on (Various Legal Compliances) Faculty of Law, University of Allahabad 0 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) Faculty of Law, University of Allahabad 1 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) IS PREFACE Faculty of Law, University of Allahabad 2 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) The term cyber terrorism is becoming increasingly common in the popular culture, yet a solid definition of the word seems hard to come by !hile the phrase is loosely defined, there is a large amount of sub"ectivity in what e#actly constitutes cyber terrorism $n an attempt to define cyber terrorism more logically, a study is made of definitions and attributes of terrorism and terrorist events $n particular, the breadth of the issue poses significant %uestions for those who argue for vertical solutions to what is certainly a hori&ontal problem $ am very than'ful to (s )ashmi Tha'ur, who has given a great contribution in the framing and completion of this *ro"ect and without her efficient supervision and support $ would have never been able to appreciate the depth of the topic $ am also very than'ful to *rof L( +ingh, ,ead and -ean, Faculty of Law, University of Allahabad, and to *rof .* +ingh, /oordinator, .ALL. 0,ons1, Five 2ear $ntegrated /ourse, who were benign enough to grant me the authori&ation and approvals which were essential for the creation of this *ro"ect Finally, $ would li'e to than' and e#press my gratitude to all those who directly or indirectly assisted me in creation of this *ro"ect aran apoor Semester-V!!! "#$#LL#"#(%ons#) C&'T('TS Faculty of Law, University of Allahabad 3 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) Chapters )age 'o# *# *# !ntroduction +-, -# -# What !s Cyber Terrorism . /-*0 0# 0# 1orms of Cyber Terrorism *+--- +# +# The !mpact of Cyber Terrorism- a "rief !dea -+--2 3# 3# Cyber Terrorism 4 Various Legal Compliances -,-0* 2# 2# !ndian la5 4 Cyber Terrorism 0--02 ,# ,# )rotection from cyber terrorism- $ 1e5 Suggestions 0,-+* /# /# Conclusion +--+0 6eferences 4 $ckno5ledgements 1 /yber Terrorism .y 4evin /oleman , Technolytics Faculty of Law, University of Allahabad 5 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) 2 /yber Terrorism 6 The new 'ind of Terrorism .y6 -) (U-A!$ (U4,TA) 7L(U+,A)AF 3 /ybercrime and cyber terrorism6 *reventive defense for cyberspace violations .y *)A8779 -ALAL 5 /omputer /rime )esearch /enter : /oleman, 4eivin ;/yber Terrorism; < /ollin, .arry / ;The Future of /yber Terrorism; = *roceedings of 11th annual international symposium on criminal "ustice $ssue > ?emmy, +prdes @!ill, .rarsA 7#amples of /yber Terrorism B 4err, 4othryn, ;*utting cyber terrorism into conte#t 10 /2.7)T7))C)$+( D Fact or FancyE .y (ar' ( *ollitt 11 /yberDterrorism6 !i'ipedia 12 -efining /yber terrorism .y Adv )ohas 9agpal C%$)T(6 ! Faculty of Law, University of Allahabad : Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) !ntroduction $f you as' 10 people what Fcyber terrorismG is, you will get at least nine different answersH !hen those 10 people are computer security e#perts, whose tas' it is to create various forms of protection against Fcyber terrorismG, this discrepancy moves from comedic to rather worrisome !hen these 10 people represent varied factions of the governmental agencies tas'ed with protecting our national infrastructure and assets, it becomes a critical issue ,owever, given the lac' of documented scientific support to incorporate various aspects of computerDrelated crime into the genre Fcyber terrorismG, this situation should not be surprising -espite copious media attention, there is no consensus methodology by which various actions may be placed under the nomenclature Fcyber terrorismG, yet the term clearly e#ists in common usage The term, first coined in the 1B>0s by .arry /ollin 0/ollin, 1BB=1, has blossomed in the last several years6 I*rotect yourself from the cyber terroristJA I$nsure yourself against cyber terrorismJA IFunding forthcoming to fight cyber terrorismJ 0,amblen, 1BBBA Luening, 20001 All of these sound nice, but the reality is that the reader, solution provider, or defender is often left to his own devices as to what the term actually means and thus what solutions should be created 0or implemented1 When a governments or corporations entire infrastructure may be at stake, subjectivity is useful but may not be the best evaluative tool. At the same time, research of this phenomenon shows that cyber terrorism cannot easily be defined This creates a /atchD22 situation6 the thing cannot be defined K yet without defining it, one cannot F'nowG what it is one is fighting and hence come up with a good Faculty of Law, University of Allahabad < Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) solution Furthermore, even when there is an operational agreement on terms, if an attac'Lsecurity event does not fit into one of the 0often narrowly defined1 categories, funding 0and conse%uently investigation or technical remedy1 may not be forthcoming The threat of terrorism has posed an immense challenge in the post /old !ar period Terror attac's in ma"or cities, towns and tourist resorts across the globe have demonstrated the inade%uacy of the +tate mechanisms to address this challenge +erious attempts have been made by 9ations to address this challenge by designing counter terrorism strategies and anti terror mechanisms ,owever, most of there are designed in a conventional paradigm, which might be effective in a conventional terror attac' ,owever, there are limitations when it comes to a terror attac' of an unconventional nature $nformation technology 0$T1 has e#posed the user to a huge data ban' of information regarding everything and anything ,owever, it has also added a new dimension to terrorism )ecent reports suggest that the terrorist is also getting e%uipped to utili&e cyber space to carryout terrorist attac's The possibility of such attac's in future cannot be denied Terrorism related to cyber is popularly 'nown as Mcyber terrorismM $n the last couple of decades $ndia has carved a niche for itself in $T (ost of the $ndian ban'ing industry and financial institutions have embraced $T to its full optimi&ation )eports suggest that cyber attac's are understandably directed toward economic and financial institutions Niven the