Beruflich Dokumente
Kultur Dokumente
space, with the intention to further social, ideological, religious, political or similar objectives,
or to intimidate any person in furtherance of such objectives.
Computers and the internet are becoming an essential part of our daily life. They are being used
by individuals and societies to make their life easier. They use them for storing information,
processing data, sending and receiving messages, communications, controlling machines, typing,
editing, designing, drawing, and almost all aspects of life.
The most deadly and destructive consequence of this helplessness is the emergence of the
concept of cyber terrorism. The traditional concepts and methods of terrorism have taken new
dimensions, which are more destructive and deadly in nature. In the age of information
technology the terrorists have acquired an expertise to produce the most deadly combination of
weapons and technology, which if not properly safeguarded in due course of time, will take its
own toll. The damage so produced would be almost irreversible and most catastrophic in nature.
In short, we are facing the worst form of terrorism popularly known as "Cyber Terrorism". The
expression "cyber terrorism" includes an intentional negative and harmful use of the information
technology for producing destructive and harmful effects to the property, whether tangible or
intangible, of others. For instance, hacking of a computer system and then deleting the useful and
valuable business information of the rival competitor is a part and parcel of cyber terrorism.
The definition of "cyber terrorism" cannot be made exhaustive as the nature of crime is such that
it must be left to be inclusive in nature. The nature of "cyberspace is such that new methods and
technologies are invented regularly; hence it is not advisable to put the definition in a
straightjacket formula or pigeons hole. In fact, the first effort of the Courts should be to interpret
the definition as liberally as possible so that the menace of cyber terrorism can be tackled
stringently and with a punitive hand.
The law dealing with cyber terrorism is, however, not adequate to meet the precarious intentions
of these cyber terrorists and requires a rejuvenation in the light and context of the latest
developments all over the world.
A. Definition of Cyber TerrorismBefore we can discuss the possibilities of cyber terrorism, we must have some working
definitions. The word cyber terrorism refers to two elements: cyberspace and terrorism.
Another word for cyberspace is the virtual world i,e a place in which computer programs
function and data moves. Terrorism is a much used term, with many definitions. For the purposes
of this presentation, we will use the United States Department of State definition: The term
terrorism means premeditated, politically motivated violence perpetrated against noncombatant
targets by sub national groups or clandestine agents.
If we combine these definitions, we construct a working definition such as the following:
Cyber terrorism is the premeditated, politically motivated attack against information, computer
systems, computer programs, and data which result in violence against noncombatant targets by
sub national groups or clandestine agents.
The basic definition of Cyber-terrorism subsumed over time to encompass such things as simply
defacing a web site or server, or attacking non-critical systems, resulting in the term becoming
less useful. There is also a train of thought that says cyber terrorism does not exist and is really a
matter of hacking or information warfare. Some disagree with labeling it terrorism proper
because of the unlikelihood of the creation of fear of significant physical harm or death in a
population using electronic means, considering current attack and protective technologies.
B. Who are cyber terrorists?
From American point of view the most dangerous terrorist group is Al-Qaeda which is
considered the first enemy for the US. According to US officials data from computers seized in
Afghanistan indicate that the group has scouted systems that control American energy facilities,
water distribution, communication systems, and other critical infrastructure.
After April 2001 collision of US navy spy plane and Chinese fighter jet, Chinese hackers
launched Denial os Service (DoS) attacks against American web sites.
A study that covered the second half of the year 2002 showed that the most dangerous nation for
originating malicious cyber attacks is the United States with 35.4% of the cases down from 40%
for the first half of the same year. South Korea came next with 12.8%, followed by China 6.2%
then Germany 6.7% then France 4%. The UK came number 9 with 2.2%. According to the same
study, Israel was the most active country in terms of number of cyber attacks related to the
number of internet users. There are so many groups who are very active in attacking their targets
through the computers.
The Unix Security Guards (USG) a pro Islamic group launched a lot of digital attacks in May
2002.
Another group called World's Fantabulas Defacers (WFD) attacked many Indian sites. Also there
is another pro Pakistan group called Anti India Crew (AIC) who launched many cyber attacks
against India.
C. Why do they use cyber attacks?
Cyber terrorist prefer using the cyber attack methods because of many advantages for it.
It is Cheaper than traditional methods.
The action is very difficult to be tracked.
They can hide their personalities and location.
There are no physical barriers or check points to cross.
They can do it remotely from anywhere in the world.
They can use this method to attack a big number of targets.
They can affect a large number of people.
in free speech. This, right to receive information is, however, not absolute but is subject to
reasonable restrictions which may be imposed by the Government in public interest.
(IV) Distributed denial of services attack:
The cyber terrorists may also use the method of distributed denial of services (DDOS) to
overburden the Government and its agencies electronic bases. This is made possible by first
infecting several unprotected computers by way of virus attacks and then taking control of them.
