Cy berterrorism

Cyberterrorism is a new terrorist tactic that makes use of information

systems or digital technology, especially the Internet, as either an
instrument or a target. As the Internet becomes more a way of life with
us,it is becoming easier for its users to become targets of the
cyberterrorists. The number of areas in which cyberterrorists could strike
is frightening, to say the least. The difference between the conventional
approaches of terrorism and new methods is primarily that it is possible
to affect a large multitude of people with minimum resources on the
terrorist's side, with no danger to him at all. We also glimpse into the
reasons that caused terrorists to look towards the Web, and why the
Internet is such an attractive alternative to them. The growth of
Information Technology has led to the development of this dangerous
web of terror, for cyberterrorists could wreak maximum havoc within a
small time span. Various situations that can be viewed as acts of
cyberterrorism have also been covered. Banks are the most likely places
to receive threats, but it cannot be said that any establishment is beyond
attack. Tips by which we can protect ourselves from cyberterrorism have
also been covered which can reduce problems created by the
cyberterrorist.We, as the Information Technology people of tomorrow
need to study and understand the weaknesses of existing systems, and
figure out ways of ensuring the world's safety from cyberterrorists. A
number of issues here are ethical, in the sense that computing
technology is now available to the whole world, but if this gift is used
wrongly, the consequences could be disastrous. It is important that we
understand and mitigate cyberterrorism for the benefit of society, try to
curtail its growth, so that we can heal the present, and live the future…

Cyberterro rism

It is a controversial term. Some authors choose a very narrow definition,

relating to deployments, by known terrorist organizations, of disruption
attacks against information systems for the primary purpose of creating
alarm and panic. By this narrow definition, it is difficult to identify any
instances of cyberterrorism. Cyberterrorism can also be defined much
more generally, for example, as “The premeditated use of disruptive
activities, or the threat thereof, against computers and/or networks, with
the intention to cause harm or further social, ideological, religious,
political or similar objectives. Or to intimidate any person in furtherance
of such objectives.” This broad definition was created by Kevin G.
Coleman of the Technolytics Institute. The term was coined by Barry C.
Collin.

Ov erv iew

As the Internet becomes more pervasive in all areas of human endeavor,

individuals or groups can use the anonymity afforded by cyberspace to
threaten citizens, specific groups (i.e. with membership based on
ethnicity or belief), communities and entire countries, without the
inherent threat of capture, injury, or death to the attacker that being
physically present would bring.
As the Internet continues to expand, and computer systems continue to
be assigned more responsibility while becoming more and more complex
and interdependent, sabotage or terrorism via cyberspace may become a
more serious threat.

Basic definition

Cyberterrorism is the leveraging of a target's computers and information ,

particularly via the Internet, to cause physical, real-world harm or se vere
disruption of infrastructure.

Cyberterrorism is defined as “The premeditated use of disruptive

activities, or the threat thereof, against computers and/or networks, with
the intention to cause harm or further social, ideological, religious,
political or similar objectives. Or to intimidate any person in furtherance
of such objectives.” This definition was created by Kevin G. Coleman of
the Technolytics Institute

...subsumed over time to encompass such things as simply defacing a web

site or server, or attacking non-critical systems, resulting in the term
becoming less useful...

There are some that say cyberterrorism does not exist and is really a
matter of hacking or information warfare. They disagree with labeling it
terrorism because of the unlikelihood of the creation of fear, significant
physical harm, or death in a population using electronic means,
considering current attack and protective technologies.

Background information

Public interest in cyberterrorism began in the late 1980s. As the year

2000 approached, the fear and uncertainty about the millennium bug
heightened and interest in potential cyberterrorist attacks also increased.
However, although the millennium bug was by no means a terrorist
attack or plot against the world or the United States, it did act as a
catalyst in sparking the fears of a possibly large-scale devastating cyber-
attack. Commentators noted that many of the facts of such incidents
seemed to change, often with exaggerated media reports.

The high profile terrorist attacks in the United States on September 11,
2001 lead to further media coverage of the potential threats of
cyberterrorism in the years following. Mainstream media coverage often
discusses the possibility of a large attack making use of computer
networks to sabotage critical infrastructures with the aim of putting
human lives in jeopardy or causing disruption on a national scale either
directly or by disruption of the national economy.

