Cyber Warfare and Cyber Terrorism: Medha Surabhi BA - LLB (4 Year) KIIT School of Law
Cyber Warfare and Cyber Terrorism: Medha Surabhi BA - LLB (4 Year) KIIT School of Law
Cyber Warfare and Cyber Terrorism: Medha Surabhi BA - LLB (4 Year) KIIT School of Law
CYBER TERRORISM
MEDHA SURABHI
BA.LLB(4th Year)
KIIT School of Law
Electronic
Electroniccopy
copyavailable
availableat:
at:https://ssrn.com/abstract=2122633
http://ssrn.com/abstract=2122633
CONTENTS
INTRODUCTION……………………………………………………………………. 3
AN INSIGHT……………………………………………………………………….... 4
CONCLUSION………………………………………………………………………. 12
REFERNCES………………………………………………………………………… 15
2|P ag e
Electronic
Electroniccopy
copyavailable
availableat:
at:https://ssrn.com/abstract=2122633
http://ssrn.com/abstract=2122633
INTRODUCTION
The world of Internet today has become a parallel form of life and living. The public are now
capable of doing things which were not imaginable few years ago. The Internet is fast becoming
a way of life for millions of people and also a way of living because of growing dependence and
reliance of the mankind on these machines. Internet has enabled the use of website
communication, email and a lot of anytime anywhere IT solutions for the betterment of human
kind.
Internet, though offers great benefit to society, also present opportunities for crime using new
and highly sophisticated technology tools. Today e-mail and websites have become the preferred
means of communication. Organizations provide Internet access to their staff. By their very
nature, they facilitate almost instant exchange and dissemination of data, images and variety of
material. This includes not only educational and informative material but also information that
might be undesirable or anti-social. Regular stories featured in the media on computer crime
include topics covering hacking to viruses, web-jackers, to internet paedophiles, sometimes
accurately portraying events, sometimes misconceiving the role of technology in such activities.
Increase in cyber crime rate has been documented in the news media. Both the increase in the
incidence of criminal activity and the possible emergence of new varieties of criminal activity
pose challenges for legal systems, as well as for law enforcement.
Cyber Warfare is using computers over the Internet to conduct acts of warfare against other
websites or groups on the Internet. This could include defacing websites, distributed denial of
service attacks, distributing propaganda, and gathering classified data over the Internet. Cyber
Terrorism is different from Cyber Warfare. Cyber Warfare can be inconvenient from having to
clean up a website from vandalism or suffering from downtime because of a denial of service
attack. With Cyber Terrorism, violence can result from an attack.
The term ―cyber terrorism‖ was coined in1996 by combining the terms cyberspace and terrorism.
Cyber terrorism is the dark side of the web world. Cyber terrorism is the premeditated, politically
3|P ag e
According to Mark Pollitt of the Federal Bureau of Investigation, the definition of Cyber
Terrorism is, ―the premeditated, politically motivated attack against information, computer
systems, computer programs, and data which results in violence against noncombatant targets by
sub national groups or clandestine agents‖. This definition according to Verton, ―covers both
cyber terrorism and terrorism in general‖, he continues on that, ―not only can systems be
attacked through cyber means, but also attacking the physical hardware that makes up computer
systems‖.
Cyber Warfare and Cyber Terrorism have both similarities and differences. They are similar in
sense that both involve using computer systems against other computer systems, although with
Cyber Terrorism the physical system can also be targeted. They are both different because in
Cyber Terrorism, violence can occur, such as people can be hurt or killed.
There are many reasons why these attacks occur. Probably one of the main reasons is to state a
goal or objective that disagrees with a view of another community. For example, an anti-abortion
group defacing an abortion clinic‘s website, or performing a denial of service against a website
so that people cannot access it and receive information from it. These would be acts of Cyber
Warfare.
With Cyber Terrorism, these attacks occur because of numerous reasons. The word terrorism
itself has the word terror in it, which means to strike fear and dread into an individual. There
have been many Terrorism attacks throughout history, including the one on September 11, 2001.
4|P ag e
Fear Factor – The most denominator of the majority of the attacks is terrorists wishing to
create fear in individuals groups and societies. The best example is bombing of Bali
Nightclub, in 2002. This night club was nothing but watering for foreign tourists. The
influx of foreign tourists to Bali was significantly reduced after this attack.
