Authorities warn Bhutanese to take measures as a spate of hacks this year invaded popular Facebook pages and accounts including those of actor Tshering Gyeltshen, Voice of Bhutan and a travel blogger Tshering Denkar’.
Tshering Gyeltshen’s page has about 50,000 followers now. It was once hacked in March. However, the actor managed to retrieve his page.
The hacker was based in Los Angeles and claimed himself to be an employee of a popular and legitimate page called Bored Panda. The hacker kept on insisting the actor share his creative video contents for collaboration and repeatedly directed him to interesting web links of Bored Panda.
He said: “The hacker must have done a lot of background studies on my interest in creative and artistic contents. He knew where my vulnerability lied and I fell for it.”
While the page was under the hacker’s control, the hacker chatted with a lot of vulnerable people - particularly girls and sent out sexually harassing messages to them.
“The hacker pretended to be me, had an interaction with quite a number of innocent girls and tried to lure them. He even asked their numbers and shared some bogus WhatsApp number to contact him,” said Tshering Gyeltshen.
“You are never prepared enough in the world of cybersecurity,” he said.
Denkar’s Getaway’s content creator Tshering Denkar lost both her personal account and her page on Facebook to a hacker. She said, “There’s no way I can retrieve. It’s a complicated procedure to get back the account.”
She claimed that the hacker repeatedly reported her Facebook account because of which Facebook disabled her page too.
She suspected the hacker to be someone who didn’t like her content or her presence on social media platforms. She said: “I was devastated not because I lost my account but because I am not used to being hated.”
She dreaded thinking of what the hacker must be doing with her account. “If the hacker wanted money, he or she would have demanded ransom by now.”
“Not many people talk about cyberbullying, and then suddenly cybersecurity is one of the biggest things that happened in my life. It has changed my life,” she said.
Tshering Denkar claimed that cybersecurity was not given much importance in Bhutan.
She said: “What if one day our ministries’ pages get hacked? What if our politician’s pages get hacked? It’s dangerous.”
An official from the Bhutan Computer Incident Response Team (BtCIRT) claimed that Bhutanese people have poor security habits. Users set weak passwords, share them among friends, use pirated software, and not use or use outdated anti-virus software, and all of that makes a hacker’s work easier.
“Hackers are always on the move,” the official said.
BtCIRT officials said that people assumed that the attackers wouldn’t impose any risks to smaller organizational pages or individual accounts. “If we follow the trends, any individual or organization can be the next victim,” said BtCIRT official.
BtCIRT officials also mentioned that if the cybersecurity incidents reported were criminal in nature, they are forwarded to the Royal Bhutan Police (RBP) and penalties are levied by the law enforcement agencies as per the Penal Code of Bhutan.
According to BtCIRT, the hacked or compromised accounts can be used for conducting malicious activity like sending phishing emails, borrowing money through messengers impersonating you, or sending messages to friends, colleagues and organisations with malware attached.
“Hackers probe the internet with whatever and whenever they can look for vulnerable accounts and systems or networks. So, cybersecurity is everyone’s responsibility,” the official said.