Chapter- I

INTRODUCTION

1
 1.1 INTRODUCTION

In the present society, the dependence in the computer technology has been a major trend. The
development of the world trade leans on the development in the cyber technologies. The Internet
has expanded rapidly since its commercialization in the mid-1990s. In the early 21st century, a
third of the world’s population has access to the technology, with another 1.5 billion expected to
gain access by 2020. Moreover, the “Internet of Things” will lead to an exponential number of
devices being connected to the network.1 In the continuing growth of this industry, it has become
susceptible to utilization for different crimes, one of which is terrorism.2 Terrorism is defined as
deeds that ultimately lead into the accomplishment to certain goals that are generally achieved
through intimidation and menace. It can involve political motivations and oftentimes stipulates
certain outcomes that are solely beneficial to the groups that operate these actions. In
undertaking such attacks, security related actions are done by the perpetrators. In such scenario,
the role of cyber technology emerged with its advantages on the efficiency in the
accomplishment of the goal. Cyber terrorism is the premeditated use of disruptive activities, or
the threat thereof, in cyber space, with the intention to further social, ideological, religious,
political or similar objectives, or to intimidate any person in furtherance of such objectives.
Computers and the internet are becoming an essential part of our daily life. They are being used
by individuals and societies to make their life easier. They use them for storing information,
processing data, sending and receiving messages, communications, controlling machines, typing,
editing, designing, drawing, and almost all aspects of life.3

The most deadly and destructive consequence of this helplessness is the emergence of the
concept of “cyber terrorism” The traditional concepts and methods of terrorism have taken new
dimensions, which are more destructive and deadly in nature. In the age of information
technology the terrorists have acquired an expertise to produce the most deadly combination of
weapons and technology, which if not properly safeguarded in due course of time, will take its
own toll. The damage so produced would be almost irreversible and most catastrophic in nature.

1
http://www.oxfordbibliographies.com(visited on Feb 11th ,2017)
2
J.P. Mishra, An Introduction to Cyber Laws, 121(Central Laws Publication, Allahabad, 2012, 1 st edn.)
3
http://aaets.vmou.an.in.(visited on Feb 11th ,2017)

2
In short, we are facing the worst form of terrorism popularly known as "Cyber Terrorism". 4 The
expression "cyber terrorism" includes an intentional negative and harmful use of the information
technology for producing destructive and harmful effects to the property, whether tangible or
intangible, of others. For instance, hacking of a computer system and then deleting the useful and
valuable business information of the rival competitor is a part and parcel of cyber terrorism. The
nature of "cyberspace” is such that new methods and technologies are invented regularly; hence
it is not advisable to put the definition in a straightjacket formula or pigeons whole. In fact, the
first effort of the Courts should be to interpret the definition as liberally as possible so that the
menace of cyber terrorism can be tackled stringently and with a punitive hand. The law dealing
with cyber terrorism is, however, not adequate to meet the precarious mentions of these cyber
terrorists and requires a rejuvenation in the light and context of the latest developments all over
the world. Cyber terrorism is an extension of terrorism, and is a result of the resourcefulness of
terrorists and their adaptability to ever-changing society and technology. Cyber terrorism allows
terrorists to focus their attacks through virtual warfare from anywhere in the world, at a low cost,
with a high level of anonymity, and with no time or space restrictions. Today, cyber terrorism
includes a limitless range of crimes, such as defacing Web sites; stealing sensitive information;
creating worms, Trojan horses, and viruses; and attacking infrastructures. It can arise from
individuals, groups, organizations, nation, states, or countries. The selection of tools and
technologies that a cyber-terrorist can utilize include malicious code, hacking, cryptography, and
steganography malicious code or other hacking techniques to get access to systems, and
cryptography and steganography for secret communication.5

Scholars within the international relations (IR) discipline and its subfields of security studies and
strategic studies increasingly focus on the technology’s implications on national and
international security. This includes studying its effect on related concepts and modes of cyber
terrorism. Meanwhile, the meaning of cyber terrorism and Broad definitions of the concept
incorporate a wide range of cyber threats and cyber risks, including cyber warfare, cyberconflict,
cyberterrorism, cybercrime, and cyberespionage as well as cybercontent, while narrower
conceptualizations focus on the more technical aspects relating to network and computer

