Cyberterrorism is a new terrorist tactic that makes use of ...
Cyberterrorism
Cyberterrorism is a new terrorist tactic that makes use of information systems or digital technology, especially the Internet, as either an instrument or a target. As the Internet becomes more a way of life with us,it is becoming easier for its users to become targets of the cyberterrorists. The number of areas in which cyberterrorists could strike is frightening, to say the least. The difference between the conventional approaches of terrorism and new methods is primarily that it is possible to affect a large multitude of people with minimum resources on the terrorist's side, with no danger to him at all. We also glimpse into the reasons that caused terrorists to look towards the Web, and why the Internet is such an attractive alternative to them. The growth of Information Technology has led to the development of this dangerous web of terror, for cyberterrorists could wreak maximum havoc within a small time span. Various situations that can be viewed as acts of cyberterrorism have also been covered. Banks are the most likely places to receive threats, but it cannot be said that any establishment is beyond attack. Tips by which we can protect ourselves from cyberterrorism have also been covered which can reduce problems created by the cyberterrorist.We, as the Information Technology people of tomorrow need to study and understand the weaknesses of existing systems, and figure out ways of ensuring the world's safety from cyberterrorists. A number of issues here are ethical, in the sense that computing technology is now available to the whole world, but if this gift is used wrongly, the consequences could be disastrous. It is important that we understand and mitigate cyberterrorism for the benefit of society, try to curtail its growth, so that we can heal the present, and live the future…
Cyberterrorism
It is a controversial term. Some authors choose a very narrow definition, relating to deployments, by known terrorist organizations, of disruption attacks against information systems for the primary purpose of creating alarm and panic. By this narrow definition, it is difficult to identify any instances of cyberterrorism. Cyberterrorism can also be defined much more generally, for example, as “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.” This broad definition was created by Kevin G. Coleman of the Technolytics Institute. The term was coined by Barry C. Collin.
[pic]Overview
As the Internet becomes more pervasive in all areas of human endeavor, individuals or groups can use the anonymity afforded by cyberspace to threaten citizens, specific groups (i.e. with membership based on ethnicity or belief), communities and entire countries, without the inherent threat of capture, injury, or death to the attacker that being physically present would bring.
As the Internet continues to expand, and computer systems continue to be assigned more responsibility while becoming more and more complex and interdependent, sabotage or terrorism via cyberspace may become a more serious threat.
Basic definition
Cyberterrorism is the leveraging of a target's computers and information , particularly via the Internet, to cause physical, real-world harm or severe disruption of infrastructure.
Cyberterrorism is defined as “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.” This definition was created by Kevin G. Coleman of the Technolytics Institute
...subsumed over time to encompass such things as simply defacing a web site or server, or attacking non-critical systems, resulting in the term becoming less useful...
There are some that say cyberterrorism does not exist and is really a matter of hacking or information warfare. They disagree with labeling it terrorism because of the unlikelihood of the creation of fear, significant physical harm, or death in a population using electronic means, considering current attack and protective technologies.
Background information
Public interest in cyberterrorism began in the late 1980s. As the year 2000 approached, the fear and uncertainty about the millennium bug heightened and interest in potential cyberterrorist attacks also increased. However, although the millennium bug was by no means a terrorist attack or plot against the world or the United States, it did act as a catalyst in sparking the fears of a possibly large-scale devastating cyber-attack. Commentators noted that many of the facts of such incidents seemed to change, often with exaggerated media reports.
The high profile terrorist attacks in the United States on September 11, 2001 lead to further media coverage of the potential threats of cyberterrorism in the years following. Mainstream media coverage often discusses the possibility of a large attack making use of computer networks to sabotage critical infrastructures with the aim of putting human lives in jeopardy or causing disruption on a national scale either directly or by disruption of the national economy.
