Академический Документы
Профессиональный Документы
Культура Документы
on
IS
PREFACE
The term cyber terrorism is becoming increasingly common in the popular culture, yet a
solid definition of the word seems hard to come by. While the phrase is loosely defined,
attempt to define cyber terrorism more logically, a study is made of definitions and
attributes of terrorism and terrorist events. In particular, the breadth of the issue poses
significant questions for those who argue for vertical solutions to what is certainly a
horizontal problem.
I am very thankful to Ms. Rashmi Thakur, who has given a great contribution in the
framing and completion of this Project and without her efficient supervision and support
I would have never been able to appreciate the depth of the topic. I am also very thankful
to Prof. L.M. Singh, Head and Dean, Faculty of Law, University of Allahabad, and to
Prof. B.P. Singh, Coordinator, B.A.LL.B. (Hons.), Five Year Integrated Course, who
were benign enough to grant me the authorization and approvals which were essential for
Finally, I would like to thank and express my gratitude to all those who directly or
Karan Kapoor
Semester-VIII
B.A.LL.B.(Hons.)
CONTENTS
Chapters Page
No.
1. Introduction 4-7
1.
What Is Cyber Terrorism ?
2. 8-13
2.
Forms of Cyber Terrorism
3. 14-22
3.
The Impact of Cyber Terrorism- a Brief Idea
4. 24-26
4.
8. Conclusion 42-43
8.
2. Cyber Terrorism : The new kind of Terrorism By: DR. MUDAWI MUKHTAR
ELMUSHARAF.
PRAVEEN DALAL.
CHAPTER I
Introduction
If you ask 10 people what cyber terrorism is, you will get at least nine different
answers! When those 10 people are computer security experts, whose task it is to create
various forms of protection against cyber terrorism, this discrepancy moves from
comedic to rather worrisome. When these 10 people represent varied factions of the
governmental agencies tasked with protecting our national infrastructure and assets, it
becomes a critical issue. However, given the lack of documented scientific support to
incorporate various aspects of computer-related crime into the genre cyber terrorism,
this situation should not be surprising. Despite copious media attention, there is no
consensus methodology by which various actions may be placed under the nomenclature
cyber terrorism, yet the term clearly exists in common usage. The term, first coined in
the 1980s by Barry Collin (Collin, 1997), has blossomed in the last several years:
Protect yourself from the cyber terrorist; Insure yourself against cyber terrorism;
All of these sound nice, but the reality is that the reader, solution provider, or defender is
often left to his own devices as to what the term actually means and thus what solutions
infrastructure may be at stake, subjectivity is useful but may not be the best evaluative
tool.
At the same time, research of this phenomenon shows that cyber terrorism cannot easily
be defined. This creates a Catch-22 situation: the thing cannot be defined yet without
defining it, one cannot know what it is one is fighting and hence come up with a good
attack/security event does not fit into one of the (often narrowly defined) categories,
The threat of terrorism has posed an immense challenge in the post Cold War period.
Terror attacks in major cities, towns and tourist resorts across the globe have
demonstrated the inadequacy of the State mechanisms to address this challenge. Serious
attempts have been made by Nations to address this challenge by designing counter
terrorism strategies and anti terror mechanisms. However, most of there are designed in a
nature.
Information technology (IT) has exposed the user to a huge data bank of information
regarding everything and anything. However, it has also added a new dimension to
terrorism. Recent reports suggest that the terrorist is also getting equipped to utilize
cyber space to carryout terrorist attacks. The possibility of such attacks in future cannot
In the last couple of decades India has carved a niche for itself in IT. Most of the Indian
banking industry and financial institutions have embraced IT to its full optimization.