4
www.legalserviceindia.com.(Feb 12th ,2017)

5
R.K.Pradhan, Cyber Crime And Cyber Terrorism, 143(Manglam Publications, Delhi,2010)

3
security. This dissertation work focuses on international and national perspectives, in
international cooperation in order to confront with cyber terrorism it has different form of
relationship among government and law enforcement agencies. The cooperative are divided into
three heads: Budapest Convention on cyber terrorism, European Convention on cyber terrorism
and regional or international organization.6 In the national legal frame work judiciary play its
role by adopting a stringent approach towards the menace of cyber terrorism. There are
provisions relating to cyber terrorisms in Indian Penal Code and in Information Technology Act
2000 which have been dealt under chapter 4. The goal of this paper is to investigate international
aspects regarding cyber security, cyber war, and terrorism. These aspects are legal issues, social
implications, technical parameters, and the ethical bearing. The introduction of this paper
indicates that the nature of cyber terrorism should be formulated from six perspectives:
motivation, target, tools of attack, domain, method of action, and impact. According to our
observations, there are both similarities and differences in views regarding the proposed cyber
terrorism conceptual framework.7

1.2 SCOPE OF THE STUDY

This dissertation limits itself to a brief introduction to cyber terrorism and discusses the measures put in
place by various countries in responding to cyber terrorist attacks. It would also suggest certain
mechanisms and strategies to combat the threats posed by cyber terrorism.

1.3 HYPOTHESIS
This research work shall proceed on the premise of following hypothesis:
 India as a nation is vulnerable to cyber terrorism
 There is a need for the reformation of laws relating to cyber terrorism
1.4 RESEARCH METHODOLOGY
The compilation is being based upon the various statutes and case laws and somewhere it has
been backed up by certain commentaries. Therefore the methodology adopted for the research is
a Doctrinal Research.

6
Convention on cyber terrorism
7
https://www.tandfonline.com(Feb 12th ,2017)

4
1.5 REVIEW OF LITERATURE

 Harish Goal in his book “Cyber Crime” deals with the cybercrime and the legal, social,
and technical issues that Cyber Crime presents. It explores the current state of computer
crime, provides specific examples of criminal activities involving computers and allows
readers to look at the problem of computer crime from a more disengaging position.

 T.M. Samuel – Maria Samuel in their book “Computer Crime and Information
Technology misuse” ensures international cooperation and to foster the political will to
create a secure information community and the universal criminalization of computer crime.”

 R.K. Pradhan in his book “Cyber Crime and Cyber Terrorism” highlights about the
criminals who has just shifted to the cyber space conning people by committing cyber-
crimes.

 Paul T. Augastine in his book “Cyber Crime and Legal Issues” deals with the basic and
essential understanding of legal issues brought forth by activities in cyberspace. International
as well as national frameworks for combating cyber-crime are also analysed.

 R.P. Katria & S.K.P. Srinivas in his book “Cyber Crime” provides law enforcement
agencies and prosecutors with systematic guidelines at one platform, which in turn can help
them to cope with cyber crimes and to seek electronic evidence in criminal investigations.

 G.S. Bajpai in his book “Cyber Crime & Cyber Law “provides procedure to recognize
cyber transaction in commercial arena. His work in this book is divided into two parts. The
first part is primarily deal with conceptual aspects, nature and kind of cyber crime and the
second part mainly focus of the legal and procedural aspects cyber offences.

 Atul Jain in his book “Cyber Crime: Issues Threats and Management” provides an
authentic and comprehensive analysis of the threats of cyber crime.

5
 Barkha& U. Rama Mohan in his book “Cyber Law & Crimes” this book highlights the
perspective of the legal scenario in India with respect to computer crimes.

 Dr. J.P. Mishra in his book “An Introduction to Cyber Laws” aimed at evolving uniform
guidelines for regulation, management and governance of cyber world; while at the same
time honouring the sovereignty of nations.