Authors such as Winn Schwartau and John Arquilla are reported to have
had considerable financial success selling books which described what
were purported to be plausible scenarios of mayhem caused by
cyberterrorism. Many critics claim that these books were unrealistic in
their assessments of whether the attacks described (such as nuclear
meltdowns and chemical plant explosions) were possible. A common
thread throughout what critics perceive as cyberterror-hype is that of
non-falsifiability; that is, when the predicted disasters fail to occur, it
only goes to show how lucky we've been so far, rather than impugning
the theory.

Effects

Cyberterrorism can have a serious large-scale influence on significant

numbers of people. It can weaken countries' economy greatly, thereby
stripping it of its resources and making it more vulnerable to military
attack.

Cyberterror can also affect internet-based businesses. Like brick and

mortar retailers and service providers, most websites that produce
income (whether by advertising, monetary exchange for goods or paid
services) could stand to lose money in the event of downtime created by
cyber criminals.

As internet-businesses have increasing economic importance to

countries, what is normally cybercrime becomes more political and
therefore "terror" related.

Examples

One example of cyberterrorists at work was when terrorists in Romania

illegally gained access to the computers controlling the life support
systems at an Antarctic research station, endangering the 58 scientists
involved. However, the culprits were stopped before damage actually
occurred. Mostly non-political acts of sabotage have caused financial and
other damage, as in a case where a disgruntled employee caused the
release of untreated sewage into water in Maroochy Shire, Australia. [3]
Computer viruses have degraded or shut down some non-essential
systems in nuclear power plants, but this is not believed to have been a
deliberate attack.

More recently, in May 2007 Estonia was subjected to a mass cyber-

attack in the wake of the removal of a Russian World War II war
memorial from downtown Talinn. The attack was a distributed denial-of-
service attack in which selected sites were bombarded with traffic in
order to force them offline; nearly all Estonian government ministry
networks as well as two major Estonian bank networks were knocked
offline; in addition, the political party website of Estonia's current Prime
Minister Andrus Ansip featured a counterfeit letter of apology from Ansip
for removing the memorial statue. Despite speculation that the attack
had been coordinated by the Russian government, Estonia's defense
minister admitted he had no evidence linking cyber attacks to Russian
authorities. Russia called accusations of its involvement "unfounded,"
and neither NATO nor European Commission experts were able to find
any proof of official Russian government participation.[3] In January 2008
a man from Estonia was convicted for launching the attacks against the
Estonian Reform Party website and fined.[4][5]
Even more recently, in October 2007, the website of Ukrainian president
Viktor Yushchenko was attacked by hackers. A radical Russian
nationalist youth group, the Eurasian Youth Movement, claimed
responsibility.[6]

Since the world of computers is ever-growing and still largely unexplored,

countries new to the cyber-world produce young computer scientists
usually interested in "having fun". Countries like China, Greece, India,
Israel, and South Korea have all been in the spotlight before by the U.S.
Media for attacks on information systems related to the CIA and NSA.
Though these attacks are usually the result of curious young computer
programmers, the United States has more than legitimate concerns
about national security when such critical information systems fall
under attack. In the past five years, the United States has taken a larger
interest in protecting its critical information systems. It has issued
contracts for high-leveled research in electronic security to nations such
as Greece and Israel, to help protect against more serious and dangerous
attacks.

In 1999 hackers attacked NATO computers. The computers flooded them

with email and hit them with a denial of service (DoS). The hackers were
protesting against the NATO bombings in Kosovo. Businesses, public
organizations and academic institutions were bombarded with highly
politicized emails containing viruses from other European countries.[7]

Countering

The US Department of Defense charged the United States Strategic

Command with the duty of combating cyberterrorism. This is
accomplished through the Joint Task Force-Global Network Operations
(JTF-GNO). JTF-GNO is the operational component supporting
USSTRATCOM in defense of the DoD's Global Information Grid. This is
done by integrating GNO capabilities into the operations of all DoD
computers, networks, and systems used by DoD combatant commands,
services and agencies.

On November 2, 2006, the Secretary of the Air Force announced the

creation of the Air Force's newest MAJCOM, the Air Force Cyber
Command, which would be tasked to monitor and defend American
interest in cyberspace. The plan was however replaced by the creation of
Twenty-Fourth Air Force which became active in August 2009 and would
be a component of the planned United States Cyber Command.

