Challenges and Solutions on the Issue of Cyber Terrorism with Respect to Section (66) F of IT Act

Gnaneshwar Rajan

Introduction to Terrorism

Let us define terrorism, in order to understand cyber terrorism. The general definition of terrorism is the unlawful use of violence and intimidation against civilians (especially), in the pursuit of political aims. The U.S code of federal regulations defines terrorism as, “the unlawful use of force and violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives”.

Terrorism doesn’t only mean the unlawful use of force or intimidation in order to achieve political or social objectives. It can also be used in order to achieve personal objectives. An important aspect that terrorism strives to achieve is to strike fear in the hearts and minds of ordinary citizens and people. Therefore, terrorism tries to achieve political, social and personal objectives.

The first ever recorded terror incident took place in the year 1605 when Robert Catesby, a leader of a provincial group of English Catholics, planned to bomb the House of Lords with the objective of killing King James I and installing his nine-year-old daughter Elizabeth as the next head of state. But his plan failed as the explosives were discovered a day before the planned detonation and the conspirators were either killed in battle or executed for treason.

Terrorism today has evolved. Various terrorist organisations have emerged since the Soviet invasion of Afghanistan in the year 1979. The famous terror organisation, Al-Qaeda, was founded in the year 1988 by Osama Bin Laden as part of the Mujahideen defending Afghanistan from the Soviets. Al-Qaeda later resorted to terrorist activities, viewing the United States and other western countries as “oppressors of Islam”. By creating a global battlefield, Al-Qaeda first wanted to force the US to discontinue its support for the Arab Gulf states and Egypt. Its other objective was to destroy Israel, and finally, establish emirates, that is to say, territories and govern them under sharia law.

Al-Qaeda, with the support of the Taliban (another terror organisation), has been successful multiple times over in attempting to spread terror in the West. Al-Qaeda ‘s first successful attempt at provoking the West took place with the bombing of a US Navy warship, USS Cole, killing 17 sailors. The bombing of USS Cole brought Al-Qaeda into the limelight and, therefore, recognised by the United States and other western countries as a potential threat to national security.

But the attacks of 9/11 actually gave Al-Qaeda fame and recognition. Though the United States recognised the terror organisation, it did not take them seriously till the September 11 attacks. It made Al-Qaeda famous. But there are consequences to fame. And Al-Qaeda fell victim to the consequence. That consequence was an angry US invading Afghanistan in order to wreck operations of the Al-Qaeda. Therefore, Al-Qaeda had to leave Afghanistan and move to different parts of the Middle East and South Asia.

The Islamic State of Iraq and Syria, or ISIS as it is well known, is actually a rebrand of the Al-Qaeda’s representative organisation in Iraq. It was known as the Islamic State of Iraq and the Levant. Unlike Al-Qaeda, ISIS’ main objective is not to spread terror but to establish a “caliphate”. Al-Qaeda sees the establishment of such a caliphate as the end state to a lengthy development, an end product for all their work.

Cyber Terrorism, its Inception and Problems

The term “cyber-war” is used to describe the situation, but is a term-which implies that there are two known enemies lurking out- is outmoded, said Eugene Kaspersky, founder of anti-virus powerhouse, Kaspersky Labs. It is defined as a premeditated attack against a computer system, computer data, programs and other information with the sole aim of violence against clandestine agents and sub-national groups. The main aim behind cyber terrorism, like terrorism in itself, is to cause harm and destruction. But unlike terrorism, the attackers are invisible as they operate via a computer. The identity of a cyber terrorist is hard to know as they make sure to leave no traces that could lead to the revelation of their identity.

Also Read  Policing the Police: Enhancing Access to Justice through Structural Reforms in Police Administration

Firstly, let us discuss the use of technology by terror organisations in order to understand their influence in the internet spectrum. Terror organisations like ISIS and Al-Qaeda are known to use technology to their advantage. To narrow this down, they use social media to recruit fighters from foreign nations. The Boston marathon bombers, Dzhokar and Tamerlan Tsarnaev, though were not affiliated to any terror organisation, gained knowledge on making the pressure cooker bombs used during the bombing from an online magazine published by Al-Qaeda affiliated in Yemen.

The internet is a vast ocean wherein both good things and bad things tend to happen. The first known use of the internet by a terror organisation was done by the Islamic State in the year 2006 with the creation of the Al-Furqan Foundation for Media Production. In the summer of 2007, US forces scored a major victory with the capture of Khalid Abdul Fatah Da’ud Mahmud al Mashadani, the minister of information and the head of the foundation.