1.6. CHAPTERIZATION

Present dissertation titled “Cyber Terrorism: An Analysis in International and National

Perspective” contains six chapters.

 The first chapter of study deals with the meaning, definition and concept of cyber
terrorism.
 The second chapter of study talks about the historical background of the cyber terrorism
and kinds of cyber terrorism and its mode.
 The third chapter talks about the International Convention on cyber terrorism.
 In chapter fourth following will be discussed
 Challenges to India’s National Security
 Cyber Attacks in the Indians Context
 Legal provisions in context of cyber terrorism
 The fifth chapter deals with the case laws relating to cyber terrorism in national and
international context.
 The sixth chapter covers the conclusion of the study on the basis of the study done and
also suggestions on the concerned topic.

6
 CHAPTER 2

CYBER TERRORISM: CONCEPTUAL ANALYSIS

7
 CHAPTER 2

CYBER TERRORISM: CONCEPTUAL ANALYSIS

2.1. INTRODUCTION

Before we can discuss the possibilities of “cyber terrorism, we must have some working
definitions. The word “cyber terrorism” refers to two elements: cyberspace and terrorism.

Another word for cyberspace is the “virtual world” i.e. a place in which computer programs
function and data moves. Terrorism is a much used term, with many definitions. For the purposes
of this presentation, we will use the United States Department of State definition:” The term
‘terrorism’ means premeditated, politically motivated violence perpetrated against noncombatant
targets by sub national groups or clandestine agents.” 8

If we combine these definitions, we construct a working definition such as the following:

“Cyber terrorism is the premeditated, politically motivated attack against information, computer
systems, computer programs, and data which result in violence against noncombatant targets by
sub national groups or clandestine agents.”

The basic definition of Cyber-terrorism subsumed over time to encompass such things as simply
defacing a web site or server, or attacking non-critical systems, resulting in the term becoming
less useful. There is also a train of thought that says cyber terrorism does not exist and is really a
matter of hacking or information warfare. Some disagree with labeling it terrorism proper
because of the unlikelihood of the creation of fear of significant physical harm or death in a
population using electronic means, considering current attack and protective technologies.

The primary meaning that can be attributed to cyber terrorism is the etymology that originated
from the established ideas on cyber space and terrorism. Thus, to be able to understand the
concept that was cyber terrorism, a background study of the two concepts is undertaken.
Together it can be surmised that the issue is the perpetration of terrorist attack though the
cyberspace and the virtual world.9 Cyber terrorism is an assault that targets the point of

8
Maura Conway: what is cyber terrorism; the current history, December 2002,436.
https://www.researchgate.net.(visited on Feb 10th ,2017)
9
Wright,Looming Tower(2006),133-4, https://en.wikipedia.org.

8
intersection between the material or substantial world and the virtual world. In the present era,
the integration of the virtual and technological world with the tangible world is very evident in
common tools. This trend in fact has become the framework for most establishment, agencies
and organizations. For this reason, it has become the target of terrorism. This is due to the fact
that aiming for the destruction of the system that operates the establishment can make the
attainment of the goals of the perpetrators with less effort.10

Based on the study conducted on cyber terrorism, it can be defined as the “premeditated use of
disruptive activities…with the intention to further social, ideological, religious, political or
similar objectives, or to intimidate any person…” in relation to the said objectives1. There is a
need to increase the consciousness of the general population regarding the meaning of cyber
terrorism and the possible threats that it can brought about because the utilization of the
technology by terrorist is gaining power through time.

 Narrow definition

If cyber terrorism is treated similarly to traditional terrorism, then it only includes attacks that
threaten property or lives, and can be defined as the leveraging of a target's computers and
information, particularly via the Internet, to cause physical, real-world harm or severe disruption
of infrastructure.

There are some who say that cyber terrorism does not exist and is really a matter of hacking or
information warfare. They disagree with labeling it terrorism because of the unlikelihood of the
creation of fear, significant physical harm, or death in a population using electronic means,
considering current attack and protective technologies.

