Cyber Terrorism: World Crisis and its Encounter by Indian Laws

Gurneet Kaur

Abstract

Internet has touched every aspect of human life, bringing ease in connecting people around the globe and has also made information available to huge strata of the society on a click of a button. With advancement, came unforeseen banes of cyber offences. We are witnessing varied cyber crimes such as internet fraud and financial crimes, online sale of illegal articles, online gambling, digital forgery, cyber defamation, cyber stalking, phishing, cyber conspiracy, cyber pornography, web defacement and cyber-terrorism. Among all these cyber crimes, cyber-terrorism has hit mankind with unbelievable severity. In an attempt to define cyber-terrorism more logically, a study is made of definitions and attributes of terrorism and terrorist events. With increasing dependence on cyber space and the internet, vulnerability to aggressors: whether terrorists, criminals or hostile countries, is also increasing. Cyber Terrorism has now become a gruesome activity, it leads to killing someone financially and India is becoming its latest victim. Cyber terrorism attacks have an equal capacity of inflicting serious damage. When cyber terrorists attack, they attack on infrastructures, monetary systems, power grids and other sensitive information.In the present paper, an attempt has been made to analyse the ambit of cyber-terrorism in India.

Introduction

The world of internet has become a parallel form of people’s life and living. People nowadays are capable of doing such things which were not even imaginable few years ago. The internet is becoming a faster way of life for millions of people throughout the world and also a way of living because of the growing dependence and reliability of mankind over the machines and technology. Internet has enabled us to use different types of communications, emails and lot of anytime, anywhere IT solutions for the betterment of human kind.Although internet offers great benefits for the society but it also presents opportunities for crime against human beings through new and highly sophisticated technology. Today emails and websites have become most preferred means of communications. Big organizations provide internet access to their staff. By their very nature, they facilitate almost instant exchange and dissemination of data, images and variety of cybernetic material. This includes not only educational and informatics material but also information that might include undesirable or anti-social things which can be harmful for the society. The regular cyber crimes featured in media includes topics covering hacking to viruses, web hackers, two internet paedophiles and sometimes accurately portraying events and sometimes misconceiving the role of technology in such activities. Increase in the cybercrime rate is one of the biggest problems which all countries are facing worldwide. Both the increase in the incidence of criminal activities and the possible emergence in the new variety of criminal activities because of the internet post challenges to the legal system as well as to the law enforcement.

Cyber-Terrorism

Cyber terrorism is defined by the United Nations Central Bureau of Investigation as the “premeditated attack against the computer system, computer data programmes and other information with sole aim of violence against clandestine agents and sub-national groups.” In simple words, Cyber-terrorism can be defined as electronic attack from cyber space from both the internal and external networks mostly from the internet and that emanate from various terrorist sources with different set of motivations and are directed at a particular target. It is the act perpetrated by the use of computer and telecommunications capabilities resulting in violence, destruction and disruptions of services to create fear by causing confusion and uncertainty in a given population of with the goal of influencing a government or population to conform to particular political, social or ideological agenda.[1] Cyber terrorism is basically done to convey a particular destructive or disruptive message to the government and is mostly done by hi-tech offenders. The term “Cyber-terrorism’ is defined as “attacks or series of attacks on critical information carried out by the terrorist and instils fear by effects that are disruptive or destructive and has a religious, political and ideological motivation.[2]

Cyber terrorism is different from the conventional form of terrorism because it mostly includes use of (internet based) computer networks.[3]It is important to emphasize on cyber terrorism in order to determine the status of Customary Law pertaining to the use of force in relation to the acts of terror and to criminalise such acts. Cyber Terrorism should be viewed separately from the Terrorist use of the internet which involves such aspects as communication, recruitment, funding, organisation of Physical attacks, propaganda (also in the form of Hacktivism) incitement to terrorism and apology of terrorism. At same time, certain cyber operations (Intrusions into critical infrastructure data bases to collect information vulnerable targets) can further Cyber – Extremists’ cause, but not are acts of cyber terrorism on their own. Scholars like Conway also proposed dividing Cyber attacks into internet use (expression of ideas and communications), misuse (disrupting or compromising infrastructure or websites), offensive use (using internet to cause damage or engaging theft) and cyber-terrorism.[4]The term “Cyber-terrorism” itself predates 9/11[5], although lack of universal definitions of “Cyber Attack” and “terrorism” has resulted in every expert having his own understanding of the term.[6]The confusion has been exacerbated by the media which has the tendency of randomly characterising minor cyber-attacks as “Cyber terrorism.”