Authors such as Winn Schwartau and John Arquilla are reported to have had considerable financial success selling books which described what were purported to be plausible scenarios of mayhem caused by cyberterrorism. Many critics claim that these books were unrealistic in their assessments of whether the attacks described (such as nuclear meltdowns and chemical plant explosions) were possible. A common thread throughout what critics perceive as cyberterror-hype is that of non-falsifiability; that is, when the predicted disasters fail to occur, it only goes to show how lucky we've been so far, rather than impugning the theory.
Effects
Cyberterrorism can have a serious large-scale influence on significant numbers of people. It can weaken countries' economy greatly, thereby stripping it of its resources and making it more vulnerable to military attack.
Cyberterror can also affect internet-based businesses. Like brick and mortar retailers and service providers, most websites that produce income (whether by advertising, monetary exchange for goods or paid services) could stand to lose money in the event of downtime created by cyber criminals.
As internet-businesses have increasing economic importance to countries, what is normally cybercrime becomes more political and therefore "terror" related.
Examples
One example of cyberterrorists at work was when terrorists in Romania illegally gained access to the computers controlling the life support systems at an Antarctic research station, endangering the 58 scientists involved. However, the culprits were stopped before damage actually occurred. Mostly non-political acts of sabotage have caused financial and other damage, as in a case where a disgruntled employee caused the release of untreated sewage into water in Maroochy Shire, Australia. [3] Computer viruses have degraded or shut down some non-essential systems in nuclear power plants, but this is not believed to have been a deliberate attack.
More recently, in May 2007 Estonia was subjected to a mass cyber-attack in the wake of the removal of a Russian World War II war memorial from downtown Talinn. The attack was a distributed denial-of-service attack in which selected sites were bombarded with traffic in order to force them offline; nearly all Estonian government ministry networks as well as two major Estonian bank networks were knocked offline; in addition, the political party website of Estonia's current Prime Minister Andrus Ansip featured a counterfeit letter of apology from Ansip for removing the memorial statue. Despite speculation that the attack had been coordinated by the Russian government, Estonia's defense minister admitted he had no evidence linking cyber attacks to Russian authorities. Russia called accusations of its involvement "unfounded," and neither NATO nor European Commission experts were able to find any proof of official Russian government participation.[3] In January 2008 a man from Estonia was convicted for launching the attacks against the Estonian Reform Party website and fined.[4][5]
Even more recently, in October 2007, the website of Ukrainian president Viktor Yushchenko was attacked by hackers. A radical Russian nationalist youth group, the Eurasian Youth Movement, claimed responsibility.[6]
Since the world of computers is ever-growing and still largely unexplored, countries new to the cyber-world produce young computer scientists usually interested in "having fun". Countries like China, Greece, India, Israel, and South Korea have all been in the spotlight before by the U.S. Media for attacks on information systems related to the CIA and NSA. Though these attacks are usually the result of curious young computer programmers, the United States has more than legitimate concerns about national security when such critical information systems fall under attack. In the past five years, the United States has taken a larger interest in protecting its critical information systems. It has issued contracts for high-leveled research in electronic security to nations such as Greece and Israel, to help protect against more serious and dangerous attacks.
In 1999 hackers attacked NATO computers. The computers flooded them with email and hit them with a denial of service (DoS). The hackers were protesting against the NATO bombings in Kosovo. Businesses, public organizations and academic institutions were bombarded with highly politicized emails containing viruses from other European countries.[7]
Countering
The US Department of Defense charged the United States Strategic Command with the duty of combating cyberterrorism. This is accomplished through the Joint Task Force-Global Network Operations (JTF-GNO). JTF-GNO is the operational component supporting USSTRATCOM in defense of the DoD's Global Information Grid. This is done by integrating GNO capabilities into the operations of all DoD computers, networks, and systems used by DoD combatant commands, services and agencies.
On November 2, 2006, the Secretary of the Air Force announced the creation of the Air Force's newest MAJCOM, the Air Force Cyber Command, which would be tasked to monitor and defend American interest in cyberspace. The plan was however replaced by the creation of Twenty-Fourth Air Force which became active in August 2009 and would be a component of the planned United States Cyber Command.