If a strict definition is assumed, then there have been no or almost no identifiable incidents of
cyber terrorism, although there has been much public concern.11

10
R.K.Chaubey, An Introduction To Cyber Crime And Cyber Law, 474(Orient Publishing Co., Allahabad, 2013, 1 st
ed.)

11
Dasgupta.M, Cyber Crime in India,190, (Vibhavari Publication, shakarpur,Delhi,2015)

9
  Broad definition

Cyber terrorism is defined by the Technolytics Institute as "The premeditated use of disruptive
activities, or the threat thereof, against computers and/or networks, with the intention to cause
harm or further social, ideological, religious, political or similar objectives or to intimidate any
person in furtherance of such objectives.” The term was coined by Barry C. Collin.12

The National Conference of State Legislatures, an organization of legislators created to help

policymaker’s issues such as economy and homeland security defines cyber terrorism as:

‘The use of information technology by terrorist groups and individuals to further their agenda.
This can include use of information technology to organize and execute attacks against networks,
computer systems and telecommunications infrastructures, or for exchanging information or
making threats electronically. Examples are hacking into computer systems, introducing viruses
to vulnerable networks, web site defacing, Denial-of-service attacks, or terroristic threats made
via electronic communication.’13

Cyber terrorism can also include attacks on Internet business, but when this is done for economic
motivations rather than ideological, it is typically regarded as cybercrime.

As shown above, there are multiple definitions of cyber terrorism and most are overly broad.
There is controversy concerning overuse of the term and hyperbole in the media and by security
vendors trying to sell "solutions".

 DEFINITION OF CYBER TERRORISM BY FBI:

The FBI defined cyber terrorism as "The premeditated, politically motivated attack against
information, computer systems, computer programs, and data which result in violence against
noncombatant targets by sub-national groups or clandestine agents".14

12
Hoffman, Bruce. Inside Terrorism. New York: Columbia University Press, 1988. P. 26.,
www.nytimes.com.(visited on March 7th ,2017)
13
Walter G. Park and Juan Carlos Ginarte, Terrorism and its Changing Forms, 122, 1977,
https://www.researchgate.net.(visited on March 7th, 2017)
14
http://www.fbi.gov.(visited on march 7th, 2017)

10
The U.S. National Infrastructure Protection Center defined the term as:

"A criminal act perpetrated by the use of computers and telecommunications capabilities,
resulting in violence, destruction and/or disruption of services to create fear by causing confusion
and uncertainty within a given population, with the goal of influencing a government or
population to conform to particular political, social or ideological agenda".15

James Lewis from the Center for Strategic and International Studies defined cyber
terrorism as:

"The use of computer network tools to shut down critical national infrastructure (such as energy,
transportation, government operations) or to coerce or intimidate a government or civilian
population".16

2.2. HISTORY

Cyber terrorism has a short history: Only in the past decade have cyber security threats surfaced
worldwide. Obvious targets of cyber terrorism consist of critical infrastructures—including
transportation, electric power grids, oil and gas distribution, telecommunications, air traffic, and
financial institutions. In February 2000, a distributed denial of service (DDoS) attack was
launched on popular Internet sites Yahoo, Amazon, eBay, CNN, trade, ZDNet, and Date.
Millions of people were unable to access services provided by these companies, resulting in
monetary loss and a decline in the sense of security previously offered by these top-tier Web
sites.17 While the focus the following year became physical terrorism (9/11), an incident
involving China and the U.S. in April 2001—the collision between an American surveillance
plane and a Chinese fighter aircraft—was the likely culprit that initiated a series of cyber-attacks
and Web site defacements between the two countries.18

Web site defacement is the most common and extreme visual display of cyber terrorism. It is a
form of cyber terrorism because, although the aftermath may not always be violent, it does serve

15
https://www.cio.com.(visited on March 7th,2017)
16
https://www.csis.org.(visited on March 7th, 2017)
17
www.legalservicesindia.com.(visited on March 7th,2017)
18
J.P. Mishra, An Introduction to Cyber Laws, 182(Central Laws Publication, Allahabad,2012, 1 stedn.)

