Cyberterrorism

Cyberterrorism is a new terrorist tactic that makes use of information

systems or digital technology, especially the Internet, as either an
instrument or a target. As the Internet becomes more a way of life with
us,it is becoming easier for its users to become targets of the
cyberterrorists. The number of areas in which cyberterrorists could
strike is frightening, to say the least. The difference between the
conventional approaches of terrorism and new methods is primarily
that it is possible to affect a large multitude of people with minimum
resources on the terrorist's side, with no danger to him at all. We also
glimpse into the reasons that caused terrorists to look towards the
Web, and why the Internet is such an attractive alternative to them.
The growth of Information Technology has led to the development of
this dangerous web of terror, for cyberterrorists could wreak maximum
havoc within a small time span. Various situations that can be viewed
as acts of cyberterrorism have also been covered. Banks are the most
likely places to receive threats, but it cannot be said that any
establishment is beyond attack. Tips by which we can protect
ourselves from cyberterrorism have also been covered which can
reduce problems created by the cyberterrorist.We, as the Information
Technology people of tomorrow need to study and understand the
weaknesses of existing systems, and figure out ways of ensuring the
world's safety from cyberterrorists. A number of issues here are
ethical, in the sense that computing technology is now available to the
whole world, but if this gift is used wrongly, the consequences could be
disastrous. It is important that we understand and mitigate
cyberterrorism for the benefit of society, try to curtail its growth, so
that we can heal the present, and live the future…

Cyberterrorism

It is a controversial term. Some authors choose a very narrow

definition, relating to deployments, by known terrorist organizations, of
disruption attacks against information systems for the primary purpose
of creating alarm and panic. By this narrow definition, it is difficult to
identify any instances of cyberterrorism. Cyberterrorism can also be
defined much more generally, for example, as “The premeditated use
of disruptive activities, or the threat thereof, against computers and/or
networks, with the intention to cause harm or further social,
ideological, religious, political or similar objectives. Or to intimidate any
person in furtherance of such objectives.” This broad definition was
created by Kevin G. Coleman of the Technolytics Institute. The term
was coined by Barry C. Collin.

Overview

As the Internet becomes more pervasive in all areas of human

endeavor, individuals or groups can use the anonymity afforded by
cyberspace to threaten citizens, specific groups (i.e. with membership
based on ethnicity or belief), communities and entire countries,
without the inherent threat of capture, injury, or death to the attacker
that being physically present would bring.
As the Internet continues to expand, and computer systems continue
to be assigned more responsibility while becoming more and more
complex and interdependent, sabotage or terrorism via cyberspace
may become a more serious threat.

Basic definition

Cyberterrorism is the leveraging of a target's computers and

information , particularly via the Internet, to cause physical, real-world
harm or severe disruption of infrastructure.

Cyberterrorism is defined as “The premeditated use of disruptive

activities, or the threat thereof, against computers and/or networks,
with the intention to cause harm or further social, ideological, religious,
political or similar objectives. Or to intimidate any person in
furtherance of such objectives.” This definition was created by Kevin G.
Coleman of the Technolytics Institute

...subsumed over time to encompass such things as simply defacing a

web site or server, or attacking non-critical systems, resulting in the
term becoming less useful...

There are some that say cyberterrorism does not exist and is really a
matter of hacking or information warfare. They disagree with labeling it
terrorism because of the unlikelihood of the creation of fear, significant
physical harm, or death in a population using electronic means,
considering current attack and protective technologies.

Background information

Public interest in cyberterrorism began in the late 1980s. As the year

2000 approached, the fear and uncertainty about the millennium bug
heightened and interest in potential cyberterrorist attacks also
increased. However, although the millennium bug was by no means a
terrorist attack or plot against the world or the United States, it did act
as a catalyst in sparking the fears of a possibly large-scale devastating
cyber-attack. Commentators noted that many of the facts of such
incidents seemed to change, often with exaggerated media reports.

The high profile terrorist attacks in the United States on September 11,
2001 lead to further media coverage of the potential threats of
cyberterrorism in the years following. Mainstream media coverage
often discusses the possibility of a large attack making use of
computer networks to sabotage critical infrastructures with the aim of
putting human lives in jeopardy or causing disruption on a national
scale either directly or by disruption of the national economy.

