurley.C. (2005), Aggressive Network Self-Defense, USA, Syngress Publishing Bayles.A.W. Hurley.C., Long.J., Brindley.E., Foster.J.C & Klaus.C.W (2005), Infosec Career Hacking: Sell Your Skillz, Not Your Soul. USA, Syngress Publishing Alder.R., Hurley.C., Parker.T., Russell.R., Beale.J., Eller.R., Hatch.B. & Moss.J. (2005), Stealing the Network: How to Own an Identity. USA, Syngress Publishing Caruso.K., Long.J., Hurley.C., Owad.T., Norwell.P. & Potter.B. (2005), OS X for Hackers at Heart: The Apple of Every Hacker’s Eye, USA, Syngress Publishing Pollitt.M. & Shenoi.S. (2005), Advances in Digital Forensics, USA, Springer Verlag Jones.K.J., Bejtlich.R. & Curtis.W.R. (2005), Real Digital Forensics: Computer Security and Incident Response, USA, Addison-Wesley Professional Carrier.B. (2005), File System Forensic Analysis, USA, Addison-Wesley Professional Farmer.D. & Venema.W. (2004), Forensic Discovery, USA, Addison Wesley Professional Carvey.H. (2004), Windows Forensics and Incident Recovery, USA, Addison Wesley Professional Casey.E. (2004), Digital Evidence and Computer Crime, USA, Academic Press Long.J., Skoudis.E. & Eijkelenborg.A.V (2004), Google Hacking for Penetration Testers, USA, Syngress Publishing Westby, J.R. (2003), International Guide to Combating Cyber crime, USA, American Bar Association Westby.J. (2003), International Guide to Combating Cybercrime, USA, American Bar Association Shinder.T. (2002), Scene of the Cybercrime, Retrieved February 24, 2007, from http://www.isaserver.org/articles/Deb_Shinder_releases_new_ book_on_Cybercrime.html Furnell.S. (2001), Cybercrime, USA, Addison-Wesley Professional. Thomas. D. (2000), Cybercrime: Law Enforcement, Security and Surveillance, Routledge, UK, Information Age Richards, J.R. (1999), Transnational Criminal Organizations, Cybercrime, and Money Laundering, USA, CRC Press Newman.J.Q. (1999), Identity Theft: The Cybercrime Of The Millennium, USA, Loompanics Unlimited UR1, Schneier on Security, Retrieved February, 2007, from http:// www.schneier.com/blog/ 27 Appendix A: Survey Instrument Section A: Cybercafe details Name: Address: Tel: Email Id: Contact Person: Registration: Registered (Y/N) if yes, Authority? ………………….. Supervision by any authority? (Y/N) if yes, Authority? …………… Section B: Infrastructure 1. Server Sever (Y/N) Usage (proxy, firewall etc.): Secured (Y/N) Server O/S Genuine (Y/N) Patch Management (Y/N) 2. Computers No. of Computers: Major Computer Type: Multimedia (Y/N) Operating System: Genuine (Y/N) Patch Management (Y/N) 3. Internet Service Provider (ISP) Name of ISP Total Bandwidth Type of connection IP Address 28 4. Wi-Fi (Y/N) 5. Security and Controls Computer Controls (Y/N) Type of Control (E.g. users are provided restricted access to system files etc.) Software Controls (Y/N) Type of Control Patch Management (Y/N) (E.g. domain access etc.) Wi-Fi Controls (Y/N) Type of Control Other Controls Password Controls (Y/N) Activity Logging Software (Y/N) User Monitoring Software (Y/N) Antivirus - in all computers (Y/N) Routine change of passwords (Y/N) Software Name……………….. Software Name……………….. Software Name……………….. Routine Update of A/V (Y/N) Filters - to block unwanted sites (Y/N) Software Name……………….. Anti Spam Software (Y/N) Software Name……………….. Any other controls (Y/N) Software Name……………….. Firewalls (Y/N) Hardware/Software Name………….. Backups Time Synchronization to NST in all equipments (Y/N): Surveillance System (CCTV etc.): Security Guards (Y/N): Section C: Usage Owners Perceived Usage of the Cybercafe Business ………………….. Communication ………………….. Education ………………….. Social ………………….. Entertainment ………………….. Average No of Visitors / Week Local ……………. Foreigner ……………. Gender Profile of Visitors Male ……………. Female ……………. 