Cyber Terrorism

Cyber Terrorism - The Dark Side of the Web World
(Various Legal Compliances)

on
Faculty of Law, University of Allahabad 0
IS
PREFACE
The term cyber terrorism is becoming increasingly common in the popular culture, yet a
solid definition of the word seems hard to come by !hile the phrase is loosely defined,
there is a large amount of sub"ectivity in what e#actly constitutes cyber terrorism $n an
attempt to define cyber terrorism more logically, a study is made of definitions and
attributes of terrorism and terrorist events $n particular, the breadth of the issue poses
significant %uestions for those who argue for vertical solutions to what is certainly a
hori&ontal problem
$ am very than'ful to (s )ashmi Tha'ur, who has given a great contribution in the
framing and completion of this *ro"ect and without her efficient supervision and support
$ would have never been able to appreciate the depth of the topic $ am also very than'ful
to *rof L( +ingh, ,ead and -ean, Faculty of Law, University of Allahabad, and to
*rof .* +ingh, /oordinator, .ALL. 0,ons1, Five 2ear $ntegrated /ourse, who
were benign enough to grant me the authori&ation and approvals which were essential for
the creation of this *ro"ect
Finally, $ would li'e to than' and e#press my gratitude to all those who directly or
indirectly assisted me in creation of this *ro"ect
aran apoor
Semester-V!!!
"#$#LL#"#(%ons#)
C&'T('TS
Chapters )age
'o#
*#
*#
!ntroduction +-,
-#
-#
What !s Cyber Terrorism .
/-*0
0#
0#
1orms of Cyber Terrorism
*+---
+#
+#
The !mpact of Cyber Terrorism- a "rief !dea
-+--2
3#
3#
Cyber Terrorism 4 Various Legal Compliances -,-0*
2#
2#
!ndian la5 4 Cyber Terrorism
0--02
,#
,#
)rotection from cyber terrorism- $ 1e5 Suggestions
0,-+*
/#
/#
Conclusion +--+0
6eferences 4 $ckno5ledgements
1 /yber Terrorism .y 4evin /oleman , Technolytics
2 /yber Terrorism 6 The new 'ind of Terrorism .y6 -) (U-A!$ (U4,TA)
7L(U+,A)AF
3 /ybercrime and cyber terrorism6 *reventive defense for cyberspace violations .y
*)A8779 -ALAL
5 /omputer /rime )esearch /enter
: /oleman, 4eivin ;/yber Terrorism;
< /ollin, .arry / ;The Future of /yber Terrorism;
= *roceedings of 11th annual international symposium on criminal "ustice $ssue
> ?emmy, +prdes @!ill, .rarsA 7#amples of /yber Terrorism
B 4err, 4othryn, ;*utting cyber terrorism into conte#t
10 /2.7)T7))C)$+( D Fact or FancyE .y (ar' ( *ollitt
11 /yberDterrorism6 !i'ipedia
12 -efining /yber terrorism .y Adv )ohas 9agpal
C%$)T(6 !
Faculty of Law, University of Allahabad :
!ntroduction
$f you as' 10 people what Fcyber terrorismG is, you will get at least nine different
answersH !hen those 10 people are computer security e#perts, whose tas' it is to create
various forms of protection against Fcyber terrorismG, this discrepancy moves from
comedic to rather worrisome !hen these 10 people represent varied factions of the
governmental agencies tas'ed with protecting our national infrastructure and assets, it
becomes a critical issue ,owever, given the lac' of documented scientific support to
incorporate various aspects of computerDrelated crime into the genre Fcyber terrorismG,
this situation should not be surprising -espite copious media attention, there is no
consensus methodology by which various actions may be placed under the nomenclature
Fcyber terrorismG, yet the term clearly e#ists in common usage The term, first coined in
the 1B>0s by .arry /ollin 0/ollin, 1BB=1, has blossomed in the last several years6
I*rotect yourself from the cyber terroristJA I$nsure yourself against cyber terrorismJA
IFunding forthcoming to fight cyber terrorismJ 0,amblen, 1BBBA Luening, 20001
All of these sound nice, but the reality is that the reader, solution provider, or defender is
often left to his own devices as to what the term actually means and thus what solutions
should be created 0or implemented1 When a governments or corporations entire
infrastructure may be at stake, subjectivity is useful but may not be the best evaluative
tool.
