You are on page 1of 8

Cyber terrorism is the premeditated use of disruptive activities, or the threat thereof, in cyber

space, with the intention to further social, ideological, religious, political or similar objectives,
or to intimidate any person in furtherance of such objectives.
Computers and the internet are becoming an essential part of our daily life. They are being used
by individuals and societies to make their life easier. They use them for storing information,
processing data, sending and receiving messages, communications, controlling machines, typing,
editing, designing, drawing, and almost all aspects of life.
The most deadly and destructive consequence of this helplessness is the emergence of the
concept of cyber terrorism. The traditional concepts and methods of terrorism have taken new
dimensions, which are more destructive and deadly in nature. In the age of information
technology the terrorists have acquired an expertise to produce the most deadly combination of
weapons and technology, which if not properly safeguarded in due course of time, will take its
own toll. The damage so produced would be almost irreversible and most catastrophic in nature.
In short, we are facing the worst form of terrorism popularly known as "Cyber Terrorism". The
expression "cyber terrorism" includes an intentional negative and harmful use of the information
technology for producing destructive and harmful effects to the property, whether tangible or
intangible, of others. For instance, hacking of a computer system and then deleting the useful and
valuable business information of the rival competitor is a part and parcel of cyber terrorism.
The definition of "cyber terrorism" cannot be made exhaustive as the nature of crime is such that
it must be left to be inclusive in nature. The nature of "cyberspace is such that new methods and
technologies are invented regularly; hence it is not advisable to put the definition in a
straightjacket formula or pigeons hole. In fact, the first effort of the Courts should be to interpret
the definition as liberally as possible so that the menace of cyber terrorism can be tackled
stringently and with a punitive hand.
The law dealing with cyber terrorism is, however, not adequate to meet the precarious intentions
of these cyber terrorists and requires a rejuvenation in the light and context of the latest
developments all over the world.
A. Definition of Cyber TerrorismBefore we can discuss the possibilities of cyber terrorism, we must have some working
definitions. The word cyber terrorism refers to two elements: cyberspace and terrorism.
Another word for cyberspace is the virtual world i,e a place in which computer programs
function and data moves. Terrorism is a much used term, with many definitions. For the purposes
of this presentation, we will use the United States Department of State definition: The term
terrorism means premeditated, politically motivated violence perpetrated against noncombatant
targets by sub national groups or clandestine agents.
If we combine these definitions, we construct a working definition such as the following:

Cyber terrorism is the premeditated, politically motivated attack against information, computer
systems, computer programs, and data which result in violence against noncombatant targets by
sub national groups or clandestine agents.
The basic definition of Cyber-terrorism subsumed over time to encompass such things as simply
defacing a web site or server, or attacking non-critical systems, resulting in the term becoming
less useful. There is also a train of thought that says cyber terrorism does not exist and is really a
matter of hacking or information warfare. Some disagree with labeling it terrorism proper
because of the unlikelihood of the creation of fear of significant physical harm or death in a
population using electronic means, considering current attack and protective technologies.
B. Who are cyber terrorists?
From American point of view the most dangerous terrorist group is Al-Qaeda which is
considered the first enemy for the US. According to US officials data from computers seized in
Afghanistan indicate that the group has scouted systems that control American energy facilities,
water distribution, communication systems, and other critical infrastructure.
After April 2001 collision of US navy spy plane and Chinese fighter jet, Chinese hackers
launched Denial os Service (DoS) attacks against American web sites.
A study that covered the second half of the year 2002 showed that the most dangerous nation for
originating malicious cyber attacks is the United States with 35.4% of the cases down from 40%
for the first half of the same year. South Korea came next with 12.8%, followed by China 6.2%
then Germany 6.7% then France 4%. The UK came number 9 with 2.2%. According to the same
study, Israel was the most active country in terms of number of cyber attacks related to the
number of internet users. There are so many groups who are very active in attacking their targets
through the computers.
The Unix Security Guards (USG) a pro Islamic group launched a lot of digital attacks in May
2002.
Another group called World's Fantabulas Defacers (WFD) attacked many Indian sites. Also there
is another pro Pakistan group called Anti India Crew (AIC) who launched many cyber attacks
against India.
C. Why do they use cyber attacks?
Cyber terrorist prefer using the cyber attack methods because of many advantages for it.
It is Cheaper than traditional methods.
The action is very difficult to be tracked.
They can hide their personalities and location.
There are no physical barriers or check points to cross.
They can do it remotely from anywhere in the world.
They can use this method to attack a big number of targets.
They can affect a large number of people.