Authors such as Winn Schwartau and John Arquilla are reported to have
had considerable financial success selling books which described what
were purported to be plausible scenarios of mayhem caused by
cyberterrorism. Many critics claim that these books were unrealistic in
their assessments of whether the attacks described (such as nuclear
meltdowns and chemical plant explosions) were possible. A common
thread throughout what critics perceive as cyberterror-hype is that of
non-falsifiability; that is, when the predicted disasters fail to occur, it
only goes to show how lucky we've been so far, rather than impugning
the theory.

Effects

Cyberterrorism can have a serious large-scale influence on significant

numbers of people. It can weaken countries' economy greatly, thereby
stripping it of its resources and making it more vulnerable to military
attack.

Cyberterror can also affect internet-based businesses. Like brick and

mortar retailers and service providers, most websites that produce
income (whether by advertising, monetary exchange for goods or paid
services) could stand to lose money in the event of downtime created
by cyber criminals.

As internet-businesses have increasing economic importance to

countries, what is normally cybercrime becomes more political and
therefore "terror" related.

Examples

One example of cyberterrorists at work was when terrorists in Romania

illegally gained access to the computers controlling the life support
systems at an Antarctic research station, endangering the 58 scientists
involved. However, the culprits were stopped before damage actually
occurred. Mostly non-political acts of sabotage have caused financial
and other damage, as in a case where a disgruntled employee caused
the release of untreated sewage into water in Maroochy Shire,
Australia. [3] Computer viruses have degraded or shut down some non-
essential systems in nuclear power plants, but this is not believed to
have been a deliberate attack.

More recently, in May 2007 Estonia was subjected to a mass cyber-

attack in the wake of the removal of a Russian World War II war
memorial from downtown Talinn. The attack was a distributed denial-
of-service attack in which selected sites were bombarded with traffic in
order to force them offline; nearly all Estonian government ministry
networks as well as two major Estonian bank networks were knocked
offline; in addition, the political party website of Estonia's current Prime
Minister Andrus Ansip featured a counterfeit letter of apology from
Ansip for removing the memorial statue. Despite speculation that the
attack had been coordinated by the Russian government, Estonia's
defense minister admitted he had no evidence linking cyber attacks to
Russian authorities. Russia called accusations of its involvement
"unfounded," and neither NATO nor European Commission experts
were able to find any proof of official Russian government
participation.[3] In January 2008 a man from Estonia was convicted for
launching the attacks against the Estonian Reform Party website and
fined.[4][5]

Even more recently, in October 2007, the website of Ukrainian

president Viktor Yushchenko was attacked by hackers. A radical
Russian nationalist youth group, the Eurasian Youth Movement,
claimed responsibility.[6]

Since the world of computers is ever-growing and still largely

unexplored, countries new to the cyber-world produce young computer
scientists usually interested in "having fun". Countries like China,
Greece, India, Israel, and South Korea have all been in the spotlight
before by the U.S. Media for attacks on information systems related to
the CIA and NSA. Though these attacks are usually the result of curious
young computer programmers, the United States has more than
legitimate concerns about national security when such critical
information systems fall under attack. In the past five years, the United
States has taken a larger interest in protecting its critical information
systems. It has issued contracts for high-leveled research in electronic
security to nations such as Greece and Israel, to help protect against
more serious and dangerous attacks.

In 1999 hackers attacked NATO computers. The computers flooded

them with email and hit them with a denial of service (DoS). The
hackers were protesting against the NATO bombings in Kosovo.
Businesses, public organizations and academic institutions were
bombarded with highly politicized emails containing viruses from other
European countries.[7]

Countering

The US Department of Defense charged the United States Strategic

Command with the duty of combating cyberterrorism. This is
accomplished through the Joint Task Force-Global Network Operations
(JTF-GNO). JTF-GNO is the operational component supporting
USSTRATCOM in defense of the DoD's Global Information Grid. This is
done by integrating GNO capabilities into the operations of all DoD
computers, networks, and systems used by DoD combatant
commands, services and agencies.

On November 2, 2006, the Secretary of the Air Force announced the

creation of the Air Force's newest MAJCOM, the Air Force Cyber
Command, which would be tasked to monitor and defend American
interest in cyberspace. The plan was however replaced by the creation
of Twenty-Fourth Air Force which became active in August 2009 and
would be a component of the planned United States Cyber Command.