increasing dependency of the $ndian economic and financial institutions on $T, a cyber attac' against them might lead to an irreparable Faculty of Law, University of Allahabad = Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) collapse of our economic structures And the most frightening thought is the ineffectiveness of reciprocal arrangements or the absence of alternatives The articles envisages an understanding of the nature and effectiveness of cyber attac's and ma'ing an effort to study and analyse the efforts made by $ndia to address this challenge and highlight what more could be done C%$)T(6 !! Faculty of Law, University of Allahabad > Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) What !s Cyber Terrorism . What is Terrorism? Terrorism is defined as premeditated, politically motivated violence perpetrated against noncombatant targets by sub national groups or clandestine agents, usually intended to influence an audience The United +tates has employed this definition of terrorism for statistical and analytical purposes since 1B>3 U+ -epartment of +tate, 2002, *atterns of Nlobal Terrorism, 2003 +ecurity e#pert -orothy -enning defines cyber terrorism as I politically motivated hac'ing operations intended to cause grave harm such as loss of life or severe economic damage What is Cyber Terrorism ? /yber terrorism is the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar ob"ectives, or to intimidate any person in furtherance of such ob"ectives /omputers and the internet are becoming an essential part of our daily life They are being used by individuals and societies to ma'e their life easier They use them for storing information, processing data, sending and receiving messages, communications, controlling machines, typing, editing, designing, drawing, and almost all aspects of life The most deadly and destructive conse%uence of this helplessness is the emergence of the concept of Icyber terrorismJ The traditional concepts and methods of terrorism have ta'en new dimensions, which are more destructive and deadly in nature $n the age of information technology the terrorists have ac%uired an e#pertise to produce the most deadly combination of weapons and technology, which if not properly safeguarded in Faculty of Law, University of Allahabad B Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) due course of time, will ta'e its own toll The damage so produced would be almost irreversible and most catastrophic in nature $n short, we are facing the worst form of terrorism popularly 'nown as ;/yber Terrorism; The e#pression ;cyber terrorism; includes an intentional negative and harmful use of the information technology for producing destructive and harmful effects to the property, whether tangible or intangible, of others For instance, hac'ing of a computer system and then deleting the useful and valuable business information of the rival competitor is a part and parcel of cyber terrorism The definition of ;cyber terrorism; cannot be made e#haustive as the nature of crime is such that it must be left to be inclusive in nature The nature of ;cyberspaceJ is such that new methods and technologies are invented regularlyA hence it is not advisable to put the definition in a straight"ac'et formula or pigeons hole $n fact, the first effort of the /ourts should be to interpret the definition as liberally as possible so that the menace of cyber terrorism can be tac'led stringently and with a punitive hand The law dealing with cyber terrorism is, however, not ade%uate to meet the precarious intentions of these cyber terrorists and re%uires a re"uvenation in the light and conte#t of the latest developments all over the world A. Definition of Cyber Terrorism .efore we can discuss the possibilities of Icyber terrorism, we must have some wor'ing definitions The word Icyber terrorismJ refers to two elements6 cyberspace and terrorism Faculty of Law, University of Allahabad 10 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) Another word for cyberspace is the Ivirtual worldJ i,e a place in which computer programs function and data moves Terrorism is a much used term, with many definitions For the purposes of this presentation, we will use the United +tates -epartment of +tate definition6J The term FterrorismG means premeditated, politically motivated violence perpetrated against noncombatant targets by sub national groups or clandestine agentsJ $f we combine these definitions, we construct a wor'ing definition such as the following6 I/yber terrorism is the premeditated, politically motivated attac' against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub national groups or clandestine agentsJ The basic definition of /yberDterrorism subsumed over time to encompass such things as simply defacing a web site or server, or attac'ing nonDcritical systems, resulting in the term becoming less useful There is also a train of thought that says cyber terrorism does not e#ist and is really a matter of hac'ing or information warfare +ome disagree with labeling it terrorism proper because of the unli'elihood of the creation of fear of significant physical harm or death in a population using electronic means, considering current attac' and protective technologies B. Who are cyber terrorists? From American point of view the most dangerous terrorist group is AlDOaeda which is considered the first enemy for the U+ According to U+ officialGs data from computers sei&ed in Afghanistan indicate that the group has scouted systems that control American Faculty of Law, University of Allahabad 11 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) energy facilities, water distribution, communication systems, and other critical infrastructure After April 2001 collision of U+ navy spy plane and /hinese fighter "et, /hinese hac'ers launched -enial os +ervice 0-o+1 attac's against American web sites A study that covered the second half of the year 2002 showed that the most dangerous nation for originating malicious cyber attac's is the United +tates with 3:5P of the cases down from 50P for the first half of the same year +outh 4orea came ne#t with 12>P, followed by /hina <2P then Nermany <=P then France 5P The U4 came number B with 22P According to the same study, $srael was the most active country in terms of number of cyber attac's related to the number