Need to Restrain the Expanding Horizons of Cyber Terrorism

Shaifali Dixit[1]

Abstract

Growing dependency on cyber-technology is the necessary evil of modern civilization. Undoubtedly, the e-growth and cyber technology has contributed in overall progress of mankind in every sphere of life, but some new threats begin to emerge on the digital frontier.  More and more, everyday facets of life are being integrated digitally and as our nation’s infrastructure becomes linked, therefore this dependency on digitalization further leads to vulnerability.  The opinions of cyber-terrorism’s existence and possibilities are far ranging, from those who believe that it is not a threat and could never do any serious or lasting damage, to the eccentric views of those who believe it can cause devastating damage to the whole structure of a nation. Generally, cyber-terrorism is defined as an attack on electronic communication networks.  However, it is also used very often to describe the use of the internet in the hands terrorists to spread their messages, propaganda and threat in the society.  India has carried a niche for itself in the IT Sector. The nation has already brought sectors like income tax, passports, travel and visa under the realm of e -governance. As the Indian banks have gone on full-scale computerization, the concepts of e-commerce and e-banking are flourishing day by day. To create havoc in the country these are lucrative targets to paralyze the economic and financial institutions. The damage done can be cataclysmic and irreversible. The present paper aims to mark a distinction between cyber-terrorism and other cyber offences. The paper tends to analyze the emerging threats of cyber terrorism on peace and security of the nation. As internet is a major platform for propaganda to actual cyber-attacks, it is important to examine the preventative measures and information security available as well as existing counter cyber security initiatives for a more regulated internet. Moreover, the lacunas related to cyber security and the measures to prevent the havoc of cyber terrorism are also discussed.

Introduction

Technology is a foundation of modern society as it governs its dynamics and cyber technology is the biggest gift of technology to the mankind. With the introduction of computers, the world has gradually endeavoured to use computers and software in every sphere to ensure that the departments run smoothly. As the dependency on the internet increased across the globe, so do the threats posed by cyber terrorism. The threat of terrorism has posed an immense challenge in our everyday life. There are various techniques which are used by cyber criminals to spread terror in the society by using information technology. The means adopted by the terrorists include the internet, cellular phones, instant messaging, and real-time photographic and filming capabilities. Such capabilities have amplified the global reach of terrorist organizations.

Cyber Terrorism and its Expanding Horizons

Cyber terrorism is a controversial term, most of the authors accept it as “Cyber terrorism is the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against non combatant targets by sub national groups or clandestine agents having religious, political or similar objectives”.[2]People usually confuse ‘cyber terrorism’ with ‘cybercrime’. There is a slight difference between them as the motive behind cyber terrorism is to spread fear in the society by affecting and harming few sections or a group of the society. Cyber threats constitute destruction of physical and intellectual property with economic offence, propaganda, financial warfare and sometimes even physical injury to innocent human beings. Cyber-terrorism is a budding evil in its evolution and is related to individuals, terrorist gangs and state actors, which in particular, could participate in a Cyber War.

Reasons behind Origin and Growth of Cyber Terrorism

Our country is one of the largest sourcing destinations in the world for IT industry, accounting for around 67 percent of the US$ 124-130 billion market[3]. India holds 23rd ranking among the top countries in terms of digitalization maturity[4] and was expected to be among the top countries with the opportunity to grow and scale up digital platforms by 2020 in engineering and computer science. As more and more civilian and military infrastructures become computerized to various extents, the potential for cyber terror attacks greatly increases. The worrying aspect of the use of modern gadgets is that the terrorists are not only fond of IEDs and AK-47 but have also become proficient in using laptops and tablet PCs to give finesse to their nefarious designs. As terrorist groups understand the capability and potential for disruptive efforts at lesser costs they become more and more technology savvy and their gross strategies and evil tactics incline towards technological orientation. Therefore, the major concern is regarding information technology security, as it is highly required in handling cyber threats on various industries such as banking, visa, services, income tax, passport, defense, healthcare and commercial market etc.