D. Forms of cyber terrorism(I) Privacy violation:


The law of privacy is the recognition of the individual's right to be let alone and to have his
personal space inviolate. The right to privacy as an independent and distinctive concept
originated in the field of Tort law, under which a new cause of action for damages resulting from
unlawful invasion of privacy was recognized. In recent times, however, this right has acquired a
constitutional status, the violation of which attracts both civil as well as criminal consequences
under the respective laws. The intensity and complexity of life have rendered necessary some
retreat from the world. Man under the refining influence of culture, has become sensitive to
publicity, so that solitude and privacy have become essential to the individual. Modern enterprise
and invention have, through invasions upon his privacy, subjected him to mental pain and
distress, far greater than could be inflicted by mere bodily injury. Right to privacy is a part of the
right to life and personal liberty enshrined under Article 21 of the Constitution of India. With the
advent of information technology the traditional concept of right to privacy has taken new
dimensions, which require a different legal outlook. To meet this challenge recourse of
Information Technology Act, 2000 can be taken.
The various provisions of the Act aptly protect the online privacy rights of the citizens. Certain
acts have been categorized as offences and contraventions, which have tendency to intrude with
the privacy rights of the citizens.
(II) Secret information appropriation and data theft:
The information technology can be misused for appropriating the valuable Government secrets
and data of private individuals and the Government and its agencies. A computer network owned
by the Government may contain valuable information concerning defence and other top secrets,
which the Government will not wish to share otherwise. The same can be targeted by the
terrorists to facilitate their activities, including destruction of property. It must be noted that the
definition of property is not restricted to moveables or immoveables alone.
In R.K. Dalmia v Delhi Administration the Supreme Court held that the word "property" is used
in the I.P.C in a much wider sense than the expression "movable property". There is no good
reason to restrict the meaning of the word "property" to moveable property only, when it is used
without any qualification. Whether the offence defined in a particular section of IPC can be
committed in respect of any particular kind of property, will depend not on the interpretation of
the word "property" but on the fact whether that particular kind of property can be subject to the
acts covered by that section.
(III) Demolition of e-governance base:
The aim of e-governance is to make the interaction of the citizens with the government offices
hassle free and to share information in a free and transparent manner. It further makes the right to
information a meaningful reality. In a democracy, people govern themselves and they cannot
govern themselves properly unless they are aware of social, political, economic and other issues
confronting them. To enable them to make a proper judgment on those issues, they must have the
benefit of a range of opinions on those issues. Right to receive and impart information is implicit

in free speech. This, right to receive information is, however, not absolute but is subject to
reasonable restrictions which may be imposed by the Government in public interest.
(IV) Distributed denial of services attack:
The cyber terrorists may also use the method of distributed denial of services (DDOS) to
overburden the Government and its agencies electronic bases. This is made possible by first
infecting several unprotected computers by way of virus attacks and then taking control of them.
Once control is obtained, they can be manipulated from any locality by the terrorists. These
infected computers are then made to send information or demand in such a large number that the
server of the victim collapses. Further, due to this unnecessary Internet traffic the legitimate
traffic is prohibited from reaching the Government or its agencies computers. This results in
immense pecuniary and strategic loss to the government and its agencies.
It must be noted that thousands of compromised computers can be used to simultaneously attack
a single host, thus making its electronic existence invisible to the genuine and legitimate citizens
and end users. The law in this regard is crystal clear.
(V) Network damage and disruptions:
The main aim of cyber terrorist activities is to cause networks damage and their disruptions. This
activity may divert the attention of the security agencies for the time being thus giving the
terrorists extra time and makes their task comparatively easier. This process may involve a
combination of computer tampering, virus attacks, hacking, etc.
E. The danger of cyber terrorismGeneral John Gordon, the White House Homeland Security Advisor, speaking at the RSA
security conference in San Francisco, CA Feb. 25, 2004 indicated that whether someone
detonates a bomb that cause bodily harm to innocent people or hacked into a web-based IT
system in a way that could, for instance, take a power grid offline and result in blackout, the
result is ostensibly the same. He also stated that the potential for a terrorist cyber attack is real.
Cyber terrorists can destroy the economy of the country by attacking the critical infrastructure in
the big towns such as electric power and water supply, still the blackout of the North Western
states in the US in Aug. 15, 2003 is unknown whether it was a terrorist act or not, or by attacking
the banks and financial institutions and play with their computer systems.
Senator Jon Kyle, chairman of the senate judiciary subcommittee on terrorism, technology and
homeland security mentioned that members of al-Qaeda have tried to target the electric power
grids, transportation systems, and financial institutions.
In England the National High-Tech Crime Unit (NHTCU) survey showed that 97% of the UK
companies were victims to cyber crime during the period from June 2002 to June 2003.
Cyber terrorists can endanger the security of the nation by targeting the sensitive and secret
information (by stealing, disclosing, or destroying).