Spectacular Factor – Spectacular means attacks aimed at either creating huge direct losses
and/or resulting in a lot of negative publicity. In 1999, the Amazon.com Web site was
closed for some time due to a denial of service (DOS) attack.
Vulnerability factor - Cyber activities do not always end up with huge financial losses.
Some of the most effective ways to demonstrate an organization‘s vulnerability is to
cause a denial of service to the commercial server or something as simple as the
defacement of an organization‘s Web pages, very often referred to as computer graffiti.
Virus and worm attacks that are delivered via e-mail attachments, Web browser
scripts, and vulnerability exploit engines.
Denial of service attacks designed to prevent the use of public systems by legitimate
users by overloading the normal mechanisms inherent in establishing and maintaining
5|P ag e
Unauthorized intrusions into systems that lead to the theft of confidential and/or
proprietary information, the modification and/or corruption of data, and the inappropriate
usage of a system for launching attacks on other systems.
With Cyber Warfare, any website on the Internet and the people who are affiliated with them can
be affected by Cyber Warfare attacks. Going back to the previous example of the abortion clinic,
not only has the website been defaced by an anti-abortion group, it effects the people who run the
website, mainly those of the abortion clinic, and people who support abortion can be affected by
this act of vandalism. Also depending on the intensity of the vandalism, the clinic itself can lose
credibility. On the other side of this spectrum, the people who are against abortion are pleased
with the results.
Another example of who is affected by Cyber Warfare would be going back to the denial of
service attack against a website. Say this website is a bank website, and a hacker performs a
denial of service attack against this website. The website can now not be accessed by its patrons,
causing them not to be able to access their accounts, forcing them to physically go to the bank to
perform their daily transactions, increasing the business of the bank with lots of unhappy patrons.
This also affects the reputation of the banks online security, possibly scaring people out of that
bank and into another bank where they may feel more secure. On a side note, this attack could
have been performed by a rival bank to scare people out of one bank and having them come to
their bank. These are just a few possible ways of Cyber Warfare.
6|P ag e
In Verton, 2001, when an Australian man used the Internet and stolen control software to release
one million liters of raw sewage into public parks. The reason behind this was to get back at a
company that would not hire him, so he got back at the community and the company by releasing
the sewage. This was not as much of a terror attack as a revenge attack, but it made the
community aware that some government and local utility systems are not safe, and can be
utilized against them. Also, with the release of the sewage, some of the animals and marine life
in the area were killed.
The prospect of internet-based warfare has come to the fore after a series of high-profile
international attacks. It has emerged that a gang of hackers, believed to be from China, had
infiltrated computer systems at the Pentagon and launched attacks on government networks in
Britain, Germany, India and Australia. US officials, who have labeled the group Titan Rain, have
accused them of operating under the auspices of officials in Beijing. Another strike in Estonia,
which has one of the most hi-tech governments in the world, was initially blamed on hackers
backed by the Russian authorities. However, only one teenager, an Estonian, has been arrested in
connection with the incident so far.
7|P ag e
North Atlantic Treaty Organization (NATO) believes cyber warfare poses as great a threat as a
missile attack. NATO is treating the threat of cyber warfare as seriously as the risk of a missile
strike. Among the chief threats is cyber terrorism, in which attempts are made to shut down
online communication networks or use the internet to attack official institutions. Although some
have warned of the possible threat since the 1980s, it is only in recent years that the issue has
made it onto the radar of governments around the world.
Suleyman Anil, in-charge of protecting NATO against computer attacks and head of NATO's
computer incident response centre, said at the E-Crime congress held in London "Cyber defense
is now mentioned at the highest level along with missile defense and energy security. We have
seen more of these attacks and we don't think this problem will disappear soon. Unless globally
supported measures are taken, it can become a global problem."
Kevin Poulsen, a former hacker who is now an editor with technology magazine Wired, has
accused politicians and the media of overplaying the fear factor. He opined before the London E-
Crime congress "In some ways, Estonia's attacks were less sophisticated than previous 'cyber
wars' - like those between Israeli and Palestinian hackers, India and Pakistan, China and the US.
Even those attacks fell short of a cyber war, at least as experts have defined the term. I'm
sceptical that real cyber war, or cyber terrorism, will ever take place."
Despite the lack of hard evidence on the nature or identities of cyber terrorists, however, the
threat is deemed serious enough for the White House to allocate $6bn (£3bn) for strengthening
its systems against attack.