On December 22, 2009, the White House named its head of Cyber
Security as Howard Schmidt. He will coordinate U.S Government,
military and intelligence efforts to repel hackers.

In fic tion

· The Japanese cyberpunk manga, Ghost in the Shell (as well as its
popular movie and TV adaptations) centers around an anti-
cyberterrorism and cybercrime unit. In its mid-21st century Japan
setting such attacks are made all the more threatening by an even
 more widespread use of technology including cybernetic
enhancements to the human body allowing people themselves to
be direct targets of cyberterrorist attacks.
· Cyberterrorism was featured in Dan Brown's Digital Fortress.
· Cyberterrorism was featured in Amy Eastlake's Private Lies.
· In the movie Live Free or Die Hard, John McClane (Bruce Willis)
takes on a group of cyberterrorists intent on shutting down the
entire computer network of the United States.
· The movie Eagle Eye involves a super computer controlling
everything electrical and networked to accomplish the goal.
· The plots of 24 Day 4 and now Day 7 include plans to breach the
nation's nuclear plant grid and then to seize control of the entire
critical infrastructure protocol.
· The Tom Clancy created series Netforce was about a FBI/Military
team dedicated to combating cyberterrorists.
· The whole point of Mega Man Battle Network is cyberterrorism.

What is being done?

In response to heightened awareness of the potential for cyber-terrorism

President Clinton, in 1996, created the Commission of Critical
Infrastructure Protection. The board found that the combination of
electricity, communications and computers are necessary to the survival
of the U.S., all of which can be threatened by cyber-warfare. The
resources to launch a cyber attack are commonplace in the world; a
computer and a connection to the Internet are all that is really needed to
wreak havoc. Adding to the problem is that the public and private sectors
are relatively ignorant of just how much their lives depend on computers
as well as the vulnerability of those computers. Another problem with
cyber crime is that the crime must be solved, (i.e. who were the
perpetrators and where were they when they attacked you) before it can
be decided who has the actual authority to investigate the crime. The
board recommends that critical systems should be isolated from outside
connection or protected by adequate firewalls, use best practices for
password control and protection, and use protected action logs.

Most other government organizations have also formed some type of

group to deal with cyber-terrorists. The CIA created its own group, the
Information Warfare Center, staffed with 1,000 people and a 24-hour
response team. The FBI investigates hackers and similar cases. The
Secret Service pursues banking, fraud and wiretapping cases. The Air
Force created its own group, Electronic Security Engineering Teams,
ESETs. Teams of two to three members go to random Air Force sites and
try to gain control of their computers. The teams have had a success rate
of 30% in gaining complete control of the systems.

How can we protect myself?

Currently there are no foolproof ways to protect a system. The completely

secure system can never be accessed by anyone. Most of the militaries
classified information is kept on machines with no outside connection, as
a form of pre vention of cyber terrorism. Apart from such isolation, the
most common method of protection is encryption. The wide spread use of
encryption is inhibited by the governments ban on its exportation, so
intercontinental communication is left relatively insecure. The Clinton
administration and the FBI oppose the export of encryption in favor of a
system where by the government can gain the key to an encrypted
system after gaining a court order to do so. The director of the FBI's
stance is that the Internet was not intended to go unpoliced and that the
police need to protect people's privacy and public-safety rights there.
Encryption's draw back is that it does not protect the entire system, an
attack designed to cripple the whole system, such as a virus, is
unaffected by encryption.

Others promote the use of firewalls to screen all communications to a

system, including e-mail messages, which may carry logic bombs.
Firewall is a relatively generic term for methods of filtering access to a
network. They may come in the form of a computer, router other
communications device or in the form of a network configuration.
Firewalls serve to define the services and access that are permitted to
each user. One method is to screen user requests to check if they come
from a previously defined domain or Internet Protocol (IP) address.
Another method is to prohibit Telnet access into the system.

Here are few key things to remember to pretect yourself from cyber-
terrorism:

1. All accounts should have passwords and the passwords should be

unusual, difficult to guess.
2. Change the network configuration when defects become know.
3. Check with venders for upgrades and patches.
4. Audit systems and check logs to help in detecting and tracing an
intruder.
5. If you are ever unsure about the safety of a site, or receive
suspicious email from an unkown address, don't access it. It could
be trouble.