F. The Impact of Cyber Terrorism- a brief idea


The intention of a cyber terrorism attack could range from economic disruption through the
interruption of financial networks and systems or used in support of a physical attack to cause
further confusion and possible delays in proper response. Although cyber attacks have caused
billions of dollars in damage and affected the lives of millions, we have yet witness the
implications of a truly catastrophic cyber terrorism attack. What would some of the implications
be?
Direct Cost Implications
Loss of sales during the disruption
Staff time, network delays, intermittent access for business users
Increased insurance costs due to litigation
Loss of intellectual property - research, pricing, etc.
Costs of forensics for recovery and litigation
Loss of critical communications in time of emergency.
Indirect Cost Implications
Loss of confidence and credibility in our financial systems
Tarnished relationships& public image globally
Strained business partner relationships - domestic and internationally
Loss of future customer revenues for an individual or group of companies
Loss of trust in the government and computer industry
G. Some incidents of cyber terrorismThe following are notable incidents of cyber terrorism:
In 1998, ethnic Tamil guerrillas swamped Sri Lankan embassies with 800 e-mails a day over a
two-week period. The messages read "We are the Internet Black Tigers and we're doing this to
disrupt your communications." Intelligence authorities characterized it as the first known attack
by terrorists against a country's computer systems.
During the Kosovo conflict in 1999, NATO computers were blasted with e-mail bombs and hit
with denial-of-service attacks by hacktivists protesting the NATO bombings. In addition,
businesses, public organizations, and academic institutes received highly politicized virus-laden
e-mails from a range of Eastern European countries, according to reports. Web defacements were
also common.
Since December 1997, the Electronic Disturbance Theater (EDT) has been conducting Web sitins against various sites in support of the Mexican Zapatistas. At a designated time, thousands of
protestors point their browsers to a target site using software that floods the target with rapid and
repeated download requests. EDT's software has also been used by animal rights groups against
organizations said to abuse animals. Electrohippies, another group of hacktivists, conducted Web
sit-ins against the WTO when they met in Seattle in late 1999.
One of the worst incidents of cyber terrorists at work was when crackers in Romania illegally
gained access to the computers controlling the life support systems at an Antarctic research
station, endangering the 58 scientists involved. More recently, in May 2007 Estonia was

subjected to a mass cyber-attack by hackers inside the Russian Federation which some evidence
suggests was coordinated by the Russian government, though Russian officials deny any
knowledge of this. This attack was apparently in response to the removal of a Russian World War
II war memorial from downtown Estonia.
H. Efforts of combating cyber terrorismThe Interpol, with its 178 member countries, is doing a great job in fighting against cyber
terrorism. They are helping all the member countries and training their personnel. The Council of
Europe Convention on Cyber Crime, which is the first international treaty for fighting against
computer crime, is the result of 4 years work by experts from the 45 member and non-member
countries including Japan, USA, and Canada. This treaty has already enforced after its
ratification by Lithuania on 21st of March 2004.
The Association of South East Asia Nations (ASEAN) has set plans for sharing information on
computer security. They are going to create a regional cyber-crime unit by the year 2005.
The protection of I.T.A can be claimed for:
(a) Preventing privacy violations,
(b) Preventing information and data theft,
(c) Preventing distributed denial of services attack (DDOS), and
(d) Preventing network damage and destruction.
I. Protection from cyber terrorism- a few suggestions
Currently there are no foolproof ways to protect a system. The completely secure system can
never be accessed by anyone. Most of the militaries classified information is kept on machines
with no outside connection, as a form of prevention of cyber terrorism. Apart from such
isolation, the most common method of protection is encryption. The wide spread use of
encryption is inhibited by the governments ban on its exportation, so intercontinental
communication is left relatively insecure. The Clinton administration and the FBI oppose the
export of encryption in favor of a system where by the government can gain the key to an
encrypted system after gaining a court order to do so. The director of the FBI's stance is that the
Internet was not intended to go unpoliced and that the police need to protect people's privacy and
public-safety rights there. Encryption's draw back is that it does not protect the entire system, an
attack designed to cripple the whole system, such as a virus, is unaffected by encryption.
Others promote the use of firewalls to screen all communications to a system, including e-mail
messages, which may carry logic bombs. Firewall is a relatively generic term for methods of
filtering access to a network. They may come in the form of a computer, router other
communications device or in the form of a network configuration. Firewalls serve to define the
services and access that are permitted to each user. One method is to screen user requests to
check if they come from a previously defined domain or Internet Protocol (IP) address. Another
method is to prohibit Telnet access into the system.