At the same time, research of this phenomenon shows that cyber terrorism cannot easily
be defined This creates a /atchD22 situation6 the thing cannot be defined K yet without
defining it, one cannot F'nowG what it is one is fighting and hence come up with a good
Faculty of Law, University of Allahabad <
solution Furthermore, even when there is an operational agreement on terms, if an
attac'Lsecurity event does not fit into one of the 0often narrowly defined1 categories,
funding 0and conse%uently investigation or technical remedy1 may not be forthcoming
The threat of terrorism has posed an immense challenge in the post /old !ar period
Terror attac's in ma"or cities, towns and tourist resorts across the globe have
demonstrated the inade%uacy of the +tate mechanisms to address this challenge +erious
attempts have been made by 9ations to address this challenge by designing counter
terrorism strategies and anti terror mechanisms ,owever, most of there are designed in a
conventional paradigm, which might be effective in a conventional terror attac'
,owever, there are limitations when it comes to a terror attac' of an unconventional
nature
$nformation technology 0$T1 has e#posed the user to a huge data ban' of information
regarding everything and anything ,owever, it has also added a new dimension to
terrorism )ecent reports suggest that the terrorist is also getting e%uipped to utili&e
cyber space to carryout terrorist attac's The possibility of such attac's in future cannot
be denied Terrorism related to cyber is popularly 'nown as Mcyber terrorismM
$n the last couple of decades $ndia has carved a niche for itself in $T (ost of the $ndian
ban'ing industry and financial institutions have embraced $T to its full optimi&ation
)eports suggest that cyber attac's are understandably directed toward economic and
financial institutions Niven the increasing dependency of the $ndian economic and
financial institutions on $T, a cyber attac' against them might lead to an irreparable
Faculty of Law, University of Allahabad =
collapse of our economic structures And the most frightening thought is the
ineffectiveness of reciprocal arrangements or the absence of alternatives The articles
envisages an understanding of the nature and effectiveness of cyber attac's and ma'ing
an effort to study and analyse the efforts made by $ndia to address this challenge and
highlight what more could be done
C%$)T(6 !!
Faculty of Law, University of Allahabad >
What !s Cyber Terrorism .
What is Terrorism?
Terrorism is defined as premeditated, politically motivated violence perpetrated against
noncombatant targets by sub national groups or clandestine agents, usually intended to
influence an audience The United +tates has employed this definition of terrorism for
statistical and analytical purposes since 1B>3 U+ -epartment of +tate, 2002, *atterns
of Nlobal Terrorism, 2003
+ecurity e#pert -orothy -enning defines cyber terrorism as I politically motivated
hac'ing operations intended to cause grave harm such as loss of life or severe economic
damage
What is Cyber Terrorism ?
/yber terrorism is the premeditated use of disruptive activities, or the threat thereof, in
cyber space, with the intention to further social, ideological, religious, political or similar
ob"ectives, or to intimidate any person in furtherance of such ob"ectives
/omputers and the internet are becoming an essential part of our daily life They are
being used by individuals and societies to ma'e their life easier They use them for
storing information, processing data, sending and receiving messages, communications,
controlling machines, typing, editing, designing, drawing, and almost all aspects of life
The most deadly and destructive conse%uence of this helplessness is the emergence of
the concept of Icyber terrorismJ The traditional concepts and methods of terrorism have
ta'en new dimensions, which are more destructive and deadly in nature $n the age of
information technology the terrorists have ac%uired an e#pertise to produce the most
deadly combination of weapons and technology, which if not properly safeguarded in
Faculty of Law, University of Allahabad B
due course of time, will ta'e its own toll The damage so produced would be almost
irreversible and most catastrophic in nature $n short, we are facing the worst form of
terrorism popularly 'nown as ;/yber Terrorism; The e#pression ;cyber terrorism;
includes an intentional negative and harmful use of the information technology for
producing destructive and harmful effects to the property, whether tangible or intangible,
of others For instance, hac'ing of a computer system and then deleting the useful and
valuable business information of the rival competitor is a part and parcel of cyber
terrorism
The definition of ;cyber terrorism; cannot be made e#haustive as the nature of crime is
such that it must be left to be inclusive in nature The nature of ;cyberspaceJ is such that
new methods and technologies are invented regularlyA hence it is not advisable to put the
definition in a straight"ac'et formula or pigeons hole $n fact, the first effort of the /ourts
should be to interpret the definition as liberally as possible so that the menace of cyber
terrorism can be tac'led stringently and with a punitive hand
The law dealing with cyber terrorism is, however, not ade%uate to meet the precarious
intentions of these cyber terrorists and re%uires a re"uvenation in the light and conte#t of
the latest developments all over the world
A. Definition of Cyber Terrorism
.efore we can discuss the possibilities of Icyber terrorism, we must have some wor'ing
definitions The word Icyber terrorismJ refers to two elements6 cyberspace and
terrorism
Another word for cyberspace is the Ivirtual worldJ i,e a place in which computer
programs function and data moves Terrorism is a much used term, with many
definitions For the purposes of this presentation, we will use the United +tates
-epartment of +tate definition6J The term FterrorismG means premeditated, politically
motivated violence perpetrated against noncombatant targets by sub national groups or
clandestine agentsJ
$f we combine these definitions, we construct a wor'ing definition such as the following6
I/yber terrorism is the premeditated, politically motivated attac' against information,
computer systems, computer programs, and data which result in violence against
noncombatant targets by sub national groups or clandestine agentsJ
The basic definition of /yberDterrorism subsumed over time to encompass such things as
simply defacing a web site or server, or attac'ing nonDcritical systems, resulting in the
term becoming less useful There is also a train of thought that says cyber terrorism does
not e#ist and is really a matter of hac'ing or information warfare +ome disagree with
labeling it terrorism proper because of the unli'elihood of the creation of fear of
significant physical harm or death in a population using electronic means, considering