Reports suggest that cyber attacks are understandably directed toward economic and
financial institutions. Given the increasing dependency of the Indian economic and
financial institutions on IT, a cyber attack against them might lead to an irreparable
collapse of our economic structures. And the most frightening thought is the
envisages an understanding of the nature and effectiveness of cyber attacks and making
an effort to study and analyse the efforts made by India to address this challenge and
CHAPTER II
What is Terrorism?
influence an audience. The United States has employed this definition of terrorism for
statistical and analytical purposes since 1983. U.S. Department of State, 2002, Patterns
Security expert Dorothy Denning defines cyber terrorism as ... politically motivated
hacking operations intended to cause grave harm such as loss of life or severe economic
damage.
Cyber terrorism is the premeditated use of disruptive activities, or the threat thereof, in
cyber space, with the intention to further social, ideological, religious, political or similar
Computers and the internet are becoming an essential part of our daily life. They are
being used by individuals and societies to make their life easier. They use them for
controlling machines, typing, editing, designing, drawing, and almost all aspects of life.
The most deadly and destructive consequence of this helplessness is the emergence of
the concept of cyber terrorism. The traditional concepts and methods of terrorism have
taken new dimensions, which are more destructive and deadly in nature. In the age of
information technology the terrorists have acquired an expertise to produce the most
due course of time, will take its own toll. The damage so produced would be almost
irreversible and most catastrophic in nature. In short, we are facing the worst form of
includes an intentional negative and harmful use of the information technology for
producing destructive and harmful effects to the property, whether tangible or intangible,
of others. For instance, hacking of a computer system and then deleting the useful and
valuable business information of the rival competitor is a part and parcel of cyber
terrorism.
The definition of "cyber terrorism" cannot be made exhaustive as the nature of crime is
such that it must be left to be inclusive in nature. The nature of "cyberspace is such that
new methods and technologies are invented regularly; hence it is not advisable to put the
definition in a straightjacket formula or pigeons hole. In fact, the first effort of the Courts
should be to interpret the definition as liberally as possible so that the menace of cyber
The law dealing with cyber terrorism is, however, not adequate to meet the precarious
intentions of these cyber terrorists and requires a rejuvenation in the light and context of
Before we can discuss the possibilities of cyber terrorism, we must have some working
definitions. The word cyber terrorism refers to two elements: cyberspace and
terrorism.
Another word for cyberspace is the virtual world i,e a place in which computer
programs function and data moves. Terrorism is a much used term, with many
definitions. For the purposes of this presentation, we will use the United States
clandestine agents.
computer systems, computer programs, and data which result in violence against
The basic definition of Cyber-terrorism subsumed over time to encompass such things as
simply defacing a web site or server, or attacking non-critical systems, resulting in the
term becoming less useful. There is also a train of thought that says cyber terrorism does
not exist and is really a matter of hacking or information warfare. Some disagree with
From American point of view the most dangerous terrorist group is Al-Qaeda which is
considered the first enemy for the US. According to US officials data from computers
seized in Afghanistan indicate that the group has scouted systems that control American
infrastructure.
After April 2001 collision of US navy spy plane and Chinese fighter jet, Chinese hackers
A study that covered the second half of the year 2002 showed that the most dangerous
nation for originating malicious cyber attacks is the United States with 35.4% of the
cases down from 40% for the first half of the same year. South Korea came next with
12.8%, followed by China 6.2% then Germany 6.7% then France 4%. The UK came
number 9 with 2.2%. According to the same study, Israel was the most active country in
terms of number of cyber attacks related to the number of internet users. There are so
many groups who are very active in attacking their targets through the computers.
The Unix Security Guards (USG) a pro Islamic group launched a lot of digital attacks in
May 2002. Another group called World's Fantabulas Defacers (WFD) attacked many
Indian sites. Also there is another pro Pakistan group called Anti India Crew (AIC) who
Cyber terrorist prefer using the cyber attack methods because of many advantages for it.
CHAPTER III
Here, the kind indulgence is asked toward the definition of Cyber Crime.
Cyber Crime is crime that is enabled by, or that targets computers. Cyber Crime can
laws. However, cyber crime also includes attacks against computers to deliberately
data.