One of the recent cyber-attack has occurred on banking sector when the Prime Minister of India, Mr. Narendra Mod’s historic “currency banned effect” took place on 9th December. During this time period, at least 80000 cyber-attacks were designed to target Indian networks, showing their intolerance on the govt’s effort to switch over to a digital economy. Top intelligence sources reported that till November 28, 2016 around 2lacs threats and vulnerabilities per day had been observed. The numbers rose to 5lacs and after demonetization, it further went up to 6lacs threats by the first week of December.[5]

Also Read  Rule of Law in Republic of India

Another attack has been witnessed by the defence sector in March, 2013. Defence Research and Development Organization (DRDO) had a suspicion that the Chinese hackers breached the computers of India’s top military organizations[6]. After that the Defence Minister of India, at that time, Mr. A.K. Antony ordered for the proof of the concerned matter, though the official statement denied that any sensitive file had been compromised.[7]

Internet as an Easy Target for Terrorism

We are living a complicated world period, where on one side the technology is growing day by day and on the other side  it is misused with a same pace. The terrorism is a threat to the society and culminates on a global scale, and unlike the past, it has reached a global dimension. It is comparatively cheap than the other traditional modes or methods. Moreover, it is very difficult to track the actions. It requires less manpower to attack a large number of people. Cyber terrorists can easily conceal their personalities and locations as there are no physical barricades or check points to cross. It can be done remotely from anywhere in the world and can even be used to attack a large amount of targets.

Modes of Cyber Attack and Terrorism

Most of the “cyber-attacks” attributed to cyber terror groups, have been limited to attacks that are more ‘hacktavist’ in nature, rather than cyber terrorism.  The popular cyber terror groups such as; Cyber Caliphate (a group of pro-ISIS hackers), Hamas (the Islamic Resistance Movement), the Lebanese Hezbollah (Party of God), the Egyptian Al-Gama’a at Islamia, the Popular Democratic Liberation Front Party in Turkey (DHKP), the Kurdish Workers’ Party (PKK), the Zapatista National Liberation Army (ELNZ), the Islamic Movement of Uzbekistan (IMU) the Mujahedin, and the Chechens etc are adopting these hacking techniques.

While digital terror gangs are restricted by their abilities, they make it a well known fact to expand their arms of destructive digital weaponry. Furthermore, the administrations offered available to be purchased by programmers sneaking on the dark net present an additional layer of danger which nations and associations face from cyber terrorism.

The most well known weapon in digital fear based oppression is PC viruses and warms. So this fear based oppression is otherwise called PC terrorism. The assaults or strategies on the PC framework can be ordered into three distinct classes:

Physical Attack

A physical assault upsets the unwavering quality of PC hardware and accessibility of information. Physical assault is executed either through utilization of regular weapons, making heat, blast, and fragmentation, or through direct control of wiring or gear, as a rule subsequent to increasing unapproved physical access.

Syntactic Attack

The PC framework is harmed by modifying the logic of the framework so as to present deferral or make the system unimaginable viruses.

Today viruses, adware, malware and trojans might be considered as a disturbance by most ordinary PC clients. They are frequently utilized by offenders to either take individual data or transform clueless PCs into zombie bots, used to produce spam or direct disturbed denial of Service (DDoS) assaults.

Semantic Attack

This is additionally harming where it abuses the certainty of the user in the system. Amid this attack, the data entered in the framework amid entering and existing the system is changed without the user’s information.

PC hackers astutely check the Internet scan for PC frameworks that are mis-arranged or lacking fundamental security programming. When tainted with vindictive code, a PC can be remotely controlled by a programmer who may, by means of the Internet, send commands to keep an eye on the contents of that PC or attack and disrupt different PCs.

Threat Posed by Cyber Terrorism on Indian National Security

Our Nation has the 3rd largest Army in the world and has a full potential to defend our country from terrorism. But the question is that do we have the potential to fight against cyber terrorism. According to the EC Council “India is not prepared for the sophisticated cyber-attack as it also faces a serious shortage of trained professionals”[8] thought India is the world’s largest sourcing destination for the information technology industry, accounting for approximately 67 per cent of the US$ 124-130 billion market[9].