current attac' and protective technologies
B. Who are cyber terrorists?
From American point of view the most dangerous terrorist group is AlDOaeda which is
considered the first enemy for the U+ According to U+ officialGs data from computers
sei&ed in Afghanistan indicate that the group has scouted systems that control American
energy facilities, water distribution, communication systems, and other critical
infrastructure
After April 2001 collision of U+ navy spy plane and /hinese fighter "et, /hinese hac'ers
launched -enial os +ervice 0-o+1 attac's against American web sites
A study that covered the second half of the year 2002 showed that the most dangerous
nation for originating malicious cyber attac's is the United +tates with 3:5P of the
cases down from 50P for the first half of the same year +outh 4orea came ne#t with
12>P, followed by /hina <2P then Nermany <=P then France 5P The U4 came
number B with 22P According to the same study, $srael was the most active country in
terms of number of cyber attac's related to the number of internet users There are so
many groups who are very active in attac'ing their targets through the computers
The Uni# +ecurity Nuards 0U+N1 a pro $slamic group launched a lot of digital attac's in
(ay 2002 Another group called !orldMs Fantabulas -efacers 0!F-1 attac'ed many
$ndian sites Also there is another pro *a'istan group called Anti $ndia /rew 0A$/1 who
launched many cyber attac's against $ndia
C. Why do they use cyber attacks?
/yber terrorist prefer using the cyber attac' methods because of many advantages for it
$t is /heaper than traditional methods
The action is very difficult to be trac'ed
They can hide their personalities and location
There are no physical barriers or chec' points to cross
They can do it remotely from anywhere in the world
They can use this method to attac' a big number of targets
They can affect a large number of people
C%$)T(6 !!!
1orms of cyber terrorism
/yber terrorism as mentioned is a very serious issue and it covers vide range of attac's
,ere, the 'ind indulgence is as'ed toward the definition of /yber /rime
I/yber /rimeJ is crime that is enabled by, or that targets computers /yber /rime can
involve theft of intellectual property, a violation of patent, trade secret, or copyright
laws ,owever, cyber crime also includes attac's against computers to deliberately
disrupt processing, or may include espionage to ma'e unauthori&ed copies of classified
data
+ome of the ma"or tools of cyber crime may beD .otnets, 7stonia, 200=, (alicious /ode
,osted on !ebsites, /yber 7spionage etc
$t is pertinent to mar' here that there are other forms which could be covered under the
heading of /yber /rime @ simultaneously is also an important tools for terrorist
activities -iscussing these criminal activities one by one6
Attacks via nternet!
7nauthori8ed access 4 %acking9-
Access means gaining entry into, instructing or communicating with the logical,
arithmetical, or memory function resources of a computer, computer system or computer
networ' Unauthori&ed access would therefore mean any 'ind of access without the
permission of either the rightful owner or the person in charge of a computer, computer
system or computer networ'
7very act committed towards brea'ing into a computer andLor networ' is hac'ing
,ac'ers write or use readyDmade computer programs to attac' the target computer They
possess the desire to destruct and they get the 'ic' out of such destruction +ome hac'ers
hac' for personal monetary gains, such as to stealing the credit card information,
transferring money from various ban' accounts to their own account followed by
withdrawal of money
.y hac'ing web server ta'ing control on another personGs website called as web
hi"ac'ing
Tro:an $ttack9-
The program that act li'e something useful but do the things that are %uiet damping The
programs of this 'ind are called as Tro"ans
The name Tro"an ,orse is popular Tro"ans come in two parts, a /lient part and a +erver
part !hen the victim 0un'nowingly1 runs the server on its machine, the attac'er will
then use the /lient to connect to the +erver and start using the tro"an T/*L$* protocol is
the usual protocol type used for communications, but some functions of the tro"ans use
the U-* protocol as well
Virus and Worm attack9-
A program that has capability to infect other programs and ma'e copies of itself and
spread into other programs is called virus
*rograms that multiply li'e viruses but spread from computer to computer are called as
worms The latest in these attac's is I(ichael ?ac'son eDmail virusD)emembering
Faculty of Law, University of Allahabad 1:
(ichael ?ac'sonJ Cnce it infects the computer it automatically spread the worm into
other internet users
(-mail 4 !6C related crimes9-
Emai" s#oofin$
7mail spoofing refers to email that appears to have been originated from one source
when it was actually sent from another source
Emai" %#ammin$
7mail ;spamming; refers to sending email to thousands and thousands of users D similar
to a chain letter
%endin$ ma"icious codes throu$h emai"
7Dmails are used to send viruses, Tro"ans etc through emails as an attachment or by
sending a lin' of website which on visiting downloads malicious code
Emai" bombin$
7Dmail ;bombing; is characteri&ed by abusers repeatedly sending an identical email
message to a particular address
%endin$ threatenin$ emai"s
Defamatory emai"s
Emai" frauds
RC re"ated
Attack on nfrastructure!