29 Age group profile of visitors Under 14 years 14 Years – 19 Years 20 Years – 29 Years 30 Years – 39 Years 40 Years and above ………………….. ………………….. ………………….. ………………….. ………………….. Top five Internet activities (Browsing, email, chatting, phone calls / net phone, downloads/uploads, ecommerce, Online/offline games, documentation, printing, fax services etc.) ………………….. ………………….. ………………….. ………………….. ………………….. ………………….. ………………….. ………………….. ………………….. ………………….. ………………….. ………………….. ………………….. ………………….. ………………….. Age group wise Internet activities (please list top three in order for each age group) (Browsing, email, chatting, phone calls / net phone, downloads/uploads, e-commerce, Online/offline games, documentation, printing, fax services etc.) Under 14 years ………………….. 14 Years – 19 Years ………………….. 20 Years – 29 Years ………………….. 30 Years – 39 Years ………………….. 40 Years and above ………………….. Section D: Operations Visitor Log Register (Y/N) If, yes Is every visitor entry strictly logged (Y/N) Are photo identities of visitors required (Y/N) Activity of the visitors supervised (Y/N) If yes, how? ………………………………………………………. Activity of the visitors supervised (Y/N) If yes, how? ………………………………………………………. User Activity Log maintained? ………………………………………. 30 Can visitors install their own software? (Y/N) If yes, is permission required (Y/N)? Is selective site blocking in place? (Y/N) Are adwares, popups etc. blocked? (Y/N) Are outside devices allowed (diskettes, USB drives etc.)? If yes, is any security check done (e.g. virus scanning etc.) Access by children Access supervised (Y/N) Activity supervised (Y/N) Section E: Legal Understanding Does the operator know what cyber crime is? (Y/N) If yes, list some cyber crimes known by the operator Does the operator understand that their computers can be used to commit serious cyber crimes? (Y/N) If yes, any precautions in place? Does the operator know about the legal provisions of cyber crimes in Nepal (Y/N)? Would they support regulations on cybercafés from the government (Y/N)? Some issues of the operator with regards to running cybercafés in Nepal. ……………………………..………………………............................................ ……………………………..………………………............................................ ……………………………..………………………............................................ ……………………………..… Some recommendations of the operator on improving the conditions of cybercafés in Nepal 31 Appendix B: Survey Tabulation TABULATION OF FINDINGS OF RESEARCH ON CYBERCAFES General Information Team Leader : Deepak Rauniar Team Members : Smriti Pradhan, Nitesh Agrawal, Jayant Agrawal Research Sponsors : South Asia Partnership Research Information Sample Size: 100 Locations : Kathmandu Valley (Kathmandu, Lalitpur and Bhaktapur) 32 33 34 S.No Particulars 2.04.04 Other Controls 2.04.04.01 2.04.04.02 2.04.04.03 2.04.04.04 2.04.04.05 2.04.04.06 2.04.05 Findings Filters Yes No 3% 97% Yes No 6% 94% Yes No 9% 91% Yes No 36% 64% Time Synchronization to NST Yes No 94% 6% Physical Security Yes No 0% 100% Antispam OS/Protection Backups Controls for Visitors 2.04.05.01 2.04.05.02 User Activity Monitoring Yes No 3% 97% Yes No 6% 94% User Activity Logging 3.0 Usage 3.01 Owners' perception of its facility usage 3.01.01 Percieved Usage 3.01.01.01 Business 3.01.01.02 Communication 3.01.01.03 Education 3.01.01.04 Social 3.01.01.05 Entertaintment 3.02 Visitors Profile 3.02.01 Average No. of Visitors/Week 3.02.01.01 12% 30% 12% 24% 22% 309 Local Vs. Foreigner Local Foreigner 35 238 71 Remarks 36 37 38 39 40 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 S.No. Desaymadu Ihya Cyber Club S.P. Fass Cyber Intel Cyber & Communication Comtech Cyber Om Saajha Sewa Cyber Sansar Global Link Service Microworld Peace Cyber Café One World E-café Grahambell