11
the purpose of intimidation with a political and/or social agenda. Politically motivated Web site
defacement has occurred frequently in the past and present. Korean University students defaced
Japanese Web sites to protest the content of Japanese textbooks. In protest of the Japanese Prime
Minister’s visit to the Yasukuni Shrine, pro-Chinese hackers defaced Japanese Web sites.
Additionally, the Pakistan-India conflict and the Israel Palestine conflict both involved Web site
defacements. In 2003, Romanian hackers attacked the National Science Foundation’s
Amundsen-Scott South Pole Station. In 2007, there were several cyber-attacks on Estonia,
mostly Dodoes attacks on police, media, financial, and government Web sites; Estonia claimed
that Russia was hacking into their systems. In August 2008, the Georgia-Russia conflict
continued the pattern of Web site defacements between adversarial nations—both countries’
Web sites were defaced during the period of tension over South Ossetia. 19 In early 2009, there
was a report that the computer systems that controlled the U.S. power grid were penetrated by
foreign threats, likely Russia or China, and evidence of signature software was found. Although
no monetary damage was done, the implication is inconceivable.. There has been speculation that
the source of the attacks was from North Korea, but there is currently no solid evidence to
confirm this allegation. Countries such as China, Cuba, Iran, Iraq, Libya, North Korea, Russia,
Sudan, and Syria are believed to present a greater threat for potential cyber-attacks than other
nations.20

On Oct. 21, 2002, a distributed denial of service (DDoS) attack struck the 13 root servers that
provide the primary road-map for all internet communications. Nine servers out of these thirteen
were jammed. The problem was taken care of in a short period of time21.

According to Kevin Coleman (Oct. 10, 2003) the internet being down for just one day could
disrupt nearly $6.5 billion worth of transactions.

At Worcester, Mass, in 1997, a hacker disabled the computer system of the airport control tower.

19
The Hindustan Times, January 15, 1996
20
R. K. Chaubey, An Introduction to Cyber Crime and Cyber Law, (Orient Publishing Co., Allahabad, 2013, 1 st
edn.)
21
http://terrorism.about.com.(visited on March 10th, 2017)

12
In the same year a hacker from Sweden jammed the 911 emergency telephone system in the
west-central Florida. This indicates that an attack could be launched from anywhere in the world.

In 1998 attacks were launched against the NASA, the Navy, and the Department of Defense
computer systems

.In 2000, someone hacked into Maroochy Shire, Australia waste management control system and
released millions of gallons of raw sewage on the town.

In Russia In the year 2000, a hacker was able to control the computer system that governs the
flow of natural gas through the pipelines.

Financial institutions have been subject to daily attacks or attack attempts. They are the most
preferable targets for cyber criminals22. The Israeli cyber warfare professionals targeted human
rights and anti-war activists across the U.S.A in late July and August 2002 disrupting
communications, harassing hundreds of computer users, and annoying thousands

2.3. A Couple of Events

 1997: The Electronic Disturbance Theater (EDT) starts conducting Web "sit-ins"
against various domains in support of the Zapatistas of Mexico. Thousands of protesters
point their browser at a site using software that overloads the site with requests for
downloads.23
 1997: Chaos Computer Club creates ActiveX Controls that trick Quicken into
removing money from a user's account and transferring it someplace else.24
 1998: Ethnic Tamil guerrillas swamped Sri Lankan embassies with over 800 e-mails a
day for more than two weeks. Some say this was the first known attack by terrorists
against a country's IT infrastructure.

Michael lawless “Terrorism: an International Crime” available at http://www.journal.forces.gc.ca (visited on

22

March 7th,2017)
23
https://scholarship.law.upenn.edu, (visited on March 7th,2017)

24
https://www.cnet.com, (visited on March 7th, 2017)

