ThimphuTech was the first technology blog in Bhutan. We started writing it in 2009, just as broadband and mobile internet started to take off. (Although internet in Bhutan was launched in 1999, it was either super-slow or super-expensive, and was only used by a selected few).

In the blog, we wrote about technology and food, but also about plenty of other stuff. The blog became popular and influential in Bhutan. A companion bi-weekly column -- Ask Boaz -- was published for many years in the Kuensel, Bhutan's national newspaper. (The complete Kuensel columns are available as an ebook, Blogging with Dragons).

We stopped updating the blog when we left Bhutan in 2014, but the information within the posts can still prove useful, and thus we decided to keep it online.

We thank all our readers.
Tashi Delek,
Boaz & Galit.

Thursday, October 11, 2012

Hackers enjoy a free ride using RGoB, OAG, TCC, and other Bhutanese websites

It is not a secret that many websites in Bhutan are prone to hacking. Some hackers just enjoy showing off their abilities, and leave a noticeable trace on the website - perhaps a militant message accompanied by loud and scary music. Other hackers are more subtle. They take advantage of a vulnerable website by adding or changing its content in a way that is beneficial to them, but is not easy to detect by a casual visitor.

Case in point: The main portal of the Royal Government of Bhutan, The portal has a pretty good page ranking by Google (6 out of 10). When a website with a good ranking has links to other websites, Google sees these links as recommendations, and so it improves the ranking of the linked sites.

Apparently, hackers were eager to take advantage of RGoB's ranking. So what did they do? They silently broke into the website and changed the content of pages to include links to websites that they wish to promote.

Take a look at the following source code snippet from RGoB's home page (by the way, if you want to view the source code of any web page, open that page in Google Chrome or Mozilla Firefox, then click Ctrl-U. If you are using Internet Explorer, click on View, then Source).

Hackers are taking advantage of RGoB's portal
As you can see, there are some strange links in this page (that's the web addresses starting with http://). Just by looking at the domain names, it is apparent that these links point to websites that are - well, how to put it gently - not very "family-friendly". And there are many more similar links in this page, as well as on many other pages in the RGoB portal. The hackers, by the way, cleverly made sure that these links are readable by search engines, such as Google, but are not visible to humans (that's the style="display:none" part). So just by browsing the page you will not see anything special.

Here is a partial list of other Bhutanese websites that are currently being used in a similar manner, and serving as hosts to parasite links. All these hidden links, by the way, point to Turkish websites.
Bhutanese websites continue to be highly vulnerable to outside attacks. And as more and more websites, databases, and other systems are coming online, the potential harm that can be caused by malicious hackers increases.

Hat tip to our reader Anonymuse , who provided the impetus for this post.