On December 22, 2009, the White House named its head of Cyber Security as Howard Schmidt. He will coordinate U.S Government, military and intelligence efforts to repel hackers.
In fiction
• The Japanese cyberpunk manga, Ghost in the Shell (as well as its popular movie and TV adaptations) centers around an anti-cyberterrorism and cybercrime unit. In its mid-21st century Japan setting such attacks are made all the more threatening by an even more widespread use of technology including cybernetic enhancements to the human body allowing people themselves to be direct targets of cyberterrorist attacks.
• Cyberterrorism was featured in Dan Brown's Digital Fortress.
• Cyberterrorism was featured in Amy Eastlake's Private Lies.
• In the movie Live Free or Die Hard, John McClane (Bruce Willis) takes on a group of cyberterrorists intent on shutting down the entire computer network of the United States.
• The movie Eagle Eye involves a super computer controlling everything electrical and networked to accomplish the goal.
• The plots of 24 Day 4 and now Day 7 include plans to breach the nation's nuclear plant grid and then to seize control of the entire critical infrastructure protocol.
• The Tom Clancy created series Netforce was about a FBI/Military team dedicated to combating cyberterrorists.
• The whole point of Mega Man Battle Network is cyberterrorism.
What is being done?
In response to heightened awareness of the potential for cyber-terrorism President Clinton, in 1996, created the Commission of Critical Infrastructure Protection. The board found that the combination of electricity, communications and computers are necessary to the survival of the U.S., all of which can be threatened by cyber-warfare. The resources to launch a cyber attack are commonplace in the world; a computer and a connection to the Internet are all that is really needed to wreak havoc. Adding to the problem is that the public and private sectors are relatively ignorant of just how much their lives depend on computers as well as the vulnerability of those computers. Another problem with cyber crime is that the crime must be solved, (i.e. who were the perpetrators and where were they when they attacked you) before it can be decided who has the actual authority to investigate the crime. The board recommends that critical systems should be isolated from outside connection or protected by adequate firewalls, use best practices for password control and protection, and use protected action logs.
Most other government organizations have also formed some type of group to deal with cyber-terrorists. The CIA created its own group, the Information Warfare Center, staffed with 1,000 people and a 24-hour response team. The FBI investigates hackers and similar cases. The Secret Service pursues banking, fraud and wiretapping cases. The Air Force created its own group, Electronic Security Engineering Teams, ESETs. Teams of two to three members go to random Air Force sites and try to gain control of their computers. The teams have had a success rate of 30% in gaining complete control of the systems.
How can we protect myself?
Currently there are no foolproof ways to protect a system. The completely secure system can never be accessed by anyone. Most of the militaries classified information is kept on machines with no outside connection, as a form of prevention of cyber terrorism. Apart from such isolation, the most common method of protection is encryption. The wide spread use of encryption is inhibited by the governments ban on its exportation, so intercontinental communication is left relatively insecure. The Clinton administration and the FBI oppose the export of encryption in favor of a system where by the government can gain the key to an encrypted system after gaining a court order to do so. The director of the FBI's stance is that the Internet was not intended to go unpoliced and that the police need to protect people's privacy and public-safety rights there. Encryption's draw back is that it does not protect the entire system, an attack designed to cripple the whole system, such as a virus, is unaffected by encryption.
Others promote the use of firewalls to screen all communications to a system, including e-mail messages, which may carry logic bombs. Firewall is a relatively generic term for methods of filtering access to a network. They may come in the form of a computer, router other communications device or in the form of a network configuration. Firewalls serve to define the services and access that are permitted to each user. One method is to screen user requests to check if they come from a previously defined domain or Internet Protocol (IP) address. Another method is to prohibit Telnet access into the system.
Here are few key things to remember to pretect yourself from cyber-terrorism:
1. All accounts should have passwords and the passwords should be unusual, difficult to guess.
2. Change the network configuration when defects become know.
3. Check with venders for upgrades and patches.
4. Audit systems and check logs to help in detecting and tracing an intruder.
5. If you are ever unsure about the safety of a site, or receive suspicious email from an unkown address, don't access it. It could be trouble.