On December 22, 2009, the White House named its head of Cyber
Security as Howard Schmidt. He will coordinate U.S Government,
military and intelligence efforts to repel hackers.

In fiction

• The Japanese cyberpunk manga, Ghost in the Shell (as well as its
popular movie and TV adaptations) centers around an anti-
cyberterrorism and cybercrime unit. In its mid-21st century Japan
setting such attacks are made all the more threatening by an
even more widespread use of technology including cybernetic
 enhancements to the human body allowing people themselves to
be direct targets of cyberterrorist attacks.
• Cyberterrorism was featured in Dan Brown's Digital Fortress.
• Cyberterrorism was featured in Amy Eastlake's Private Lies.
• In the movie Live Free or Die Hard, John McClane (Bruce Willis)
takes on a group of cyberterrorists intent on shutting down the
entire computer network of the United States.
• The movie Eagle Eye involves a super computer controlling
everything electrical and networked to accomplish the goal.
• The plots of 24 Day 4 and now Day 7 include plans to breach the
nation's nuclear plant grid and then to seize control of the entire
critical infrastructure protocol.
• The Tom Clancy created series Netforce was about a FBI/Military
team dedicated to combating cyberterrorists.
• The whole point of Mega Man Battle Network is cyberterrorism.

What is being done?

In response to heightened awareness of the potential for cyber-

terrorism President Clinton, in 1996, created the Commission of Critical
Infrastructure Protection. The board found that the combination of
electricity, communications and computers are necessary to the
survival of the U.S., all of which can be threatened by cyber-warfare.
The resources to launch a cyber attack are commonplace in the world;
a computer and a connection to the Internet are all that is really
needed to wreak havoc. Adding to the problem is that the public and
private sectors are relatively ignorant of just how much their lives
depend on computers as well as the vulnerability of those computers.
Another problem with cyber crime is that the crime must be solved,
(i.e. who were the perpetrators and where were they when they
attacked you) before it can be decided who has the actual authority to
investigate the crime. The board recommends that critical systems
should be isolated from outside connection or protected by adequate
firewalls, use best practices for password control and protection, and
use protected action logs.

Most other government organizations have also formed some type of

group to deal with cyber-terrorists. The CIA created its own group, the
Information Warfare Center, staffed with 1,000 people and a 24-hour
response team. The FBI investigates hackers and similar cases. The
Secret Service pursues banking, fraud and wiretapping cases. The Air
Force created its own group, Electronic Security Engineering Teams,
ESETs. Teams of two to three members go to random Air Force sites
and try to gain control of their computers. The teams have had a
success rate of 30% in gaining complete control of the systems.

How can we protect myself?

Currently there are no foolproof ways to protect a system. The

completely secure system can never be accessed by anyone. Most of
the militaries classified information is kept on machines with no
outside connection, as a form of prevention of cyber terrorism. Apart
from such isolation, the most common method of protection is
encryption. The wide spread use of encryption is inhibited by the
governments ban on its exportation, so intercontinental
communication is left relatively insecure. The Clinton administration
and the FBI oppose the export of encryption in favor of a system where
by the government can gain the key to an encrypted system after
gaining a court order to do so. The director of the FBI's stance is that
the Internet was not intended to go unpoliced and that the police need
to protect people's privacy and public-safety rights there. Encryption's
draw back is that it does not protect the entire system, an attack
designed to cripple the whole system, such as a virus, is unaffected by
encryption.

Others promote the use of firewalls to screen all communications to a

system, including e-mail messages, which may carry logic bombs.
Firewall is a relatively generic term for methods of filtering access to a
network. They may come in the form of a computer, router other
communications device or in the form of a network configuration.
Firewalls serve to define the services and access that are permitted to
each user. One method is to screen user requests to check if they
come from a previously defined domain or Internet Protocol (IP)
address. Another method is to prohibit Telnet access into the system.

Here are few key things to remember to pretect yourself from cyber-
terrorism:

1. All accounts should have passwords and the passwords should

be unusual, difficult to guess.
2. Change the network configuration when defects become know.
3. Check with venders for upgrades and patches.
4. Audit systems and check logs to help in detecting and tracing an
intruder.
5. If you are ever unsure about the safety of a site, or receive
suspicious email from an unkown address, don't access it. It
could be trouble.

