CYBER WARFARE AND CYBER TERRORISM 2017

NATIONAL LAW UNIVERSITY ODISHA

CYBER LAW PROJECT

ON

CYBER WARFARE AND CYBER TERRORISM

SUBMITTED TO

MR

KUSHAGRA GUPTA

&

DEEPANKAR DIKSHIT

SEMESTER IX

SUBMITTED ON

4TH SEPTEMBER, 2017

 CYBER WARFARE AND CYBER TERRORISM 2017

Acknowledgement

I feel highly elated to work on this dynamic topic on CYBER WARFARE AND CYBER TERRORISM.
Its ratio is significant in todays era when there is significant progress in the field of internet and technology
and growing threat of cyber terrorism on the whole world .

The practical realization of this project has obligated the guidance of many persons. I express my deepest
regard for our faculty. His consistent supervision, constant inspiration and invaluable guidance and
suggestions have been of immense help in carrying out the project work with success.
 CYBER WARFARE AND CYBER TERRORISM 2017

Table of Contents

Acknowledgement .....................................................................................................2

INTRODUCTION .....................................................................................................4

OBJECTIVE ..............................................................................................................5

RESEARCH METHODOLOGY..............................................................................6

CYBER WARFARE AND CYBER TERRORISM - AN INSIGHT .......................6

CYBER WARFARE AND CYBER TERRORISM - VICTIMS & EXAMPLES ...9

CYBER CRIME & WORLD PERSPECTIVE........................................................10

PREVENTION/FIGHTING CYBER WARFARE AND CYBER TERRORISM .11

CYBER LAW IN INDIA.........................................................................................12

CONCLUSION ........................................................................................................15

REFERENCES.........................................................................................................17
 CYBER WARFARE AND CYBER TERRORISM 2017

INTRODUCTION

The world of Internet today has become a parallel form of life and living. The public are now
capable of doing things which were not imaginable few years ago. The Internet is fast becoming
a way of life for millions of people and also a way of living because of growing dependence and
reliance of the mankind on these machines. Internet has enabled the use of website
communication, email and a lot of anytime anywhere IT solutions for the betterment of human
kind.

Internet, though offers great benefit to society, also present opportunities for crime using new and
highly sophisticated technology tools. Today e-mail and websites have become the preferred
means of communication. Organizations provide Internet access to their staff. By their very
nature, they facilitate almost instant exchange and dissemination of data, images and variety of
material. This includes not only educational and informative material but also information that
might be undesirable or anti-social. Regular stories featured in the media on computer crime
include topics covering hacking to viruses, web-jackers, to internet paedophiles, sometimes
accurately portraying events, sometimes misconceiving the role of technology in such activities.
Increase in cyber crime rate has been documented in the news media. Both the increase in the
incidence of criminal activity and the possible emergence of new varieties of criminal activity
pose challenges for legal systems, as well as for law enforcement.

Cyber Warfare is using computers over the Internet to conduct acts of warfare against other
websites or groups on the Internet. This could include defacing websites, distributed denial of
service attacks, distributing propaganda, and gathering classified data over the Internet. Cyber
Terrorism is different from Cyber Warfare. Cyber Warfare can be inconvenient from having to
clean up a website from vandalism or suffering from downtime because of a denial of service
attack. With Cyber Terrorism, violence can result from an attack.1

The term cyber terrorism was coined in1996 by combining the terms cyberspace and terrorism.
Cyber terrorism is the dark side of the web world. Cyber terrorism is the premeditated, politically

1 M. A. Vatis.. Cyber Attacks During the War on Terrorism: A Predictive Analysis, 2001. Special Report, Institute
for Security and Technology Studies
 CYBER WARFARE AND CYBER TERRORISM 2017

motivated attack against information, computer systems, computer programs, and data which
result in violence against noncombatant targets by sub national groups or clandestine agents. It is
the use of disruptive activities or the threat thereof, in cyber space, with the intention to further
social, ideological, religious, political or similar objectives, or to intimidate any person in
furtherance of such objectives.