Cyber terrorists can threaten the security of the country by targeting the sensitive and secret information through theft, disclosure, or destruction of such information. Since last two decades, India had witnessed an increasing number of cyber attacks within the government departments as well. DRDO also confirmed that some hackers from Algeria had carried out an attack on websites run by DRDO, PMO, CDAO at Pune and other various governmental offices[10]. Moreover, the safety and security of nuclear power plant from cyber terrorism is indeed highly required. Breach of any cyber security of nuclear power plant may lead to disastrous situation like as it took place in December 2014 at South Korea[11].

Some other incidences also pose a threat on the security of India, likewise in 1998, Ethnic Tamil guerrillas swamped Sri Lankan embassies with 800 e-mails a day over a two-week period. The messages read “We are the Internet Black Tigers and we’re doing this to disrupt your communications.[12]” Intelligence authorities characterized it as the first known attack by terrorists against a country’s computer systems. Mumbai terrorist attack on November, 2008 forced India to take military action against Pakistan. In response, Pakistan Government also was developing tactical nuclear weapon at a rapid pace. Those measures created deterrent between two countries[13]. According to CERT-in which is a government mandate information technology security organization estimated 14392 websites in the country were hacked in 2012, a report told that in 2011 as many as 14232 websites were hacked while the number of websites were hacked in 2009 stood at 9180 and in 2010, it was 16126.[14]

Also Read  Revenge Pornography: Urgent Need For Legislation

Overview of Existing Cyber Security Initiatives in India

Cyber attacks have come not only from terrorists but also from neighbouring countries inimical to our National interests. It is important to take the preventative measures as well as to regulate the existing counter cyber security initiatives for a more regulated internet.

Initiatives Of Judiciary On Cyber Security

In P.U.C.L. v. Union of India the Apex Court mentioned the grounds on which the government can withhold information connected to various issues, including the trade secrets. It was observed by the Court that – every legal or moral right carries with it a corresponding objection. It is subject to several exceptions indicated in broad terms. “Generally, the exceptions under those laws entitle the Govt. to withhold information relating to the matters:

  1. International relations;
  2. National security (including defiance) and public safety;
  3. Investigation, detection and prevention of crime;
  4. Internal deliberations of the Govt;
  5. Information received in confidence from a source outside the Govt;
  6. Information, which, if disclosed, would violate the privacy of the individual;
  7. Information of an economic nature (including Trade Secrets) which, if disclosed, would confer an unfair advantage on some person or concern, or, subject some person or Govt, to an unfair disadvantage;
  8. Information, which is subject to a claim of legal professional privilege, e.g. communication between a legal adviser and the client; between a physician and the patient;
  9. Information about scientific discoveries”. [15]
  10. Governmental initiatives

To cope up the cybercrime and cyber terrorism India has formulated certain security programs.

  1. National Information Centre (NIC): It provides backbone to the network and e-governance support to the Centre and State Government., territories of India, various districts and Govt. bodies.
  2. Indian Computer Emergency Response Team (CERT-IN): It is considered to be the most significant organization in India’s cyber community initiative groups. It makes compulsory for the states to ensure the security of cyber space in the nation by increasing the security communication and information infrastructure.
  3. National Information Security Assurance Program (NISAP): It is a govt. organization for Govt. and critical infrastructures. The organization has used security policy and has created a point of contact. It is created by CERT-IN.
  4. The National Association Of Software And Services Companies (NASSCOM): It is a trade association of Indian Information Technology (IT) and Business process Outsourcing (BPO) industry. It assures that service quality and the legal implementation of intellectual property rights has been properly done in the Indians Software and BPO industry.
  5. Indo-US Cyber Security Forum (IUSCSF). Under this forum (set up in 2001) high power delegations from both side met and several initiatives were announced. Likewise, setting up an India Information Sharing and Analysis Centre (ISAC) for better cooperation in anti-hacking measures. Setting up of India Anti Bot Alliance to raise awareness about the emerging threats in cyberspace by the Confederation of Indian Industry (CII). Ongoing cooperation between India’s Standardization Testing and Quality Certification (STQC) and the US National Institute of Standards and Technology (NIST) would be expanded to new areas. The R&D group will work on the hard problems of cyber security. Cyber forensics and anti-spasm research are also contributing for the same objective. The way for intensifying bilateral cooperation to control cybercrime – between the two countries has been chalked.

