Kathmandu. The Central Investigation Bureau (CIB) has released details of the six individuals arrested for allegedly hacking the Public Procurement Monitoring Office (PPMO) website and tampering with its system. The backgrounds of those arrested reveal a network involving both individuals with technical expertise and those from business backgrounds.
The arrested individuals include Diwakar Deuja from Dhankuta Pakribas, Bharat Dhami from Bajhang Durgathali, Sanjay Bhatta from Tanahun Bandipur, Bhaskar Raj Aryal from Kathmandu Baneshwor, Sagar Katuwal from Makwanpur, and Jeevan Kumar Das from Sunsari Duhabi.
These arrests did not happen in a single day; according to CIB Chief and AIG Dr. Manoj KC, it took nearly a month to apprehend the six suspects. Diwakar Deuja, who was arrested first on Falgun 28, is a government employee previously arrested and released five years ago for hacking the Nepal Telecom system.
The details were made public a week after the CIB and Cyber Bureau team arrested Jeevan Kumar Das on Chaitra 23.
Sagar Katuwal, one of those arrested, is the Senior Vice President of the Makwanpur Chamber of Commerce and Industry. Prior to this, the CIB had already arrested several construction entrepreneurs in connection with the hacking and hijacking of four major contracts.
AIG Dr. KC states that while several contracting companies appear to be involved, he cannot disclose further details at this stage as the investigation is ongoing and premature disclosure could hinder the process.
Previously, after similar hacking was discovered in the 10 billion rupee contract of Kathmandu Upatyaka Khanepani Limited (KUKL), the CIB has brought Ashish Nirman Sewa, Sagun Nirman Sewa, and Rautauda Construction—which participated in the tender opened by the Division Road Office, Bhaktapur—under investigation. Police stated they are investigating the connection between current and previous hacking incidents.
How the Hacking Scheme Was Exposed
The exposure of this level of attack on the government system was not the result of a single day’s investigation. CIB Chief AIG Dr. Manoj KC explains that it is the result of a long and meticulous police investigation.
The investigation formally began after the PPMO wrote to the Cyber Bureau suspecting unusual activity and data manipulation within its system.
The PPMO first became aware of the hacking. Following complaints from various public bodies and bidders, the office initially wrote to the Cyber Bureau for an investigation around Magh.
The investigation formally began after the PPMO wrote to the Cyber Bureau suspecting unusual activity and data manipulation within its system.
However, because the technology used by the hackers was highly complex and no concrete progress was seen for a long time, the command was transferred to the Central Investigation Bureau (CIB).
AIG KC mentions that they took command three weeks after the Cyber Bureau’s investigation began. ‘Initially, the investigation was handled by them (Cyber Bureau) for about three weeks, then we took over,’ says KC. ‘The Cyber Bureau is still assisting us. We have been working jointly.’
According to him, investigations so far have revealed that in various major contracts, the hackers not only looked at other applicants’ rates to bid lower but also changed contract specifications and even removed the applications of more qualified contractors from the system.
Investigation Focused on PPMO Staff
The CIB’s investigation is now focused on whether there was internal collusion or involvement of employees at the Public Procurement Monitoring Office itself. CIB Chief AIG KC states that since it is not easy to attack such a large and secure government server from the outside alone, the investigation is focused on this aspect.
‘Hacking can happen from the outside, or it could have happened because someone gave access from the inside. Our investigation is currently focused on this,’ he says. ‘We are conducting digital forensic testing of the PPMO server logs, IP addresses, and the usernames and passwords used by employees.’
The CIB does not believe the six arrested are the sole masterminds. The network appears to be very large, and it is possible that many major contracts across the country have been tampered with in the same way in the past, causing losses of millions to the state.
Preliminary examination of the statements of the arrested and the electronic devices seized from them has linked many other individuals and construction companies. However, CIB Chief KC says that information cannot be made public immediately as it would affect the investigation.
CIB Chief KC says, ‘We are currently looking at who is involved in this gang. Such individuals have been identified, but we will not say much as the investigation is ongoing.’
CIB Chief KC says, ‘We are currently looking at who is involved in this gang. Such individuals have been identified, but we will not say much as the investigation is ongoing.’
Why do cyber attacks happen on the e-bidding system?
In Nepal, all major contracts by public bodies are currently awarded through the ‘Bolpatra’ electronic procurement system (EGP) website of the Public Procurement Monitoring Office under the Office of the Prime Minister and Council of Ministers.
The contracting agency invites bids through this system. Within the specified time, qualified contractors can submit bid documents from their homes or offices. There is a legal provision to award the letter of intent to the best applicant after technical and financial evaluation.
Integrated tender calls eliminate the hassle and cost of individual government offices creating separate systems, and it is easier for applicant companies to get information from across the country in one place. The best part is the end of irregularities, collusion, or bullying in contracts.
Before this system was developed, there was a provision to physically submit tender forms at the respective offices. This often led to the leaking of proposer information, blocking on the way, and in some cases, creating an environment of fear and intimidation that prevented competitors from even applying. Such bullying ended after e-bidding started.
PPMO Says – We Are Assisting in the Investigation
After serious questions were raised about its system, the PPMO stated that it is fully cooperating with the police investigation. The office clarified that since the matter is now with the police, it is no longer just a matter of their information and control.
Office spokesperson Ram Prasad Acharya said that they are providing all technical and administrative details requested by the security agencies. He says they are assisting in the investigation by providing information as requested by the CIB or the Cyber Bureau. Spokesperson Acharya said, ‘This matter started after we requested an investigation; we are still providing necessary support, and the police are investigating.’
Click Here For The Original Source.
