Cyber Terrorism and Challenges in Investigation

- Marientina.K.Marak

Executive Summary

Cyber terrorism is the premeditated use of disruptive activities, or the threat thereof, in
cyber space, with the intention to further social, ideological, religious, political or similar
objectives, or to intimidate any person in furtherance of such objectives.

Introduction:

Cyber terrorism is a phrase used to describe the use of Internet based attacks in terrorist
activities, including acts of deliberate, large-scale disruption of computer networks, especially of
personal computers attached to the Internet, by the means of tools such as computer viruses.

Cyber terrorism is a controversial term. Some authors choose a very narrow definition,
relating to deployments, by known terrorist organizations, of disruption attacks against
information systems for the primary purpose of creating alarm and panic. By this narrow
definition, it is difficult to identify any instances of cyber terrorism.

Cyber terrorism can also be defined much more generally as any computer

crime targeting computer networks without necessarily affecting real
world infrastructure, property, or lives.

There is much concern from government and media sources about potential damages that
could be caused by cyber terrorism, and this has prompted official responses from government
agencies.

The definition of "cyber terrorism" cannot be made exhaustive as the nature of crime is
such that it must be left to be inclusive in nature. The nature of "cyberspace” is such that new
methods and technologies are invented regularly; hence it is not advisable to put the definition in
a straightjacket formula or pigeons hole. In fact, the first effort of the Courts should be to
interpret the definition as liberally as possible so that the menace of cyber terrorism can be
tackled stringently and with a punitive hand.
The law dealing with cyber terrorism is, however, not adequate to meet the precarious intentions
of these cyber terrorists and requires a rejuvenation in the light and context of the latest
developments all over the world.

Definition of Cyber Terrorism-

Before we can discuss the possibilities of “cyber terrorism, we must have some working
definitions. The word “cyber terrorism” refers to two elements: cyberspace and terrorism.

Another word for cyberspace is the “virtual world” i,e a place in which computer
programs function and data moves. Terrorism is a much used term, with many definitions. For
the purposes of this presentation, we will use the United States Department of State definition:”
The term ‘terrorism’ means premeditated, politically motivated violence perpetrated against
noncombatant targets by sub national groups or clandestine agents.”

If we combine these definitions, we construct a working definition such as the following:

“Cyber terrorism is the premeditated, politically motivated attack against information, computer
systems, computer programs, and data which result in violence against noncombatant targets by
sub national groups or clandestine agents.”

The basic definition of Cyber-terrorism subsumed over time to encompass such things as
simply defacing a web site or server, or attacking non-critical systems, resulting in the term
becoming less useful. There is also a train of thought that says cyber terrorism does not exist and
is really a matter of hacking or information warfare. Some disagree with labeling it terrorism
proper because of the unlikelihood of the creation of fear of significant physical harm or death in
a population using electronic means, considering current attack and protective technologies.
Attacks via Internet:
Unauthorized access & Hacking:- 

Access means gaining entry into, instructing or communicating with the logical,
arithmetical, or memory function resources of a computer, computer system or computer
network. Unauthorized access would therefore mean any kind of access without the permission
of either the rightful owner or the person in charge of a computer, computer system or computer
network

Every act committed towards breaking into a computer and/or network is hacking. Hackers write
or use ready-made computer programs to attack the target computer. They possess the desire to
destruct and they get the kick out of such destruction. Some hackers hack for personal monetary
gains, such as to stealing the credit card information, transferring money from various bank
accounts to their own account followed by withdrawal of money. 
By hacking web server taking control on another person’s website called as web hijacking.

Trojan Attack:- 

The program that act like something useful but do the things that are quiet damping. The
programs of this kind are called as Trojans. 
The name Trojan Horse is popular. Trojans come in two parts, a Client part and a Server part.
When the victim (unknowingly) runs the server on its machine, the attacker will then use the
Client to connect to the Server and start using the trojan. TCP/IP protocol is the usual protocol
type used for communications, but some functions of the trojans use the UDP protocol as well.

Virus and Worm attack:- 

A program that has capability to infect other programs and make copies of itself and
spread into other programs is called virus. 
Programs that multiply like viruses but spread from computer to computer are called as worms.
The latest in these attacks is “Michael Jackson e-mail virus-Remembering Michael Jackson”.
Once it infects the computer it automatically spread the worm into other internet users.

E-mail related crimes:  

Email spoofing 
Email spoofing refers to email that appears to have been originated from one source when it was
actually sent from another source.