of internet users There are so many groups who are very active in attac'ing their targets through the computers The Uni# +ecurity Nuards 0U+N1 a pro $slamic group launched a lot of digital attac's in (ay 2002 Another group called !orldMs Fantabulas -efacers 0!F-1 attac'ed many $ndian sites Also there is another pro *a'istan group called Anti $ndia /rew 0A$/1 who launched many cyber attac's against $ndia C. Why do they use cyber attacks? /yber terrorist prefer using the cyber attac' methods because of many advantages for it $t is /heaper than traditional methods The action is very difficult to be trac'ed They can hide their personalities and location There are no physical barriers or chec' points to cross Faculty of Law, University of Allahabad 12 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) They can do it remotely from anywhere in the world They can use this method to attac' a big number of targets They can affect a large number of people Faculty of Law, University of Allahabad 13 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) C%$)T(6 !!! 1orms of cyber terrorism /yber terrorism as mentioned is a very serious issue and it covers vide range of attac's ,ere, the 'ind indulgence is as'ed toward the definition of /yber /rime I/yber /rimeJ is crime that is enabled by, or that targets computers /yber /rime can involve theft of intellectual property, a violation of patent, trade secret, or copyright laws ,owever, cyber crime also includes attac's against computers to deliberately disrupt processing, or may include espionage to ma'e unauthori&ed copies of classified data +ome of the ma"or tools of cyber crime may beD .otnets, 7stonia, 200=, (alicious /ode ,osted on !ebsites, /yber 7spionage etc $t is pertinent to mar' here that there are other forms which could be covered under the heading of /yber /rime @ simultaneously is also an important tools for terrorist activities -iscussing these criminal activities one by one6 Attacks via nternet! 7nauthori8ed access 4 %acking9- Access means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer networ' Unauthori&ed access would therefore mean any 'ind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer networ' Faculty of Law, University of Allahabad 15 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) 7very act committed towards brea'ing into a computer andLor networ' is hac'ing ,ac'ers write or use readyDmade computer programs to attac' the target computer They possess the desire to destruct and they get the 'ic' out of such destruction +ome hac'ers hac' for personal monetary gains, such as to stealing the credit card information, transferring money from various ban' accounts to their own account followed by withdrawal of money .y hac'ing web server ta'ing control on another personGs website called as web hi"ac'ing Tro:an $ttack9- The program that act li'e something useful but do the things that are %uiet damping The programs of this 'ind are called as Tro"ans The name Tro"an ,orse is popular Tro"ans come in two parts, a /lient part and a +erver part !hen the victim 0un'nowingly1 runs the server on its machine, the attac'er will then use the /lient to connect to the +erver and start using the tro"an T/*L$* protocol is the usual protocol type used for communications, but some functions of the tro"ans use the U-* protocol as well Virus and Worm attack9- A program that has capability to infect other programs and ma'e copies of itself and spread into other programs is called virus *rograms that multiply li'e viruses but spread from computer to computer are called as worms The latest in these attac's is I(ichael ?ac'son eDmail virusD)emembering Faculty of Law, University of Allahabad 1: Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) (ichael ?ac'sonJ Cnce it infects the computer it automatically spread the worm into other internet users (-mail 4 !6C related crimes9- Emai" s#oofin$ 7mail spoofing refers to email that appears to have been originated from one source when it was actually sent from another source Emai" %#ammin$ 7mail ;spamming; refers to sending email to thousands and thousands of users D similar to a chain letter %endin$ ma"icious codes throu$h emai" 7Dmails are used to send viruses, Tro"ans etc through emails as an attachment or by sending a lin' of website which on visiting downloads malicious code Emai" bombin$ 7Dmail ;bombing; is characteri&ed by abusers repeatedly sending an identical email message to a particular address %endin$ threatenin$ emai"s Defamatory emai"s Emai" frauds RC re"ated Attack on nfrastructure! Faculty of Law, University of Allahabad 1< Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) Cur ban's and financial institutionsA air, sea, rail and highway transportation systemsA telecommunicationsA electric power gridsA oil and natural gas supply linesKall are operated, controlled and facilitated by advanced computers, networ's and software Typically, the control centers and ma"or nodes in these systems are more vulnerable to cyber than physical attac', presenting considerable opportunity for cyber terrorists There, could be other losses to infrastructure too as 4evin /oleman in his article on cyberDterrorism offered a scenario of possible conse%uences of a cyberDterrorism act against an infrastructure or business, with a division of costs into direct and indirect implications6 Direct Cost m#"ications D Loss of sales during the disruption D +taff time, networ' delays, intermittent access for business users D $ncreased insurance costs due to litigation D Loss of intellectual property D research, pricing, etc D /osts of forensics for recovery and litigation D Loss of critical communications in time of emergency ndirect Cost m#"ications D Loss of confidence and credibility in our financial systems D Tarnished relationships and public image globally D +trained business partner relationships D domestic and internationally D Loss of future customer revenues for an individual or group of companies D Loss of trust in the government and computer industry Faculty of Law, University of Allahabad 1= Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) Attacks on &uman 'ife 7#amples6D Q $n case of an air traffic system that is mainly computeri&ed and is set to establish the flight routes for the airplanes, calculating the flight courses for