.What would the impact be?

The intention of a cyber terrorism attack could range from economic

disruption through the interruption of financial networks and systems
or used in support of a physical attack to cause further confusion and
possible delays in proper response.Although cyber attacks have caused
billions of dollars in damage and affected the lives of millions, we have
yet witness the implications of a truly catastrophic cyber terrorism
attack.What would some of the implications be?

Direct Cost Implications

• Loss of sales during the disruption
• Staff time, network delays, intermittent access for business users
• Increased insurance costs due to litigation
• Loss of intellectual property - research, pricing, etc.
• Costs of forensics for recovery and litigation
• Loss of critical communications in time of emergency

Indirect Cost Implications

 • Loss of confidence and credibility in our financial systems
• Tarnished relationships& public image globally
• Strained business partner relationships - domestic and
internationally
• Loss of future customer revenues for an individual or group of
companies
• Loss of trust in the government and computer industry

what is Cyber-terrorism?
In the wake of the recent computer attacks, many have
been quick to jump to conclusions that a new breed of terrorism is on
the rise and our country must defend itself with all possible means. As
a society we have a vast operational and legal experience and proved
techniques to combat terrorism, but are we ready to fight terrorism in
the new arena – cyber space?

A strategic plan of a combat operation includes characterization of the

enemy’s goals, operational techniques, resources, and agents. Prior to
taking combative actions on the legislative and operational front, one
has to precisely define the enemy. That is, it is imperative to expand
the definition of terrorism to include cyber-terrorism.

As a society that prides itself on impartiality of justice, we must

provide clear and definitive legislative guidelines for dealing with new
breed of terrorism. As things stand now, justice cannot be served as
we have yet to provide a clear definition of the term. In this light, I
propose to re-examine our understanding of cyber-terrorism.

There is a lot of misinterpretation in the definition cyber-terrorism, the word consisting of

familiar "cyber" and less familiar "terrorism". While "cyber" is anything related to our
tool of trade, terrorism by nature is difficult to define. Even the U.S. government cannot
agree on one single definition. The old maxim, "One man's terrorist is another man's
freedom fighter" is still alive and well.

B. Who are cyber terrorists?

From American point of view the most dangerous terrorist group is Al-
Qaeda which is considered the first enemy for the US. According to US
official’s data from computers seized in Afghanistan indicate that the
group has scouted systems that control American energy facilities,
water distribution, communication systems, and other critical
infrastructure.

After April 2001 collision of US navy spy plane and Chinese fighter jet,
Chinese hackers launched Denial os Service (DoS) attacks against
American web sites.
A study that covered the second half of the year 2002 showed that the
most dangerous nation for originating malicious cyber attacks is the C.
Why do they use cyber attacks?
Cyber terrorist prefer using the cyber attack methods because of many
advantages for it.
It is Cheaper than traditional methods.
The action is very difficult to be tracked.
They can hide their personalities and location.
There are no physical barriers or check points to cross.
They can do it remotely from anywhere in the world.
They can use this method to attack a big number of targets.
They can affect a large number of people.

D. Forms of cyber terrorism-

(I) Privacy violation:
The law of privacy is the recognition of the individual's right to be let
alone and to have his personal space inviolate. The right to privacy as
an independent and distinctive concept originated in the field of Tort
law, under which a new cause of action for damages resulting from
unlawful invasion of privacy was recognized. In recent times, however,
this right has acquired a constitutional status, the violation of which
attracts both civil as well as criminal consequences under the
respective laws. The intensity and complexity of life have rendered
necessary some retreat from the world. Man under the refining
influence of culture, has become sensitive to publicity, so that solitude
and privacy have become essential to the individual. The various
provisions of the Act aptly protect the online privacy rights of the
citizens. Certain acts have been categorized as offences and
contraventions, which have tendency to intrude with the privacy rights
of the citizens.