Communication Himalayan Cyber Café Lalit Enterprises ACBC Cyber Metkha Rosar Cybers Fass Cyber Cycom Cyber Café Unlimited Cyber Café SMS Cybercafe Net Café Cyber Communication Patan Online Name Naradevi Balkhu Pakanajol Tripureshwor Bagbazar Bagbazar Thamel Chhetrapati Bagbazar Chhetrapati Chhetrapati Kumaripati Prayagpokhari, Patan Pakanajol Patan Dhoka Naxal Yatkha Kalimati Kalimati Pulchowk Thamel Thamel Patan D Square Address 4261119 2200323 2200120 5540037 4700062 4263915 5534365 4230338 4301799 4268826 4268624 4247841 9841517218 4700193 4219719 4269162 4216360 4262221 5528413 5533646 4257094 5544910 Telephone Appendix C: List of Cybercafés visited for the survey [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] E-mail Sumit Devkota Pravin Sharma Bijay Rajbhandari Suresh Shah Shiv Shah Rajan K. Shrestha Ranjan Bogati Raj Karmacharya Akash Shrestha Saira Banu Rajan Maharjan Bishwa Maharjan Buddha Maharjan Dhiraj Shah Ajay Maharjan Ramesh Rupakhati Mukti Pandey Mahendra Banshi Prem Neupane Purushottam Shrestha Dipendra Sapkota Mukesh Kumar Bishwa Shakya Contact Person 41 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 S.No. Communication Zone & Cyber Ratopul Cybercafe Fass Cyber Cyber Junction Subm Saj Creation Chobato Cyber Uno cyber Eco Cyber Net Global Link Cyber World D_LUX Cyber Dolphin Cyber Yo Cyber Café Yonzon Cyber Café Bhabhateni cyber café S3 Cyber Café Web Akar Chomalung Aroma Smriti Hallmark cyber Ktm. Cyber Sanchatgriha Nanglo cyber Name Kumaripati Kalimati New baneshwor maitidevi Jawlakhel Kalimati Ratopul Dillibazar Kalikasthan Kalikasthan Ratopul New Baneshwor Koteshwor Thamel Thamel Gahana Pokhari Gahana Pokhari Gairidhara Bhatbateni Bishalnagar Bhatbateni Naxal Maitidevi Ekantakuna Address 4418986 4432484 2171292 5545040 4460727 5525546 4285821 4469260 4462829 5543817 4411899 4701647 4424442 4440391 4415702 4442532 4273101 4442699 4442699 4445410 4442162 4429870 4467514 Telephone [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] E-mail Ujjwal Thapa Tanka Pahadi Sanjay Maharjan Miss Reetu Miss Navina Mr Rajan KC Mr. Lokendra Mrs. Daya Mr Sagar Shrestha Mr Prajwol Shrestha Mr. Sandeep Yonzon Mr. Hari Dhakal Mr. Saroj Mr. Bimal thapa Mr. Sherbahadur Rao Sashi Bhuja Bishma K. Nath anish Jatan sharan Pravin sharma Pramod Dangol Keshav Gopali Ramesh Limbu Ravi Sharma Contact Contact Person Person 42 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 S.No. Boyz cyber Safu cyber Cyber link Ninam cyber MSN Cyber net Cyber zone Easy cyber Cyber.com Universal Cybercafe Space cyber cyber annex Global cyber click cyber café Click online Cyber link Fastest cyber Cyber Village Net café Kailash net namaste cyber Himalayan Green belt online café rapti communication Name New baneshwor thimi Kumaripati ekantakuna Pulchowk Jawlakhel Patan durabr square Lagankhel Bagbazar Kalimati kalimati patan dhoka patan dhoka patan dhoka mangal dhoka Patan durabr square Anamnagar Thamel Thamel thamel thamel kupondole gwarko kumaripati hattisar Address 4277434 5550278 5545981 5536649 5555032 5533486 4241169 4413569 4701100 4700247 4440687 5551789 5540205 5526895 4424471 5521238 9803087651 5009044 5535924 5527033 5537319 4219302 4465257 Telephone [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] E-mail Mr. Suraj Gyanu shyam chandra Suraj maharjan Bijay Hemant shakya Shyam Maharjan Saroj kapali Krishna dhakal manoj bishwash saroj sagar kavita bohara aamir k.c. harka b. thapa Urmila gurung Madan shrestha Krishna gurung Bishal thapa Niraj raut Suvarna maharjan Surendra shakya Hem thapa Ravi hadu Contact Contact Person Person 43 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 S.No. online cyber blackwindow new zero point effort communication overseas communication chitwan