8|P ag e
The real issue is how to prevent cyber crime. For this, there is need to raise the probability of
apprehension and conviction. There is no way to be completely secure from any type of Cyber
Warfare or Cyber Terrorism attack. The more security a computer system has in place, the easier
it can become to attack this system. For Cyber Warfare, one has to deal with securing
information systems, including computer networks, and all the data of a corporation or
government entity, having a good IT security team and security plan will help protect the
company‘s data. For Cyber Terrorism, physical systems need to be guarded, and if they are high
priority targets subject to attack, the appropriate measures to secure this data need to be in place.
India has a law on evidence that considers admissibility, authenticity, accuracy, and
completeness to convince the judiciary. The challenge in cyber crime cases includes getting
evidence that will stand scrutiny in a foreign court. For this India needs total international
cooperation with specialized agencies of different countries. Police has to ensure that they have
seized exactly what was there at the scene of crime, is the same that has been analyzed and the
report presented in court is based on this evidence. It has to maintain the chain of custody. The
threat is not from the intelligence of criminals but from our ignorance and the will to fight it. The
law is stricter now on producing evidence especially where electronic documents are concerned.
To combat Cyber Terrorism in the United States, the U.S. Department of Defense made the
United Stated Strategic Command in charge of dealing with Cyber Terrorism, and it established
through the Joint Task Force-Global Network operations. Other governments should also set up
Cyber Terrorism divisions and come up with some sort of plan in case a Cyber Attack on their
nation was to occur.
Cyber Law is seen as an essential component of criminal justice system all over the world. The
same applies to cyber law of India as well. The computer is the target and the tool for the
9|P ag e
The Information Technology (IT) Act, 2000, specifies the acts which have been made
punishable. Since the primary objective of this Act is to create an enabling environment for
commercial use of I.T., certain omissions and commissions of criminals while using computers
have not been included. With the legal recognition of Electronic Records and the amendments
made in the several sections of the IPC vide the IT Act, 2000, several offences having bearing on
cyber-arena are also registered under the appropriate sections of the IPC.
India is the 12th country of the world having a cyber law. It covers areas like e-governance, e-
commerce, cyber contraventions and cyber offences. However, some critics and cyber law
experts have questioned the strength of IT Act, 2000.
Although India has done a good job by enacting the IT Act, 2000 yet it failed to keep it updated.
For instance, we need express provisions and specified procedures to deal with issues like denial
of service (DOS), distributed denial of services (DDOS), bot, botnets, trojans, backdoors, viruses
and worms, sniffers, SQL injections, buffer overflows etc. These issues cannot be left on mere
luck, implied provisions or traditional penal law of India (IPC). Even issues like cyber war
against India or cyber terrorism against India have not been incorporated into the IT Act, 2000
yet.
Some of these issues are also cross-linked with capacity building requirements of India in the
field of cyber security in India and cyber forensics in India. A crucial truth that India failed to
appreciate is that e-governance in India is useless till we are capable of securing it as well.
Without the crucial capabilities in the fields of cyber security and cyber forensics, India is
heading towards a big trouble. Even the basic ‘e-mail tracking‘ procedures sometimes pose as a
big challenge before the law enforcement agencies in India. Interestingly, some of the legal
experts have shown their support for prosecuting owners of e-mail addresses and Internet
10 | P a g e
It would be a ‘dangerous trend‘ to follow to arrest or detain suspects on the basis of mere ‘IP
addresses‘ or ‘e-mail addresses‘ as they are very easy to be spoofed and forged. Even MAC
addresses can be spoofed in certain circumstances and for many purposes, particularly for
identity theft cases in wireless connections. It is important to apply common sense and first
ascertain the identity of real culprit. Of course, it requires tremendous cyber forensics expertise
to correctly trace the culprit. The recent case of wrongfully arresting an innocent person and
imprisoning him for a considerable time is a glaring example of faulty and novice cyber
forensics application in India. The inability of the Government of India to meet these
conspicuous deficiencies of the legal enablement of ICT systems in India is stifling the growth of
ICT laws in India.
The present cyber law of India does not cover these issues and there is a dire need of
incorporating the same as soon as possible.