Faculty of Law, University of Allahabad 1<
Cur ban's and financial institutionsA air, sea, rail and highway transportation systemsA
telecommunicationsA electric power gridsA oil and natural gas supply linesKall are
operated, controlled and facilitated by advanced computers, networ's and software
Typically, the control centers and ma"or nodes in these systems are more vulnerable to
cyber than physical attac', presenting considerable opportunity for cyber terrorists
There, could be other losses to infrastructure too as 4evin /oleman in his article on
cyberDterrorism offered a scenario of possible conse%uences of a cyberDterrorism act
against an infrastructure or business, with a division of costs into direct and indirect
implications6
Direct Cost m#"ications
D Loss of sales during the disruption
D +taff time, networ' delays, intermittent access for business users
D $ncreased insurance costs due to litigation
D Loss of intellectual property D research, pricing, etc
D /osts of forensics for recovery and litigation
D Loss of critical communications in time of emergency
ndirect Cost m#"ications
D Loss of confidence and credibility in our financial systems
D Tarnished relationships and public image globally
D +trained business partner relationships D domestic and internationally
D Loss of future customer revenues for an individual or group of companies
D Loss of trust in the government and computer industry
Faculty of Law, University of Allahabad 1=
Attacks on &uman 'ife
7#amples6D
Q $n case of an air traffic system that is mainly computeri&ed and is set to establish the
flight routes for the airplanes, calculating the flight courses for all the planes in the air to
follow Also, plane pilots have to chec' the course as well as the other planes being
around using the onboard radar systems that are not connected to e#ternal networ's,
therefore it can be attac'ed by the cyberDterrorist
Q A different e#ample would be the act of cyberDterrorism agains a highlyDautomated
factory or plant production of any 'ind of product6 food, e%uipment, vehicles etc $n case
this organi&ation is highly reliant on the technological control, including a human control
only in the end of production, not on the chec'point stages, then any malfunction would
be e#tremely hard to point out, fi# and as a result to spot out a cyberDcrime being
committed
() Privacy vio"ation!
The law of privacy is the recognition of the individualMs right to be let alone and to have
his personal space inviolate The right to privacy as an independent and distinctive
concept originated in the field of Tort law $n recent times, however, this right has
ac%uired a constitutional status R)a"agopal 8s +tate of T9 R01BB51 < +// <32S, the
violation of which attracts both civil as well as criminal conse%uences under the
respective laws (odern enterprise and invention have, through invasions upon his
privacy, sub"ected him to mental pain and distress, far greater than could be inflicted by
Faculty of Law, University of Allahabad 1>
mere bodily in"ury )ight to privacy is a part of the right to life and personal liberty
enshrined under Article 21 of the /onstitution of $ndia !ith the advent of information
technology the traditional concept of right to privacy has ta'en new dimensions, which
re%uire a different legal outloo' To meet this challenge recourse of $nformation
Technology Act, 2000 can be ta'en The various provisions of the Act protect the online
privacy rights of the net users These rights are available against private individuals as
well as against cyber terrorists +ection 1 021 read with +ection =: of the Act provides for
an e#traDterritorial application of the provisions of the Act Thus, if a person 0including a
foreign national1 contravenes the privacy of an individual by means of computer,
computer system or computer networ' located in $ndia, he would be liable under the
provisions of the Act This ma'es it clear that the long arm "urisdiction is e%ually
available against a cyber terrorist, whose act has resulted in the damage of the property,
whether tangible or intangible
The law of privacy is the recognition of the individualMs right to be let alone and to have
his personal space inviolate The right to privacy as an independent and distinctive
concept originated in the field of Tort law, under which a new cause of action for
damages resulting from unlawful invasion of privacy was recogni&ed $n recent times,
however, this right has ac%uired a constitutional status, the violation of which attracts
both civil as well as criminal conse%uences under the respective laws The intensity and
comple#ity of life have rendered necessary some retreat from the world (an under the
refining influence of culture, has become sensitive to publicity, so that solitude and
privacy have become essential to the individual (odern enterprise and invention have,
through invasions upon his privacy, sub"ected him to mental pain and distress, far greater
Faculty of Law, University of Allahabad 1B
than could be inflicted by mere bodily in"ury )ight to privacy is a part of the right to life
and personal liberty enshrined under Article 21 of the /onstitution of $ndia !ith the
advent of information technology the traditional concept of right to privacy has ta'en
new dimensions, which re%uire a different legal outloo' To meet this challenge recourse
of $nformation Technology Act, 2000 can be ta'en
The various provisions of the Act aptly protect the online privacy rights of the citi&ens
/ertain acts have been categori&ed as offences and contraventions, which have tendency
to intrude with the privacy rights of the citi&ens
() %ecret information a##ro#riation and data theft!
The information technology can be misused for appropriating the valuable Novernment
secrets and data of private individuals and the Novernment and its agencies A computer
networ' owned by the Novernment may contain valuable information concerning
defence and other top secrets, which the Novernment will not wish to share otherwise
The same can be targeted by the terrorists to facilitate their activities, including
destruction of property $t must be noted that the definition of property is not restricted to
movables or immovable alone
$n R.K. Dalmia v Delhi Administration the +upreme /ourt held that the word ;property;
is used in the $*/ in a much wider sense than the e#pression ;movable property; There
is no good reason to restrict the meaning of the word ;property; to moveable property
only, when it is used without any %ualification !hether the offence defined in a
particular section of $*/ can be committed in respect of any particular 'ind of property,
will depend not on the interpretation of the word ;property; but on the fact whether that
particular 'ind of property can be sub"ect to the acts covered by that section
() Demo"ition of e*$overnance base!