Whilst terror organisations are known to use technology to their advantage, their use of the internet to spread terror is not that well known. The Provisional Irish Republic army were known to employ computer hackers in order to acquire home addresses of      law enforcement and intelligence officers, so that it can conduct its own “night of the long knives”[1]. The Monterey group has defined the three levels of cyber terror capability:

  1. Simple-Unstructured: The ability to conduct basic hacks against individual systems using tools created by someone else. The organization possesses little target analysis, command and control, or learning capability.
  2. Advanced-Structured: The ability to conduct more sophisticated attacks against multiple systems or networks and possibly, to modify or create basic hacking tools. The organization possesses an elementary target analysis, command and control, and learning capability.
  3. Complex-Coordinated: The ability for coordinated attacks capable of causing mass-disruption against integrated, heterogeneous defences (including cryptography). Ability to create sophisticated hacking tools. Highly capable target analysis, command and control, and organization learning capability for the purpose of hacking a database or a defence system.

The earlier forms of cyber terrorism were restricted to hacking of e-mail accounts, mass bombarding of the e-mail inbox and pointing of browsers to a target site using software that floods the target site with rapid and repeated download requests. But as the years went by, cyber terrorism evolved in such a way that terrorists can now hack accounts of international banks and be able to siphon money off them.

There are various problems with regard to cyber terrorism. Firstly, people who engage in the act of cyber terrorism view anonymity as a matter of prime importance. Anonymity, to them, is very important as they cannot be identified and therefore, make sure that there is a certain level of anonymity while engaging in such acts. Secondly, cyber terrorism has an effect on a person’s mental health and psychology. Despite its growth, cyber terrorism, unlike conventional terrorism, does not currently threaten life and limb. As a result, very little attention is paid to the effects of cyber terrorism on civilians. People lose confidence in the government, in the system, and ultimately, in themselves. A certain level of fear creeps into their minds. And therefore, they will think twice before undertaking themselves to an activity. Thirdly, there are substantial and procedural legal problems that governments face. And finally, it is difficult for the governments to create a “crime scene” as various reports may come of an occurrence of a cyber-attack.

Cyber Terrorism by Countries

Till the year 2005, it was believed that only terror organisations have the ability to conduct the act of cyber terrorism. But after 2005, everything changed. Thought to have been created in the same year, Stuxnet was discovered by a person named Sergey Ulasen five years later. The Iran nuclear threat being at its peak, the United States, along with Israel, created a virus that will disrupt operations at Iran’s Bushehr plant. Originally designed to target weaknesses in the German company Siemens’ systems used to manage water supplies, oil rigs, power plants, and other utilities, it later was found in the personal computers of the Iranian scientists working in the plant.[2] The impact of the virus was so devastating that Iran had lost its ability to generate nuclear energy of its own and had to enlist the help of the people who had put them in this situation in the first place- the United States. Therefore, an agreement had to be reached between the two countries and in the year 2015, the Joint Comprehensive Plan of Action was signed between Iran, the United States and the member states of the European Union.

Also Read  A Comparative Analysis of Institutional Arbitration versus Ad-Hoc Arbitration

The Bangladesh Central Bank heist of 2016 is a well-known act of cyber warfare by a country. $81 million were transferred from the bank’s reserves in the New York Federal reserve to a bank in the Philippines. This was done by sending an infected e-mail to a staff of the bank to learn of the bank’s system and installed their malware with the objective of covering their tracks and not revealing their identities. In the theft, the attackers used the global payment messaging system called “Swift” and were able to persuade the Federal Reserve to move money from the bank to accounts in the Philippines. Evidences found by security researchers point to the direction of North Korea, who were also accused of the Sony pictures hack two years earlier.[3] 

Cyber Terror Laws in India and the World

India, like many, is no stranger to cyber-attacks and the use of technology in terror attacks. The perpetrators of the 26/11 attacks in Mumbai used GPS systems, BlackBerrys, CDs with high resolution satellite images, multiple cell phones with switchable SIM cards that were difficult to track and satellite phones. This helped them find their way to Mumbai and conduct the attacks. India is ranked third after US and China in terms of cyber-crime incidents. Rajeev Gauba, the current Home Secretary was quoted as saying, “Cyber criminals can steal personal information, data from private or government organizations, disrupt services, cripple the financial system, trigger national security. Cyber-attacks can take multiple forms like terror attacks, identity theft, circulation of offensive content, online sexual abuse, online scams and hate crimes”.[4]

India has passed a law covering cyber-crime and cyber terror. Section 66F of the Information Technology Act, passed in the year 2000, defines cyber terrorism as, “all those acts by any person with an intent to create threat to the unity, integrity, sovereignty and security of the nation or create terror in minds of people or section of people by way of disrupting the authorized access to a computer resource or getting access to a computer resource through unauthorized means or causing damage to computer network. It includes all those acts committed knowingly or intentionally in connection to getting access to a computer resource in an unauthorized way and that the data so obtained was restricted in the interests of the sovereignty of the nation”. Section 69A empowers the Centre or any of its authorized employees to direct any agency of the government to block access by the public any information from a computer resource in the interests of sovereignty and integrity of the nation. This section is deemed to be controversial as it opens up a debate on right to information. The government contended that this section was passed solely for the purpose of national security.