13
  1999: Assassins hack into a hospital computer to change the medication of a patient so
that he would be given a lethal injection. He was dead within a few hours.
 2001: After a Chinese fighter collided with an American surveillance plane in April,
Chinese hacker groups spent the next week or so cyber-attacking American targets
causing millions of dollars in dam
 In 2002, Asia-Pacific Economic Cooperation (APEC) issued Cyber security Strategy
which is included in the Shanghai Declaration. The strategy outlined six areas for co-
operation among member economies including legal developments, information sharing
and co-operation, security and technical guidelines, public awareness, and training and
education.25
 In 2003, Geneva Declaration of Principles and the Geneva Plan of Action were released,
which highlights the importance of measures in the fight against cybercrime.
 In 2005, the Tunis Commitments and the Tunis Agenda were adopted for the Information
Society.
 2007, Cyber-attacks on Estonia were a series of cyber-attacks that began 27 April 2007
and swamped websites of Estonian organizations, including Estonian parliament, banks,
ministries, newspapers and broadcasters, amid the country's disagreement
with Russia about the relocation of the Bronze Soldier of Tallinn, an elaborate Soviet-era
grave marker, as well as war graves in Tallinn.26
 2010, The 2010 cyber-attacks on Myanmar (also known as Burma)
were distributed denial-of-service attacks (DDoS) that began on 25 October occurring
ahead of the Burmese general election, 2010, which is widely viewed as a sham election.
This election was the first that Burma had had in 20 years. The attacks were significantly
larger than attacks against Estonia and Georgia in 2007 and 2008 respectively. The attack
followed a similar one on 1 February 2010, and also followed an incident of a total loss
of connection to the internet the previous spring when a submarine communications
cable was severed accidentally.27

25
www.oecd.org. (visited on March 7th 2017)
26
www.bbc.com/news(visited on March 7th 2017)
27
Ibid.

14
  Wiper – in December 2011, the malware successfully erased information on hard disks at
the Oil Ministry's headquarters.28
 Shamoon, a modular computer virus, was used in 2012 in an attack on 30,000 Saudi
Aramco workstations, causing the company to spend a week restoring their services.29
 2013, The 2013 Singapore cyber-attacks were a series of hack attacks initiated by
the hacktivist organisation Anonymous, represented by a member known by the online
handle "The Messiah". The cyber-attacks were partly in response to web censorship
regulations in the country, specifically on news outlets. On 12 November 2013, James
Raj was charged in Singapore court as the alleged "The Messiah".

2.4. KINDS OF CYBER TERRORISM

Cyber terrorism as mentioned is a very serious issue and it covers vide range of attacks. Here, the
kind indulgence is asked toward the definition of Cyber Crime. "Cyber Crime'" is crime that is
enabled by, or that targets computers. Cyber Crime can involve theft of intellectual property, a
violation of patent, trade secret, or copyright laws. However, cybercrime also includes attacks
against computers to deliberately disrupt processing, or may include espionage to make
unauthorized copies of classified data.''30
Some of the major tools of cyber crime may be- Botnets, Estonia, 2007, Malicious Code Hosted
on Websites, Cyber Espionage etc. It is pertinent to mark here that there are other forms which
could be covered under the heading of Cyber Crime & simultaneously are also the important
tools for terrorist activities. Discussing these criminal activities one by one are as:

ATTACKS VIA INTERNET

 Unauthorized access & Hacking:
Access means gaining entry into, instructing or communicating with the logical, arithmetical, or
memory function resources of a computer, computer system or computer network. Unauthorized

28
Ibid.
29
Perloth, Nicole (October 24, 2012). "CyberattackOn Saudi Firm Disquiets U.S.". New York Times. pp. A1.
https://www.nytimes.com.(visited on March 7th,2017)
30
The Myth of Cyber Terrorism, By: J.D. Dayson, National Aeronautics & Space Administration Jet Population
Laboratory. Available at http; //www.treachery.net. (visited on March 8th,2017).