Here are few key things to remember to protect from cyber-terrorism:


1. All accounts should have passwords and the passwords should be unusual, difficult to guess.
2. Change the network configuration when defects become know.
3. Check with venders for upgrades and patches.
4. Audit systems and check logs to help in detecting and tracing an intruder.
5. If you are ever unsure about the safety of a site, or receive suspicious email from an unknown
address, don't access it. It could be trouble.
J. Indian law & Cyber terrorismIn India there is no law, which is specifically dealing with prevention of malware through
aggressive defense. Thus, the analogous provisions have to be applied in a purposive manner.
The protection against malware attacks can be claimed under the following categories:
(1) Protection available under the Constitution of India, and
(2) Protection available under other statutes.
(1) Protection under the Constitution of India:
The protection available under the Constitution of any country is the strongest and the safest one
since it is the supreme document and all other laws derive their power and validity from it. If a
law satisfies the rigorous tests of the Constitutional validity, then its applicability and validity
cannot be challenge and it becomes absolutely binding. The Constitutions of India, like other
Constitutions of the world, is organic and living in nature and is capable of molding itself as per
the time and requirements of the society.
(2) Protection under other statutes:
The protection available under the Constitution is further strengthened by various statutory
enactments. These protections can be classified as:
(A) Protection under the Indian Penal Code (I.P.C), 1860, and
(B) Protection under the Information Technology Act (ITA), 2000.
J. ConclusionThe problems associated with the use of malware are not peculiar to any particular country as the
menace is global in nature. The countries all over the world are facing this problem and are
trying their level best to eliminate this problem. The problem, however, cannot be effectively
curbed unless popular public support and a vigilant judiciary back it. The legislature cannot enact
a law against the general public opinion of the nation at large. Thus, first a public support has to
be obtained not only at the national level but at the international level as well. The people all
over the world are not against the enactment of statutes curbing the use of malware, but they are
conscious about their legitimate rights. Thus, the law to be enacted by the legislature must take
care of public interest on a priority basis. This can be achieved if a suitable technology is
supported by an apt legislation, which can exclusively take care of the menace created by the
computers sending the malware. Thus, the self-help measures recognized by the legislature
should not be disproportionate and excessive than the threat received by the malware. Further,
while using such self-help measures the property and rights of the general public should not be
affected. It would also not be unreasonable to demand that such self-help measures should not

themselves commit any illegal act r omission. Thus, a self-help measure should not be such as
may destroy or steal the data or secret information stored in the computer of the person sending
the malware. It must be noted that two wrongs cannot make a thing right. Thus, a demarcating
line between self-help and taking law in ones own hand must be drawn. In the ultimate analysis
we must not forget that self-help measures are watchdogs and not blood-hounds, and their
purpose should be restricted to legitimate and proportionate defensive actions only. In India,
fortunately, we have a sound legal base for dealing with malware and the public at large has no
problem in supporting the self-help measures to combat cyber terrorism and malware.

K. References & AcknowledgementsI. Cyber Terrorism By Kevin Coleman , Technolytics.


II. Cyber Terrorism : The new kind of Terrorism By: DR. MUDAWI MUKHTAR
ELMUSHARAF.
III. Cybercrime and cyberterrorism: Preventive defense for cyberspace violations By PRAVEEN
DALAL.
IV. Computer Crime Research Center.
V. Coleman, Keivin "Cyber Terrorism"
VI. Collin, Barry C. "The Future of Cyber Terrorism"
Proceedings of 11th annual international symposium on criminal justice Issue.
VII. Jemmy, Sprdes &Will, Brars; Examples of Cyber Terrorism.
VII. Kerr, Kothryn, "Putting cyber terrorism into context.
VIII. CYBERTERRORISM - Fact or Fancy? By Mark M. Pollitt.
IX. Cyber-terrorism: Wikipedia.
X. Defining Cyber terrorism By Adv. Rohas Nagpal.
XI. Cyber Terrorism by Jimmy Sproles and Will Byars for Computer Ethics