On February 4, 2016, a group of hackers infiltrated the online system of the National Bank of Bangladesh by hacking into a printer connected to its network. Through the printer’s IP address, they accessed the bank’s central system and began transferring funds via the international SWIFT system.

The attack occurred late Thursday night. In a single operation, the hackers sent a request to transfer nearly one billion US dollars. The term “Jupiter”—linked to a terrorist organization’s funding—was included in the transaction details. Although the full amount wasn’t transferred, a staggering 88 million dollars was successfully withdrawn.

Due to Friday and Saturday being holidays in most Muslim countries, the breach went undetected until Sunday when employees returned to work. By the time staff realized the SWIFT account had been hacked, three days had already passed. An immediate attempt was made to contact authorities in New York, but since it was a Saturday night there, offices were closed.

Investigations revealed that the funds had been transferred to bank accounts in Sri Lanka and the Philippines. The hacker had set up a proxy account at RCBC Bank in the Philippines, where strict privacy laws made it difficult to trace funds. From there, the money was routed to two casinos and exchanged for gambling chips the very same night.

Inside the casinos, chips are used in place of currency. Gamblers typically convert chips back into cash when they leave, a process considered legal worldwide. The hackers took advantage of this system to launder the money—turning millions of dollars from a Bangladeshi bank into untraceable casino winnings.

Of the $88 million stolen, only $17 million was ever recovered. The rest vanished without a trace.

Seven years later, a similar cyberattack occurred at Nepal’s NIC Asia Bank during the Tihar festival. On the day of the holiday, savers’ funds began disappearing. A phishing attack had targeted staff who used the same email address for both official and personal use. The hackers obtained login credentials and accessed sensitive systems.

Exactly how much money was stolen remains unclear. Some losses were acknowledged, but others were downplayed. While the bank claimed a portion of the funds had been recovered, it never disclosed the total amount lost—or where the money was sent.

These cyberattacks in Bangladesh and Nepal are not isolated cases. Countries in Europe and the United States have also suffered from similar digital heists. As global financial systems increasingly rely on digital infrastructure, the threat of economic cybercrime continues to grow—with losses estimated at over Rs 100 million per month in some countries.

Question of Digital Sovereignty

After reading about recent cyberattacks, it becomes clear that not just Nepal, but financial institutions across the world are being targeted by hackers. From disrupting governance systems to crippling entire economies, cyberattacks are evolving into tools of modern warfare.

The most devastating cyberattack in history occurred in Estonia in 2007, when its entire economy came to a standstill for three weeks. With 99 percent of its transactions conducted electronically, Estonia viewed the attack not merely as a technical breach but as a direct assault on national sovereignty. The country even sought help from NATO—but no perpetrators were ever held accountable.

In February 2014, Sony Pictures Entertainment in the United States faced a cyberattack that exposed unreleased films, future production plans, and internal employee communications. The incident was widely portrayed as an attack on electronic sovereignty, and some even called it an act of war.

Such incidents highlight how cybercrime is now engulfing the globe. As attack methods become more sophisticated, a pressing question arises: Is Nepal prepared to investigate and defend against such threats?

Investigating cybercrime requires advanced technical infrastructure and skilled manpower—areas where Nepal still lags behind. According to police records, around 20,000 cybercrime cases are registered annually. However, experts estimate that only 10 percent of actual incidents are ever reported.

Current laws do not mandate the disclosure of cyberattacks. As a result, most organizations choose to hide breaches. A recent example is the data breach controversy at Nepal’s Department of Passports. Conflicting statements and a lack of transparency raised serious concerns.

Even the Cyber Bureau of Nepal Police admitted, “We have no information,” illustrating the opacity surrounding such incidents.

But just because cyberattacks go unreported doesn’t mean they aren’t happening. The data of any organization is not merely internal property—it often includes sensitive information about citizens. Protecting it is a matter of national responsibility.

Hackers often exploit outdated systems. In today’s digital age, where technology advances rapidly, new forms of cybercrime are emerging faster than law enforcement can respond. Unfortunately, Nepal Police lacks the advanced training and knowledge needed to conduct thorough investigations. No systemic evaluations have been conducted to bridge this gap.

While the government lags behind, some private Nepali companies are providing world-class cybersecurity services—both domestically and to clients in the US, UK, and Australia. These firms operate Security Operations Centers (SOCs) with skilled technicians who monitor threats in real time. Unauthorized access attempts trigger live alerts. Though small in number, a few of these firms are highly organized and effective.

Cover-Ups and Missed Opportunities

The basic principle of criminal investigation is straightforward: when physical harm occurs, people take notice. But in cybercrime, there’s no visible “blood.” Institutions often try to hide the breach rather than investigate. A recent example is the Rs 35 million cyber theft from F1Soft’s account, allegedly through a hacked software system at Citizens Bank’s Durbar Marg branch. Critical questions remain unanswered: How did the hacker gain access? Where was the money transferred? Without a deep forensic investigation, the full scope of this breach—and others like it—remains hidden.

According to the Cyber Bureau, cyber-enabled financial fraud in Nepal totaled Rs 1.79 billion in the last fiscal year 2081/82 (2024/2025).

The Central Investigation Bureau (CIB) of Nepal Police is also involved in investigating such crimes. If data from both agencies were consolidated, the actual scale of the problem could be far worse than currently reported.

In contrast, the US, European countries, and parts of Asia are far ahead in digital forensics. While the principles of digital investigation are rooted in traditional investigative methods, effective application requires expertise, resources, and urgency—areas where Nepal needs significant progress.

Western countries approach cyber investigations using traditional crime scene procedures before delving into digital forensics. Investigators trained in electronic crime must also possess a solid understanding of physical forensic practices.

For instance, just as the police cordon off a physical crime scene to preserve evidence, the digital equivalent—such as a hacked server—requires securing the digital perimeter. Investigators must avoid touching or altering any hardware, including hard drives or storage systems, before proper analysis begins. This process mirrors traditional investigative protocols and is critical for ensuring the integrity of digital evidence.

However, in Nepal, while cyber forensics exists, there is a noticeable gap in understanding and applying physical forensics within the digital investigation process. This lack of integration undermines the effectiveness of cybercrime investigations and needs urgent improvement.

Nepal does have a forensic science laboratory operated jointly by the Nepal Police and the Nepal Academy of Science and Technology (NAST). However, training provided in this area remains superficial. Much of what is taught under the umbrella of digital security is general and lacks depth.

Effective digital security work requires adherence to established standards and procedures—something still largely absent in Nepal. There’s also a critical gap in institutionalizing knowledge management. In the context of digital crime investigations, this involves collecting, cataloguing, and analyzing past cases to identify trends and patterns over time. Globally, this is considered a valuable tool for proactive security and research. In Nepal, however, it is often seen as an administrative burden rather than a necessity.

To build a truly capable cybercrime response mechanism, Nepal must integrate physical and digital forensics, invest in specialized training, enforce standards, and prioritize knowledge management.

(Rajiv Subba is a former Deputy Inspector General (DIG) of Nepal Police and a cybersecurity expert)