.What would the impact be?
The intention of a cyber terrorism attack could range from economic disruption through the interruption of financial networks and systems or used in support of a physical attack to cause further confusion and possible delays in proper response.Although cyber attacks have caused billions of dollars in damage and affected the lives of millions, we have yet witness the implications of a truly catastrophic cyber terrorism attack.What would some of the implications be?
Direct Cost Implications
• Loss of sales during the disruption
• Staff time, network delays, intermittent access for business users
• Increased insurance costs due to litigation
• Loss of intellectual property - research, pricing, etc.
• Costs of forensics for recovery and litigation
• Loss of critical communications in time of emergency
Indirect Cost Implications
• Loss of confidence and credibility in our financial systems
• Tarnished relationships& public image globally
• Strained business partner relationships - domestic and internationally
• Loss of future customer revenues for an individual or group of companies
• Loss of trust in the government and computer industry
what is Cyber-terrorism?
[pic][pic][pic][pic][pic][pic]In the wake of the recent computer attacks, many have been quick to jump to conclusions that a new breed of terrorism is on the rise and our country must defend itself with all possible means. As a society we have a vast operational and legal experience and proved techniques to combat terrorism, but are we ready to fight terrorism in the new arena – cyber space?
A strategic plan of a combat operation includes characterization of the enemy’s goals, operational techniques, resources, and agents. Prior to taking combative actions on the legislative and operational front, one has to precisely define the enemy. That is, it is imperative to expand the definition of terrorism to include cyber-terrorism.
As a society that prides itself on impartiality of justice, we must provide clear and definitive legislative guidelines for dealing with new breed of terrorism. As things stand now, justice cannot be served as we have yet to provide a clear definition of the term. In this light, I propose to re-examine our understanding of cyber-terrorism.
There is a lot of misinterpretation in the definition cyber-terrorism, the word consisting of familiar "cyber" and less familiar "terrorism". While "cyber" is anything related to our tool of trade, terrorism by nature is difficult to define. Even the U.S. government cannot agree on one single definition. The old maxim, "One man's terrorist is another man's freedom fighter" is still alive and well.
B. Who are cyber terrorists?
From American point of view the most dangerous terrorist group is Al-Qaeda which is considered the first enemy for the US. According to US official’s data from computers seized in Afghanistan indicate that the group has scouted systems that control American energy facilities, water distribution, communication systems, and other critical infrastructure.
After April 2001 collision of US navy spy plane and Chinese fighter jet, Chinese hackers launched Denial os Service (DoS) attacks against American web sites.
A study that covered the second half of the year 2002 showed that the most dangerous nation for originating malicious cyber attacks is the C. Why do they use cyber attacks?
Cyber terrorist prefer using the cyber attack methods because of many advantages for it.
It is Cheaper than traditional methods.
The action is very difficult to be tracked.
They can hide their personalities and location.
There are no physical barriers or check points to cross.
They can do it remotely from anywhere in the world.
They can use this method to attack a big number of targets.
They can affect a large number of people.
D. Forms of cyber terrorism-
(I) Privacy violation:
The law of privacy is the recognition of the individual's right to be let alone and to have his personal space inviolate. The right to privacy as an independent and distinctive concept originated in the field of Tort law, under which a new cause of action for damages resulting from unlawful invasion of privacy was recognized. In recent times, however, this right has acquired a constitutional status, the violation of which attracts both civil as well as criminal consequences under the respective laws. The intensity and complexity of life have rendered necessary some retreat from the world. Man under the refining influence of culture, has become sensitive to publicity, so that solitude and privacy have become essential to the individual. The various provisions of the Act aptly protect the online privacy rights of the citizens. Certain acts have been categorized as offences and contraventions, which have tendency to intrude with the privacy rights of the citizens.