Also Read  Black And White Sides Of Cyber Laws For Women In India

Is Cyber Terrorism A Real Threat?

Cyber terrorism is a threat to whole world because it either affects a small amount of people or an entire nation; in either of the case it causes a serious damage. Cyber Terrorism is not only used to create fear in the heart of people through destruction and disruptions but also to fulfil many other purposes such as Propagandas, recruitment, radicalisation, fundraising, data mining, communication, training and planning for actual terrorist attacks through various terrorist websites, online magazines, and various social media platforms (such as Facebook, Twitter, Instagram, Tumblr, JustPaste it, You Tube etc).

Daesh

DAESH is the jihadist militant group also known as Islamic State of Iraq and Syria (ISIS) and officially known as Islamic State (IS) has seven media agencies under its central media command (with Amaq being the most prominent ones) its thirty-seven media agencies are being operated in various countries. In the same manner Al – Qaeda formed a media arm known as As-Sahab and The Global Islamic Media Front (GIMF) as well as online magazines such as “Inspire and Resurgence” to reinforce their propaganda. There were 16 issues of these magazines till 2016. The Terrorist organisations have also been using Telegram application since 2015 because of its encryption and secure use and due to the increased closures of the terrorist accounts on Facebook and Twitter[7]. For example, In August 2016 the Al-Sumud jihadist media institution, in support of DAESH propaganda, published on its Telegram channel links to download two anthologies containing collection of organisation’s publications in Somalia and Meghreb.

Other Non-State Actors

Many other terrorist organizations are utilising social media platforms to select individuals for radicalising or recruitment purposes. Recruiters identify potential targets by monitorizing Facebook profiles and conversation threads and assess whether they are genuine sympathizers. They conduct further examination by adding them as friends and only engage in private communications when they are certain of the individual’s faithfulness. Terrorist organization use the internet and specially the dark net to disseminate the training materials to conduct physical attacks and distribute guidelines and instructions to equip their members and supporters with the necessary skills in order to support their cyber defence and to improve their offensive capabilities.

Raising funds for terrorist activities (acquire weapons and support the war efforts by providing funds to the fighters) is no longer simply done through charity organizations. Instead of that it is done through social media platforms and blogs for example the use of the bitcoin digital currency. For instance, Indonesian security sources discovered a financial transfer made by an IS Operative to another one using bitcoin digital currency.

Some other examples of these types of funding are:

  1. The “Arm Us” Campaign through which the funds were raised for “Jihad for Allah” Mujahidin with weapons and ammunitions, manufacturing weapons, missiles and bombs, physical training, promoting Sharia and Dawah (proselytization), establishing Jihadi Propaganda as well as developing and providing security and community activity.
  2. The “Your Sonsat Your Service” fund raising Campaign which planned to sponsor Mujahid families with $100 per month.

Major Cyber Attacks in Rest of the World

Estonia

On April 2007 the Estonian government moved the controversial Soviet Era World War-II memorial also known as Monument to the Liberators of Tallinn from a square in capital city of Tallinn to a more secluded location which sparked the first known cyber attack on the entire country. The decision triggered outrage in Russian language media and Russian speakers took to the street. Protests were exacerbated by false Russian news reports claiming that the statue and the nearby Soviet War Graves, were being destroyed. On April26, 2007 Allen erupted into two nights of riots and looting. 156 people were injured, 1 person died and 1000 people were detained.

 On April 27, 2007 Estonia was also hit by major cyberattacks which in some cases lasted for weeks. Online services of Estonian banks, media outlets and government bodies were taken down by the unprecedented levels of internet traffic. Massive waves of spam were sent by Botnets and huge amount of automated online requests spammed servers. The result for Estonian citizens was that cash machines and online banking services were sporadically out of action. Government employees were unable to communicate each other on emails and newspaper and broadcasters suddenly found that they couldn’t deliver the news. This shows that a hostile country can create disturbance and instability in a NATO country like Estonia, without fear of military retaliation from NATO allies.

Also Read  Development of Legal Position of Property Rights of Indian Women

South Korea

South Korean government agencies, businesses and critical infrastructure have been victim of many large-scale cyber-attacks. On July 04, 2009 DDOS attacks were launched against the major cities in the United States (Lee, 2009). On July 07, the attacks began to target major sites in South Korea. The attack took websites including government websites offline for four hours. The White House and the major sites in US and South Korean websites of media companies, political parties, National Intelligence Service (NIS) and other major portal sites were targeted (Internet News team, 2009). The NIS announced that it was most likely North Korean sponsored hacker groups. However, there was not enough direct evidence to conclusively link to North Korea.

