Law relating to Cyberterrorism

November 11, 2011, by | Start Discussion

Before looking into the issue of Cyberterrorism it is important to understand that it should not be confused with “Internet and terrorism” i.e.  Presence of terrorist groups on the internet.

Cyberterrorism

Defining Cyberterrorism is quite difficult task. However, Asian School of Cyber Laws has defined the term as:-
“Cyber terrorism is the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.”

The underlying premise in this definition is that cyber crime and cyber terrorism differ only on the basis of the motive and intention of the perpetrator.

Incidence

Let’s have look at some major Cyberterrorism incidents to understand the definition.

In 1997, a Bolivian terrorist organization had assassinated four U.S. army personnel. A raid on one of the hideouts of the terrorist’s yielded information encrypted using symmetric encryption. A 12-hour brute force attack resulted in the decryption of the information and subsequently led to one of the largest drug busts in Bolivian history and the arrest of the terrorists.

In 1999 hackers attacked NATO computers. The computers flooded them with email and hit them with a denial of service (DoS). The hackers were protesting against the NATO bombings in Kosovo. Businesses, public organizations and academic institutions were bombarded with highly politicized emails containing viruses from other European countries.

In 2001, in the back drop of the downturn in US-China relationships, the Chinese hackers released the Code Red virus into the wild. This virus infected millions of computers around the world and then used these computers to launch denial of service attacks on US web sites, prominently the web site of the White House.
In 2002, numerous prominent Indian web sites were defaced. Messages relating to the Kashmir issue were pasted on the home pages of these web sites. The Pakistani Hackerz Club, led by “Doctor Neukar” is believed to be behind this attack.

In May 2007 Estonia was subjected to a mass cyber-attack by hackers inside the Russian Federation which some evidence suggests was coordinated by the Russian government, though Russian officials deny any knowledge of this. This attack was apparently in response to the removal of a Russian World War II war memorial from downtown Estonia.

In December, 2010 the website of the Central Bureau of Investigation (CBI) was hacked by programmers identifying themselves as “Pakistani Cyber Army”.

Tools of Terror

Cyber terrorists use various tools and methods to unleash their terrorism. Some of the major tools and methodologies are:-

  • Hacking
  • Virus/Trojan/Worm attacks
  • Email Related Crimes
  • Denial of Service Attacks
  • Use of Cryptography and Steganography


Legal provisions

Amendments under the Information Technology Act, 2000 has defined the term “Cyberterrorism” U/Sec. 66F. This is the first ever attempt in India to define the term. It reads as under:-

Punishment for Cyberterrorism

Whoever,—
(A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by—
(i) denying or cause the denial of access to any person authorized to access computer resource; or
(ii) attempting to penetrate or access a computer resource without authorisation or exceeding authorised access; or
(iii) introducing or causing to introduce any computer contaminant;

and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure specified under Section 70, or

(B) knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorised access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons for the security of the State or foreign relations, or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism.

Punishment

Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life. I.e. Imprisonment not exceeding fourteen years (Sec. 55, IPC)

This Section has defined conventional Cyber attacks like, unauthorised access, denial of service attack, etc, but as discussed above, motive and intention of the perpetrator differentiates the attack from an ordinary to an act of terrorism.

Illustration

Rohit, a Hacker, gains unauthorised access into Railway traffic control grid (the grid has been declared as Critical Information Infrastructure U/Sec. 70) and thereby strikes terror amongst people, Rohit is said to have done an act of Cyberterrorism.

Sagar is a Law graduate. He is Head at Asian School of Cyber Laws(Maharashtra). He specializes in Cyber Law, Intellectual Property Law and Corporate Law. He teaches at numerous educational institutions across India.

Leave a Reply