(II) Secret information appropriation and data theft:

The information technology can be misused for appropriating the
valuable Government secrets and data of private individuals and the
Government and its agencies. A computer network owned by the
Government may contain valuable information concerning defence and
other top secrets, which the Government will not wish to share
otherwise. The same can be targeted by the terrorists to facilitate their
activities, including destruction of property. It must be noted that the
definition of property is not restricted to moveables or immoveables

(III) Demolition of e-governance base:

The aim of e-governance is to make the interaction of the citizens with
the government offices hassle free and to share information in a free
and transparent manner. It further makes the right to information a
meaningful reality. In a democracy, people govern themselves and
they cannot govern themselves properly unless they are aware of
social, political, economic and other issues confronting them. To
enable them to make a proper judgment on those issues, they must
have the benefit of a range of opinions on those issues. Right to
receive and impart information is implicit in free speech. This, right to
receive information is, however, not absolute but is subject to
reasonable restrictions which may be imposed by the Government in
public interest.

(IV) Distributed denial of services attack:

The cyber terrorists may also use the method of distributed denial of
services (DDOS) to overburden the Government and its agencies
electronic bases. This is made possible by first infecting several
unprotected computers by way of virus attacks and then taking control
of them. Once control is obtained, they can be manipulated from any
locality by the terrorists. These infected computers are then made to
send information or demand in such a large number that the server of
the victim collapses. Further, due to this unnecessary Internet traffic
the legitimate traffic is prohibited from reaching the Government or its
agencies computers. This results in immense pecuniary and strategic
loss to the government and its agencies.

It must be noted that thousands of compromised computers can be

used to simultaneously attack a single host, thus making its electronic
existence invisible to the genuine and legitimate citizens and end
users. The law in this regard is crystal clear.

(V) Network damage and disruptions:

The main aim of cyber terrorist activities is to cause networks damage
and their disruptions. This activity may divert the attention of the
security agencies for the time being thus giving the terrorists extra
time and makes their task comparatively easier. This process may
involve a combination of computer tampering, virus attacks, hacking,
etc.

E. The danger of cyber terrorism-

General John Gordon, the White House Homeland Security Advisor,
speaking at the RSA security conference in San Francisco, CA Feb. 25,
2004 indicated that whether someone detonates a bomb that cause
bodily harm to innocent people or hacked into a web-based IT system
in a way that could, for instance, take a power grid offline and result in
blackout, the result is ostensibly the same. He also stated that the
potential for a terrorist cyber attack is real.

Cyber terrorists can destroy the economy of the country by attacking

the critical infrastructure in the big towns such as electric power and
water supply, still the blackout of the North Western states in the US in
Aug. 15, 2003 is unknown whether it was a terrorist act or not, or by
attacking the banks and financial institutions and play with their
computer systems.

Cyber terrorists can endanger the security of the nation by targeting

the sensitive and secret information (by stealing, disclosing, or
destroying).

The Impact of Cyber Terrorism-

The intention of a cyber terrorism attack could range from economic
disruption through the interruption of financial networks and systems
or used in support of a physical attack to cause further confusion and
possible delays in proper response. Although cyber attacks have
caused billions of dollars in damage and affected the lives of millions,
we have yet witness the implications of a truly catastrophic cyber
terrorism attack. What would some of the implications be?

Direct Cost Implications

• Loss of sales during the disruption
• Staff time, network delays, intermittent access for business users
• Increased insurance costs due to litigation
• Loss of intellectual property - research, pricing, etc.
• Costs of forensics for recovery and litigation
• Loss of critical communications in time of emergency.

Indirect Cost Implications

• Loss of confidence and credibility in our financial systems
• Tarnished relationships& public image globally
• Strained business partner relationships - domestic and internationally

• Loss of future customer revenues for an individual or group of

companies
• Loss of trust in the government and computer industry

Some incidents of cyber terrorism-

The following are notable incidents of cyber terrorism:
• In 1998, ethnic Tamil guerrillas swamped Sri Lankan embassies with
800 e-mails a day over a two-week period. The messages read "We are
the Internet Black Tigers and we're doing this to disrupt your
communications." Intelligence authorities characterized it as the first
known attack by terrorists against a country's computer systems.
• During the Kosovo conflict in 1999, NATO computers were blasted
with e-mail bombs and hit with denial-of-service attacks by hacktivists
protesting the NATO bombings.