15
access would therefore mean any kind of access without the permission of either the rightful
owner or the person in charge of a computer, computer system or computer network Every act
committed towards breaking into a computer and or network is hacking. Hackers write or use
ready-made computer programs to attack the target computer. They possess the desire to destruct
and they get the kick out of such destruction. Some hackers hack for personal monetary gains,
such as to stealing the credit card information, transfering money from various bank accounts to
their own account followed by withdrawal of money. By hacking web server taking control on
another person's website called as web hijacking.31
 Trojan Attack:
The program that act like something useful but do the things that are quiet damping. The
programs of this kind are called as Trojans. The name Trojan Horse is popular. Trojans come in
two parts, a Client pail and a Server part. When the victim (unknowingly) runs the server on its
machine, the attacker will then use the Client to connect to the Server and start using the Trojan.
TCP/IP protocol is the usual protocol type used for communications, but some functions of the
trojans use the UDP protocol as well.32
 Virus and Worm attack:
A program that has capability to infect other programs and make copies of itself and spread into
other programs is called virus. Programs that multiply like viruses but spread from computer to
computer are called as worms. The latest in these attacks is "Michael Jackson e-mail virus-
Remembering Michael Jackson". Once it infects the computer it automatically spread the worm
into other internet users.33

E-MAIL & IRC RELATED CRIMES

(i) Email spoofing:
Email spoofing refers to email that appears to have been originated from onesource when it was
actually sent from another source.34

31
http://shodhganga.inflibnet.ac.in, p.174(visited on March 8th, 2017)
32
http://www.mondaq.coin(visited on March 8th, 2017)
33
Ibid.
34
Ibid.

16
(ii) Email Spamming:
Email "spamming" refers to sending email to thousands and thousands of users - similar to a
chain letter.35
(iii) Sending malicious codes through email;
E-mails are used to send viruses, Trojans etc through emails as an attachment or by sending a
link of website which on visiting downloads malicious code.
(iv) Email bombing:
E-mail "bombing" is characterized by abusers repeatedly sending an identical email message to a
particular address. It includes:
 Sending threatening emails
 Defamatory emails
 Email frauds
 IRC (Internet relay chat) related

ATTACK ON INFRASTRUCTURE
Our banks and financial institutions; air, sea, rail and highway transportation systems;
telecommunications; electric power grids; oil and natural gas supply lines-all are operated,
controlled and facilitated by advanced computers, networks and software. Typically, the control
centers and major nodes in these systems are more vulnerable to cyber than physical attack,
presenting considerable opportunity for cyber terrorists.36 There, could be possible consequences
of a cyber-terrorism act against an infrastructure or business, with a division of costs into direct
and indirect implications:37
 Direct Cost Implications by cyber terrorism:
- Loss of sales during the disruption

- Staff time, network delays, intermittent access for business users

- Increased insurance costs due to litigation

- Loss of intellectual property - research, pricing, etc.

35
Supra note no. 23
36
http://shodhganga.inflibnet.ac.in(March 8th, 2017)
37
R. Lemos, Cyberterrorism: The real risk, 2002: http://www.crime-research.org

17
 - Costs of forensics for recovery and litigation

- Loss of critical communications in time of emergency

 Indirect Cost Implications by cyber terrorism:38

- Loss of confidence and credibility in our financial systems

-Tarnished relationships and public image globally

- Strained business partner relationships - domestic and internationally

- Loss of future customer revenues for an individual or group of companies

- Loss of trust in the government and computer industry.

ATTACKS ON HUMAN LIFE:

Examples:-
 In case of an air traffic system that is mainly computerized and is set to establish the
flight routes for the airplanes, calculating the flight courses for all the planes in the air to
follow. Also, plane pilots have to check the course as well as the other planes being
around using the on board radar systems that are not connected to external networks,
therefore it can be attacked by the cyber-terrorist.39
 A different example would be the act of cyber-terrorism against a highly automated
factory or plant production of any kind of product: food, equipment, vehicles etc. In case
this organisation is highly reliant on the technological control, including a human control
only in the end of production, not on the checkpoint stages, then any malfunction would
be extremely hard to point out, fix and as a result to spot out a cyber-crime being
committed.40

38
Supra note . 23
39
.www.terror.net:How Modern Terrorism Uses the Internet, 21 February 2007: http://www.asiantribune.com(visited
on March 8th, 2017)
40
Ibid.

18
2.5. CYBER TERRORISM IS AN ATTRACTIVE OPTION FOR MODERN TERRORIST
FOR SEVERAL REASONS

First, it is cheaper than traditional terrorist methods. All that the terrorist needs is a personal
computer and an online connection. Terrorists do not need to buy weapons such as guns and
explosives; instead, they can create and deliver computer viruses through a telephone line, a
cable, or a wireless connection.