all the planes in the air to follow Also, plane pilots have to chec' the course as well as the other planes being around using the onboard radar systems that are not connected to e#ternal networ's, therefore it can be attac'ed by the cyberDterrorist Q A different e#ample would be the act of cyberDterrorism agains a highlyDautomated factory or plant production of any 'ind of product6 food, e%uipment, vehicles etc $n case this organi&ation is highly reliant on the technological control, including a human control only in the end of production, not on the chec'point stages, then any malfunction would be e#tremely hard to point out, fi# and as a result to spot out a cyberDcrime being committed () Privacy vio"ation! The law of privacy is the recognition of the individualMs right to be let alone and to have his personal space inviolate The right to privacy as an independent and distinctive concept originated in the field of Tort law $n recent times, however, this right has ac%uired a constitutional status R)a"agopal 8s +tate of T9 R01BB51 < +// <32S, the violation of which attracts both civil as well as criminal conse%uences under the respective laws (odern enterprise and invention have, through invasions upon his privacy, sub"ected him to mental pain and distress, far greater than could be inflicted by Faculty of Law, University of Allahabad 1> Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) mere bodily in"ury )ight to privacy is a part of the right to life and personal liberty enshrined under Article 21 of the /onstitution of $ndia !ith the advent of information technology the traditional concept of right to privacy has ta'en new dimensions, which re%uire a different legal outloo' To meet this challenge recourse of $nformation Technology Act, 2000 can be ta'en The various provisions of the Act protect the online privacy rights of the net users These rights are available against private individuals as well as against cyber terrorists +ection 1 021 read with +ection =: of the Act provides for an e#traDterritorial application of the provisions of the Act Thus, if a person 0including a foreign national1 contravenes the privacy of an individual by means of computer, computer system or computer networ' located in $ndia, he would be liable under the provisions of the Act This ma'es it clear that the long arm "urisdiction is e%ually available against a cyber terrorist, whose act has resulted in the damage of the property, whether tangible or intangible The law of privacy is the recognition of the individualMs right to be let alone and to have his personal space inviolate The right to privacy as an independent and distinctive concept originated in the field of Tort law, under which a new cause of action for damages resulting from unlawful invasion of privacy was recogni&ed $n recent times, however, this right has ac%uired a constitutional status, the violation of which attracts both civil as well as criminal conse%uences under the respective laws The intensity and comple#ity of life have rendered necessary some retreat from the world (an under the refining influence of culture, has become sensitive to publicity, so that solitude and privacy have become essential to the individual (odern enterprise and invention have, through invasions upon his privacy, sub"ected him to mental pain and distress, far greater Faculty of Law, University of Allahabad 1B Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) than could be inflicted by mere bodily in"ury )ight to privacy is a part of the right to life and personal liberty enshrined under Article 21 of the /onstitution of $ndia !ith the advent of information technology the traditional concept of right to privacy has ta'en new dimensions, which re%uire a different legal outloo' To meet this challenge recourse of $nformation Technology Act, 2000 can be ta'en The various provisions of the Act aptly protect the online privacy rights of the citi&ens /ertain acts have been categori&ed as offences and contraventions, which have tendency to intrude with the privacy rights of the citi&ens () %ecret information a##ro#riation and data theft! The information technology can be misused for appropriating the valuable Novernment secrets and data of private individuals and the Novernment and its agencies A computer networ' owned by the Novernment may contain valuable information concerning defence and other top secrets, which the Novernment will not wish to share otherwise The same can be targeted by the terrorists to facilitate their activities, including destruction of property $t must be noted that the definition of property is not restricted to movables or immovable alone $n R.K. Dalmia v Delhi Administration the +upreme /ourt held that the word ;property; is used in the $*/ in a much wider sense than the e#pression ;movable property; There is no good reason to restrict the meaning of the word ;property; to moveable property only, when it is used without any %ualification !hether the offence defined in a particular section of $*/ can be committed in respect of any particular 'ind of property, Faculty of Law, University of Allahabad 20 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) will depend not on the interpretation of the word ;property; but on the fact whether that particular 'ind of property can be sub"ect to the acts covered by that section () Demo"ition of e*$overnance base! The aim of eDgovernance is to ma'e the interaction of the citi&ens with the government offices hassle free and to share information in a free and transparent manner $t further ma'es the right to information a meaningful reality $n a democracy, people govern themselves and they cannot govern themselves properly unless they are aware of social, political, economic and other issues confronting them To enable them to ma'e a proper "udgment on those issues, they must have the benefit of a range of opinions on those issues )ight to receive and impart information is implicit in free speech This, right to receive information is, however, not absolute but is sub"ect to reasonable restrictions which may be imposed by the Novernment in public interest $n *U/L 8 UC$ the +upreme /ourt specified the grounds on which the government can withhold information relating to various matters, including trade secrets The +upreme /ourt observed6 ; 