•One of the worst incidents of cyber terrorists at work was when

crackers in Romania illegally gained access to the computers
controlling the life support systems at an Antarctic research station,
endangering the 58 scientists involved. More recently, in May 2007
Estonia was subjected to a mass cyber-attack by hackers inside the
Russian Federation which some evidence suggests was coordinated by
the Russian government, though Russian officials deny any knowledge
of this. This attack was apparently in response to the removal of a
Russian World War II war memorial from downtown Estonia.

Efforts of combating cyber terrorism-

The Interpol, with its 178 member countries, is doing a great job in
fighting against cyber terrorism. They are helping all the member
countries and training their personnel. The Council of Europe
Convention on Cyber Crime, which is the first international treaty for
fighting against computer crime, is the result of 4 years work by
experts from the 45 member and non-member countries including
Japan, USA, and Canada. This treaty has already enforced after its
ratification by Lithuania on 21st of March 2004.

The Association of South East Asia Nations (ASEAN) has set plans for
sharing information on computer security. They are going to create a
regional cyber-crime unit by the year 2005.

Protection from cyber terrorism- a few suggestions

Currently there are no foolproof ways to protect a system. The
completely secure system can never be accessed by anyone. Most of
the militaries classified information is kept on machines with no
outside connection, as a form of prevention of cyber terrorism. Apart
from such isolation, the most common method of protection is
encryption. The wide spread use of encryption is inhibited by the
governments ban on its exportation, so intercontinental
communication is left relatively insecure. The Clinton administration
and the FBI oppose the export of encryption in favor of a system where
by the government can gain the key to an encrypted system after
gaining a court order to do so. The director of the FBI's stance is that
the Internet was not intended to go unpoliced and that the police need
to protect people's privacy and public-safety rights there. Encryption's
draw back is that it does not protect the entire system, an attack
designed to cripple the whole system, such as a virus, is unaffected by
encryption.

Others promote the use of firewalls to screen all communications to a

system, including e-mail messages, which may carry logic bombs.
Firewall is a relatively generic term for methods of filtering access to a
network. They may come in the form of a computer, router other
communications device or in the form of a network configuration.
Firewalls serve to define the services and access that are permitted to
each user. One method is to screen user requests to check if they
come from a previously defined domain or Internet Protocol (IP)
address. Another method is to prohibit Telnet access into the system.

Here are few key things to remember to protect from cyber-

terrorism:
1. All accounts should have passwords and the passwords should be
unusual, difficult to guess.
2. Change the network configuration when defects become know.
3. Check with venders for upgrades and patches.
4. Audit systems and check logs to help in detecting and tracing an
intruder.
5. If you are ever unsure about the safety of a site, or receive
suspicious email from an unknown address, don't access it. It could be
trouble.

Indian law & Cyber terrorism-

In India there is no law, which is specifically dealing with prevention of
malware through aggressive defense. Thus, the analogous provisions
have to be applied in a purposive manner. The protection against
malware attacks can be claimed under the following categories:
(1) Protection available under the Constitution of India, and
(2) Protection available under other statutes.

(1) Protection under the Constitution of India:

The protection available under the Constitution of any country is the
strongest and the safest one since it is the supreme document and all
other laws derive their power and validity from it. If a law satisfies the
rigorous tests of the Constitutional validity, then its applicability and
validity cannot be challenge and it becomes absolutely binding. The
Constitutions of India, like other Constitutions of the world, is organic
and living in nature and is capable of molding itself as per the time and
requirements of the society.

(2) Protection under other statutes:

The protection available under the Constitution is further strengthened
by various statutory enactments. These protections can be classified
as:
(A) Protection under the Indian Penal Code (I.P.C), 1860, and
(B) Protection under the Information Technology Act (ITA), 2000.