Some of the major tools of cyber crime may be- Botnets, Estonia, 2007, Malicious Code
It is pertinent to mark here that there are other forms which could be covered under the
heading of Cyber Crime & simultaneously is also an important tools for terrorist
Access means gaining entry into, instructing or communicating with the logical,
network. Unauthorized access would therefore mean any kind of access without the
permission of either the rightful owner or the person in charge of a computer, computer
Every act committed towards breaking into a computer and/or network is hacking.
Hackers write or use ready-made computer programs to attack the target computer. They
possess the desire to destruct and they get the kick out of such destruction. Some hackers
hack for personal monetary gains, such as to stealing the credit card information,
transferring money from various bank accounts to their own account followed by
withdrawal of money.
By hacking web server taking control on another persons website called as web
hijacking.
Trojan Attack:-
The program that act like something useful but do the things that are quiet damping. The
The name Trojan Horse is popular. Trojans come in two parts, a Client part and a Server
part. When the victim (unknowingly) runs the server on its machine, the attacker will
then use the Client to connect to the Server and start using the trojan. TCP/IP protocol is
the usual protocol type used for communications, but some functions of the trojans use
A program that has capability to infect other programs and make copies of itself and
Programs that multiply like viruses but spread from computer to computer are called as
Michael Jackson. Once it infects the computer it automatically spread the worm into
Email spoofing
Email spoofing refers to email that appears to have been originated from one source
Email Spamming
Email "spamming" refers to sending email to thousands and thousands of users - similar
to a chain letter.
E-mails are used to send viruses, Trojans etc through emails as an attachment or by
Email bombing
Defamatory emails
Email frauds
IRC related
Attack on Infrastructure:
Our banks and financial institutions; air, sea, rail and highway transportation systems;
telecommunications; electric power grids; oil and natural gas supply linesall are
Typically, the control centers and major nodes in these systems are more vulnerable to
cyber than physical attack, presenting considerable opportunity for cyber terrorists.
There, could be other losses to infrastructure too as Kevin Coleman in his article on
against an infrastructure or business, with a division of costs into direct and indirect
implications:
Examples:-
In case of an air traffic system that is mainly computerized and is set to establish the
flight routes for the airplanes, calculating the flight courses for all the planes in the air to
follow. Also, plane pilots have to check the course as well as the other planes being
around using the onboard radar systems that are not connected to external networks,
factory or plant production of any kind of product: food, equipment, vehicles etc. In case
this organization is highly reliant on the technological control, including a human control
only in the end of production, not on the checkpoint stages, then any malfunction would
be extremely hard to point out, fix and as a result to spot out a cyber-crime being
committed.
The law of privacy is the recognition of the individual's right to be let alone and to have
his personal space inviolate. The right to privacy as an independent and distinctive
concept originated in the field of Tort law. In recent times, however, this right has
violation of which attracts both civil as well as criminal consequences under the
respective laws. Modern enterprise and invention have, through invasions upon his
privacy, subjected him to mental pain and distress, far greater than could be inflicted by
mere bodily injury. Right to privacy is a part of the right to life and personal liberty
enshrined under Article 21 of the Constitution of India. With the advent of information
technology the traditional concept of right to privacy has taken new dimensions, which
Technology Act, 2000 can be taken. The various provisions of the Act protect the online
privacy rights of the net users. These rights are available against private individuals as
well as against cyber terrorists. Section 1 (2) read with Section 75 of the Act provides for
computer system or computer network located in India, he would be liable under the
provisions of the Act. This makes it clear that the long arm jurisdiction is equally
available against a cyber terrorist, whose act has resulted in the damage of the property,
The law of privacy is the recognition of the individual's right to be let alone and to have
his personal space inviolate. The right to privacy as an independent and distinctive
concept originated in the field of Tort law, under which a new cause of action for
damages resulting from unlawful invasion of privacy was recognized. In recent times,
however, this right has acquired a constitutional status, the violation of which attracts
both civil as well as criminal consequences under the respective laws. The intensity and
complexity of life have rendered necessary some retreat from the world. Man under the
refining influence of culture, has become sensitive to publicity, so that solitude and
privacy have become essential to the individual. Modern enterprise and invention have,
through invasions upon his privacy, subjected him to mental pain and distress, far greater
than could be inflicted by mere bodily injury. Right to privacy is a part of the right to life
and personal liberty enshrined under Article 21 of the Constitution of India. With the
advent of information technology the traditional concept of right to privacy has taken
new dimensions, which require a different legal outlook. To meet this challenge recourse
The various provisions of the Act aptly protect the online privacy rights of the citizens.