.What would the impact be?

The intention of a cyber terrorism attack could range from economic

disruption through the interruption of financial networks and systems or
used in support of a physical attack to cause further confusion and
possible delays in proper response.Although cyber attacks have caused
billions of dollars in damage and affected the lives of millions, we have
yet witness the implications of a truly catastrophic cyber terrorism
attack.What would some of the implications be?

Direct Cost Implications

· Loss of sales during the disruption
· Staff time, network delays, intermittent access for business users
· Increased insurance costs due to litigation
· Loss of intellectual property - research, pricing, etc.
· Costs of forensics for recovery and litigation
· Loss of critical communications in time of emergency
Indirect Cost Implications
· Loss of confidence and credibility in our financial systems
· Tarnished relationships& public image globally
· Strained business partner relationships - domestic and
internationally
· Loss of future customer revenues for an individual or group of
companies
· Loss of trust in the government and computer industry

what is Cyber-terrorism?
In the wake of the recent computer attacks, many have been quick to
jump to conclusions that a new breed of terrorism is on the rise and our
country must defend itself with all possible means. As a society we have
a vast operational and legal experience and proved techniques to combat
terrorism, but are we ready to fight terrorism in the new arena – cyber
space?

A strategic plan of a combat operation includes characterization of the

enemy’s goals, operational techniques, resources, and agents. Prior to
taking combative actions on the legislative and operational front, one has
to precisely define the enemy. That is, it is imperative to expand the
definition of terrorism to include cyber-terrorism.

As a society that prides itself on impartiality of justice, we must provide

clear and definitive legislative guidelines for dealing with new breed of
terrorism. As things stand now, justice cannot be served as we have yet
to provide a clear definition of the term. In this light, I propose to re-
examine our understanding of cyber-terrorism.

There is a lot of misinterpretation in the definition cyber-terrorism, the word consisting of

familiar "cyber" and less familiar "terrorism". While "cyber" is anything related to our
tool of trade, terrorism by nature is difficult to define. Even the U.S. government cannot
agree on one single definition. The old maxim, "One man's terrorist is another man's
freedom fighter" is still alive and well.

B. W ho are cybe r t erro rists?

From American point of view the most dangerous terrorist group is Al-
Qaeda which is considered the first enemy for the US. According to US
official’s data from computers seized in Afghanistan indicate that the
group has scouted systems that control American energy facilities, water
distribution, communication systems, and other critical infrastructure.

After April 2001 collision of US navy spy plane and Chinese fighter jet,
Chinese hackers launched Denial os Service (DoS) attacks against
American web sites.
A study that covered the second half of the year 2002 showed that the
most dangerous nation for originating malicious cyber attacks is the C.
Why do they use cyber att acks?
Cyber terrorist prefer using the cyber attack methods because of many
advantages for it.
It is Cheaper than traditional methods.
The action is very difficult to be tracked.
They can hide their personalities and location.
There are no physical barriers or check points to cross.
They can do it remotely from anywhere in the world.
They can use this method to attack a big number of targets.
They can affect a large number of people.

D. Fo rms of cyber te rrorism-

(I) P riv acy v iolation:
The law of privacy is the recognition of the individual's right to be let
alone and to have his personal space inviolate. The right to privacy as an
independent and distinctive concept originated in the field of Tort law,
under which a new cause of action for damages resulting from unlawful
invasion of privacy was recognized. In recent times, however, this right
has acquired a constitutional status, the violation of which attracts both
civil as well as criminal consequences under the respective laws. The
intensity and complexity of life have rendered necessary some retreat
from the world. Man under the refining influence of culture, has become
sensitive to publicity, so that solitude and privacy have become essential
to the individual. The various provisions of the Act aptly protect the
online privacy rights of the citizens. Certain acts have been categorized
as offences and contraventions, which have tendency to intrude with the
privacy rights of the citizens.