(II) Secret information appropriation and data theft:
The information technology can be misused for appropriating the valuable Government secrets and data of private individuals and the Government and its agencies. A computer network owned by the Government may contain valuable information concerning defence and other top secrets, which the Government will not wish to share otherwise. The same can be targeted by the terrorists to facilitate their activities, including destruction of property. It must be noted that the definition of property is not restricted to moveables or immoveables
(III) Demolition of e-governance base:
The aim of e-governance is to make the interaction of the citizens with the government offices hassle free and to share information in a free and transparent manner. It further makes the right to information a meaningful reality. In a democracy, people govern themselves and they cannot govern themselves properly unless they are aware of social, political, economic and other issues confronting them. To enable them to make a proper judgment on those issues, they must have the benefit of a range of opinions on those issues. Right to receive and impart information is implicit in free speech. This, right to receive information is, however, not absolute but is subject to reasonable restrictions which may be imposed by the Government in public interest.
(IV) Distributed denial of services attack:
The cyber terrorists may also use the method of distributed denial of services (DDOS) to overburden the Government and its agencies electronic bases. This is made possible by first infecting several unprotected computers by way of virus attacks and then taking control of them. Once control is obtained, they can be manipulated from any locality by the terrorists. These infected computers are then made to send information or demand in such a large number that the server of the victim collapses. Further, due to this unnecessary Internet traffic the legitimate traffic is prohibited from reaching the Government or its agencies computers. This results in immense pecuniary and strategic loss to the government and its agencies.
It must be noted that thousands of compromised computers can be used to simultaneously attack a single host, thus making its electronic existence invisible to the genuine and legitimate citizens and end users. The law in this regard is crystal clear.
(V) Network damage and disruptions:
The main aim of cyber terrorist activities is to cause networks damage and their disruptions. This activity may divert the attention of the security agencies for the time being thus giving the terrorists extra time and makes their task comparatively easier. This process may involve a combination of computer tampering, virus attacks, hacking, etc.
E. The danger of cyber terrorism-
General John Gordon, the White House Homeland Security Advisor, speaking at the RSA security conference in San Francisco, CA Feb. 25, 2004 indicated that whether someone detonates a bomb that cause bodily harm to innocent people or hacked into a web-based IT system in a way that could, for instance, take a power grid offline and result in blackout, the result is ostensibly the same. He also stated that the potential for a terrorist cyber attack is real.
Cyber terrorists can destroy the economy of the country by attacking the critical infrastructure in the big towns such as electric power and water supply, still the blackout of the North Western states in the US in Aug. 15, 2003 is unknown whether it was a terrorist act or not, or by attacking the banks and financial institutions and play with their computer systems.
Cyber terrorists can endanger the security of the nation by targeting the sensitive and secret information (by stealing, disclosing, or destroying).
The Impact of Cyber Terrorism-
The intention of a cyber terrorism attack could range from economic disruption through the interruption of financial networks and systems or used in support of a physical attack to cause further confusion and possible delays in proper response. Although cyber attacks have caused billions of dollars in damage and affected the lives of millions, we have yet witness the implications of a truly catastrophic cyber terrorism attack. What would some of the implications be?
Direct Cost Implications
• Loss of sales during the disruption
• Staff time, network delays, intermittent access for business users
• Increased insurance costs due to litigation
• Loss of intellectual property - research, pricing, etc.
• Costs of forensics for recovery and litigation
• Loss of critical communications in time of emergency.
Indirect Cost Implications
• Loss of confidence and credibility in our financial systems
• Tarnished relationships& public image globally
• Strained business partner relationships - domestic and internationally
• Loss of future customer revenues for an individual or group of companies
• Loss of trust in the government and computer industry
Some incidents of cyber terrorism-
The following are notable incidents of cyber terrorism:
• In 1998, ethnic Tamil guerrillas swamped Sri Lankan embassies with 800 e-mails a day over a two-week period. The messages read "We are the Internet Black Tigers and we're doing this to disrupt your communications." Intelligence authorities characterized it as the first known attack by terrorists against a country's computer systems.