Certain acts have been categorized as offences and contraventions, which have tendency
The information technology can be misused for appropriating the valuable Government
secrets and data of private individuals and the Government and its agencies. A computer
defence and other top secrets, which the Government will not wish to share otherwise.
The same can be targeted by the terrorists to facilitate their activities, including
destruction of property. It must be noted that the definition of property is not restricted to
In R.K. Dalmia v Delhi Administration the Supreme Court held that the word "property"
is used in the I.P.C in a much wider sense than the expression "movable property". There
is no good reason to restrict the meaning of the word "property" to moveable property
only, when it is used without any qualification. Whether the offence defined in a
particular section of IPC can be committed in respect of any particular kind of property,
will depend not on the interpretation of the word "property" but on the fact whether that
particular kind of property can be subject to the acts covered by that section.
The aim of e-governance is to make the interaction of the citizens with the government
offices hassle free and to share information in a free and transparent manner. It further
themselves and they cannot govern themselves properly unless they are aware of social,
political, economic and other issues confronting them. To enable them to make a proper
judgment on those issues, they must have the benefit of a range of opinions on those
issues. Right to receive and impart information is implicit in free speech. This, right to
receive information is, however, not absolute but is subject to reasonable restrictions
which may be imposed by the Government in public interest. . In P.U.C.L. V U.O.I the
Supreme Court specified the grounds on which the government can withhold information
relating to various matters, including trade secrets. The Supreme Court observed: "
The cyber terrorists may also use the method of distributed denial of services (DDOS) to
overburden the Government and its agencies electronic bases. This is made possible by
first infecting several unprotected computers by way of virus attacks and then taking
control of them. Once control is obtained, they can be manipulated from any locality by
the terrorists. These infected computers are then made to send information or demand in
such a large number that the server of the victim collapses. Further, due to this
unnecessary Internet traffic the legitimate traffic is prohibited from reaching the
Government or its agencies computers. This results in immense pecuniary and strategic
simultaneously attack a single host, thus making its electronic existence invisible to the
genuine and legitimate citizens and end users. The law in this regard is crystal clear.
The main aim of cyber terrorist activities is to cause networks damage and their
disruptions. This activity may divert the attention of the security agencies for the time
being thus giving the terrorists extra time and makes their task comparatively easier. This
process may involve a combination of computer tampering, virus attacks, hacking, etc.
CHAPTER IV
Cyber terrorists can endanger the security of the nation by targeting the sensitive and
The intention of a cyber terrorism attack could range from economic disruption through
the interruption of financial networks and systems or used in support of a physical attack
to cause further confusion and possible delays in proper response. Although cyber
attacks have caused billions of dollars in damage and affected the lives of millions, we
have yet witness the implications of a truly catastrophic cyber terrorism attack. What
In 1998, ethnic Tamil guerrillas swamped Sri Lankan embassies with 800 e-mails a day
over a two-week period. The messages read "We are the Internet Black Tigers and we're
During the Kosovo conflict in 1999, NATO computers were blasted with e-mail bombs
and hit with denial-of-service attacks by hacktivists protesting the NATO bombings. In
Since December 1997, the Electronic Disturbance Theater (EDT) has been conducting
Web sit-ins against various sites in support of the Mexican Zapatistas. At a designated
time, thousands of protestors point their browsers to a target site using software that
floods the target with rapid and repeated download requests. EDT's software has also
been used by animal rights groups against organizations said to abuse animals.