The roads ahead Forms of cyber terrorism

It is very difficult to exhaustively specify the forms of cyber terrorism.
In fact, it would not be a fruitful exercise to do the same. The nature of
cyber terrorism requires it to remain inclusive and open ended in
nature, so that new variations and forms of it can be accommodated in
the future. The following can be safely regarded as the forms of cyber
terrorism applying the definition and the concepts discussed above:

(I) Privacy violation:

The law of privacy is the recognition of the individual's right to

be let alone and to have his personal space inviolate.. In recent times,
however, this right has acquired a constitutional status the violation of
which attracts both civil as well as criminal consequences under the
respective laws. The intensity and complexity of life have rendered
necessary some retreat from the world. Man under the refining
influence of culture, has become sensitive to publicity, so that solitude
and privacy have become essential to the individual. Modern
enterprise and invention have, through invasions upon his privacy,
subjected him to mental pain and distress, far greater than could be
inflicted by mere bodily injury. Right to privacy is a part of the right to
life and personal liberty enshrined under Article 21 of the Constitution
of India. With the advent of information technology the traditional
concept of right to privacy has taken new dimensions, which require a
different legal outlook. Thus, if a person (including a foreign national)
contravenes the privacy of an individual by means of computer,
computer system or computer network located in India, he would be
liable under the provisions of the Act. This makes it clear that the long
arm jurisdiction is equally available against a cyber terrorist, whose act
has resulted in the damage of the property, whether tangible or
intangible.

(II) Secret information appropriation and data theft :

The information technology can be misused for appropriating the

valuable Government secrets and data of private individuals and the
Government and its agencies. A computer network owned by the
Government may contain valuable information concerning defence and
other top secrets, which the Government will not wish to share
otherwise. The same can be targeted by the terrorists to facilitate their
activities, including destruction of property. It must be noted that the
definition of property is not restricted to moveables or immoveables
alone.

(III) Demolition of e-governance base:

The aim of e-governance is to make the interaction of the citizens with

the government offices hassle free and to share information in a free
and transparent manner. It further makes the right to information a
meaningful reality. In a democracy, people govern themselves and
they cannot govern themselves properly unless they are aware of
social, political, economic and other issues confronting them. To
enable them to make a proper judgment on those issues, they must
have the benefit of a range of opinions on those issues. Right to
receive and impart information is implicit in free speech. This, right to
receive information is, however, not absolute but is subject to
reasonable restrictions which may be imposed by the Government in
public interest.

(IV) Distributed denial of services attack:

The cyber terrorists may also use the method of distributed

denial of services (DDOS) to overburden the Government and its
agencies electronic bases. This is made possible by first infecting
several unprotected computers by way of virus attacks and then taking
control of them. Once control is obtained, they can be manipulated
from any locality by the terrorists. These infected computers are then
made to send information or demand in such a large number that the
server of the victim collapses. Further, due to this unnecessary Internet
traffic the legitimate traffic is prohibited from reaching the
Government or its agencies computers. This results in immense
pecuniary and strategic loss to the government and its agencies. It
must be noted that thousands of compromised computers can be used
to simultaneously attack a single host, thus making its electronic
existence invisible to the genuine and legitimate netizens and end
users. The law in this regard is crystal clear.

(V) Network damage and disruptions:

The main aim of cyber terrorist activities is to cause networks damage

and their disruptions. This activity may divert the attention of the
security agencies for the time being thus giving the terrorists extra
time and makes their task comparatively easier. This process may
involve a combination of computer tampering, virus attacks, hacking,
etc. The law in this regard provides that if any person without
permission of the owner or any other person who is incharge of a
computer, computer system or computer network -

(a) accesses or secures access to such computer, computer system or

computer network

(b) introduces or causes to be introduced any computer contaminant

or computer virus into any computer, computer system or computer
network;

(c) damages or causes to be damaged any computer, computer system

or computer network, data, computer data base or any other
programmes residing in such computer, computer system or computer
network;

(d) disrupts or causes disruption of any computer, computer system or

computer network;
(e) denies or causes the denial of access to any person authorised to
access any computer, computer system or computer network by any
means;

he shall be liable to pay damages by way of compensation not

exceeding one crore rupees to the person so affected. The
expression "Computer Virus" means any computer instruction,
information, data or programme that destroys, damages, degrades
or adversely affects the performance of a computer resource or
attaches itself to another computer resource and operates when a
programme, data or instruction is executed or some other event
takes place in that computer resource.

Further, a vigilant citizenry can supplement the commitment of

elimination of cyber terrorism.

(1) Legislative commitment:

The legislature can provide its assistance to the benign objective of

elimination of cyber terrorism by enacting appropriate statutes dealing
with cyber terrorism. It must be noted that to give effect to the
provisions of Information Technology Act, 2000 appropriate
amendments have been made in the I.P.C, 1860, the Indian Evidence
Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve
Bank of India Act, 1934.