Some of the Statutory Provisions under Indian Law to combat cyber crimes are:
The Indian parliament considered it necessary to give effect to the resolution by which the
General Assembly adopted Model Law on Electronic Commerce adopted by the United Nations
Commission on Trade Law. As a consequence of which the Information Technology Act 2000
was passed and enforced on 17th May 2000. The preamble of this Act states its objective to
legalise e-commerce and further amend the Indian Penal Code 1860, the Indian Evidence Act
1872, the Banker‘s Book Evidence Act1891 and the Reserve Bank of India Act 1934. The
basic purpose to incorporate the changes in these Acts is to make them compatible with the Act
of 2000. So that they may regulate and control the affairs of the cyber world in an effective
manner.
The Information Technology Act deals with the various cyber crimes in chapters IX & XI. The
important sections are Ss. 43,65,66,67.
11 | P a g e
CONCLUSION
Cyber Warfare and Cyber Terrorism are a growing threat in this world. More and more groups
are becoming aware of the possibility of Cyber Warfare and Cyber Terrorism. Cyber Terrorism
has been occurring within the last twenty years and as time progresses and more and more
nations become even more computerized, there will be more and more attacks through
cyberspace.
A survey released by the UK government has revealed that the British public is now more fearful
of cyber crime than burglary and crimes against the person. According to its results, Internet
users fear bankcard fraud the most (27 percent), followed by cyber crime (21 percent) and
burglary (16 percent). This shows that hi-tech crime has firmly overtaken conventional
burglaries, muggings and thefts in the list of the public‘s fears, as the Internet has become firmly
embedded into the British society, with some 57 percent of households having online access.
Interestingly, University of Abertay in Dundee, Scotland (UK) is now offering a BSc Hons in
Ethical Hacking and Countermeasures.
Although hard, it is possible to try and combat cyber terrorism through the securing of systems,
but there will always be an exploit someplace whether it‘s through the computer or through the
12 | P a g e
Even America finds itself unprepared for the threat of cyber war and terrorism. In a speech given
this January at the Newseum in Washington, D.C., Secretary of State Hillary Clinton set a strong
warning to anyone who would seek to carry out a cyber attack on the United States: ―As we work
to advance freedoms, we must also work against those who use communication networks as tools
of disruption and fear. Governments and citizens must have confidence that the networks at the
core of their national security and economic prosperity are safe and resilient. Now this is about
more than just petty hackers who deface websites. Our ability to bank online, use electronic
commerce, and safeguard billions of dollars in intellectual property are all at stake if we cannot
rely on the security of our information networks. States, terrorists, and those who would act as
their proxies must know the United States will protect our networks Those who disrupt the free
flow of information in our society or any other pose a threat to our economy, our government,
and our civil society. Countries or individuals that engage in cyber attacks should face
consequences and international condemnation.‖
The traditional national defense strategies are ill suited to protect the nations against this threat.
Enemies can launch a devastating attack, from almost anywhere—a café in London, a cave in
Afghanistan, or a coffee shop in our Midwest. They can mobilize large networks of captured
computers from around the world to do their bidding. They can do so with almost no trail, no
return address. Enemies of this kind, attacks of this nature, are almost impossible to deter, and
even harder to preempt.
In the face of threats, the systems that are to be depend upon, are vulnerable to the most
simplistic of hackers, even as constant efforts by sophisticated enemies to penetrate the systems,
probe vulnerabilities, plan future attacks and inject sleeper weapons into the IT systems is faced.
It is high time to make concentrated effort otherwise nations would leave themselves
unacceptably open to a devastating attack on our nation. Such an attack could compromise the
13 | P a g e
In Indian law, cyber crime has to be voluntary and willful, an act or omission that adversely
affects a person or property. The IT Act provides the backbone for e-commerce and India‘s
approach has been to look at e-governance and e-commerce primarily from the promotional
aspects looking at the vast opportunities and the need to sensitize the population to the
possibilities of the information age. There is the need to take in to consideration the security
aspects.
It is prudent that rethinking is done to work out approach to cyber warfare and cyber terrorism. It
is the time to act now to secure the strategic digital assets, public and private. These systems
must be built upon technologies that tested and proven secure against the advanced threats that is
faced now, and to plan ahead to the best of ability to face in the coming years. If we can act now,
we will not only be secure, but we will also be poised to capitalize on the real promise of the
digital revolution.
14 | P a g e
- OOO -
15 | P a g e