“Dark Seoul” was a larger scale cyber terror attack that disabled the computer equipments of broadcasters and financial institutions in South Korea on March 20, 2013. Malicious codes spread through the public to target critical systems through the compromise of popular web servers. The popular sites were infected with a drive by malware.[8]The malicious code took control of the PC or server inside the institution for up to 8 months. During this time the malware exfiltrated data identified more vulnerabilities and distributed malicious codes. On March 20, the malware deleted data in infected PC’s and servers all at the same time. At the time, more than 48,000 PC’s were disabled. This resulted in media coverage and banking outages for 10 days as well as financial damage of an estimated 900 million USD.

Finally, on December 15, 2014 personal information of Korea Hydroelectric Nuclear powerCorporation (KHNP) staff members and confidential documents related to Nuclear Power Plants were revealed on the hacker’s blog. The documents contained the phrase “Who Am I?” and stated that they were an anti-nuclear group. They also announced a second attack during Christmas. The hacker disclosed the internal documents related to Nuclear Power Plant on December 15, 18, 19, 21 & 24 and requested to shut down Korea Nuclear Power Plants Kori 1 & 3 and Walsong 2 starting from Christmas. The attackers threatened to reveal the 10 million pages of unpublished data and carry out second attack if their demands were not met.

Cyber Attacks in India

In India cyber terrorism has emerged as a new phenomenon, the probe against the 2008 serial blasts in cities like Ahmedabad, Delhi, Jaipur and Bangalore. The 2010 blast in the holy city of Varanasi also had trails of cyber terrorism (NDTV Correspondent, 2010). Ironically, most of these incidences involved Muslim Jihadist like the Indian Mujahidin & ISIS. However, an analysis on news reports on extreme usage of cyber communication would show that spreading of terror messages targeting state heads and claiming responsibilities for terror attacks had been done by non- Muslim youth as well. However, all these incidences indicate two main aspects of Cyber Terrorism, namely, gathering of information and spreading of the terror through cyber communications or disruption of national security & peace.

Incident 1

BARC Cyber Attack was the first known cyber-attack in India which occurred in the year 1998 mainly in the protest against the May 11 & 13 nuclear tests. Under this attack specific computer systems were targeted and the attackers involved were not nation-states but groupsof teenagers from around the globe. The 3 teenage hackers broke into the computer systems at the Bhabha Atomic Research Centre (BARC, Trombay). They claimed to have obtained the data and email on the recent tests, and destroyed all the data in at least 2 of the 8 servers at BARC.[9]

Incident 2

In 2002, a cyber terror attack was launched over many prominent Indian websites notably that of the Cyber Crime Investigation Cell of Mumbai were defaced. Messaged relating to the Kashmir issue were left on the home pages on these websites.[10]

Incident 3

The Purulia Arms Drop Case refers to an incident that occurred on December 17, 1995 in which unauthorised arms were dropped from an Antonov An-26 Aircraft in Purulia District of West Bengal. In this case the main players used the internet extensively for the international communication, planning and logistics.[11]

Incident 4

The former Indian President, Dr. A.P.J. Abdul Kalam has expressed his concern over the free availability of sensitive spatial pictures of various nations on internet. He pointed out that the internet could be utilised for gathering information about a nation by the groups of terrorists. According to him, earth observation by “Google Earth” was a security risk to the nation. www.fas.org& “Google Earth” provide free availability of high-resolution pictures. On November 26, 2008, the Bombay bomb blasts militancy examined the layout and landscape of the city using only images from “Google Earth.”

India’s Stand against Cyber Terrorism

The Information technology Act, 2000, (IT Act), was enacted with a view to give legal recognition and hence, provide extra fillip to the concept of e-transactions, e-commerce, to prevent cyber crimes and ensures security practices. Due to the proliferation of IT enabled services and recent increase in cyber crimes, concerns of data security have assumed greater importance. With the above in the mind and to bring IT Act in line with the modern law of electronic signatures adopted by the United Nations Commission on International Trade Law,

Also Read  Overtone of Interest- The Changing Dynamics of ‘Intervention’ in International Humanitarian Law

the amendment act defined the concept of cyber terrorism and has made it a abominable crime. As an offence, Cyber terrorism has been made punishable with life term imprisonment and fine in the amendment act. This is really a welcoming amendment keeping in mind the sovereignty, integrity and security of India. We can see this amendment as a highly qualified strategy after Mumbai 26/11 Attacks.