(2) Executives concern:

The Central Government and the State Governments can play their
role effectively by making various rules and regulations dealing with
cyber terrorism and its facets from time to time. The Central
Government can, by notification in the Official Gazette and in the
Electronic Gazette, makes rules to carry out the provisions of the
Information Technology Act. Similarly, the State Government can, by
notification in Official Gazette, makes rules to carry out the provisions
of the Act. . If any Cyber Café Owner/Network Service Provider
failsologies. to maintain Log Register and records he shall be liable for
penalties as provided in the Act or any other Law, for the time being in
force. These provisions are sufficient to take care of illegal use of cyber
café for terrorist activities.

(3)Judicial response:

The judiciary can play its role by adopting a stringent approach

towards the menace of cyber terrorism. It must, however, first tackle
the jurisdiction problem because before invoking its judicial powers the
courts are required to satisfy themselves that they possess the
requisite jurisdiction to deal with the situation. Since the Internet "is a
cooperative venture not owned by a single entity or government, there
are no centralized rules or laws governing its use. The absence of
geographical boundaries may give rise to a situation where the act
legal in one country where it is done may violate the laws of another
country. This process further made complicated due to the absence of
a uniform and harmonised law governing the jurisdictional aspects of
disputes arising by the use of Internet. It must be noted that,
generally, the scholars point towards the following "theories" under
which a country may claim prescriptive jurisdiction:

(a) a country may claim jurisdiction based on "objective territoriality"

when an activity takes place within the country,

(b) a "subjective territoriality" may attach when an activity takes place

outside a nation's borders but the "primary effect" of the action is
within the nation's borders,

(c) a country may assert jurisdiction based on the nationality of either

the actor or the victim,

(d) in exceptional circumstances, providing the right to protect the

nation's sovereignty when faced with threats recognised as particularly
serious in the international community.

In addition to establishing a connecting nexus, traditional

international doctrine also calls for a "reasonable" connection between
the offender and the forum. Depending on the factual context, courts
look to such factors, as whether the activity of individual has a
"substantial and foreseeable effect" on the territory, whether a
"genuine link" exists between the actor and the forum, the character of
the activity and the importance of the regulation giving rise to the
controversy, the extent to which exceptions are harmed by the
regulation, and the importance of the regulation in the international
community. The traditional jurisdictional paradigms may provide a
framework to guide analysis for cases arising in cyberspace.

(4) Vigilant citizenry:

The menace of cyber terrorism is not the sole responsibility of State

and its instrumentalities. The citizens as well as the netizens are
equally under a solemn obligation to fight against the cyber terrorism.
In fact, they are the most important and effective cyber terrorism
eradication and elimination mechanism. The only requirement is to
encourage them to come forward for the support of fighting against
cyber terrorism. The government can give suitable incentives to them
in the form of monetary awards. It must, however, be noted that their
anonymity and security must be ensured before seeking their help.
The courts are also empowered to maintain their anonymity if they
provide any information and evidence to fight against cyber terrorism.

Conclusion:
The problem of cyber terrorism is multilateral having varied facets and
dimensions. Its solution requires rigorous application of energy and
resources. It must be noted that law is always seven steps behind the
technology. This is so because we have a tendency to make laws when
the problem reaches at its zenith. We do not appreciate the need of
the hour till the problem takes a precarious dimension. At that stage it
is always very difficult, if not impossible, to deal with that problem.
This is more so in case of offences and violations involving information
technology. One of the argument, which is always advanced to justify
this stand of non-enactment is that “the measures suggested are not
adequate to deal with the problem”. It must be appreciated that
“something is better then nothing”. The ultimate solution to any
problem is not to enact a plethora of statutes but their rigorous and
dedicated enforcement. The courts may apply the existing laws in a
progressive, updating and purposive manner. It must be appreciated
that it is not the “enactment” of a law but the desire, will and efforts to
accept and enforce it in its true letter and spirit, which can confer the
most strongest, secure and safest protection for any purpose. The
enforcement of these rights requires a “qualitative effort” and not a
“quantitative effort”. Thus, till a law dealing expressly with cyber
terrorism is enacted, we must not feel shy and hesitant to use the
existing provisions.