The term implies two elements:
cyber and terrorism. Both if these are regarded as the two great fears of the
20th century, both imply fear of the unknown. Fear of random, violent
victimization segues well with the distrust and outright fear of computer
technology .[i] Cyber terrorism is a term esoteric, complex and difficult to
circumscribe within four corners of a definition, which will be universally
acceptable. While the word cyber relates to cybernetics, which is our tool of
trade, terrorism denotes an act of violence. In 1997, Barry Collins coined the
term cyber terrorism, the term has since entered into parlance and is also
defined as “attacking sabotage prone targets by computer, which poses disastrous
consequences for our incredibly-computer dependent society. [ii] In the form of
cyber terrorism the terrorists, find an easy, risk-free, low-cost option.
A more elaborate definition is given by the FBI, which defines cyber terrorism
as:
The premeditated, politically motivated attack against information, computer
systems, computer programs and data which result in violence against
non-combatant targets by sub-national groups and clandestine agents.[iii]â€
Thus, cyber terrorism is the politically motivated use of computers by
sub-national and clandestine agents to pressurize an audience or to cause a
government to alter its orders or policies. For a subversive attack, borders do
not have to be crossed, bombs do not have to be smuggled and placed, hostages do
not have to be kidnapped and captured and terrorists do not have to surrender
their lives. In short, “…tomorrow’s terrorists may be able to do more with a
keyboard than with a bomb.[iv]
Cyber Terrorism And Cybercrime
While all cyber terrorism can be termed as cybercrime, all cybercrimes are not
cyber terrorism. Cyber terrorism falls in the taxonomy of cybercrimes.
Cybercrimes are usually single handed crimes while cyber terrorism is a chain of
acts committed by organised terrorist groups. The motive and the objective
differentiate the two while the Modus operandi and consequences unite them.
Cyber terrorism denotes international exploitation of information technology
while a cybercrime is mostly done on the individual level.
The mind and motive of the cyber terrorist is drastically different from that of
a cyber criminal. While the motive of the cyber terrorists is to terrorize
nations, to horrify the population as a means to achieve its objectives, a cyber
criminal is often committed out of an inquisitiveness to explore or discover the
mysterious world of cyberspace.
The objective a cyber terrorist is social, political or ideological. He resorts
to the exploitation of information to achieve a goal and pressurise governments
or state to revise or change their policies as per the terrorist’s wishes or
demands. They target the innocent people. A cyber criminal’s victim is usually
like banks, educational institutions etc.
Cyber Terrorism And Hacking
Cyber terrorism is not the same as Hacking. Hacking is the unauthorized access
into computer system with the object of manipulating data stored in therein.
Thus, hacking is a cyber attack, which can be employed by hackers, by cyber
criminals or by cyber terrorists as well. Thus, cyber-attacks by glory-seeking
individuals, organizations with criminal motives, government engaging in
information warfare, is not cyber terrorism.
Cyber attacks by cyber terrorists primarily having violence and terror as its
goal is premeditated, politically motivated CNA by a handful of terrorists who
try to leverage limited resources to instill fear and shape public opinion and
dramatic attack on computer networks. However, both the hackers and terrorists
are common enemy of the mankind, similar in action but disparate in motive. The
hackers are specialists in this field, skilled in bytes and masters of the
keyboard. They are also accomplished code-writers and sell their skill for
money. The hackers work in groups, they often have political motive but mostly
they work for profit. Cyber terrorists being fanatics are preoccupied with their
ideologies and they are not the people who work 20 hours a day, on the
computers. Thus, they are not computer nerds.
Why The Terrorist Organizations Exploit Cyberspace
Cyber attacks offer a number of opportunities for terrorist activities with wide
impacts. By the use of cyber attacks, terrorists can inflict great damage to a
country than by resorting to physical violence. With customary terrorist
activities, like bombings, the impacts get limited to specific physical
locations and communities. A great part of the population acts only as
spectators and they are not directly affected by terrorist acts. The public
attention is more likely to focus on the devastation of property and/or loss of
life than whatever “cause†the activity was intended to endorse. The inspiration
of the cyber terrorists comes from their political agenda. Their attacks gets
motivation from political areas and directed to specific critical system.
Case Study
In March 2000, in Australia, a disgruntled employee (who failed to secure
full-time employment) used the Internet to release 1 million liters of raw
sewage into the river and coastal waters in Queensland. [v]
In 1998, a terrorist guerrilla organization flooded Sri Lankan embassies with
800 emails a day for a two-week period. The messages simply read “We are the
Internet Black Tigers and we’re doing this to interrupt your communications.â€
Intelligence departments characterized it as the first known attack by
terrorists against a country’s computer systems. [vi]
In July 1997, the leader of a Chinese hacker group claimed to have temporarily
disabled a Chinese satellite and announced he was forming a new global “crackerâ€
organization to protest and disrupt Western investment in China. [vii]
Internet saboteurs defaced the Home Page of, and stole e-mail from, India’s
Bhabha Atomic Research Center in the summer of 1998. The three anonymous
saboteurs claimed in an Internet interview to have been protesting recent Indian
nuclear blasts.[viii] Cyber terrorism may be used not only to inflict damage,
but also in blend with conventional or non conventional terrorism.
