Sunday, January 17, 2010

Cyber Terrorism In India: A Government Nightmare

Cyber Terrorism in India is a serious national security problem. India must not take the threats of Cyber war and Cyber Terrorism lightly and should take active steps to prevent the same. The Home Ministry of India must take some serious steps to ensure a robust cyber security in India so that threats of cyber war and cyber terrorism can be prevented and cured at an earlier stage. Even the cyber laws all over the World must be stringent and reasonable so that these nefarious activities can be curbed.

Cyber terrorism is the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.

Computers and the internet are becoming an essential part of our daily life. They are being used by individuals and societies to make their life easier. They use them for storing information, processing data, sending and receiving messages, communications, controlling machines, typing, editing, designing, drawing, and almost all aspects of life.

The most deadly and destructive consequence of this helplessness is the emergence of the concept of “cyber terrorism”. The traditional concepts and methods of terrorism have taken new dimensions, which are more destructive and deadly in nature. In the age of information technology the terrorists have acquired an expertise to produce the most deadly combination of weapons and technology, which if not properly safeguarded in due course of time, will take its own toll. The damage so produced would be almost irreversible and most catastrophic in nature. In short, we are facing the worst form of terrorism popularly known as “Cyber Terrorism”.

The law dealing with cyber terrorism is, however, not adequate to meet the precarious intentions of these cyber terrorists and requires a rejuvenation in the light and context of the latest developments all over the world.

Terrorist prefer using the cyber attack methods because of many advantages for it. These are:-

1. It is Cheaper than traditional methods.
2. The action is very difficult to be tracked.
3. They can hide their personalities and location.
4. There are no physical barriers or check points to cross.
5. They can do it remotely from anywhere in the world.
6. They can use this method to attack a big number of targets.
7. They can affect a large number of people.

Forms of cyber terrorism

(I) Privacy violation: Law of privacy is the recognition of the individual’s right to be let alone and to have his personal space inviolate. The right to privacy as an independent and distinctive concept originated in the field of Tort law, under which a new cause of action for damages resulting from unlawful invasion of privacy was recognized.

(II) Secret information appropriation and data theft: The information technology can be misused for appropriating the valuable Government secrets and data of private individuals and the Government and its agencies.

(III) Demolition of e-governance base: The aim of e-governance is to make the interaction of the citizens with the government offices hassle free and to share information in a free and transparent manner. It further makes the right to information a meaningful reality. In a democracy, people govern themselves and they cannot govern themselves properly unless they are aware of social, political, economic and other issues confronting them. This, right to receive information is, however, not absolute but is subject to reasonable restrictions which may be imposed by the Government in public interest.

(IV) Distributed denial of services attack: The cyber terrorists may also use the method of distributed denial of services (DDOS) to overburden the Government and its agencies electronic bases. This is made possible by first infecting several unprotected computers by way of virus attacks and then taking control of them. Once control is obtained, they can be manipulated from any locality by the terrorists. These infected computers are then made to send information or demand in such a large number that the server of the victim collapses.

(V) Network damage and disruptions: The main aim of cyber terrorist activities is to cause networks damage and their disruptions. This activity may divert the attention of the security agencies for the time being thus giving the terrorists extra time and makes their task comparatively easier. This process may involve a combination of computer tampering, virus attacks, hacking, etc. The intention of a cyber terrorism attack could range from economic disruption through the interruption of financial networks and systems or used in support of a physical attack to cause further confusion and possible delays in proper response.

Effects of Cyber Terrorism on economic & social life

Direct Cost Implications

• Loss of sales during the disruption
• Staff time, network delays, intermittent access for business users
• Increased insurance costs due to litigation
• Loss of intellectual property – research, pricing, etc.
• Costs of forensics for recovery and litigation
• Loss of critical communications in time of emergency.

Indirect Cost Implications

• Loss of confidence and credibility in our financial systems
• Tarnished relationships& public image globally
• Strained business partner relationships – domestic and internationally
• Loss of future customer revenues for an individual or group of companies
• Loss of trust in the government and computer industry

The following are notable incidents of cyber terrorism:

• In 1998, ethnic Tamil guerrillas swamped Sri Lankan embassies with 800 e-mails a day over a two-week period. The messages read “We are the Internet Black Tigers and we’re doing this to disrupt your communications.” Intelligence authorities characterized it as the first known attack by terrorists against a country’s computer systems.

• During the Kosovo conflict in 1999, NATO computers were blasted with e-mail bombs and hit with denial-of-service attacks by hacktivists protesting the NATO bombings. In addition, businesses, public organizations, and academic institutes received highly politicized virus-laden e-mails from a range of Eastern European countries, according to reports. Web defacements were also common.

• Since December 1997, the Electronic Disturbance Theater (EDT) has been conducting Web sit-ins against various sites in support of the Mexican Zapatistas. At a designated time, thousands of protestors point their browsers to a target site using software that floods the target with rapid and repeated download requests. EDT’s software has also been used by animal rights groups against organizations said to abuse animals. Electrohippies, another group of hacktivists, conducted Web sit-ins against the WTO when they met in Seattle in late 1999.

The Interpol, with its 178 member countries, is doing a great job in fighting against cyber terrorism. They are helping all the member countries and training their personnel. The Council of Europe Convention on Cyber Crime, which is the first international treaty for fighting against computer crime, is the result of 4 years work by experts from the 45 member and non-member countries including Japan, USA, and Canada. This treaty has already enforced after its ratification by Lithuania on 21st of March 2004. The Association of South East Asia Nations (ASEAN) has set plans for sharing information on computer security. They are going to create a regional cyber-crime unit by the year 2005.

The protection of I.T.A can be claimed for:

a) Preventing privacy violations,
(b) Preventing information and data theft,
(c) Preventing distributed denial of services attack (DDOS), and
(d) Preventing network damage and destruction.

Here are few key things to remember to protect from cyber-terrorism:

1. All accounts should have passwords and the passwords should be unusual, difficult to guess.
2. Change the network configuration when defects become know.
3. Check with venders for upgrades and patches.
4. Audit systems and check logs to help in detecting and tracing an intruder.
5. If you are ever unsure about the safety of a site, or receive suspicious email from an unknown address, don’t access it. It could be trouble.

The problems associated with the use of malware are not peculiar to any particular country as the menace is global in nature. The countries all over the world are facing this problem and are trying their level best to eliminate this problem. The problem, however, cannot be effectively curbed unless popular public support and a vigilant judiciary back it. The legislature cannot enact a law against the general public opinion of the nation at large. Thus, first a public support has to be obtained not only at the national level but at the international level as well. The people all over the world are not against the enactment of statutes curbing the use of malware, but they are conscious about their legitimate rights. Thus, the law to be enacted by the legislature must take care of public interest on a priority basis. This can be achieved if a suitable technology is supported by an apt legislation, which can exclusively take care of the menace created by the computers sending the malware. Thus, the self-help measures recognized by the legislature should not be disproportionate and excessive than the threat received by the malware. Further, while using such self-help measures the property and rights of the general public should not be affected.

Referred Works

1. Praveen Dalal, Cybercrime and cyberterrorism: Preventive defense for cyberspace violations

2. Praveen Dalal,
Private defence in cyberspace

3. Wikipedia,

4. Praveen Dalal,
Techno-Legal Compliance In India: An Essential Requirement