Electrohippies, another group of hacktivists, conducted Web sit-ins against the WTO
One of the worst incidents of cyber terrorists at work was when crackers in Romania
illegally gained access to the computers controlling the life support systems at an
Antarctic research station, endangering the 58 scientists involved. More recently, in May
2007 Estonia was subjected to a mass cyber-attack by hackers inside the Russian
Federation which some evidence suggests was coordinated by the Russian government,
though Russian officials deny any knowledge of this. This attack was apparently in
response to the removal of a Russian World War II war memorial from downtown
Estonia.
CHAPTER V
Singapore
New laws allowing Singapore to launch pre-emptive strikes against computer hackers
have raised fears that Internet controls are being tightened and privacy compromised in
the name of fighting terrorism The city-state's parliament has approved tough new
legislation aimed at stopping "cyber terrorism," referring to computer crimes that are
endanger national security, foreign relations, banking and essential public services.
Security agencies can now patrol the Internet and swoop down on hackers suspected of
Computer Misuse Act such as website hackers can be jailed up to three years or fined up
to S$10,000 ($5,800).
New York
A bill sponsored by state Sen. Michael Balboni, R-East Williston, that makes cyber
terrorism a felony was approved by the legislative body earlier this month and sent to the
State Assembly. Under the legislation, cyber terrorism, using computers to disrupt,
terrorize or kill, would become a class B felony, carrying a prison term of up to 25 years.
Malaysia
emergency response to high-tech attacks on economies and trading systems around the
globe, reports said. Prime Minister Abdullah Ahmad Badawi said during a visit to the
United States that the facility, sited at the high-tech hub of Cyberjaya outside Kuala
Lumpur, would be funded and supported by governments and the private sector.
The New Straits Times said the centre would be modelled on the Centre for Disease
Control in Atlanta, which helps handle outbreaks of disease around the world.
Abdullah -- who announced the initiative at the close of the World Congress on
Information Technology in Austin, Texas -- said the threat of cyber-terrorism was too
The Interpol, with its 178 member countries, is doing a great job in fighting against
cyber terrorism. They are helping all the member countries and training their personnel.
The Council of Europe Convention on Cyber Crime, which is the first international
treaty for fighting against computer crime, is the result of 4 years work by experts from
the 45 member and non-member countries including Japan, USA, and Canada. This
treaty has already enforced after its ratification by Lithuania on 21st of March 2004.
The Association of South East Asia Nations (ASEAN) has set plans for sharing
information on computer security. They are going to create a regional cyber-crime unit
United Kingdom
United Kingdom adopted Terrorism Act, 2000, which gives the definition of terrorism
Pakistan
Whoever commits the offence of cyber terrorism and causes death of any person shall be
punishable with death or imprisonment for life, according to the ordinance, which was
published by the state-run APP news agency. The Prevention of Electronic Crimes law
through the use of a computer or any other electronic device, the government said in the
Universal Declaration of Human Rights in its Preamble talks about a freedom from fear
and want. Freedom from fear is mostly a term of psychological nature, however, it is
being used very widely nowadays especially in cases of terrorism. Article 3 of the
Declaration sets the right to security of person. As we know, term person also
includes an environment (s)he exists in, different from the term individual which under
one of the concepts imagines it as something abstract, apart from any other surrounding
conditions. So protecting a personal security would also mean protecting his (her) social,
economical and other connections, threads established with the environment. As long
or internet, cyber-terrorism protection also deals with security of person. Here I would
also add Article 5 with its protection against degrading treatment. Personal harm is
also a part of degradation and treating a person in a current way is something that may be
One important provision that I would like to pay special attention to is Article 12 of the
privacy, nor to attacks upon his honour or reputation. Privacy is defined as the
quality or state of being apart from company or observation which in combination with
another definition of freedom from unauthorized intrusion given by the same source,
also includes the privacy of computer-stored data and a right to enjoy its private state of
Article 17 sets a right to property and a restriction to deprive anyone from possessed
two types of it: real property and personal property. Personal property or
personality includes movable assets which are not real property, money, or
investments.