cyber ambika communication broadway cyber communication cyber Mac cyber kumari cyber E-Spot Net Café Click & Connect Sai Communications Cyber Street Heritage Cyber Kathmandu Business Center B.R. Cyber World Cyber Corner Internet/Mail Hotel Mt. Holiday Connection Centre Surf Internet Cafe Durbar Square Cyber Link Kantipur Communication Centre Cyber Room Name hattisar baneshwor baneshwor pulchowk pulchowk baneshwor anamnagar maitidevi putali sadak bagbazar durbar square Khichapokhari Tripureshwor Pako Tahachal Pako Kastamandap Thamel Basantpur Basantpur Thamel Thamel Thamel Thamel Basantpur Chhetrapati Thamel Address 4245853 2012015 4273827 4229420 4219104 4260833 4258537 4220680 4700599 4253555 4252541 4265358 4231627 4260186 4266079 2004990 4461336 4494541 5521894 5528367 4482074 4269088 4476659 4430612 4226918 4238522 Telephone [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] E-mail shyam shrestha s.p. limbu subarna thapa suresh chitrakar rajendra bajracharya madhav raj ghimire hari sharma govinda khatewada dinesh maharjan prabin pahara gagan dangol Rabindra Devendra Shrestha Navin Khadka Sai Ram Suraj maharjan Suman Shahi Bijay Shakya Bikash Shrestha Raj Shakya Grish Man Pradhan Tirtha Adhikari Hari Khadka Dheeraj Shrestha Krishna Pratik Shrestha Komal Gurung Contact Person Appendix D: Essential Policy Components to ensure cyber safe environment Government should develop appropriate policies, guidelines and regulatory framework for the Browsing Centers. Some of the major components of the document are as follows: a) Compulsory Log Register of visitors needs to be maintained by all Browsing Centers in the prescribed format. Such Log Registers should be maintained for one year and provided to the law enforcement authorities on demand. b) Every visitor needs to provide a valid photo identity card on a compulsory basis to access the resources of the Browsing Center. Children without card shall be accompanied by an adult with photo identity card. c) All the computers of the Browsing Center needs to be equipped with software to avoid access to the websites relating to pornography, terrorism and other objectionable materials. d) ISP certificate, IP address, total bandwidth etc. needs to be provided to the licensing authority (at the time of obtaining a new license, license renewal or on demand). e) Information on hardware and storage media of the computers in the Browsing center needs to be provided to the licensing authority. Any replacements, repair shall be acknowledged to the licensing authority with the code, make and numbers of the hardware. f) Browsing Centers should not allow visitors to install any software in the resources of the Browsing Center. g) Browsing Centers should not allow visitors to use their devices in the resources of the Browsing Center. Should the same be required (e.g. to copy file downloads etc.), Browsing Centers should make appropriate provision of the same in a secure manner. h) All time clocks of the resources in the Browsing Center should be synchronized to Nepal Standard Time (NST). i) Law enforcement authorities are authorized to check or inspect compliance. j) Minors shall not be allowed to use cubicles or partitions. k) Browsing Center Operators should take sufficient precautions so that computers are not used for any illegal or criminal activity. l) Browsing Center Operators shall cooperate with law enforcement authorities on cybercrime investigations. m) Browsing Center Operators would be responsible for maintaining the following records for six months. i. Internet Browser Cache ii. Website History iii. Internet Cookies iv. Modem Logs v. Internet Downloads vi. Proxy logs vii. Other logs created by Network software viii. Personal Identification 44