According to Mark Pollitt of the Federal Bureau of Investigation, the definition of Cyber
Terrorism is, the premeditated, politically motivated attack against information, computer
systems, computer programs, and data which results in violence against noncombatant targets by
sub national groups or clandestine agents. This definition according to Verton, covers both cyber
terrorism and terrorism in general, he continues on that, not only can systems be attacked
through cyber means, but also attacking the physical hardware that makes up computer systems.

OBJECTIVE
 CYBER WARFARE AND CYBER TERRORISM 2017

The objective of the project is to,

1. Study the concept of cyber warfare and cyber terrorism

2. Study the victims and examples of the threat
3. Study about the prevention of cyber warfare and cyber terrorism
4. Study the law dealing with the threat in India.

RESEARCH METHODOLOGY

The method of research adopted is analytical in nature. I have referred sources on the internet as
well as a few books on Cyber Law available in the university library besides adding my personal
views and knowledge of the topic. Books and other references as guided by the faculty of Cyber
Law have been primarily helpful in giving this project a firm structure. Websites, dictionaries and
articles have also been referred.

CYBER WARFARE AND CYBER TERRORISM - AN INSIGHT

 CYBER WARFARE AND CYBER TERRORISM 2017

Cyber Warfare and Cyber Terrorism have both similarities and differences. They are similar in
sense that both involve using computer systems against other computer systems, although with
Cyber Terrorism the physical system can also be targeted. They are both different because in
Cyber Terrorism, violence can occur, such as people can be hurt or killed.

There are many reasons why these attacks occur. Probably one of the main reasons is to state a
goal or objective that disagrees with a view of another community. For example, an anti-abortion
group defacing an abortion clinics website, or performing a denial of service against a website so
that people cannot access it and receive information from it. These would be acts of Cyber
Warfare.2

With Cyber Terrorism, these attacks occur because of numerous reasons. The word terrorism itself
has the word terror in it, which means to strike fear and dread into an individual. There have been
many Terrorism attacks throughout history, including the one on September 11, 2001.
With Cyber Terrorism, it uses that fear and dread by utilizing it over the Internet to attack computer
systems that control numerous things, hacking government websites and stealing top secret
information that could be used against that government by the terrorists. Similar to Cyber Warfare,
most terrorist goals, besides striking fear into other groups and nations, is to convey a political
message to the government or nation that they oppose.

There are various reasons for these cyber attacks are:

Fear Factor - The most denominator of the majority of the attacks is terrorists wishing to
create fear in individuals groups and societies. The best example is bombing of Bali
Nightclub, in 2002. This night club was nothing but watering for foreign tourists. The
influx of foreign tourists to Bali was significantly reduced after this attack.

Spectacular Factor - Spectacular means attacks aimed at either creating huge direct losses
and/or resulting in a lot of negative publicity. In 1999, the Amazon.com Web site was

2 Cited in E. Montalbano. 2004. Homeland Security Chair likens Cyber Terrorists to Al Qaeda. CRN News
 CYBER WARFARE AND CYBER TERRORISM 2017

closed for some time due to a denial of service (DOS) attack.

Vulnerability factor - Cyber activities do not always end up with huge financial losses.
Some of the most effective ways to demonstrate an organizations vulnerability is to cause
a denial of service to the commercial server or something as simple as the defacement of
an organizations Web pages, very often referred to as computer graffiti.

In general, todays cyber attacks consist primarily of:

Virus and worm attacks that are delivered via e-mail attachments, Web browser scripts,
and vulnerability exploit engines.

Denial of service attacks designed to prevent the use of public systems by legitimate
users by overloading the normal mechanisms inherent in establishing and maintaining
computer-to-computer connections.

Web defacements of informational sites that service governmental and commercial

interests in order to spread disinformation, propaganda, and/or disrupt information
flows.