• During the Kosovo conflict in 1999, NATO computers were blasted with e-mail bombs and hit with denial-of-service attacks by hacktivists protesting the NATO bombings.
•One of the worst incidents of cyber terrorists at work was when crackers in Romania illegally gained access to the computers controlling the life support systems at an Antarctic research station, endangering the 58 scientists involved. More recently, in May 2007 Estonia was subjected to a mass cyber-attack by hackers inside the Russian Federation which some evidence suggests was coordinated by the Russian government, though Russian officials deny any knowledge of this. This attack was apparently in response to the removal of a Russian World War II war memorial from downtown Estonia.
Efforts of combating cyber terrorism-
The Interpol, with its 178 member countries, is doing a great job in fighting against cyber terrorism. They are helping all the member countries and training their personnel. The Council of Europe Convention on Cyber Crime, which is the first international treaty for fighting against computer crime, is the result of 4 years work by experts from the 45 member and non-member countries including Japan, USA, and Canada. This treaty has already enforced after its ratification by Lithuania on 21st of March 2004.
The Association of South East Asia Nations (ASEAN) has set plans for sharing information on computer security. They are going to create a regional cyber-crime unit by the year 2005.
Protection from cyber terrorism- a few suggestions
Currently there are no foolproof ways to protect a system. The completely secure system can never be accessed by anyone. Most of the militaries classified information is kept on machines with no outside connection, as a form of prevention of cyber terrorism. Apart from such isolation, the most common method of protection is encryption. The wide spread use of encryption is inhibited by the governments ban on its exportation, so intercontinental communication is left relatively insecure. The Clinton administration and the FBI oppose the export of encryption in favor of a system where by the government can gain the key to an encrypted system after gaining a court order to do so. The director of the FBI's stance is that the Internet was not intended to go unpoliced and that the police need to protect people's privacy and public-safety rights there. Encryption's draw back is that it does not protect the entire system, an attack designed to cripple the whole system, such as a virus, is unaffected by encryption.
Others promote the use of firewalls to screen all communications to a system, including e-mail messages, which may carry logic bombs. Firewall is a relatively generic term for methods of filtering access to a network. They may come in the form of a computer, router other communications device or in the form of a network configuration. Firewalls serve to define the services and access that are permitted to each user. One method is to screen user requests to check if they come from a previously defined domain or Internet Protocol (IP) address. Another method is to prohibit Telnet access into the system.
Here are few key things to remember to protect from cyber-terrorism:
1. All accounts should have passwords and the passwords should be unusual, difficult to guess.
2. Change the network configuration when defects become know.
3. Check with venders for upgrades and patches.
4. Audit systems and check logs to help in detecting and tracing an intruder.
5. If you are ever unsure about the safety of a site, or receive suspicious email from an unknown address, don't access it. It could be trouble.
Indian law & Cyber terrorism-
In India there is no law, which is specifically dealing with prevention of malware through aggressive defense. Thus, the analogous provisions have to be applied in a purposive manner. The protection against malware attacks can be claimed under the following categories:
(1) Protection available under the Constitution of India, and
(2) Protection available under other statutes.
(1) Protection under the Constitution of India:
The protection available under the Constitution of any country is the strongest and the safest one since it is the supreme document and all other laws derive their power and validity from it. If a law satisfies the rigorous tests of the Constitutional validity, then its applicability and validity cannot be challenge and it becomes absolutely binding. The Constitutions of India, like other Constitutions of the world, is organic and living in nature and is capable of molding itself as per the time and requirements of the society.
(2) Protection under other statutes:
The protection available under the Constitution is further strengthened by various statutory enactments. These protections can be classified as:
(A) Protection under the Indian Penal Code (I.P.C), 1860, and
(B) Protection under the Information Technology Act (ITA), 2000.