Attack on Infrastructure:

Our banks and financial institutions; air, sea, rail and highway transportation systems;
telecommunications; electric power grids; oil and natural gas supply lines—all are operated,
controlled and facilitated by advanced computers, networks and software. Typically, the control
centers and major nodes in these systems are more vulnerable to cyber than physical attack,
presenting considerable opportunity for cyber terrorists.
There, could be other losses to infrastructure too as Kevin Coleman in his article on cyber-
terrorism offered a scenario of possible consequences of a cyber-terrorism act against an
infrastructure or business, with a division of costs into direct and indirect implications:

Direct Cost Implications

- Loss of sales during the disruption 
- Staff time, network delays, intermittent access for business users 
- Increased insurance costs due to litigation 
- Loss of intellectual property - research, pricing, etc. 
- Costs of forensics for recovery and litigation 
- Loss of critical communications in time of emergency

Indirect Cost Implications

- Loss of confidence and credibility in our financial systems 
- Tarnished relationships and public image globally 
- Strained business partner relationships - domestic and internationally 
- Loss of future customer revenues for an individual or group of companies 
- Loss of trust in the government and computer industry.

Attacks on Human Life

Examples:-
• In case of an air traffic system that is mainly computerized and is set to establish the flight
routes for the airplanes, calculating the flight courses for all the planes in the air to follow. Also,
plane pilots have to check the course as well as the other planes being around using the onboard
radar systems that are not connected to external networks, therefore it can be attacked by the
cyber-terrorist.

• A different example would be the act of cyber-terrorism agains a highly-automated factory or

plant production of any kind of product: food, equipment, vehicles etc. In case this organisation
is highly reliant on the technological control, including a human control only in the end of
production, not on the checkpoint stages, then any malfunction would be extremely hard to point
out, fix and as a result to spot out a cyber-crime being committed

The Impact of Cyber Terrorism- a brief idea

The intention of a cyber terrorism attack could range from economic disruption through
the interruption of financial networks and systems or used in support of a physical attack to cause
further confusion and possible delays in proper response. Although cyber attacks have caused
billions of dollars in damage and affected the lives of millions, we have yet witness the
implications of a truly catastrophic cyber terrorism attack. What would some of the implications
be?

Direct Cost Implications

• Loss of sales during the disruption 

• Staff time, network delays, intermittent access for business users 
• Increased insurance costs due to litigation 
• Loss of intellectual property - research, pricing, etc. 
• Costs of forensics for recovery and litigation 
• Loss of critical communications in time of emergency.

Indirect Cost Implications

• Loss of confidence and credibility in our financial systems 

• Tarnished relationships& public image globally 
• Strained business partner relationships - domestic and internationally 
• Loss of future customer revenues for an individual or group of companies 
• Loss of trust in the government and computer industry

Some incidents of cyber terrorism- 

The following are notable incidents of cyber terrorism: 

• In 1998, ethnic Tamil guerrillas swamped Sri Lankan embassies with 800 e-mails a day
over a two-week period. The messages read "We are the Internet Black Tigers and we're
doing this to disrupt your communications." Intelligence authorities characterized it as
the first known attack by terrorists against a country's computer systems. 

• During the Kosovo conflict in 1999, NATO computers were blasted with e-mail bombs
and hit with denial-of-service attacks by hacktivists protesting the NATO bombings. In
addition, businesses, public organizations, and academic institutes received highly
politicized virus-laden e-mails from a range of Eastern European countries, according to
reports.

. 
• Since December 1997, the Electronic Disturbance Theater (EDT) has been conducting
Web sit-ins against various sites in support of the Mexican Zapatistas. At a designated
time, thousands of protestors point their browsers to a target site using software that
 floods the target with rapid and repeated download requests. EDT's software has also
been used by animal rights groups against organizations said to abuse animals.
Electrohippies, another group of hacktivists, conducted Web sit-ins against the WTO
when they met in Seattle in late 1999.

One of the worst incidents of cyber terrorists at work was when crackers in Romania illegally
gained access to the computers controlling the life support systems at an Antarctic research
station, endangering the 58 scientists involved. More recently, in May 2007 Estonia was
subjected to a mass cyber-attack by hackers inside the Russian Federation which some evidence
suggests was coordinated by the Russian government, though Russian officials deny any
knowledge of this. This attack was apparently in response to the removal of a Russian World
War II war memorial from downtown Estonia.