The aim of eDgovernance is to ma'e the interaction of the citi&ens with the government
offices hassle free and to share information in a free and transparent manner $t further
ma'es the right to information a meaningful reality $n a democracy, people govern
themselves and they cannot govern themselves properly unless they are aware of social,
political, economic and other issues confronting them To enable them to ma'e a proper
"udgment on those issues, they must have the benefit of a range of opinions on those
issues )ight to receive and impart information is implicit in free speech This, right to
receive information is, however, not absolute but is sub"ect to reasonable restrictions
which may be imposed by the Novernment in public interest $n *U/L 8 UC$ the
+upreme /ourt specified the grounds on which the government can withhold information
relating to various matters, including trade secrets The +upreme /ourt observed6 ;
7very rightD legal or moralD carries with it a corresponding ob"ection $t is sub"ect to
several e#emptionsL e#ceptions indicated in broad terms
(+) Distributed denia" of services attack!
The cyber terrorists may also use the method of distributed denial of services 0--C+1 to
overburden the Novernment and its agencies electronic bases This is made possible by
first infecting several unprotected computers by way of virus attac's and then ta'ing
control of them Cnce control is obtained, they can be manipulated from any locality by
the terrorists These infected computers are then made to send information or demand in
such a large number that the server of the victim collapses Further, due to this
unnecessary $nternet traffic the legitimate traffic is prohibited from reaching the
Novernment or its agencies computers This results in immense pecuniary and strategic
loss to the government and its agencies
$t must be noted that thousands of compromised computers can be used to
simultaneously attac' a single host, thus ma'ing its electronic e#istence invisible to the
genuine and legitimate citi&ens and end users The law in this regard is crystal clear
(+) ,et-ork dama$e and disru#tions!
The main aim of cyber terrorist activities is to cause networ's damage and their
disruptions This activity may divert the attention of the security agencies for the time
being thus giving the terrorists e#tra time and ma'es their tas' comparatively easier This
process may involve a combination of computer tampering, virus attac's, hac'ing, etc
C%$)T(6 !V
The !mpact of Cyber Terrorism- a brief idea
/yber terrorists can endanger the security of the nation by targeting the sensitive and
secret information 0by stealing, disclosing, or destroying1
The intention of a cyber terrorism attac' could range from economic disruption through
the interruption of financial networ's and systems or used in support of a physical attac'
to cause further confusion and possible delays in proper response Although cyber
attac's have caused billions of dollars in damage and affected the lives of millions, we
have yet witness the implications of a truly catastrophic cyber terrorism attac' !hat
would some of the implications beE
Direct Cost m#"ications
Q Loss of sales during the disruption
Q +taff time, networ' delays, intermittent access for business users
Q $ncreased insurance costs due to litigation
Q Loss of intellectual property D research, pricing, etc
Q /osts of forensics for recovery and litigation
Q Loss of critical communications in time of emergency
ndirect Cost m#"ications
Q Loss of confidence and credibility in our financial systems
Q Tarnished relationships@ public image globally
Q +trained business partner relationships D domestic and internationally
Q Loss of future customer revenues for an individual or group of companies
Q Loss of trust in the government and computer industry
%ome incidents of cyber terrorism
The following are notable incidents of cyber terrorism6
Q $n 1BB>, ethnic Tamil guerrillas swamped +ri Lan'an embassies with >00 eDmails a day
over a twoDwee' period The messages read ;!e are the $nternet .lac' Tigers and weMre
doing this to disrupt your communications; $ntelligence authorities characteri&ed it as
the first 'nown attac' by terrorists against a countryMs computer systems
Q -uring the 4osovo conflict in 1BBB, 9ATC computers were blasted with eDmail bombs
and hit with denialDofDservice attac's by hac'tivists protesting the 9ATC bombings $n
addition, businesses, public organi&ations, and academic institutes received highly
politici&ed virusDladen eDmails from a range of 7astern 7uropean countries, according to
reports !eb defacements were also common
Q +ince -ecember 1BB=, the 7lectronic -isturbance Theater 07-T1 has been conducting
!eb sitDins against various sites in support of the (e#ican Tapatistas At a designated
time, thousands of protestors point their browsers to a target site using software that
floods the target with rapid and repeated download re%uests 7-TMs software has also
been used by animal rights groups against organi&ations said to abuse animals
7lectrohippies, another group of hac'tivists, conducted !eb sitDins against the !TC
when they met in +eattle in late 1BBB
Cne of the worst incidents of cyber terrorists at wor' was when crac'ers in )omania
illegally gained access to the computers controlling the life support systems at an
Antarctic research station, endangering the :> scientists involved (ore recently, in (ay
200= 7stonia was sub"ected to a mass cyberDattac' by hac'ers inside the )ussian
Federation which some evidence suggests was coordinated by the )ussian government,
though )ussian officials deny any 'nowledge of this This attac' was apparently in
response to the removal of a )ussian !orld !ar $$ war memorial from downtown
7stonia
C%$)T(6 V
Cyber Terrorism 4 Various Legal Compliances
'a-s in +arious Countries on Cyber Terrorism
%in$a#ore
9ew laws allowing +ingapore to launch preDemptive stri'es against computer hac'ers