The roads ahead Forms of cyber terrorism
It is very difficult to exhaustively specify the forms of cyber terrorism. In fact, it would not be a fruitful exercise to do the same. The nature of cyber terrorism requires it to remain inclusive and open ended in nature, so that new variations and forms of it can be accommodated in the future. The following can be safely regarded as the forms of cyber terrorism applying the definition and the concepts discussed above:
(I) Privacy violation:
The law of privacy is the recognition of the individual's right to be let alone and to have his personal space inviolate.. In recent times, however, this right has acquired a constitutional status the violation of which attracts both civil as well as criminal consequences under the respective laws. The intensity and complexity of life have rendered necessary some retreat from the world. Man under the refining influence of culture, has become sensitive to publicity, so that solitude and privacy have become essential to the individual. Modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury. Right to privacy is a part of the right to life and personal liberty enshrined under Article 21 of the Constitution of India. With the advent of information technology the traditional concept of right to privacy has taken new dimensions, which require a different legal outlook. Thus, if a person (including a foreign national) contravenes the privacy of an individual by means of computer, computer system or computer network located in India, he would be liable under the provisions of the Act. This makes it clear that the long arm jurisdiction is equally available against a cyber terrorist, whose act has resulted in the damage of the property, whether tangible or intangible.
(II) Secret information appropriation and data theft :
The information technology can be misused for appropriating the valuable Government secrets and data of private individuals and the Government and its agencies. A computer network owned by the Government may contain valuable information concerning defence and other top secrets, which the Government will not wish to share otherwise. The same can be targeted by the terrorists to facilitate their activities, including destruction of property. It must be noted that the definition of property is not restricted to moveables or immoveables alone.
(III) Demolition of e-governance base:
The aim of e-governance is to make the interaction of the citizens with the government offices hassle free and to share information in a free and transparent manner. It further makes the right to information a meaningful reality. In a democracy, people govern themselves and they cannot govern themselves properly unless they are aware of social, political, economic and other issues confronting them. To enable them to make a proper judgment on those issues, they must have the benefit of a range of opinions on those issues. Right to receive and impart information is implicit in free speech. This, right to receive information is, however, not absolute but is subject to reasonable restrictions which may be imposed by the Government in public interest.
(IV) Distributed denial of services attack:
The cyber terrorists may also use the method of distributed denial of services (DDOS) to overburden the Government and its agencies electronic bases. This is made possible by first infecting several unprotected computers by way of virus attacks and then taking control of them. Once control is obtained, they can be manipulated from any locality by the terrorists. These infected computers are then made to send information or demand in such a large number that the server of the victim collapses. Further, due to this unnecessary Internet traffic the legitimate traffic is prohibited from reaching the Government or its agencies computers. This results in immense pecuniary and strategic loss to the government and its agencies. It must be noted that thousands of compromised computers can be used to simultaneously attack a single host, thus making its electronic existence invisible to the genuine and legitimate netizens and end users. The law in this regard is crystal clear.
(V) Network damage and disruptions:
The main aim of cyber terrorist activities is to cause networks damage and their disruptions. This activity may divert the attention of the security agencies for the time being thus giving the terrorists extra time and makes their task comparatively easier. This process may involve a combination of computer tampering, virus attacks, hacking, etc. The law in this regard provides that if any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network -
(a) accesses or secures access to such computer, computer system or computer network
(b) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
(c) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;
(d) disrupts or causes disruption of any computer, computer system or computer network;
(e) denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means;
he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected. The expression "Computer Virus" means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, data or instruction is executed or some other event takes place in that computer resource.
Further, a vigilant citizenry can supplement the commitment of elimination of cyber terrorism.
(1) Legislative commitment:
The legislature can provide its assistance to the benign objective of elimination of cyber terrorism by enacting appropriate statutes dealing with cyber terrorism. It must be noted that to give effect to the provisions of Information Technology Act, 2000 appropriate amendments have been made in the I.P.C, 1860, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934.