Article 19, however, plays a different role in this topic and is mostly associated with
CHAPTER VI
purposive manner. The protection against malware attacks can be claimed under the
following categories:
The protection available under the Constitution of any country is the strongest and the
safest one since it is the supreme document and all other laws derive their power and
validity from it. If a law satisfies the rigorous tests of the Constitutional validity, then its
applicability and validity cannot be challenge and it becomes absolutely binding. The
Constitutions of India, like other Constitutions of the world, is organic and living in
nature and is capable of molding itself as per the time and requirements of the society.
(A) Protection under the Indian Penal Code (I.P.C), 1860, and
Although the term cyber terrorism is absent from the terminology of the Indian law,
the use of encryption by terrorists. This section authorizes the Controller of Certifying
Constitution of India
Any person who fails to assist the Government agency in decrypting the information
Article 300A of Constitution of India states that all persons have a right to hold and
enjoy their properties. In a specific case of Bhavnagar University v Palitana Sugar Mills
Pvt. Ltd. Supreme Court applied the constitutional clause with the interpretation that
anyone can enjoy his or her property rights in any manner preferred. This also includes
Articles 301 to 305 refer to the right for free trade. As long as an individual carries out a
business in accordance with law, it cannot be interfered. Besides, free trade and any
commercial activities cannot be visualized without technological rights, which mean that
any distortion of those is illegal. In India these provisions have been effectively used to
Penal Code
A big deal of protection is also provided by Indian Penal Code. Section 22 of it gives a
definition of a movable property stating that it also includes all corporal properties. It
movable property as it can definitely be moved from one place to another and is not
attached.
Section 29A of the Code with Section 2(1)(t) of the Information Technology Act
provides that electronic record means data, record, or data generated, image or sound
microfiche.
Judicial response
The judiciary can play its role by adopting a stringent approach towards the menace of
cyber terrorism. It must, however, first tackle the jurisdiction problem because before
invoking its judicial powers the courts are required to satisfy themselves that they
possess the requisite jurisdiction to deal with the situation. Since the Internet "is a
cooperative venture not owned by a single entity or government, there are no centralized
rules or laws governing its use. The absence of geographical boundaries may give rise to
a situation where the act legal in one country where it is done may violate the laws of
another country. This process further made complicated due to the absence of a uniform
and harmonized law governing the jurisdictional aspects of disputes arising by the use of
Internet. It must be noted that, generally, the scholars point towards the following
(a) a country may claim jurisdiction based on "objective territoriality" when an activity
(b) a "subjective territoriality" may attach when an activity takes place outside a nation's
borders but the "primary effect" of the action is within the nation's borders,
(c) a country may assert jurisdiction based on the nationality of either the actor or the
victim,
(d) in exceptional circumstances, providing the right to protect the nation's sovereignty
community.
for a "reasonable" connection between the offender and the forum. Depending on the
factual context, courts look to such factors, as whether the activity of individual has a
"substantial and foreseeable effect" on the territory, whether a "genuine link" exists
between the actor and the forum, the character of the activity and the importance of the
regulation giving rise to the controversy, the extent to which exceptions are harmed by
the regulation, and the importance of the regulation in the international community. The
traditional jurisdictional paradigms may provide a framework to guide analysis for cases
arising in cyberspace [Dawson Cherie; Creating Borders on the Internet- Free Speech,
the United States and International Jurisdiction, Virginia Journal of International Law,
V-44, No-2 (Winter, 2004).]. It must be noted that by virtue of section 1(2) read with
section 75 of the Information Technology Act, 2000 the courts in India have long arm
CHAPTER VII
can never be accessed by anyone. Most of the militaries classified information is kept on
from such isolation, the most common method of protection is encryption. The wide
and the FBI oppose the export of encryption in favor of a system where by the
government can gain the key to an encrypted system after gaining a court order to do so.