Once control is obtained, they can be manipulated from any locality by the terrorists. These
infected computers are then made to send information or demand in such a large number that the
server of the victim collapses. Further, due to this unnecessary Internet traffic the legitimate
traffic is prohibited from reaching the Government or its agencies computers. This results in
immense pecuniary and strategic loss to the government and its agencies.
It must be noted that thousands of compromised computers can be used to simultaneously attack
a single host, thus making its electronic existence invisible to the genuine and legitimate citizens
and end users. The law in this regard is crystal clear.
(V) Network damage and disruptions:
The main aim of cyber terrorist activities is to cause networks damage and their disruptions. This
activity may divert the attention of the security agencies for the time being thus giving the
terrorists extra time and makes their task comparatively easier. This process may involve a
combination of computer tampering, virus attacks, hacking, etc.
E. The danger of cyber terrorismGeneral John Gordon, the White House Homeland Security Advisor, speaking at the RSA
security conference in San Francisco, CA Feb. 25, 2004 indicated that whether someone
detonates a bomb that cause bodily harm to innocent people or hacked into a web-based IT
system in a way that could, for instance, take a power grid offline and result in blackout, the
result is ostensibly the same. He also stated that the potential for a terrorist cyber attack is real.
Cyber terrorists can destroy the economy of the country by attacking the critical infrastructure in
the big towns such as electric power and water supply, still the blackout of the North Western
states in the US in Aug. 15, 2003 is unknown whether it was a terrorist act or not, or by attacking
the banks and financial institutions and play with their computer systems.
Senator Jon Kyle, chairman of the senate judiciary subcommittee on terrorism, technology and
homeland security mentioned that members of al-Qaeda have tried to target the electric power
grids, transportation systems, and financial institutions.
In England the National High-Tech Crime Unit (NHTCU) survey showed that 97% of the UK
companies were victims to cyber crime during the period from June 2002 to June 2003.
Cyber terrorists can endanger the security of the nation by targeting the sensitive and secret
information (by stealing, disclosing, or destroying).
subjected to a mass cyber-attack by hackers inside the Russian Federation which some evidence
suggests was coordinated by the Russian government, though Russian officials deny any
knowledge of this. This attack was apparently in response to the removal of a Russian World War
II war memorial from downtown Estonia.
H. Efforts of combating cyber terrorismThe Interpol, with its 178 member countries, is doing a great job in fighting against cyber
terrorism. They are helping all the member countries and training their personnel. The Council of
Europe Convention on Cyber Crime, which is the first international treaty for fighting against
computer crime, is the result of 4 years work by experts from the 45 member and non-member
countries including Japan, USA, and Canada. This treaty has already enforced after its
ratification by Lithuania on 21st of March 2004.
The Association of South East Asia Nations (ASEAN) has set plans for sharing information on
computer security. They are going to create a regional cyber-crime unit by the year 2005.
The protection of I.T.A can be claimed for:
(a) Preventing privacy violations,
(b) Preventing information and data theft,
(c) Preventing distributed denial of services attack (DDOS), and
(d) Preventing network damage and destruction.
I. Protection from cyber terrorism- a few suggestions
Currently there are no foolproof ways to protect a system. The completely secure system can
never be accessed by anyone. Most of the militaries classified information is kept on machines
with no outside connection, as a form of prevention of cyber terrorism. Apart from such
isolation, the most common method of protection is encryption. The wide spread use of
encryption is inhibited by the governments ban on its exportation, so intercontinental
communication is left relatively insecure. The Clinton administration and the FBI oppose the
export of encryption in favor of a system where by the government can gain the key to an
encrypted system after gaining a court order to do so. The director of the FBI's stance is that the
Internet was not intended to go unpoliced and that the police need to protect people's privacy and
public-safety rights there. Encryption's draw back is that it does not protect the entire system, an
attack designed to cripple the whole system, such as a virus, is unaffected by encryption.
Others promote the use of firewalls to screen all communications to a system, including e-mail
messages, which may carry logic bombs. Firewall is a relatively generic term for methods of
filtering access to a network. They may come in the form of a computer, router other
communications device or in the form of a network configuration. Firewalls serve to define the
services and access that are permitted to each user. One method is to screen user requests to
check if they come from a previously defined domain or Internet Protocol (IP) address. Another
method is to prohibit Telnet access into the system.
themselves commit any illegal act r omission. Thus, a self-help measure should not be such as
may destroy or steal the data or secret information stored in the computer of the person sending
the malware. It must be noted that two wrongs cannot make a thing right. Thus, a demarcating
line between self-help and taking law in ones own hand must be drawn. In the ultimate analysis
we must not forget that self-help measures are watchdogs and not blood-hounds, and their
purpose should be restricted to legitimate and proportionate defensive actions only. In India,
fortunately, we have a sound legal base for dealing with malware and the public at large has no
problem in supporting the self-help measures to combat cyber terrorism and malware.