Unauthorized intrusions into systems that lead to the theft of confidential and/or proprietary
information, the modification and/or corruption of data, and the inappropriate usage of a
system for launching attacks on other systems.
 CYBER WARFARE AND CYBER TERRORISM 2017

CYBER WARFARE AND CYBER TERRORISM - VICTIMS & EXAMPLES

With Cyber Warfare, any website on the Internet and the people who are affiliated with them can
be affected by Cyber Warfare attacks. Going back to the previous example of the abortion clinic,
not only has the website been defaced by an anti-abortion group, it effects the people who run the
website, mainly those of the abortion clinic, and people who support abortion can be affected by
this act of vandalism. Also depending on the intensity of the vandalism, the clinic itself can lose
credibility. On the other side of this spectrum, the people who are against abortion are pleased
with the results.

Another example of who is affected by Cyber Warfare would be going back to the denial of service
attack against a website. Say this website is a bank website, and a hacker performs a denial of
service attack against this website. The website can now not be accessed by its patrons, causing
them not to be able to access their accounts, forcing them to physically go to the bank to perform
their daily transactions, increasing the business of the bank with lots of unhappy patrons. This also
affects the reputation of the banks online security, possibly scaring people out of that bank and
into another bank where they may feel more secure. On a side note, this attack could have been
performed by a rival bank to scare people out of one bank and having them come to their bank.
These are just a few possible ways of Cyber Warfare.3
With Cyber Terrorism either a small amount of people can be affected or entire nations can be
affected. A sinister Cyber Terrorism plot that was foiled would have occurred sometime in 1996
in London. Members of the Irish Republican Army (IRA) were planning to blow up and destroy
six key electric substations in London. Had the IRA succeeded in their goal, they would have
disrupted power to major portions of London for months. To figure out which substations to bomb,
they used libraries and open sources of information to select key nodes that would impact the grid
the most. This example would have been a terror attack and would have stuck fear into the people
of London. This would also be an example of a physical attack on computer systems.

In Verton, 2001, when an Australian man used the Internet and stolen control software to release
one million liters of raw sewage into public parks. The reason behind this was to get back at a

3 T. Spellman. 2004. Expert: U.S. At Risk of Cyberterrorism. The Dartmouth Online, 19 April 2004
 CYBER WARFARE AND CYBER TERRORISM 2017

company that would not hire him, so he got back at the community and the company by releasing
the sewage. This was not as much of a terror attack as a revenge attack, but it made the community
aware that some government and local utility systems are not safe, and can be utilized against
them. Also, with the release of the sewage, some of the animals and marine life in the area were
killed.

CYBER CRIME & WORLD PERSPECTIVE

The prospect of internet-based warfare has come to the fore after a series of high-profile
international attacks. It has emerged that a gang of hackers, believed to be from China, had
infiltrated computer systems at the Pentagon and launched attacks on government networks in
Britain, Germany, India and Australia. US officials, who have labeled the group Titan Rain, have
accused them of operating under the auspices of officials in Beijing. Another strike in Estonia,
which has one of the most hi-tech governments in the world, was initially blamed on hackers
backed by the Russian authorities. However, only one teenager, an Estonian, has been arrested in
connection with the incident so far.
The annual E-Crime congress is one the largest gatherings of those who work to combat cyber
crime. Delegates included banking experts, police and IT industry luminaries, all keen to discover
new ways to fight online crime.4

North Atlantic Treaty Organization (NATO) believes cyber warfare poses as great a threat as a
missile attack. NATO is treating the threat of cyber warfare as seriously as the risk of a missile
strike. Among the chief threats is cyber terrorism, in which attempts are made to shut down online
communication networks or use the internet to attack official institutions. Although some have
warned of the possible threat since the 1980s, it is only in recent years that the issue has made it
onto the radar of governments around the world.5

Suleyman Anil, in-charge of protecting NATO against computer attacks and head of NATO's
computer incident response centre, said at the E-Crime congress held in London "Cyber defense

4 D. Verton. Cyberterrorism & security: New definitions for new realities, paper presented at the Cato Institute
Book Forum, 12 November 2003b, Washington, DC.
 CYBER WARFARE AND CYBER TERRORISM 2017

is now mentioned at the highest level along with missile defense and energy security. We have
seen more of these attacks and we don't think this problem will disappear soon. Unless globally
supported measures are taken, it can become a global problem."