7very rightD legal or moralD carries with it a corresponding ob"ection $t is sub"ect to several e#emptionsL e#ceptions indicated in broad terms (+) Distributed denia" of services attack! The cyber terrorists may also use the method of distributed denial of services 0--C+1 to overburden the Novernment and its agencies electronic bases This is made possible by first infecting several unprotected computers by way of virus attac's and then ta'ing control of them Cnce control is obtained, they can be manipulated from any locality by the terrorists These infected computers are then made to send information or demand in Faculty of Law, University of Allahabad 21 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) such a large number that the server of the victim collapses Further, due to this unnecessary $nternet traffic the legitimate traffic is prohibited from reaching the Novernment or its agencies computers This results in immense pecuniary and strategic loss to the government and its agencies $t must be noted that thousands of compromised computers can be used to simultaneously attac' a single host, thus ma'ing its electronic e#istence invisible to the genuine and legitimate citi&ens and end users The law in this regard is crystal clear (+) ,et-ork dama$e and disru#tions! The main aim of cyber terrorist activities is to cause networ's damage and their disruptions This activity may divert the attention of the security agencies for the time being thus giving the terrorists e#tra time and ma'es their tas' comparatively easier This process may involve a combination of computer tampering, virus attac's, hac'ing, etc Faculty of Law, University of Allahabad 22 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) C%$)T(6 !V The !mpact of Cyber Terrorism- a brief idea /yber terrorists can endanger the security of the nation by targeting the sensitive and secret information 0by stealing, disclosing, or destroying1 The intention of a cyber terrorism attac' could range from economic disruption through the interruption of financial networ's and systems or used in support of a physical attac' to cause further confusion and possible delays in proper response Although cyber attac's have caused billions of dollars in damage and affected the lives of millions, we have yet witness the implications of a truly catastrophic cyber terrorism attac' !hat would some of the implications beE Direct Cost m#"ications Q Loss of sales during the disruption Q +taff time, networ' delays, intermittent access for business users Q $ncreased insurance costs due to litigation Q Loss of intellectual property D research, pricing, etc Q /osts of forensics for recovery and litigation Q Loss of critical communications in time of emergency ndirect Cost m#"ications Q Loss of confidence and credibility in our financial systems Q Tarnished relationships@ public image globally Faculty of Law, University of Allahabad 23 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) Q +trained business partner relationships D domestic and internationally Q Loss of future customer revenues for an individual or group of companies Q Loss of trust in the government and computer industry %ome incidents of cyber terrorism The following are notable incidents of cyber terrorism6 Q $n 1BB>, ethnic Tamil guerrillas swamped +ri Lan'an embassies with >00 eDmails a day over a twoDwee' period The messages read ;!e are the $nternet .lac' Tigers and weMre doing this to disrupt your communications; $ntelligence authorities characteri&ed it as the first 'nown attac' by terrorists against a countryMs computer systems Q -uring the 4osovo conflict in 1BBB, 9ATC computers were blasted with eDmail bombs and hit with denialDofDservice attac's by hac'tivists protesting the 9ATC bombings $n addition, businesses, public organi&ations, and academic institutes received highly politici&ed virusDladen eDmails from a range of 7astern 7uropean countries, according to reports !eb defacements were also common Q +ince -ecember 1BB=, the 7lectronic -isturbance Theater 07-T1 has been conducting !eb sitDins against various sites in support of the (e#ican Tapatistas At a designated time, thousands of protestors point their browsers to a target site using software that floods the target with rapid and repeated download re%uests 7-TMs software has also been used by animal rights groups against organi&ations said to abuse animals 7lectrohippies, another group of hac'tivists, conducted !eb sitDins against the !TC when they met in +eattle in late 1BBB Faculty of Law, University of Allahabad 25 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) Cne of the worst incidents of cyber terrorists at wor' was when crac'ers in )omania illegally gained access to the computers controlling the life support systems at an Antarctic research station, endangering the :> scientists involved (ore recently, in (ay 200= 7stonia was sub"ected to a mass cyberDattac' by hac'ers inside the )ussian Federation which some evidence suggests was coordinated by the )ussian government, though )ussian officials deny any 'nowledge of this This attac' was apparently in response to the removal of a )ussian !orld !ar $$ war memorial from downtown 7stonia Faculty of Law, University of Allahabad 2: Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) C%$)T(6 V Cyber Terrorism 4 Various Legal Compliances 'a-s in +arious Countries on Cyber Terrorism %in$a#ore 9ew laws allowing +ingapore to launch preDemptive stri'es against computer hac'ers have raised fears that $nternet controls are being tightened and privacy compromised in the name of fighting terrorism The cityDstateMs parliament has approved tough new legislation aimed at stopping ;cyber terrorism,; referring to computer crimes that are endanger national security, foreign relations, ban'ing and essential public services +ecurity agencies can now patrol the $nternet and swoop down on hac'ers suspected of plotting to use computer 'eyboards as weapons of mass disruption 8iolators of the /omputer (isuse Act such as website hac'ers can be "ailed up to three years or fined up to +U10,000 0U:,>001 ,e- .ork A bill sponsored by state +en (ichael .alboni, )D7ast !illiston, that ma'es cyber terrorism a felony was approved by the legislative body earlier this month and sent to the +tate Assembly Under the legislation, cyber