have raised fears that $nternet controls are being tightened and privacy compromised in
the name of fighting terrorism The cityDstateMs parliament has approved tough new
legislation aimed at stopping ;cyber terrorism,; referring to computer crimes that are
endanger national security, foreign relations, ban'ing and essential public services
+ecurity agencies can now patrol the $nternet and swoop down on hac'ers suspected of
plotting to use computer 'eyboards as weapons of mass disruption 8iolators of the
/omputer (isuse Act such as website hac'ers can be "ailed up to three years or fined up
to +U10,000 0U:,>001
,e- .ork
A bill sponsored by state +en (ichael .alboni, )D7ast !illiston, that ma'es cyber
terrorism a felony was approved by the legislative body earlier this month and sent to the
+tate Assembly Under the legislation, cyber terrorism, using computers to disrupt,
terrori&e or 'ill, would become a class . felony, carrying a prison term of up to 2: years
/a"aysia
(alaysia is to establish an international centre to fight cyberDterrorism, providing an
emergency response to highDtech attac's on economies and trading systems around the
globe, reports said *rime (inister Abdullah Ahmad .adawi said during a visit to the
United +tates that the facility, sited at the highDtech hub of /yber"aya outside 4uala
Lumpur, would be funded and supported by governments and the private sector
The 9ew +traits Times said the centre would be modelled on the /entre for -isease
/ontrol in Atlanta, which helps handle outbrea's of disease around the world
Abdullah DD who announced the initiative at the close of the !orld /ongress on
$nformation Technology in Austin, Te#as DD said the threat of cyberDterrorism was too
serious for governments to ignore
The $nterpol, with its 1=> member countries, is doing a great "ob in fighting against
cyber terrorism They are helping all the member countries and training their personnel
The /ouncil of 7urope /onvention on /yber /rime, which is the first international
treaty for fighting against computer crime, is the result of 5 years wor' by e#perts from
the 5: member and nonDmember countries including ?apan, U+A, and /anada This
treaty has already enforced after its ratification by Lithuania on 21st of (arch 2005
The Association of +outh 7ast Asia 9ations 0A+7A91 has set plans for sharing
information on computer security They are going to create a regional cyberDcrime unit
by the year 200:
0nited 1in$dom
United 4ingdom adopted Terrorism Act, 2000, which gives the definition of terrorism
and also gives various provisions for /yber terrorism
Pakistan
!hoever commits the offence of cyber terrorism and causes death of any person shall be
punishable with death or imprisonment for life,J according to the ordinance, which was
published by the stateDrun A** news agency The *revention of 7lectronic /rimes law
will be applicable to anyone who commits a crime detrimental to national security
through the use of a computer or any other electronic device, the government said in the
ordinance $t listed several definitions of a Iterrorist actJ including stealing or copying,
or attempting to steal or copy, classified information necessary to manufacture any form
of chemical, biological or nuclear weapon
Cyber-terrorism and %uman 6ights
Universal -eclaration of ,uman )ights in its *reamble tal's about a Ifreedom from fear
and wantJ Freedom from fear is mostly a term of psychological nature, however, it is
being used very widely nowadays especially in cases of terrorism Article 3 of the
-eclaration sets the right to Isecurity of personJ As we 'now, term IpersonJ also
includes an environment 0s1he e#ists in, different from the term IindividualJ which under
one of the concepts imagines it as something abstract, apart from any other surrounding
conditions +o protecting a personal security would also mean protecting his 0her1 social,
economical and other connections, IthreadsJ established with the environment As long
as in modern reality these are sometimes predominantly based on technology, computers
or internet, cyberDterrorism protection also deals with Isecurity of personJ ,ere $ would
also add Article : with itGs protection against Idegrading treatmentJ *ersonal harm is
also a part of degradation and treating a person in a current way is something that may be
provided by cyberDcriminal act as it was proven above
Cne important provision that $ would li'e to pay special attention to is Article 12 of the
-eclaration $t states6 I9o one shall be sub"ected to arbitrary interference with his
privacy, nor to attac's upon his honour or reputationJ I*rivacyJ is defined as Ithe
%uality or state of being apart from company or observationJ which in combination with
another definition of Ifreedom from unauthori&ed intrusionJ given by the same source,
also includes the privacy of computerDstored data and a right to en"oy itGs private state of
nonDinterference without personal will of the possessor
Article 1= sets a right to property and a restriction to deprive anyone from possessed
property *roperty is defined as Ianything that is owned by a person or entityJ , including
two types of it6 Ireal propertyJ and Ipersonal propertyJ *ersonal property or
IpersonalityJ includes Imovable assets which are not real property, money, or
investments
Article 1B, however, plays a different role in this topic and is mostly associated with
internet use by terrorists in general
C%$)T(6 V!
!ndian la5 4 Cyber Terrorism
$n $ndia there is no law, which is specifically dealing with prevention of malware
through aggressive defense Thus, the analogous provisions have to be applied in a
purposive manner The protection against malware attac's can be claimed under the
following categories6
011 *rotection available under the /onstitution of $ndia, and
021 *rotection available under other statutes
(2) Protection under the Constitution of ndia!