Kevin Poulsen, a former hacker who is now an editor with technology magazine Wired, has
accused politicians and the media of overplaying the fear factor. He opined before the London E-
Crime congress "In some ways, Estonia's attacks were less sophisticated than previous 'cyber wars'
- like those between Israeli and Palestinian hackers, India and Pakistan, China and the US. Despite
the lack of hard evidence on the nature or identities of cyber terrorists, however, the threat is
deemed serious enough for the White House to allocate $6bn (3bn) for strengthening its systems
against attack.

PREVENTION/FIGHTING CYBER WARFARE AND CYBER TERRORISM

The real issue is how to prevent cyber crime. For this, there is need to raise the probability of
apprehension and conviction. There is no way to be completely secure from any type of Cyber
Warfare or Cyber Terrorism attack. The more security a computer system has in place, the easier
it can become to attack this system. For Cyber Warfare, one has to deal with securing information
systems, including computer networks, and all the data of a corporation or government entity,
having a good IT security team and security plan will help protect the companys data. For Cyber
Terrorism, physical systems need to be guarded, and if they are high priority targets subject to
attack, the appropriate measures to secure this data need to be in place.6

India has a law on evidence that considers admissibility, authenticity, accuracy, and completeness
to convince the judiciary. The challenge in cyber crime cases includes getting evidence that will
stand scrutiny in a foreign court. Police has to ensure that they have seized exactly what was there
at the scene of crime, is the same that has been analyzed and the report presented in court is based
on this evidence. It has to maintain the chain of custody. The threat is not from the intelligence of
criminals but from our ignorance and the will to fight it. The law is stricter now on producing

6
DeNileon, Guy, The Who, What Why and How of Counter-terrorism Issues, American Water Works Association
Journal, May 2001, Volume 93, No. 5, pp. 7885,
 CYBER WARFARE AND CYBER TERRORISM 2017

evidence especially where electronic documents are concerned.7

CYBER LAW IN INDIA

Cyber Law is seen as an essential component of criminal justice system all over the world. The
same applies to cyber law of India as well. The computer is the target and the tool for the
perpetration of crime. It is used for the communication of the criminal activity such as the injection
of a virus/worm which can crash entire networks.

The Information Technology (IT) Act, 2000, specifies the acts which have been made punishable.
Since the primary objective of this Act is to create an enabling environment for commercial use
of I.T., certain omissions and commissions of criminals while using computers have not been
included. With the legal recognition of Electronic Records and the amendments made in the
several sections of the IPC vide the IT Act, 2000, several offences having bearing on cyber-arena
are also registered under the appropriate sections of the IPC.

India is the 12th country of the world having a cyber law. It covers areas like e-governance, e-
commerce, cyber contraventions and cyber offences. However, some critics and cyber law experts
have questioned the strength of IT Act, 2000.

Although India has done a good job by enacting the IT Act, 2000 yet it failed to keep it updated.
For instance, we need express provisions and specified procedures to deal with issues like denial
of service (DOS), distributed denial of services (DDOS), bot, botnets, trojans, backdoors, viruses
and worms, sniffers, SQL injections, buffer overflows etc. These issues cannot be left on mere
luck, implied provisions or traditional penal law of India (IPC). Even issues like cyber war against
India or cyber terrorism against India have not been incorporated into the IT Act, 2000 yet.

Some of these issues are also cross-linked with capacity building requirements of India in the field
of cyber security in India and cyber forensics in India. A crucial truth that India failed to appreciate
is that e-governance in India is useless till we are capable of securing it as well. Without the crucial

7 Larissa Paul, When Cyber Hacktivism Meets Cyberterrorism, SANS Institute, February 19, 2001
 CYBER WARFARE AND CYBER TERRORISM 2017

capabilities in the fields of cyber security and cyber forensics, India is heading towards a big
trouble. Even the basic e-mail tracking procedures sometimes pose as a big challenge before the
law enforcement agencies in India. Interestingly, some of the legal experts have shown their
support for prosecuting owners of e-mail addresses and Internet
Protocol addresses relying upon common law principles not knowing exactly the nature of the
Internet.