(2) Executives concern:
The Central Government and the State Governments can play their role effectively by making various rules and regulations dealing with cyber terrorism and its facets from time to time. The Central Government can, by notification in the Official Gazette and in the Electronic Gazette, makes rules to carry out the provisions of the Information Technology Act. Similarly, the State Government can, by notification in Official Gazette, makes rules to carry out the provisions of the Act. . If any Cyber Café Owner/Network Service Provider failsologies. to maintain Log Register and records he shall be liable for penalties as provided in the Act or any other Law, for the time being in force. These provisions are sufficient to take care of illegal use of cyber café for terrorist activities.
.
(3)Judicial response:
The judiciary can play its role by adopting a stringent approach towards the menace of cyber terrorism. It must, however, first tackle the jurisdiction problem because before invoking its judicial powers the courts are required to satisfy themselves that they possess the requisite jurisdiction to deal with the situation. Since the Internet "is a cooperative venture not owned by a single entity or government, there are no centralized rules or laws governing its use. The absence of geographical boundaries may give rise to a situation where the act legal in one country where it is done may violate the laws of another country. This process further made complicated due to the absence of a uniform and harmonised law governing the jurisdictional aspects of disputes arising by the use of Internet. It must be noted that, generally, the scholars point towards the following "theories" under which a country may claim prescriptive jurisdiction:
(a) a country may claim jurisdiction based on "objective territoriality" when an activity takes place within the country,
(b) a "subjective territoriality" may attach when an activity takes place outside a nation's borders but the "primary effect" of the action is within the nation's borders,
(c) a country may assert jurisdiction based on the nationality of either the actor or the victim,
(d) in exceptional circumstances, providing the right to protect the nation's sovereignty when faced with threats recognised as particularly serious in the international community.
In addition to establishing a connecting nexus, traditional international doctrine also calls for a "reasonable" connection between the offender and the forum. Depending on the factual context, courts look to such factors, as whether the activity of individual has a "substantial and foreseeable effect" on the territory, whether a "genuine link" exists between the actor and the forum, the character of the activity and the importance of the regulation giving rise to the controversy, the extent to which exceptions are harmed by the regulation, and the importance of the regulation in the international community. The traditional jurisdictional paradigms may provide a framework to guide analysis for cases arising in cyberspace.
(4) Vigilant citizenry:
The menace of cyber terrorism is not the sole responsibility of State and its instrumentalities. The citizens as well as the netizens are equally under a solemn obligation to fight against the cyber terrorism. In fact, they are the most important and effective cyber terrorism eradication and elimination mechanism. The only requirement is to encourage them to come forward for the support of fighting against cyber terrorism. The government can give suitable incentives to them in the form of monetary awards. It must, however, be noted that their anonymity and security must be ensured before seeking their help. The courts are also empowered to maintain their anonymity if they provide any information and evidence to fight against cyber terrorism.
Conclusion:
The problem of cyber terrorism is multilateral having varied facets and dimensions. Its solution requires rigorous application of energy and resources. It must be noted that law is always seven steps behind the technology. This is so because we have a tendency to make laws when the problem reaches at its zenith. We do not appreciate the need of the hour till the problem takes a precarious dimension. At that stage it is always very difficult, if not impossible, to deal with that problem. This is more so in case of offences and violations involving information technology. One of the argument, which is always advanced to justify this stand of non-enactment is that “the measures suggested are not adequate to deal with the problem”. It must be appreciated that “something is better then nothing”. The ultimate solution to any problem is not to enact a plethora of statutes but their rigorous and dedicated enforcement. The courts may apply the existing laws in a progressive, updating and purposive manner. It must be appreciated that it is not the “enactment” of a law but the desire, will and efforts to accept and enforce it in its true letter and spirit, which can confer the most strongest, secure and safest protection for any purpose. The enforcement of these rights requires a “qualitative effort” and not a “quantitative effort”. Thus, till a law dealing expressly with cyber terrorism is enacted, we must not feel shy and hesitant to use the existing provisions.
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.