terrorism, using computers to disrupt, terrori&e or 'ill, would become a class . felony, carrying a prison term of up to 2: years Faculty of Law, University of Allahabad 2< Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) /a"aysia (alaysia is to establish an international centre to fight cyberDterrorism, providing an emergency response to highDtech attac's on economies and trading systems around the globe, reports said *rime (inister Abdullah Ahmad .adawi said during a visit to the United +tates that the facility, sited at the highDtech hub of /yber"aya outside 4uala Lumpur, would be funded and supported by governments and the private sector The 9ew +traits Times said the centre would be modelled on the /entre for -isease /ontrol in Atlanta, which helps handle outbrea's of disease around the world Abdullah DD who announced the initiative at the close of the !orld /ongress on $nformation Technology in Austin, Te#as DD said the threat of cyberDterrorism was too serious for governments to ignore The $nterpol, with its 1=> member countries, is doing a great "ob in fighting against cyber terrorism They are helping all the member countries and training their personnel The /ouncil of 7urope /onvention on /yber /rime, which is the first international treaty for fighting against computer crime, is the result of 5 years wor' by e#perts from the 5: member and nonDmember countries including ?apan, U+A, and /anada This treaty has already enforced after its ratification by Lithuania on 21st of (arch 2005 The Association of +outh 7ast Asia 9ations 0A+7A91 has set plans for sharing information on computer security They are going to create a regional cyberDcrime unit by the year 200: Faculty of Law, University of Allahabad 2= Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) 0nited 1in$dom United 4ingdom adopted Terrorism Act, 2000, which gives the definition of terrorism and also gives various provisions for /yber terrorism Pakistan !hoever commits the offence of cyber terrorism and causes death of any person shall be punishable with death or imprisonment for life,J according to the ordinance, which was published by the stateDrun A** news agency The *revention of 7lectronic /rimes law will be applicable to anyone who commits a crime detrimental to national security through the use of a computer or any other electronic device, the government said in the ordinance $t listed several definitions of a Iterrorist actJ including stealing or copying, or attempting to steal or copy, classified information necessary to manufacture any form of chemical, biological or nuclear weapon Cyber-terrorism and %uman 6ights Universal -eclaration of ,uman )ights in its *reamble tal's about a Ifreedom from fear and wantJ Freedom from fear is mostly a term of psychological nature, however, it is being used very widely nowadays especially in cases of terrorism Article 3 of the -eclaration sets the right to Isecurity of personJ As we 'now, term IpersonJ also includes an environment 0s1he e#ists in, different from the term IindividualJ which under one of the concepts imagines it as something abstract, apart from any other surrounding Faculty of Law, University of Allahabad 2> Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) conditions +o protecting a personal security would also mean protecting his 0her1 social, economical and other connections, IthreadsJ established with the environment As long as in modern reality these are sometimes predominantly based on technology, computers or internet, cyberDterrorism protection also deals with Isecurity of personJ ,ere $ would also add Article : with itGs protection against Idegrading treatmentJ *ersonal harm is also a part of degradation and treating a person in a current way is something that may be provided by cyberDcriminal act as it was proven above Cne important provision that $ would li'e to pay special attention to is Article 12 of the -eclaration $t states6 I9o one shall be sub"ected to arbitrary interference with his privacy, nor to attac's upon his honour or reputationJ I*rivacyJ is defined as Ithe %uality or state of being apart from company or observationJ which in combination with another definition of Ifreedom from unauthori&ed intrusionJ given by the same source, also includes the privacy of computerDstored data and a right to en"oy itGs private state of nonDinterference without personal will of the possessor Article 1= sets a right to property and a restriction to deprive anyone from possessed property *roperty is defined as Ianything that is owned by a person or entityJ , including two types of it6 Ireal propertyJ and Ipersonal propertyJ *ersonal property or IpersonalityJ includes Imovable assets which are not real property, money, or investments Article 1B, however, plays a different role in this topic and is mostly associated with internet use by terrorists in general Faculty of Law, University of Allahabad 2B Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) Faculty of Law, University of Allahabad 30 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) C%$)T(6 V! !ndian la5 4 Cyber Terrorism $n $ndia there is no law, which is specifically dealing with prevention of malware through aggressive defense Thus, the analogous provisions have to be applied in a purposive manner The protection against malware attac's can be claimed under the following categories6 011 *rotection available under the /onstitution of $ndia, and 021 *rotection available under other statutes (2) Protection under the Constitution of ndia! The protection available under the /onstitution of any country is the strongest and the safest one since it is the supreme document and all other laws derive their power and validity from it $f a law satisfies the rigorous tests of the /onstitutional validity, then its applicability and validity cannot be challenge and it becomes absolutely binding The /onstitutions of $ndia, li'e other /onstitutions of the world, is organic and living in nature and is capable of molding itself as per the time and re%uirements of the society (3) Protection under other statutes! The protection available under the /onstitution is further strengthened by various statutory enactments These protections can be classified as6 0A1 *rotection under the $ndian *enal /ode 0$*/1, 1><0, and Faculty of Law, University