The director of the FBI's stance is that the Internet was not intended to go unpoliced and
that the police need to protect people's privacy and public-safety rights there.
Encryption's draw back is that it does not protect the entire system, an attack designed to
Others promote the use of firewalls to screen all communications to a system, including
e-mail messages, which may carry logic bombs. Firewall is a relatively generic term for
methods of filtering access to a network. They may come in the form of a computer,
serve to define the services and access that are permitted to each user. One method is to
screen user requests to check if they come from a previously defined domain or Internet
Protocol (IP) address. Another method is to prohibit Telnet access into the system.
1. All accounts should have passwords and the passwords should be unusual, difficult to
guess.
4. Audit systems and check logs to help in detecting and tracing an intruder.
5. If you are ever unsure about the safety of a site, or receive suspicious email from an
The Interpol, with its 178 member countries, is doing a great job in fighting against
cyber terrorism. They are helping all the member countries and training their personnel.
The Council of Europe Convention on Cyber Crime, which is the first international
treaty for fighting against computer crime, is the result of 4 years work by experts from
the 45 member and non-member countries including Japan, USA, and Canada. This
treaty has already enforced after its ratification by Lithuania on 21st of March 2004.
The Association of South East Asia Nations (ASEAN) has set plans for sharing
information on computer security. They are going to create a regional cyber-crime unit
(a) Lack of awareness and the culture of cyber security at individual as well as
institutional level.
(b) Lack of trained and qualified manpower to implement the counter measures.
(c) Too many information security organisations which have become weak due to 'turf
(d) A weak IT Act which has became redundant due to non exploitation and age old
cyber laws.
(e) No e-mail account policy especially for the defence forces, police and the agency
personnel.
(f) Cyber attacks have come not only from terrorists but also from neighboring countries
Recommendations
(a) Need to sensitize the common citizens about the dangers of cyber terrorism. Cert-in
(b) Joint efforts by all Government agencies including defence forces to attract qualified
(c) Cyber security not to be given more lip service and the organizations dealing with the
(d) Agreements relating to cyber security should be given the same importance as other
conventional agreements.
(f) Indian agencies working after cyber security should also keep a close vigil on the
CHAPTER VIII
Conclusion
The problems associated with the use of malware are not peculiar to any particular
country as the menace is global in nature. The countries all over the world are facing this
problem and are trying their level best to eliminate this problem. The problem, however,
cannot be effectively curbed unless popular public support and a vigilant judiciary back
it. The legislature cannot enact a law against the general public opinion of the nation at
large. Thus, first a public support has to be obtained not only at the national level but at
the international level as well. The people all over the world are not against the
enactment of statutes curbing the use of malware, but they are conscious about their
legitimate rights. Thus, the law to be enacted by the legislature must take care of public
an apt legislation, which can exclusively take care of the menace created by the
computers sending the malware. Thus, the self-help measures recognized by the
legislature should not be disproportionate and excessive than the threat received by the
malware. Further, while using such self-help measures the property and rights of the
general public should not be affected. It would also not be unreasonable to demand that
such self-help measures should not themselves commit any illegal act r omission. Thus, a
self-help measure should not be such as may destroy or steal the data or secret
information stored in the computer of the person sending the malware. It must be noted
that two wrongs cannot make a thing right. Thus, a demarcating line between self-help
and taking law in ones own hand must be drawn. In the ultimate analysis we must not
forget that self-help measures are watchdogs and not blood-hounds, and their purpose
fortunately, we have a sound legal base for dealing with malware and the public at large
has no problem in supporting the self-help measures to combat cyber terrorism and
malware. Therefore, cyber terrorism is becoming major tool for terrorists and thus it is