The Budapest Convention is the first international convention which deals with issues of cyber-crime and cyber-terrorism. It has laid down a common policy to control cyber-crime and cyber terrorism. It covers issues regarding data security on cyber space. India is not a party to this convention.

Section 70B of Information Technology act states as follows, “The Central Government shall, by notification in the Official Gazette, appoint an agency of the Government to be called the Indian Computer Emergency Response Team”. The said section was passed in order to create a “computer emergency response team” which would provide immediate alerts of incidents challenging cyber security.

Problems with Section 66F of Information Technology Act, 2000

The judgement passed in the case of Shreya Singh v. Union of India criticizes the provisions of Section 66F. The judgement stated that Section 66F is a narrowly drawn section which inflicts punishment which may extend to imprisonment for life for persons who threaten the unity, integrity, sovereignty or security of India.

A major problem with Section 66F of the act is that there have been no convictions recorded in it since its inception. There have been reports that the section will be amended again in order to suit the current situation.

Also Read  The Persisting Struggle of Bonded Labourers

Another problem with Section 66F is that its jurisdiction is restricted to within the country and acts done by enemy states against India do not fall under the purview of Section 66F. Though economic sanctions can be levied on these states, it will have no effect on them. 

The Hon’ble Supreme Court in the matter of R.K Dalmia v. Delhi Administration has held that the word “property” defined in the Indian Penal Code is in a much wider sense than the expression “movable property”. The Hon’ble Supreme Court also recorded that whether the offence defined in a particular section of IPC can be committed in respect of any particular kind of property.

Solutions for Problems under Section 66F

Though Section 66F’s jurisdiction is restricted to within the country, Sections 4 and 121 of the Indian Penal Code can help in extending the jurisdiction beyond the borders of the country. Clause 3(b) of Section 4 of the code provides for the use of a computer resource in the commission of any wrongful act against the country. The said provision was passed with a view of covering offences by way of internet. Section 121 of the code is about waging of war or attempt to wage war against the Government of India. The punishment is either death or life imprisonment. This section can also be interpreted in a way which covers cyber-crimes and cyber terrorism. Cyber terrorism, like conventional terrorism, is an attempt to wage war against the State. Therefore, these sections can help in the conviction of perpetrators of cyber terrorism.

Conclusion

In today’s political and economic situation, cyber terror attacks have become a thing to be feared more than conventional terror attacks. Though the law is strong on cyber terrorism, the measure taken to protect the country from cyber terrorism is weak. Army chief Gen. Bipin Rawat had stressed the importance of cyber warfare and how India must be prepared to face it, should there be such a war. Vulnerability to cyber terror is ever so present that it is difficult to predict the next attack and therefore, difficult to keep a check on the same. Technology field is extremely dynamic because the knowledge of today becomes obsolete during a very short time. Lastly, the preamble of the Information Technology Act, 2000 provides that the Act was passed with the target to offer legal recognition for transactions administered by suggests that of electronic information interchange and difference suggests that of e-commerce. Additionally, the Act has conjointly created amendments to the Indian Penal code 1860, Indian Proof Act 1872, The Bankers Books of proof Act 1891, and the Bharat Act, 1934 for facilitation of legal recognition and regulation of business activities. Although this objective of the Act isn’t to suppress criminal activity, this act has outlined bound offences and penalties to overpower such omissions that are known to return inside the characterization of cybercrimes. From this, it may be inferred that the law cannot afford to be static; it should be modified with the dynamics of time.

The legal systems around the world are finding new ways to combat and counter cyber terror. However, due to the rise of state-sponsored conventional and cyber terrorism, it is difficult to implement the laws and amendments to cover the same., the public ought to be created conscious of the threats and the ways that and means that of dissemination and the way to deal just in case of terrorist attacks. Therefore, more stringent measures have to be taken in order to combat cyber terrorism.


[1] Dorothy E. Denning, Cyber terrorism- testimony before the Special Oversight Panel on Terrorism Committee on Armed Services, U.S House of Representatives (May 23, 2000),  http://www.nautilus.org/info-policy/workshop/papers/denning.html

[2] Worm affects Iran nuclear plant, BBC News (November 17, 2019), https://www.bbc.com/news/av/technology-11420226/worm-affects-iran-nuclear-plant

[3] Michael Corkey and Matthew Goldstein, North Korea Said to Be Target of Inquiry Over $81 Million Cyberheist, New York Times (November 17, 2019), https://www.nytimes.com/2017/03/22/business/dealbook/north-korea-said-to-be-target-of-inquiry-over-81-million-cyberheist.html?_r=0.

[4] Kamaljit Kaur Sandhu, India vulnerable to cyber attacks but doesn’t have capacity to deal with it: Home Secretary, India Today (Nov 17, 2019), https://www.indiatoday.in/india/story/india-vulnerable-to-cyber-attacks-but-doesn-t-have-capacity-to-deal-with-it-home-secretary-1247247-2018-05-31.

Leave a comment