Recommendations and Measures to Curb Cyber Terrorism

While there is no single answer for ensure the protection of an organization, foundation, infrastructure or a nation from digital/cyber attack terror, since the assaults can run from endeavours of code vulnerabilities to physical assaults including USB facilitated malware and others, secure application improvement from the earliest starting point of coding will make it simpler to moderate any dangers that may emerge later on. Additionally, advancing security mindfulness inside the organization will likewise relieve the dangers presented by digital fear mongering and cyber terrorism.

Legislative Measures

The legislature can give its help to the generous goal of disposal of eradicating cyber terrorism by establishing suitable enactments dealing with cyber terrorism. It must be noticed that to offer impact to the postulates of Information Technology Act, 2000 suitable changes have been made in the I.P.C, 1860, the Indian Evidence Act, 1872, the Bankers’ Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934. On similar lines another chapter related to “Cyber terrorism” can be added to the effectively existing criminal statues to make them good with present day types of terrorisms.[16]

Administrative and Governmental Measures

The Central Government and the State Governments can play their role effectively by making various rules and regulations dealing with cyber terrorism and its facets from time to time. The Central Government can, by notification in the Official Gazette and in the Electronic Gazette, makes rules to carry out the provisions of the Information Technology Act. Similarly, the State Government can, by notification in Official Gazette, makes rules to carry out the provisions of the Act. In exercise of the powers conferred by section 90 of the Information Technology Act, 2000 (Central Act 21 of 2000), the Government of Karnataka has made the Information Technology (Karnataka) Rules 2004. The Rules define “Cyber Café” as premises where the Cyber Café Owner/Network Service Provider provides the computer services including Internet access to the public. Rule 3 (1) provides that the owner of the Cyber Café shall take sufficient precautions so that computers and computer systems in the Cyber Café are not used for any illegal or criminal activity.

Also Read  Case Comment: Neetu Singh v. Rajiv Saumitra

The Central Government and the State Governments can effectively find the solution by making different guidelines and rules to fight back  cyber terrorism and its features every once in a while. The Central Government can, by notice in the Official Gazette and in the Electronic Gazette, makes principles to implement the provisions prescribed in the Information Technology Act. Likewise, the State Government can, by notice in Official Gazette, make rules to implement the Act effectively. In exercise of the powers given by Sec 90 of the Information Technology Act, 2000, the Government of Karnataka has made the Information Technology (Karnataka) Rules 2004. The Rules characterize “Cyber Cafe” as premises where the Cyber Cafe Owner/Network Service Provider gives the computer services including Internet access to the people. Rule 3 (1) gives that the proprietor of the Cyber Café will avoid potential risk with the goal that PCs and PC systems in the Cyber Cafe are not misused for any illicit or criminal activity.

Further, the government can also block those web sites which are spreading cyber terrorism. Moreover, the Indian Computer Emergency Response Team (CERT-In) has been designated as the sole authority which can issue instructions in relation to the blocking of web sites. CERT-In has to give instruction to the Department of Telecommunications for blocking the web sites after verification of the authenticity of the complaint and full satisfaction of the essentialness of the action of blocking such website. There is no expressed provision in the IT Act, 2000 regarding the blocking of websites