It would be a dangerous trend to follow to arrest or detain suspects on the basis of mere IP
addresses or e-mail addresses as they are very easy to be spoofed and forged. Eve n MAC
addresses can be spoofed in certain circumstances and for many purposes, particularly for identity
theft cases in wireless connections. It is important to apply common sense and first ascertain the
identity of real culprit. Of course, it requires tremendous cyber forensics expertise to correctly
trace the culprit. The recent case of wrongfully arresting an innocent person and imprisoning him
for a considerable time is a glaring example of faulty and novice cyber forensics application in
India. The inability of the Government of India to meet these conspicuous deficiencies of the legal
enablement of ICT systems in India is stifling the growth of ICT laws in India.

The present cyber law of India does not cover these issues and there is a dire need of incorporating
the same as soon as possible.

Some of the Statutory Provisions under Indian Law to combat cyber crimes are:

The Indian parliament considered it necessary to give effect to the resolution by which the General
Assembly adopted Model Law on Electronic Commerce adopted by the United Nations
Commission on Trade Law. As a consequence of which the Information Technology Act 2000
was passed and enforced on 17th May 2000. The preamble of this Act states its objective to
legalise e-commerce and further amend the Indian Penal Code 1860, the Indian Evidence Act
1872, the Bankers Book Evidence Act1891 and the Reserve Bank of India Act 1934. The basic
purpose to incorporate the changes in these Acts is to make them compatible with the Act of 2000.
So that they may regulate and control the affairs of the cyber world in an effective manner.

The Information Technology Act deals with the various cyber crimes in chapters IX & XI. The
important sections are Ss. 43,65,66,67.
 CYBER WARFARE AND CYBER TERRORISM 2017

i. Section 43 in particular deals with the unauthorised access, unauthorised downloading, virus
attacks or any contaminant, causes damage, disruption, denial of access, interference with
the service availed by a person. This section provide for a fine up to Rs. 1 Crore by way
of remedy.

ii. Section 65 deals with tampering with computer source documents' and provides for
imprisonment up to 3 years or fine, which may extend up to 2 years or both.

iii. Section 66 deals with hacking with computer system and provides for imprisonment up
to 3 years or fine, which may extend up to 2 years or both.

iv. Section 67 deals with publication of obscene material and provides for imprisonment up
to a term of 10 years and also with fine up to Rs. 2 lakhs
 CYBER WARFARE AND CYBER TERRORISM 2017

CONCLUSION

Cyber Warfare and Cyber Terrorism are a growing threat in this world. More and more groups
are becoming aware of the possibility of Cyber Warfare and Cyber Terrorism. Cyber Terrorism
has been occurring within the last twenty years and as time progresses and more and more nations
become even more computerized, there will be more and more attacks through cyberspace.

A survey released by the UK government has revealed that the British public is now more fearful
of cyber crime than burglary and crimes against the person. According to its results, Internet users
fear bankcard fraud the most (27 percent), followed by cyber crime (21 percent) and burglary (16
percent). This shows that hi-tech crime has firmly overtaken conventional burglaries, muggings
and thefts in the list of the publics fears, as the Internet has become firmly embedded into the
British society, with some 57 percent of households having online access. Interestingly,
University of Abertay in Dundee, Scotland (UK) is now offering a BSc Hons in Ethical Hacking
and Countermeasures.

Although hard, it is possible to try and combat cyber terrorism through the securing of systems,
but there will always be an exploit someplace whether its through the computer or through the
gullible user. Cyber Terrorism and Cyber Warfare are a looming threat in this technologically
advancing world.