(II) Se cre t information appropriation and data theft :

The information technology can be misused for appropriating the
valuable Government secrets and data of private individuals and the
Government and its agencies. A computer network owned by the
Government may contain valuable information concerning defence and
other top secrets, which the Government will not wish to share
otherwise. The same can be targeted by the terrorists to facilitate their
activities, including destruction of property. It must be noted that the
definition of property is not restricted to moveables or immoveables

(III) Demolition of e-gov ernanc e base:

The aim of e-governance is to make the interaction of the citizens with
the government offices hassle free and to share information in a free and
transparent manner. It further makes the right to information a
meaningful reality. In a democracy, people govern themselves and they
cannot govern themselves properly unless they are aware of social,
political, economic and other issues confronting them. To enable them to
make a proper judgment on those issues, they must have the benefit of a
range of opinions on those issues. Right to receive and impart
information is implicit in free speech. This, right to receive information is,
however, not absolute but is subject to reasonable restrictions which
may be imposed by the Government in public interest.

(IV) Distributed denial of serv ices at tack:

The cyber terrorists may also use the method of distributed denial of
services (DDOS) to overburden the Government and its agencies
electronic bases. This is made possible by first infecting several
unprotected computers by way of virus attacks and then taking control
of them. Once control is obtained, they can be manipulated from any
locality by the terrorists. These infected computers are then made to
send information or demand in such a large number that the server of
the victim collapses. Further, due to this unnecessary Internet traffic the
legitimate traffic is prohibited from reaching the Government or its
agencies computers. This results in immense pecuniary and strategic
loss to the government and its agencies.

It must be noted that thousands of compromised computers can be used

to simultaneously attack a single host, thus making its electronic
existence invisible to the genuine and legitimate citizens and end users.
The law in this regard is crystal clear.

(V) Network damage and disruptions:

The main aim of cyber terrorist activities is to cause networks damage
and their disruptions. This activity may divert the attention of the
security agencies for the time being thus giving the terrorists extra time
and makes their task comparatively easier. This process may involve a
combination of computer tampering, virus attacks, hacking, etc.

E. The dange r of cyber terrorism-

General John Gordon, the White House Homeland Security Advisor,
speaking at the RSA security conference in San Francisco, CA Feb. 25,
2004 indicated that whether someone detonates a bomb that cause
bodily harm to innocent people or hacked into a web-based IT system in
a way that could, for instance, take a power grid offline and result in
blackout, the result is ostensibly the same. He also stated that the
potential for a terrorist cyber attack is real.

Cyber terrorists can destroy the economy of the country by attacking the
critical infrastructure in the big towns such as electric power and water
supply, still the blackout of the North Western states in the US in Aug.
15, 2003 is unknown whether it was a terrorist act or not, or by
attacking the banks and financial institutions and play with their
computer systems.

Cyber terrorists can endanger the security of the nation by targeting the
sensitive and secret information (by stealing, disclosing, or destroying).

T he Impact of Cyber T errorism-

The intention of a cyber terrorism attack could range from economic
disruption through the interruption of financial networks and systems or
used in support of a physical attack to cause further confusion and
possible delays in proper response. Although cyber attacks have caused
billions of dollars in damage and affected the lives of millions, we have
yet witness the implications of a truly catastrophic cyber terrorism
attack. What would some of the implications be?

Direct Cost Implications

• Loss of sales during the disruption
• Staff time, network delays, intermittent access for business users
• Increased insurance costs due to litigation
• Loss of intellectual property - research, pricing, etc.
• Costs of forensics for recovery and litigation
• Loss of critical communications in time of emergency.
Indirect Cost Implications
• Loss of confidence and credibility in our financial systems
• Tarnished relationships& public image globally
• Strained business partner relationships - domestic and internationally
• Loss of future customer revenues for an individual or group of
companies
• Loss of trust in the government and computer industry

Some incidents of cyber terrorism-

The following are notable incidents of cyber terrorism:
• In 1998, ethnic Tamil guerrillas swamped Sri Lankan embassies with
800 e-mails a day over a two-week period. The messages read "We are
the Internet Black Tigers and we're doing this to disrupt your
communications." Intelligence authorities characterized it as the first
known attack by terrorists against a country's computer systems.
• During the Kosovo conflict in 1999, NATO computers were blasted with
e-mail bombs and hit with denial-of-service attacks by hacktivists
protesting the NATO bombings.