Efforts of combating cyber terrorism-

The Interpol, with its 178 member countries, is doing a great job in fighting against cyber
terrorism. They are helping all the member countries and training their personnel. The Council of
Europe Convention on Cyber Crime, which is the first international treaty for fighting against
computer crime, is the result of 4 years work by experts from the 45 member and non-member
countries including Japan, USA, and Canada. This treaty has already enforced after its
ratification by Lithuania on 21st of March 2004.

The Association of South East Asia Nations (ASEAN) has set plans for sharing information on
computer security. They are going to create a regional cyber-crime unit by the year 2005.

The protection of I.T.A can be claimed for:

(a) Preventing privacy violations,
(b) Preventing information and data theft,
(c) Preventing distributed denial of services attack (DDOS), and
(d) Preventing network damage and destruction.

Here are few key things to remember to protect from cyber-terrorism:

 1. All accounts should have passwords and the passwords should be unusual, difficult to
guess. 
2. Change the network configuration when defects become know. 
3. Check with venders for upgrades and patches. 
4. Audit systems and check logs to help in detecting and tracing an intruder. 
5. If you are ever unsure about the safety of a site, or receive suspicious email from an
unknown address, don't access it. It could be trouble.

Indian law & Cyber terrorism-

In India there is no law, which is specifically dealing with prevention of malware through
aggressive defense. Thus, the analogous provisions have to be applied in a purposive manner.
The protection against malware attacks can be claimed under the following categories:
(1) Protection available under the Constitution of India, and 
(2) Protection available under other statutes.

Protection under the Constitution of India:

The protection available under the Constitution of any country is the strongest and the
safest one since it is the supreme document and all other laws derive their power and validity
from it. If a law satisfies the rigorous tests of the Constitutional validity, then its applicability and
validity cannot be challenge and it becomes absolutely binding. The Constitutions of India, like
other Constitutions of the world, is organic and living in nature and is capable of molding itself
as per the time and requirements of the society.

Protection under other statutes:

The protection available under the Constitution is further strengthened by various statutory
enactments. These protections can be classified as: 
 (A) Protection under the Indian Penal Code (I.P.C), 1860, and 
(B) Protection under the Information Technology Act (ITA), 2000.

Some challenges and concerns are highlighted below:

(a) Lack of awareness and the culture of cyber security at individual as well as institutional level.

(b) Lack of trained and qualified manpower to implement the counter measures.

(c) Too many information security organizations which have become weak due to 'turf wars' or
financial compulsions.

(d) A weak IT Act.

Conclusion-

The problems associated with the use of malware are not peculiar to any particular
country as the menace is global in nature. The countries all over the world are facing this
problem and are trying their level best to eliminate this problem. The problem, however, cannot
be effectively curbed unless popular public support and a vigilant judiciary back it. The
legislature cannot enact a law against the general public opinion of the nation at large. Thus, first
a public support has to be obtained not only at the national level but at the international level as
well. The people all over the world are not against the enactment of statutes curbing the use of
malware, but they are conscious about their legitimate rights. Thus, the law to be enacted by the
legislature must take care of public interest on a priority basis. This can be achieved if a suitable
technology is supported by an apt legislation, which can exclusively take care of the menace
created by the computers sending the malware. Thus, the self-help measures recognized by the
legislature should not be disproportionate and excessive than the threat received by the malware.
Further, while using such self-help measures the property and rights of the general public should
not be affected. It would also not be unreasonable to demand that such self-help measures should
not themselves commit any illegal act r omission. Thus, a self-help measure should not be such
as may destroy or steal the data or secret information stored in the computer of the person
sending the malware. It must be noted that two wrongs cannot make a thing right. Thus, a
demarcating line between self-help and taking law in one’s own hand must be drawn. In the
ultimate analysis we must not forget that self-help measures are “watchdogs and not blood-
hounds”, and their purpose should be restricted to legitimate and proportionate defensive actions
only. In India, fortunately, we have a sound legal base for dealing with malware and the public at
large has no problem in supporting the self-help measures to combat cyber terrorism and
malware.

References:

a. Cyber Terrorism By Kevin Coleman , Technolytics.

a. Cyber Terrorism : The new kind of Terrorism By: DR. MUDAWI MUKHTAR
ELMUSHARAF.

b. Cybercrime and cyber terrorism: Preventive defense for cyberspace violations By

PRAVEEN DALAL.

c. Coleman, Keivin "Cyber Terrorism"

d. Cyber-terrorism: Wikipedia.

e. Defining Cyber terrorism By Adv. Rohas Nagpal.

f. Cyber Terrorism by Jimmy Sproles and Will Byars for Computer Ethics

g. ids.nic.in