Conclusion and Suggestions

Terror attacks in major cities, towns and tourist resorts across the globe have demonstrated the inadequacy of the state mechanism to address the challenge. There is a serious threat to our national security. It is not only the government alone but citizens are equally under a solemn obligation to fight against the cyber terrorism. In fact, they are the most important and effective cyber terrorism eradication and elimination mechanism. More investment is required in this field. The personal information in social media and unique passwords in electronic system and social media must not be shared. The links and pop-ups, posing the threat of virus must not be negligently opened. There is a strong need to have more international collaboration in the field of cyber security and handling issue of cyber terrorism in cooperation with other countries. The only requirement is to encourage everyone to come forward for the support of fighting against cyber terrorism. The government can give suitable incentives to them in the form of monetary awards. A common vision is required to ensure cyber security and prevent cyber terrorism. The science has endeavoured hard to invent and develop cyber technology for the progress and wellbeing of mankind. Therefore we must not surrender it in the hands of few anti-social elements for the destruction and harm of mankind.  Time has come to prioritize the staunch need of cyber security in India’s counter terrorism strategy and fight back for a progressive and terror-free cyber space.


[1] Shaifali Dixit, Assistant Professor, Lovely Professional University, Phagwara, Punjab

[2] Marcus Araromi, Cyber-Terrorism under the Nigerian Law: A New Form of Threat or an Old Threat in a NewSkin? (Dec 11, 2018, 1:00 PM) https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3286617.

[3] IT & ITeS Industry in India (Aug 31, 2018, 10:04 AM), https://www.ibef.org/industry/information-technology-india.aspx

[4] The Economic Times, India ranks 23rd among 165 nations in cybersecurity index (Dec 21, 2017, 1:00 PM), https://economictimes.indiatimes.com/tech/internet/india-ranks-23rd-among-165-nations-in-cybersecurity-index/articleshow/59478111.cms

[5] Yatish Yadav, 80,000 cyber attacks on December 9 and 12 after note ban (Aug 21, 2018, 1:00 PM), http://www.newindianexpress.com/nation/2016/dec/19/80000-cyber-attacks-on-december-9-and-12-after-note-ban-1550803.html

[6] Saheli Naik ,A Biggest Threat to India – Cyber Terrorism and Crime, Journal of Research in Humanities and Social Science(Sep 8, 2018, 7:00 PM),  http://www.questjournals.org/jrhss/papers/vol5-issue4/D542730.pdf

[7] Defence Minister AK Antony, (Sep 20, 2018, 11:00 PM), http://www.ndtv.com/india-news/defence-minister-akantony-should-have-apologised-says-lk-advani-531573

[8] Press trust of India, India not prepared to handle cyber terrorism threat (November 19, 2019), http://www.business-standard.com/article/pti-stories/india-not-prepared-to-handle-cyber-terrorism-threat-ec-council-114021900965_1.html.

[9] Supra note at 3.

[10] Haris Zargar ‘India must wake up to cyber-terrorism’, (Aug 27, 2018, 6:00 PM), http://gadgets.ndtv.com/internet/news/india-must-wake-up-to-cyber-terrorism-349274

[11] James Conca ‘Hacking Nuclear Power Plants Something We Should Be Afraid Of?’, (July 7, 2018, 6:00 PM) https://www.forbes.com/sites/jamesconca/2017/07/07/is-hacking-nuclear-power-plants-something-we-should-be-afraid-of/#7d63a7b3dde8

[12] Dorothy E. Denning ‘Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy’, (July 17, 2018, 8:00 PM) https://nautilus.org/global-problem-solving/activism-hacktivism-and-cyberterrorism-the-internet-as-a-tool-for-influencing-foreign-policy-2/

[13]Toby Dolton, India’s Nuclear Options and Escalation Dominance, (Aug 29, 2018, 7:00 PM),  http://carnegieendowment.org/2016/05/19/india-s-nuclear-options-and-escalation-dominance-pub-63609

[14] Ullekh NP, ‘Cyber Defence’ (Aug 31, 2018, 7:00 PM),  http://economictimes.indiatimes.com/tech/internet/cyber-defence-howprepared-is-india-for-cyber-warfare/articleshow/19152928.cms

[15] P.U.C.L. v. Union of India, 29 April, 2005 , Writ Petition (civil)  105 of 2004

[16] Praveen Dalal, Cyber Terrorism And Its Solutions: An Indian Perspective, (Dec 31, 2018, 6:30 P M )

http://www.naavi.org/cl_editorial_04/praveen_dalal/pd_cyber_terrorism_oct25_04_02.html