•One of the worst incidents of cyber terrorists at work was when crackers
in Romania illegally gained access to the computers controlling the life
support systems at an Antarctic research station, endangering the 58
scientists involved. More recently, in May 2007 Estonia was subjected to
a mass cyber-attack by hackers inside the Russian Federation which
some evidence suggests was coordinated by the Russian government,
though Russian officials deny any knowledge of this. This attack was
apparently in response to the removal of a Russian World War II war
memorial from downtown Estonia.

Efforts of combating cyber terrorism-

The Interpol, with its 178 member countries, is doing a great job in
fighting against cyber terrorism. They are helping all the member
countries and training their personnel. The Council of Europe
Convention on Cyber Crime, which is the first international treaty for
fighting against computer crime, is the result of 4 years work by experts
from the 45 member and non-member countries including Japan, USA,
and Canada. This treaty has already enforced after its ratification by
Lithuania on 21st of March 2004.

The Association of South East Asia Nations (ASEAN) has set plans for
sharing information on computer security. They are going to create a
regional cyber-crime unit by the year 2005.

Protection from cyber terrorism- a few suggestions

Currently there are no foolproof ways to protect a system. The completely
secure system can never be accessed by anyone. Most of the militaries
classified information is kept on machines with no outside connection, as
a form of pre vention of cyber terrorism. Apart from such isolation, the
most common method of protection is encryption. The wide spread use of
encryption is inhibited by the governments ban on its exportation, so
intercontinental communication is left relatively insecure. The Clinton
administration and the FBI oppose the export of encryption in favor of a
system where by the government can gain the key to an encrypted
system after gaining a court order to do so. The director of the FBI's
stance is that the Internet was not intended to go unpoliced and that the
police need to protect people's privacy and public-safety rights there.
Encryption's draw back is that it does not protect the entire system, an
attack designed to cripple the whole system, such as a virus, is
unaffected by encryption.

Others promote the use of firewalls to screen all communications to a

system, including e-mail messages, which may carry logic bombs.
Firewall is a relatively generic term for methods of filtering access to a
network. They may come in the form of a computer, router other
communications device or in the form of a network configuration.
Firewalls serve to define the services and access that are permitted to
each user. One method is to screen user requests to check if they come
from a previously defined domain or Internet Protocol (IP) address.
Another method is to prohibit Telnet access into the system.

Here are few key things to remember to protect from cyber-

terrorism:
1. All accounts should have passwords and the passwords should be
unusual, difficult to guess.
2. Change the network configuration when defects become know.
3. Check with venders for upgrades and patches.
4. Audit systems and check logs to help in detecting and tracing an
intruder.
5. If you are ever unsure about the safety of a site, or receive suspicious
email from an unknown address, don't access it. It could be trouble.

Indian law & Cyber terrorism-

In India there is no law, which is specifically dealing with prevention of
malware through aggressive defense. Thus, the analogous provisions
have to be applied in a purposive manner. The protection against
malware attacks can be claimed under the following categories:
(1) Protection available under the Constitution of India, and
(2) Protection available under other statutes.

(1) Protection under the Constitution of India:

The protection available under the Constitution of any country is the
strongest and the safest one since it is the supreme document and all
other laws derive their power and validity from it. If a law satisfies the
rigorous tests of the Constitutional validity, then its applicability and
validity cannot be challenge and it becomes absolutely binding. The
Constitutions of India, like other Constitutions of the world, is organic
and living in nature and is capable of molding itself as per the time and
requirements of the society.

(2) Protection under other statutes:

The protection available under the Constitution is further strengthened
by various statutory enactments. These protections can be classified as:
(A) Protection under the Indian Penal Code (I.P.C), 1860, and
(B) Protection under the Information Technology Act (ITA), 2000.