of Allahabad 31 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) 0.1 *rotection under the $nformation Technology Act 0$TA1, 2000 Although the term Icyber terrorismJ is absent from the terminology of the $ndian law, +ection <B of the $nformation Technology Act is a strong legislative measure to counter the use of encryption by terrorists This section authori&es the /ontroller of /ertifying Authorities 0//A1 to direct any Novernment agency to intercept any information transmitted through any computer resource Constitution of ndia Any person who fails to assist the Novernment agency in decrypting the information sought to be intercepted is liable for imprisonment up to = years Article 300A of /onstitution of $ndia states that all persons have a right to hold and en"oy their properties $n a specific case of .havnagar University v *alitana +ugar (ills *vt Ltd +upreme /ourt applied the constitutional clause with the interpretation that anyone can en"oy his or her property rights in any manner preferred This also includes property rights to information stored on computers or in any electronic format Articles 301 to 30: refer to the right for free trade As long as an individual carries out a business in accordance with law, it cannot be interfered .esides, free trade and any commercial activities cannot be visuali&ed without technological rights, which mean that any distortion of those is illegal $n $ndia these provisions have been effectively used to protect individual property rights against the actions of cyberDcriminals Faculty of Law, University of Allahabad 32 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) Pena" Code A big deal of protection is also provided by $ndian *enal /ode +ection 22 of it gives a definition of a Imovable propertyJ stating that it also includes all corporal properties $t means that any information stored on a computer can be conveniently regarded as a movable property as it can definitely be moved from one place to another and is not attached +ection 2BA of the /ode with +ection 20110t1 of the $nformation Technology Act provides that Ielectronic record means data, record, or data generated, image or sound stored, received or sent in an electronic form or microfilm or computer generated microficheJ ;udicial response The "udiciary can play its role by adopting a stringent approach towards the menace of cyber terrorism $t must, however, first tac'le the "urisdiction problem because before invo'ing its "udicial powers the courts are re%uired to satisfy themselves that they possess the re%uisite "urisdiction to deal with the situation +ince the $nternet ;is a cooperative venture not owned by a single entity or government, there are no centrali&ed rules or laws governing its use The absence of geographical boundaries may give rise to a situation where the act legal in one country where it is done may violate the laws of another country This process further made complicated due to the absence of a uniform and harmoni&ed law governing the "urisdictional aspects of disputes arising by the use of Faculty of Law, University of Allahabad 33 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) $nternet $t must be noted that, generally, the scholars point towards the following ;theories; under which a country may claim prescriptive "urisdiction6 0a1 a country may claim "urisdiction based on ;ob"ective territoriality; when an activity ta'es place within the country, 0b1 a ;sub"ective territoriality; may attach when an activity ta'es place outside a nationMs borders but the ;primary effect; of the action is within the nationMs borders, 0c1 a country may assert "urisdiction based on the nationality of either the actor or the victim, 0d1 in e#ceptional circumstances, providing the right to protect the nationMs sovereignty when faced with threats recogni&ed as particularly serious in the international community $n addition to establishing a connecting ne#us, traditional international doctrine also calls for a ;reasonable; connection between the offender and the forum -epending on the factual conte#t, courts loo' to such factors, as whether the activity of individual has a ;substantial and foreseeable effect; on the territory, whether a ;genuine lin'; e#ists between the actor and the forum, the character of the activity and the importance of the regulation giving rise to the controversy, the e#tent to which e#ceptions are harmed by the regulation, and the importance of the regulation in the international community The traditional "urisdictional paradigms may provide a framewor' to guide analysis for cases arising in cyberspace R-awson /herieA I/reating .orders on the $nternetD Free +peech, the United +tates and $nternational ?urisdictionJ, 8irginia ?ournal of $nternational Law, 8D55, 9oD2 0!inter, 20051S $t must be noted that by virtue of section 1021 read with Faculty of Law, University of Allahabad 35 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) section =: of the $nformation Technology Act, 2000 the courts in $ndia have Ilong arm "urisdictionJ to deal with cyber terrorism Faculty of Law, University of Allahabad 3: Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) C%$)T(6 V!! )rotection from cyber terrorism- a fe5 suggestions /urrently there are no foolproof ways to protect a system The completely secure system can never be accessed by anyone (ost of the militaries classified information is 'ept on machines with no outside connection, as a form of prevention of cyber terrorism Apart from such isolation, the most common method of protection is encryption The wide spread use of encryption is inhibited by the governments ban on its e#portation, so intercontinental communication is left relatively insecure The /linton administration and the F.$ oppose the e#port of encryption in favor of a system where by the government can gain the 'ey to an encrypted system after gaining a court order to do so The director of the F.