Counteraction To Cyber Terrorism
As cyber terrorism is a combination of an urge to cause terror with the help of
technology, no single measure can successfully deal with it or combat it. Thus,
a multi- thronged counteraction can bring an effective result.
1) Legal Response
The main role in cyber terrorism is played by criminal societies, organized
criminal groups and national and transnational criminal organizations. Thus, in
cyber legislations of various countries, recognition is given to the criminal
liability of the cyber terrorists.
A. US Approach-
After the assaults of 11 September 2001 in New York and Washington, the US
Congress passed the new anti-terrorist law- The Patriot Act. The Congress
introduced the new legal term ‘cyber terrorism’ which stands for various forms
of hacking and causing damage to protected computer networks of citizens, legal
entities or governmental authorities, including damage to computer system used
by governmental agency to manage national defense or to assure national
security. [ix] Another act called the Federal Information Security Management
Act, 2002 was enacted which gave responsibility for security standards for
civilian federal agency computer systems to the office of Management and Budget.
Again in 2005, the Department of Homeland Security Authorization Act for Fiscal
year 2006 was passed which aims at the enhancement of cyber security in the US.
The Act of 2005 comes up with several cyber security programs to secure the
critical infrastructure of US and Data Acquisition systems towards developing
processes for information sharing.
B. UK approach-
The UK lagged behind many of the other major states in introducing computer
scientific legislation. The Law Commission of UK suggested reforming the present
law of hacking by making possible criminalization of conduct, which is not at
present directly covered by criminal law.
The Computer Misuse Act, 1990 in section 1 regards “unauthorized access†as an
offence which is the basic “hacking†or “cracking†offence. Article 7 of DPA
requires organizations to implement adequate technical measures to protect
against unauthorized access to unauthorized data. [x] Thus, hacking when done by
organized terrorist groups would be regarded as an offence and would be dealt
with under the relevant provisions.
C. Indian approach-
India responded to the misuse of information technology and internet vandalism
by passing its cyber act, the IT Act,2000.[xi] It also made amendments in
traditional laws like in the Evidence Act, 1872; the Penal Code, 1860: the
Bankers’ Books Evidence Act, 1891 so as to update them. The word “cyber
terrorism†did not occur in the Act until 2008 when the amendment made important
introductions relating to the subject of cyber terrorism.
The IT (Amendment) Act, 2008 (10 of 2009) not only defines the term cyber
terrorism but it has many sections in pari material. It is the amalgamation of
several sections in the amended Act which. Taken together makes a meaningful law
provision to address this dreaded peril.
These are:
# Section 66-F - Punishment for cyber terrorism
# Section 70 – Protected System
# Section 43 – Unauthorized access
# Section 70-A – National Nodal agency
# Section 70-B – Indian Computer Emergency Response Team
Cyber terrorism under IT Act, 2000 (Section 66F)-
1) Whoever,-
(A) with intent to threaten the unity, integrity, security or sovereignty of
India or to strike terror in the people or any section of the people by –
(i) denying or cause the denial of access to any person authorised to access
computer resource; or
(ii) attempting to penetrate or access a computer resource without authorisation
or exceeding authorised access; or
(iii) introducing or causing to introduce any Computer Contaminant.
and by means of such conduct causes or is likely to cause death or injuries to
persons or damage to or destruction of property or disrupts or knowing that it
is likely to cause damage or disruption of supplies or services essential to the
life of the community or adversely affect the critical information
infrastructure specified under section 70, or
(B) knowingly or intentionally penetrates or accesses a computer resource
without authorisation or exceeding authorised access, and by means of such
conduct obtains access to information, data or computer database that is
restricted for reasons of the security of the State or foreign relations; or any
restricted information, data or computer database, with reasons to believe that
such information, data or computer database so obtained may be used to cause or
likely to cause injury to the interests of the sovereignty and integrity of
India, the security of the State, friendly relations with foreign States, public
order, decency or morality, or in relation to contempt of court, defamation or
incitement to an offence, or to the advantage of any foreign nation, group of
individuals or otherwise,
commits the offence of cyber terrorism.
(2) Whoever commits or conspires to commit cyber terrorism shall be punishable
with imprisonment which may extend to imprisonment for life.
Section 66F has introduced a new cybercrime in the statute. It says that anyone
who has intentionally in order to threaten the unity of the country strikes
terror using the electronic means, commits cyber terrorism. To assure safety of
the CII, the act lays down several safety measures which would be helpful in
preventing cyber terrorism or mitigating its impact. A new section 70-A has been
formulated only to secure CII through a national Nodal Agency which is to be
established by the Central Government. This agency shall undertake research and
development work in respect of CII. The establishment of such agency will be
done as per the newly inserted Section 70-B. The Central government shall
appoint a government agency called Indian Computer Emergency Response Team as
the national agency to look into the cyber security of the country.
2) International Response
There is an international consensus that a hacker should not be allowed to get
away only because of legal inadequacies.[xii] Cyber terrorism, being a global
menace, it is impossible to combat it without international harmonization of
laws on the subject and efforts by international society. Cyber terrorism can be
thwarted only when nations come together and make a positive move. Following
steps are directed to achieve this end.