The protection available under the /onstitution of any country is the strongest and the
safest one since it is the supreme document and all other laws derive their power and
validity from it $f a law satisfies the rigorous tests of the /onstitutional validity, then its
applicability and validity cannot be challenge and it becomes absolutely binding The
/onstitutions of $ndia, li'e other /onstitutions of the world, is organic and living in
nature and is capable of molding itself as per the time and re%uirements of the society
(3) Protection under other statutes!
The protection available under the /onstitution is further strengthened by various
statutory enactments These protections can be classified as6
0A1 *rotection under the $ndian *enal /ode 0$*/1, 1><0, and
0.1 *rotection under the $nformation Technology Act 0$TA1, 2000
Although the term Icyber terrorismJ is absent from the terminology of the $ndian law,
+ection <B of the $nformation Technology Act is a strong legislative measure to counter
the use of encryption by terrorists This section authori&es the /ontroller of /ertifying
Authorities 0//A1 to direct any Novernment agency to intercept any information
transmitted through any computer resource
Constitution of ndia
Any person who fails to assist the Novernment agency in decrypting the information
sought to be intercepted is liable for imprisonment up to = years
Article 300A of /onstitution of $ndia states that all persons have a right to hold and
en"oy their properties $n a specific case of .havnagar University v *alitana +ugar (ills
*vt Ltd +upreme /ourt applied the constitutional clause with the interpretation that
anyone can en"oy his or her property rights in any manner preferred This also includes
property rights to information stored on computers or in any electronic format
Articles 301 to 30: refer to the right for free trade As long as an individual carries out a
business in accordance with law, it cannot be interfered .esides, free trade and any
commercial activities cannot be visuali&ed without technological rights, which mean that
any distortion of those is illegal $n $ndia these provisions have been effectively used to
protect individual property rights against the actions of cyberDcriminals
Pena" Code
A big deal of protection is also provided by $ndian *enal /ode +ection 22 of it gives a
definition of a Imovable propertyJ stating that it also includes all corporal properties $t
means that any information stored on a computer can be conveniently regarded as a
movable property as it can definitely be moved from one place to another and is not
attached
+ection 2BA of the /ode with +ection 20110t1 of the $nformation Technology Act
provides that Ielectronic record means data, record, or data generated, image or sound
stored, received or sent in an electronic form or microfilm or computer generated
microficheJ
;udicial response
The "udiciary can play its role by adopting a stringent approach towards the menace of
cyber terrorism $t must, however, first tac'le the "urisdiction problem because before
invo'ing its "udicial powers the courts are re%uired to satisfy themselves that they
possess the re%uisite "urisdiction to deal with the situation +ince the $nternet ;is a
cooperative venture not owned by a single entity or government, there are no centrali&ed
rules or laws governing its use The absence of geographical boundaries may give rise to
a situation where the act legal in one country where it is done may violate the laws of
another country This process further made complicated due to the absence of a uniform
and harmoni&ed law governing the "urisdictional aspects of disputes arising by the use of
$nternet $t must be noted that, generally, the scholars point towards the following
;theories; under which a country may claim prescriptive "urisdiction6
0a1 a country may claim "urisdiction based on ;ob"ective territoriality; when an activity
ta'es place within the country,
0b1 a ;sub"ective territoriality; may attach when an activity ta'es place outside a nationMs
borders but the ;primary effect; of the action is within the nationMs borders,
0c1 a country may assert "urisdiction based on the nationality of either the actor or the
victim,
0d1 in e#ceptional circumstances, providing the right to protect the nationMs sovereignty
when faced with threats recogni&ed as particularly serious in the international
community
$n addition to establishing a connecting ne#us, traditional international doctrine also calls
for a ;reasonable; connection between the offender and the forum -epending on the
factual conte#t, courts loo' to such factors, as whether the activity of individual has a
;substantial and foreseeable effect; on the territory, whether a ;genuine lin'; e#ists
between the actor and the forum, the character of the activity and the importance of the
regulation giving rise to the controversy, the e#tent to which e#ceptions are harmed by
the regulation, and the importance of the regulation in the international community The
traditional "urisdictional paradigms may provide a framewor' to guide analysis for cases
arising in cyberspace R-awson /herieA I/reating .orders on the $nternetD Free +peech,
the United +tates and $nternational ?urisdictionJ, 8irginia ?ournal of $nternational Law,
8D55, 9oD2 0!inter, 20051S $t must be noted that by virtue of section 1021 read with
section =: of the $nformation Technology Act, 2000 the courts in $ndia have Ilong arm
"urisdictionJ to deal with cyber terrorism
C%$)T(6 V!!