$Ms stance is that the $nternet was not intended to go unpoliced and that the police need to protect peopleMs privacy and publicDsafety rights there 7ncryptionMs draw bac' is that it does not protect the entire system, an attac' designed to cripple the whole system, such as a virus, is unaffected by encryption Cthers promote the use of firewalls to screen all communications to a system, including eDmail messages, which may carry logic bombs Firewall is a relatively generic term for methods of filtering access to a networ' They may come in the form of a computer, router other communications device or in the form of a networ' configuration Firewalls serve to define the services and access that are permitted to each user Cne method is to Faculty of Law, University of Allahabad 3< Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) screen user re%uests to chec' if they come from a previously defined domain or $nternet *rotocol 0$*1 address Another method is to prohibit Telnet access into the system ,ere are few 'ey things to remember to protect from cyberDterrorism6 1 All accounts should have passwords and the passwords should be unusual, difficult to guess 2 /hange the networ' configuration when defects become 'now 3 /hec' with venders for upgrades and patches 5 Audit systems and chec' logs to help in detecting and tracing an intruder : $f you are ever unsure about the safety of a site, or receive suspicious email from an un'nown address, donMt access it $t could be trouble Efforts of combatin$ cyber terrorism The $nterpol, with its 1=> member countries, is doing a great "ob in fighting against cyber terrorism They are helping all the member countries and training their personnel The /ouncil of 7urope /onvention on /yber /rime, which is the first international treaty for fighting against computer crime, is the result of 5 years wor' by e#perts from the 5: member and nonDmember countries including ?apan, U+A, and /anada This treaty has already enforced after its ratification by Lithuania on 21st of (arch 2005 The Association of +outh 7ast Asia 9ations 0A+7A91 has set plans for sharing information on computer security They are going to create a regional cyberDcrime unit by the year 200: Faculty of Law, University of Allahabad 3= Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) The protection of $TA can be claimed for6 0a1 *reventing privacy violations, 0b1 *reventing information and data theft, 0c1 *reventing distributed denial of services attac' 0--C+1, and 0d1 *reventing networ' damage and destruction Cha""en$es and Concerns +ome challenges and concerns are highlighted below 6 0a1 Lac' of awareness and the culture of cyber security at individual as well as institutional level 0b1 Lac' of trained and %ualified manpower to implement the counter measures 0c1 Too many information security organisations which have become wea' due to Mturf warsM or financial compulsions 0d1 A wea' $T Act which has became redundant due to non e#ploitation and age old cyber laws e! 9o eDmail account policy especially for the defence forces, police and the agency personnel 0f1 /yber attac's have come not only from terrorists but also from neighboring countries inimical to our 9ational interests Faculty of Law, University of Allahabad 3> Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) Recommendations /ertain recommendations are given below6 0a1 9eed to sensiti&e the common citi&ens about the dangers of cyber terrorism /ertDin should engage academic institutions and follow an aggressive strategy 0b1 ?oint efforts by all Novernment agencies including defence forces to attract %ualified s'illed personnel for implementation of counter measures 0c1 /yber security not to be given more lip service and the organi&ations dealing with the same should be given all support 9o bureaucratic dominance should be permitted 0d1 Agreements relating to cyber security should be given the same importance as other conventional agreements e! (ore investment in this field in terms of finance and manpower 0f1 $ndian agencies wor'ing after cyber security should also 'eep a close vigil on the developments in the $T sector of our potential adversaries Faculty of Law, University of Allahabad 3B Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) Faculty of Law, University of Allahabad 50 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) C%$)T(6 V!!! Conclusion The problems associated with the use of malware are not peculiar to any particular country as the menace is global in nature The countries all over the world are facing this problem and are trying their level best to eliminate this problem The problem, however, cannot be effectively curbed unless popular public support and a vigilant "udiciary bac' it The legislature cannot enact a law against the general public opinion of the nation at large Thus, first a public support has to be obtained not only at the national level but at the international level as well The people all over the world are not against the enactment of statutes curbing the use of malware, but they are conscious about their legitimate rights Thus, the law to be enacted by the legislature must ta'e care of public interest on a priority basis This can be achieved if a suitable technology is supported by an apt legislation, which can e#clusively ta'e care of the menace created by the computers sending the malware Thus, the selfDhelp measures recogni&ed by the legislature should not be disproportionate and e#cessive than the threat received by the malware Further, while using such selfDhelp measures the property and rights of the general public should not be affected $t would also not be unreasonable to demand that such selfDhelp measures should not themselves commit any illegal act r omission Thus, a selfDhelp measure should not be such as may destroy or steal the data or secret information stored in the computer of the person sending the malware $t must be noted that two wrongs cannot ma'e a thing right Thus, a demarcating line between selfDhelp and ta'ing law in oneGs own hand must be drawn $n the ultimate analysis we must not Faculty of Law, University of Allahabad 51 Cyber Terrorism - The Dark Side of the Web World (Various Legal Compliances) forget that selfDhelp measures are Iwatchdogs and not bloodDhoundsJ, and their purpose should be restricted to legitimate and proportionate defensive actions only $n $ndia, fortunately, we have a sound legal base for dealing with malware and the public at large has no problem in supporting the selfDhelp measures to combat cyber terrorism and malware Therefore, cyber terrorism is becoming ma"or tool for terrorists and thus it is getting more essential to frame policies to counter these attac's