The roads ahead Forms of cyber terrorism

 It is very difficult to exhaustively specify the forms of cyber terrorism. In
fact, it would not be a fruitful exercise to do the same. The nature of
cyber terrorism requires it to remain inclusive and open ended in nature,
so that new variations and forms of it can be accommodated in the
future. The following can be safely regarded as the forms of cyber
terrorism applying the definition and the concepts discussed above:

(I) Privacy violation :

The law of privacy is the recognition of the individual's right to

be let alone and to have his personal space inviolate.. In recent times,
however, this right has acquired a constitutional status the violation of
which attracts both civil as well as criminal consequences under the
respective laws. The intensity and complexity of life have rendered
necessary some retreat from the world. Man under the refining influence
of culture, has become sensitive to publicity, so that solitude and privacy
have become essential to the individual. Modern enterprise and invention
have, through invasions upon his privacy, subjected him to mental pain
and distress, far greater than could be inflicted by mere bodily injury.
Right to privacy is a part of the right to life and personal liberty
enshrined under Article 21 of the Constitution of India. With the advent
of information technology the traditional concept of right to privacy has
taken new dimensions, which require a different legal outlook. Thus, if a
person (including a foreign national) contravenes the privacy of an
individual by means of computer, computer system or computer network
located in India, he would be liable under the provisions of the Act. This
makes it clear that the long arm jurisdiction is equally available against a
cyber terrorist, whose act has resulted in the damage of the property,
whether tangible or intangible.

(II) Secret information appropriation and data theft :

The information technology can be misused for appropriating the

valuable Government secrets and data of private individuals and the
Government and its agencies. A computer network owned by the
Government may contain valuable information concerning defence and
other top secrets, which the Government will not wish to share
otherwise. The same can be targeted by the terrorists to facilitate their
activities, including destruction of property. It must be noted that the
definition of property is not restricted to moveables or immoveables
alone.

(III) Demolition of e-governance base:

The aim of e-governance is to make the interaction of the citizens with

the government offices hassle free and to share information in a free and
transparent manner. It further makes the right to information a
meaningful reality. In a democracy, people govern themselves and they
cannot govern themselves properly unless they are aware of social,
political, economic and other issues confronting them. To enable them to
make a proper judgment on those issues, they must have the benefit of a
range of opinions on those issues. Right to receive and impart
information is implicit in free speech. This, right to receive information is,
however, not absolute but is subject to reasonable restrictions which
may be imposed by the Government in public interest.

(IV) Distributed denial of services attack:

The cyber terrorists may also use the method of distributed

denial of services (DDOS) to overburden the Government and its agencies
electronic bases. This is made possible by first infecting several
unprotected computers by way of virus attacks and then taking control
of them. Once control is obtained, they can be manipulated from any
locality by the terrorists. These infected computers are then made to
send information or demand in such a large number that the server of
the victim collapses. Further, due to this unnecessary Internet traffic the
legitimate traffic is prohibited from reaching the Government or its
agencies computers. This results in immense pecuniary and strategic
loss to the government and its agencies. It must be noted that thousands
of compromised computers can be used to simultaneously attack a single
host, thus making its electronic existence invisible to the genuine and
legitimate netizens and end users. The law in this regard is crystal clear.

(V) Network damage and disruptions:

The main aim of cyber terrorist activities is to cause networks damage

and their disruptions. This activity may divert the attention of the
security agencies for the time being thus giving the terrorists extra time
and makes their task comparatively easier. This process may involve a
combination of computer tampering, virus attacks, hacking, etc. The law
in this regard provides that if any person without permission of the
owner or any other person who is incharge of a computer, computer
system or computer network -

(a) accesses or secures access to such computer, computer system or

computer network

(b) introduces or causes to be introduced any computer contaminant or

computer virus into any computer, computer system or computer
network;

(c) damages or causes to be damaged any computer, computer system or

computer network, data, computer data base or any other programmes
residing in such computer, computer system or computer network;

(d) disrupts or causes disruption of any computer, computer system or

computer network;

(e) denies or causes the denial of access to any person authorised to

access any computer, computer system or computer network by any
means;

he shall be liable to pay damages by way of compensation not

exceeding one crore rupees to the person so affected. The expression
"Computer Virus" means any computer instruction, information, data or
programme that destroys, damages, degrades or adversely affects the
performance of a computer resource or attaches itself to another
computer resource and operates when a programme, data or instruction
is executed or some other event takes place in that computer resource.

Further, a vigilant citizenry can supplement the commitment of

elimination of cyber terrorism.

(1) L egislative commitment:

The legislature can provide its assistance to the benign objective of

elimination of cyber terrorism by enacting appropriate statutes dealing
with cyber terrorism. It must be noted that to give effect to the provisions
of Information Technology Act, 2000 appropriate amendments have been
made in the I.P.C, 1860, the Indian Evidence Act, 1872, the Bankers'
Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934.