)rotection from cyber terrorism- a fe5 suggestions
/urrently there are no foolproof ways to protect a system The completely secure system
can never be accessed by anyone (ost of the militaries classified information is 'ept on
machines with no outside connection, as a form of prevention of cyber terrorism Apart
from such isolation, the most common method of protection is encryption The wide
spread use of encryption is inhibited by the governments ban on its e#portation, so
intercontinental communication is left relatively insecure The /linton administration
and the F.$ oppose the e#port of encryption in favor of a system where by the
government can gain the 'ey to an encrypted system after gaining a court order to do so
The director of the F.$Ms stance is that the $nternet was not intended to go unpoliced and
that the police need to protect peopleMs privacy and publicDsafety rights there
7ncryptionMs draw bac' is that it does not protect the entire system, an attac' designed to
cripple the whole system, such as a virus, is unaffected by encryption
Cthers promote the use of firewalls to screen all communications to a system, including
eDmail messages, which may carry logic bombs Firewall is a relatively generic term for
methods of filtering access to a networ' They may come in the form of a computer,
router other communications device or in the form of a networ' configuration Firewalls
serve to define the services and access that are permitted to each user Cne method is to
screen user re%uests to chec' if they come from a previously defined domain or $nternet
*rotocol 0$*1 address Another method is to prohibit Telnet access into the system
,ere are few 'ey things to remember to protect from cyberDterrorism6
1 All accounts should have passwords and the passwords should be unusual, difficult to
guess
2 /hange the networ' configuration when defects become 'now
3 /hec' with venders for upgrades and patches
5 Audit systems and chec' logs to help in detecting and tracing an intruder
: $f you are ever unsure about the safety of a site, or receive suspicious email from an
un'nown address, donMt access it $t could be trouble
Efforts of combatin$ cyber terrorism
The $nterpol, with its 1=> member countries, is doing a great "ob in fighting against
cyber terrorism They are helping all the member countries and training their personnel
The /ouncil of 7urope /onvention on /yber /rime, which is the first international
treaty for fighting against computer crime, is the result of 5 years wor' by e#perts from
the 5: member and nonDmember countries including ?apan, U+A, and /anada This
treaty has already enforced after its ratification by Lithuania on 21st of (arch 2005
The Association of +outh 7ast Asia 9ations 0A+7A91 has set plans for sharing
information on computer security They are going to create a regional cyberDcrime unit
by the year 200:
The protection of $TA can be claimed for6
0a1 *reventing privacy violations,
0b1 *reventing information and data theft,
0c1 *reventing distributed denial of services attac' 0--C+1, and
0d1 *reventing networ' damage and destruction
Cha""en$es and Concerns
+ome challenges and concerns are highlighted below 6
0a1 Lac' of awareness and the culture of cyber security at individual as well as
institutional level
0b1 Lac' of trained and %ualified manpower to implement the counter measures
0c1 Too many information security organisations which have become wea' due to Mturf
warsM or financial compulsions
0d1 A wea' $T Act which has became redundant due to non e#ploitation and age old
cyber laws
e! 9o eDmail account policy especially for the defence forces, police and the agency
personnel
0f1 /yber attac's have come not only from terrorists but also from neighboring countries
inimical to our 9ational interests
Recommendations
/ertain recommendations are given below6
0a1 9eed to sensiti&e the common citi&ens about the dangers of cyber terrorism /ertDin
should engage academic institutions and follow an aggressive strategy
0b1 ?oint efforts by all Novernment agencies including defence forces to attract %ualified
s'illed personnel for implementation of counter measures
0c1 /yber security not to be given more lip service and the organi&ations dealing with the
same should be given all support 9o bureaucratic dominance should be permitted
0d1 Agreements relating to cyber security should be given the same importance as other
conventional agreements
e! (ore investment in this field in terms of finance and manpower
0f1 $ndian agencies wor'ing after cyber security should also 'eep a close vigil on the
developments in the $T sector of our potential adversaries
C%$)T(6 V!!!
Conclusion
The problems associated with the use of malware are not peculiar to any particular
country as the menace is global in nature The countries all over the world are facing this
problem and are trying their level best to eliminate this problem The problem, however,
cannot be effectively curbed unless popular public support and a vigilant "udiciary bac'
it The legislature cannot enact a law against the general public opinion of the nation at
large Thus, first a public support has to be obtained not only at the national level but at
the international level as well The people all over the world are not against the
enactment of statutes curbing the use of malware, but they are conscious about their
legitimate rights Thus, the law to be enacted by the legislature must ta'e care of public
interest on a priority basis This can be achieved if a suitable technology is supported by
an apt legislation, which can e#clusively ta'e care of the menace created by the
computers sending the malware Thus, the selfDhelp measures recogni&ed by the
legislature should not be disproportionate and e#cessive than the threat received by the
malware Further, while using such selfDhelp measures the property and rights of the
general public should not be affected $t would also not be unreasonable to demand that
such selfDhelp measures should not themselves commit any illegal act r omission Thus, a
selfDhelp measure should not be such as may destroy or steal the data or secret
information stored in the computer of the person sending the malware $t must be noted
that two wrongs cannot ma'e a thing right Thus, a demarcating line between selfDhelp
and ta'ing law in oneGs own hand must be drawn $n the ultimate analysis we must not
forget that selfDhelp measures are Iwatchdogs and not bloodDhoundsJ, and their purpose
should be restricted to legitimate and proportionate defensive actions only $n $ndia,
fortunately, we have a sound legal base for dealing with malware and the public at large
has no problem in supporting the selfDhelp measures to combat cyber terrorism and
malware Therefore, cyber terrorism is becoming ma"or tool for terrorists and thus it is
getting more essential to frame policies to counter these attac's


Cyber Terrorism

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Cyber Terrorism

Diunggah oleh

Hak Cipta:

Format Tersedia

Cyber Terrorism - The Dark Side of the Web World

(Various Legal Compliances)

Anda mungkin juga menyukai