A. Commission on crime prevention and criminal justice (CCPC)
A unit of the United Nations made several exercises as to how to prevent and
control high technology and computer related crimes. The commission recommends
that one way of doing this is to forge closer links between nations so that the
cyber criminal is relentlessly pursued across frontiers.
B. United Nations Convention on Transnational Organized Crime
It was adopted by the Central Assembly on 15 November 2000, though not directly
applicable to routine computer crimes, is however attracted where organised
gangs like that of the cyber terrorists use telecommunication and computer
network for their operations.
C. Convention on Cybercrime
The main objective of the convention is to “pursue a common criminal policy
aimed at the protection of society at cybercrime, especially by adopting
appropriate legislation and fostering international co-operationâ€. Cooperation
at this level is of ofcourse the most powerful way of ensuring a consistent
international approach to the problem of cybercrime.
D. International agreements
US and other countries directed initiatives to conclude mutual agreements on
judicial support, extradition, investigatory authorities, delimitation and
unification of laws so as to facilitate implication of cyber terrorist even when
he is a foreigner.
3) Governmental Response
US, having the densest connectivity and convergence, is the easiest target of
cyber terrorism. Thus, the governmental response in this country is strongest
compared to the other countries.
After II September 2001, the US government reacted towards it in the most
effective manner so as to construct a more resilient society of Americans which
will strengthen them to fight terrorism of any sort. However, much before that,
the government also announced plans to safeguard the critical infrastructure or
Supervisory Control and Data Acquisition (SCADA) when they are connected to the
Internet to monitor certain industrial processes and also national security of
America.[xiii]
4) Technological Response
As cyber terrorism has purely technical modus operandi, mere legal provisions or
planning alone would not be sufficient to combat it. When a terrorist group
which lacks technical skills need to scan for vulnerabilities and launch a
computer based attack, it may gain access through forming a link with hacker
criminals or with other terrorist groups. The US government first responded to
it by data mining programs such as the former Terrorism Information Awareness
Program (TIAP) to uncover these linkages but had to shelve it as the TIA raised
grim privacy concerns.
5) Miscellaneous Response
A. Coordination to protect against cyber terrorism-
Coordination between the private sector and government requires mutual
information about any information they exchange on computer security.[xiv]
B. Special services-
It is necessary to change approaches to fight terrorism. This formidable task is
entrusted to such special services which carry out intelligence and
counter-intelligence activities simultaneously.
Conclusion
The threat of cyber attacks are at a continuous rate of growth as the online
users are at a constant increase and also with the growth of computer
technology. A large amount of investments have been made to prevent terrorist
attacks but the developed countries remain highly open to cyber attacks against
the computer networks. Law enforcements, policies, practices and necessary
measures should continue to develop as the computer technology is also at
continuous development. Cyber terrorism is at an alarming stage for the whole
international community. The current era of international laws, norms, and
definitions not only inadequately addresses cyber-terrorism, it actually
intensifies the dangers of the threat by creating a gray area that can be very
easily exploited by cyber terrorists. National efforts should be coordinated
with international efforts to be successful against cyber terrorism.
End-Notes
[i] Mark M. Pollitt, “Cyberterrorism: Fact or Fancy? FBI Laboratory,
[ii] Dave Pettinari, “Cyberterrorism, information warfare and attacks being
launched now and in the future in the heartland of Americaâ€, Police Futurists
International,
[iii] “Cyber-terrorism: The New Kind of Terrorismâ€, CCRC (8-4-2004).
[v] R. Lemos, “What are the real risks of cyber terrorism?,†ZDNet, 26 August
2002.
[vi] D. Denning, “Cyber terrorism. Testimony before the Special Oversight Panel
on Terrorism,†Committee on Armed Services U.S. House of Representatives,
Georgetown University, May 2000. http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html.
[vii] K. Curran, K. Concannon and S. McKeever, “Cyber terrorism attacks cyber
warfare and cyber terrorism,†Information Science Reference, 2008, p.1-6.
[viii] K. Curran, K. Concannon and S. McKeever, “Cyber terrorism attacks cyber
warfare and cyber terrorism,†Information Science Reference, 2008, p.1-6.
[ix] V. Golubev, “Cyberterrorism: Concept, Terms, Counteractionâ€.Source: CCRC
(31-8-2004).
[x] Source: “Lessons from US cyber law†ComputerWeekly.com
[xi] Act 21 of 2000.
[xii] David R. Johnson, “Due Process and Cyber Jurisdictionâ€, Cyber Law
Institute.
[xiii] S. Venkmatesh, "Control of Cyber Terrorism" in Cyber Terrorism. (Authorspress,
New Delhi 2003) 277.
[xiv] John Moteff, “Critical infrastructures: Background, Policy and
Implementation†(7-8-2003).
Written by: Roshin Iqbal (Jamia Millia Islamia, BALL.B 4th year) and Syed
Moosvi Raza Kazmi (Amity University, B.Com LL.B 2nd year).Â
Please Drop Your Comments