Even America finds itself unprepared for the threat of cyber war and terrorism. In a speech given
this January at the Newseum in Washington, D.C., Secretary of State Hillary Clinton set a strong
warning to anyone who would seek to carry out a cyber attack on the United States: As we work
to advance freedoms, we must also work against those who use communication networks as tools
of disruption and fear. Governments and citizens must have confidence that the networks at the
core of their national security and economic prosperity are safe and resilient. Now this is about
more than just petty hackers who deface websites. Our ability to bank online, use electronic
commerce, and safeguard billions of dollars in intellectual property are all at stake if we cannot
rely on the security of our information networks. States, terrorists, and those who would act as
 CYBER WARFARE AND CYBER TERRORISM 2017

their proxies must know the United States will protect our networks Those who disrupt the free
flow of information in our society or any other pose a threat to our economy, our government, and
our civil society. Countries or individuals that engage in cyber attacks should face consequences
and international condemnation.

The traditional national defense strategies are ill suited to protect the nations against this threat.
Enemies can launch a devastating attack, from almost anywherea cafe in London, a cave in
Afghanistan, or a coffee shop in our Midwest. They can mobilize large networks of captured
computers from around the world to do their bidding. They can do so with almost no trail, no
return address. Enemies of this kind, attacks of this nature, are almost impossible to deter, and
even harder to preempt.

In the face of threats, the systems that are to be depend upon, are vulnerable to the most simplistic
of hackers, even as constant efforts by sophisticated enemies to penetrate the systems, probe
vulnerabilities, plan future attacks and inject sleeper weapons into the IT systems is faced.

It is high time to make concentrated effort otherwise nations would leave themselves unacceptably
open to a devastating attack on our nation. Such an attack could compromise the integrity of the
financial industry. It could turn off the power to entire regions of the nation. It could strike at any
one of vital infrastructure sectors without warning and with devastating effect.

In Indian law, cyber crime has to be voluntary and willful, an act or omission that adversely affects
a person or property. The IT Act provides the backbone for e-commerce and Indias approach has
been to look at e-governance and e-commerce primarily from the promotional aspects looking at
the vast opportunities and the need to sensitize the population to the possibilities of the information
age. There is the need to take in to consideration the security aspects.

It is prudent that rethinking is done to work out approach to cyber warfare and cyber terrorism. It
is the time to act now to secure the strategic digital assets, public and privateIf we can act now,
we will not only be secure, but we will also be poised to capitalize on the real promise of the
digital revolution.
 CYBER WARFARE AND CYBER TERRORISM 2017

REFERENCES

1. Cyber-Warfare. Wikipedia. Retrieved on April 25, 2008, from http://en.wikipedia.org/wiki/

Cyber-warfare Pollitt, M.M. (1997, October).

2. Cyberterrorism: Fact or Fancy? Proceedings of the 20th National Information Systems Security
Conference, 285-289

3. Verton, D (2003). Black Ice: The Invisible Threat of Cyber-Terrorism, 27-28

4. Johnson Bobbie (2008), The Guardian, Thursday 6 March 2008
5. Information Techology Act, 2000 including its amendments, 2006
6. Dalal Praveen (2009), Perry4Law
7. The Washington Post, Internet War, Jan. 25, 2010, available at http://www.
washingtonpost.com/wp-dyn/content/article/2010/01/24/AR2010012402755.html.
8 Kim Zetter, Hackers Targeted Oil Companies for Oil Location Data, Wired.com, Jan. 26, 2010,
available at http://www.wired.com/threatlevel/2010/01/hack-for-oil.

9. Federal News Radio, New Cyber Attacks Target Defense Contractors, Jan. 22, 2010, available
at http://www.federalnewsradio.com/?nid=15&sid=1870555.

10. Singh Talwant, Addl. Distt. & Sessions Judge, Delhi, Cyber Law & Information
Technology, available at http://www.indlii.org/CyberLaw.aspx

11. Clinton Hillary, US Secretary of State (2010), Remarks of the Secretary on Internet
Freedom, delivered Jan. 21, 2010, at the Newseum, Washington, D.C.

12. Habiger Gen. Eugene E., USAF (Ret.) (2010) Cyber warfare and Cyber Terrorism: The
need for a new US Strategic Approach, The Cyber Secure Institute, Provoking Cyber Security
Change White Paper Series, White Paper 1:2010