Section 66 expands the definition of cybercrime to include identity theft and makes it punishable by up to three years of imprisonment. Sections 66A – 66F define and impose penalties for other cyber crimes, including cyber-terrorism. These sections are of Spoofing and SPAM (Section 66A), Identity theft (Section 66C), E-Commerce Frauds (Section 66C and D), Phishing (Section 66D), Violation of Privacy (Section 66 E) Cyber Terrorism (Section 66F). Clearly, this addition in section 66 is one of the most important changes that have been brought about pertaining to cyber terrorism, with Section 66F of the amended legislation prescribing life imprisonment for such offences. This assumes significance as the recent terror attacks have demonstrated just how tech-savvy militants can be.

Amendment in Section 67

Section 67 of the old Act is amended to reduce the term of imprisonment for publishing or transmitting obscene material in electronic form to three years from five years and increase the fine thereof from Indian Rupees 100,000 (approximately USD 2000) to Indian Rupees 500,000 (approximately USD 10,000). A host of new sections have been inserted as Sections 67 A to 67C.

Recommendations for Counter Measures

In order to counter the ill-effects of cyber terrorism on critical infrastructures and businesses as well as the social and psychological effects that these attacks have on citizens, a multidimensional and comprehensive strategic approach should be put in place:

  1. Develop a framework regulating Open Data to prevent activities of data mining for the purpose of planning terrorist attacks.
  2. an holistic National Communication Strategy to enhance trust between citizens, security forces and media;
  3. Promote the exchange of information, best practices and lessons learnt between states in preventing and countering cyber terrorism.
  4. Government law and Information technology act need to be rectified
  5. Regulate the prevention and treatment of this crime and the exchange of information and evidence.
  6. Strengthen cooperation between all stakeholders of the public and private sector, i.e. the government including security forces, cyber security experts, telecommunication network operators, internet service providers and civil society.

Conclusion

Cyber-terrorism is a term used for terrorists who use Internet to communicate and wreak havoc and paralyze nations. Cyber Terrorism has now become a gruesome activity, it leads to killing someone financially and India is becoming its latest victim. The time has come to prioritize cyber security in India’s counter terrorism strategy as there is growing nexus between the hackers and the terrorists.  Also, it is the time to act, to secure the strategic digital assets, public & private. Legal professionals in India and the world over will have to be competent in dealing with the variety of information sources.As computers can play an enormous role in terrorism and at the same time they can provide perhaps our biggest defence against terrorism if used to our advantage. However, just like as we need to understand the integration of computers with terrorism, we must examine how computers can assist in defence broadly.


[1]Denning, S., Managing the threats and opportunities of the open corporation, Strategy & Leadership, Vol. 38 No. 6, pp. 16-22. (2010) https://doi.org/10.1108/10878571011088023

[2]International Handbook on Critical Information Infrastructure Protection (CIIP) 2006 Vol.II

[3]SS Raghav, Cyber Security in India’s Counter terrorism Strategy, Integrated Defense Staff 2 (Sept 15, 2012), ids.nic.in/art_by_offids/Cyber Security in India by Col SS Raghav.pdf.

[4]Maura Conway, terrorism and IT: Cyber terrorism and Terrorist organization (2003), https://firstmonday.org/article/view/1001/922.

[5]Sam Berner, Cyber Terrorism: Reality or paranoia? 5S.AFR.J.INFO MGMT.1,1(2003).

[6]Ali Jahangiri, Cyberspace Cyber Terrorism and Warfare: A Perfect recipe for Confusion, Worldwide Security Conference (January 1, 2009) http://alijahangiri.org/2009/01/cyberspace-cyberterrorism-and-information-warfare-a-perfect-recipe-for-confusion/.

[7]However, although being considered losing its control over territories in Syria and Iraq , DAESH state has demonstrated its resilience in maintaining constant distribution of it propaganda and its adaptability towards online removal if jihadists content ,according to its affiliated outlet Yaqeen media

[8]KIM, 2013

[9]Dr. VD Dudeja, Information Technology & Cyber Laws- A Mission with Vision 202 (Common Wealth Publishers, 2001).

[10]Amar Ujala, Regional Daily Newspaper, October 31, 2005.

[11]Krishna Kumar, Cyber Laws Intellectual Property & E-Commerce 295(Dominant Publishers and Distributors, 2001).