(2) Executives concern:

The Central Government and the State Governments can play their role
effectively by making various rules and regulations dealing with cyber
terrorism and its facets from time to time. The Central Government can,
by notification in the Official Gazette and in the Electronic Gazette,
makes rules to carry out the provisions of the Information Technology
Act. Similarly, the State Government can, by notification in Official
Gazette, makes rules to carry out the provisions of the Act. . If any
Cyber Café Owner/Network Service Provider failsologies. to maintain Log
Register and records he shall be liable for penalties as provided in the Act
or any other Law, for the time being in force. These provisions are
sufficient to take care of illegal use of cyber café for terrorist activities.

(3)Judicial response:

The judiciary can play its role by adopting a stringent approach towards
the menace of cyber terrorism. It must, however, first tackle the
jurisdiction problem because before invoking its judicial powers the
courts are required to satisfy themselves that they possess the requisite
jurisdiction to deal with the situation. Since the Internet "is a cooperative
venture not owned by a single entity or government, there are no
centralized rules or laws governing its use. The absence of geographical
boundaries may give rise to a situation where the act legal in one country
where it is done may violate the laws of another country. This process
further made complicated due to the absence of a uniform and
harmonised law governing the jurisdictional aspects of disputes arising
by the use of Internet. It must be noted that, generally, the scholars
point towards the following "theories" under which a country may claim
prescriptive jurisdiction:

(a) a country may claim jurisdiction based on "objective territoriality"

when an activity takes place within the country,
(b) a "subjective territoriality" may attach when an activity takes place
outside a nation's borders but the "primary effect" of the action is within
the nation's borders,

(c) a country may assert jurisdiction based on the nationality of either

the actor or the victim,

(d) in exceptional circumstances, providing the right to protect the

nation's sovereignty when faced with threats recognised as particularly
serious in the international community.

In addition to establishing a connecting nexus, traditional

international doctrine also calls for a "reasonable" connection between
the offender and the forum. Depending on the factual context, courts
look to such factors, as whether the activity of individual has a
"substantial and foreseeable effect" on the territory, whether a "genuine
link" exists between the actor and the forum, the character of the activity
and the importance of the regulation giving rise to the controversy, the
extent to which exceptions are harmed by the regulation, and the
importance of the regulation in the international community. The
traditional jurisdictional paradigms may provide a framework to guide
analysis for cases arising in cyberspace.

(4) Vigilant citizenry:

The menace of cyber terrorism is not the sole responsibility of State and
its instrumentalities. The citizens as well as the netizens are equally
under a solemn obligation to fight against the cyber terrorism. In fact,
they are the most important and effective cyber terrorism eradication and
elimination mechanism. The only requirement is to encourage them to
come forward for the support of fighting against cyber terrorism. The
government can give suitable incentives to them in the form of monetary
awards. It must, howe ver, be noted that their anonymity and security
must be ensured before seeking their help. The courts are also
empowered to maintain their anonymity if they provide any information
and evidence to fight against cyber terrorism.

Concl usi o n:
The problem of cyber terrorism is multilateral having varied facets and
dimensions. Its solution requires rigorous application of energy and
resources. It must be noted that law is always seven steps behind the
technology. This is so because we have a tendency to make laws when
the problem reaches at its zenith. We do not appreciate the need of the
hour till the problem takes a precarious dimension. At that stage it is
always very difficult, if not impossible, to deal with that problem. This is
more so in case of offences and violations involving information
technology. One of the argument, which is always advanced to justify
this stand of non-enactment is that “the measures suggested are not
adequate to deal with the problem”. It must be appreciated that
“something is better then nothing”. The ultimate solution to any problem
is not to enact a plethora of statutes but their rigorous and dedicated
enforcement. The courts may apply the existing laws in a progressive,
updating and purposive manner. It must be appreciated that it is not the
“enactment” of a law but the desire, will and efforts to accept and enforce
it in its true letter and spirit, which can confer the most strongest, secure
and safest protection for any purpose. The enforcement of these rights
requires a “qualitative effort” and not a “quantitative effort”. Thus, till a
law dealing expressly with cyber terrorism is enacted, we must not feel
shy and hesitant to use the existing provisions.