Second, cyber terrorism is more anonymous than traditional terrorist methods. Like many
Internet surfers, terrorists use online nicknames—”screen names”—or log on to a website as an
unidentified “guest user,” making it very hard for security agencies and police forces to track
down the terrorists’ real identity. And in cyberspace there are no physical barriers such as
checkpoints to navigate, no borders to cross, and no customs agents to outsmart.41

Third, the variety and number of targets are enormous. The cyber terrorist could target the
computers and computer networks of governments, individuals, public utilities, private airlines,
and so forth. The sheer number and complexity of potential targets guarantee that terrorists can
find weaknesses and vulnerabilities to exploit. Several studies have shown that critical
infrastructures, such as electric power grids and emergency services, are vulnerable to a cyber-
terrorist attack because the infrastructures and the computer systems that run them are highly
complex, making it effectively impossible to eliminate all weaknesses.42

Fourth, cyber terrorism can be conducted remotely, a feature that is especially appealing to
terrorists. Cyber terrorism requires less physical training, psychological investment, risk of
mortality, and travel than conventional forms of terrorism, making it easier for terrorist
organizations to recruit and retain followers.

41
Arun Mohan Sukumar, “The Splinternet is here” The Hindu, April, 20, 2016.

42
Ibid.

19
  Fifth, as the I LOVE YOU virus showed, cyber terrorism has the potential to affect directly
a larger number of people than traditional terrorist methods, thereby generating greater
media coverage, which is ultimately what terrorists want.43

Examples
Mostly non-political acts of sabotage have caused financial and other damage, as in a case where
a disgruntled employee, VitekBoden caused the release of untreated sewage into water in
Maroochy Shire, Australia.

More recently, in May 2007 Estonia was subjected to a mass cyber-attack in the wake of the
removal of a Russian World War II war memorial from downtown Tallinn44. The attack was a
distributed denial-of-service attack in which selected sites were bombarded with traffic to force
them offline; nearly all Estonian government ministry networks as well as two major Estonian
bank networks were knocked offline; in addition, the political party website of Estonia's current
Prime Minister Andrus An sip featured a counterfeit letter of apology from Ansip for removing
the memorial statue. Despite speculation that the attack had been coordinated by the Russian
government, Estonia's defense minister admitted he had no conclusive evidence linking cyber-
attacks to Russian authorities. Russia called accusations of its involvement "unfounded," and
neither NATO nor European Commission experts were able to find any conclusive proof of
official Russian government participation. In January 2008 a man from Estonia was convicted
for launching the attacks against the Estonian Reform Party website and fined.45
Even more recently, in October 2007, the website of Ukrainian president Viktor Yushchenko
was attacked by hackers. A radical Russian nationalist youth group, the Eurasian Youth
Movement, claimed responsibility.46

43
M. Bogdanoski, A. Risteski, & S. Pejoski, (2012, November). Steganalysis—A way forward against cyber
terrorism. In Telecommunications Forum (TELFOR), 2012 20th (pp. 681-684). IEEE.
44
Atkinson, James. Tempest 101. 2002. Granite Island Group. 06 June 2006., http://www.tscm.com(visited on
March 10th, 2017)
45
Cyber Teirorism: Issues in Its Interpretation and Enforcement. Available at http;/'/www.ijiee.org/papers(visited on
March 10th, 2017)
46
Chouvy, Pierre-Arnaud. Narco-terrorism in Afganistan. The Jamestown Foundation: Terrorism Monitor, 2004.
Vol. 2, Issue 6., https://jamestown.org(visited on March 15th,2017)

20
In 1999 hackers attacked NATO computers. The computers flooded them with email and hit
them with a denial of service (DOS). The hackers were protesting against the NATO bombings
of the Chinese embassy in Belgrade. Businesses, public organizations and academic institutions
were bombarded with highly politicized emails containing viruses from other European
countries.47

2.6. MODES OF CYBER TERRORISM

a). Cyber terrorism is the forerunner of war face. In the era of Information and communication
Technology (ICT) one nation causes terrorist violence by using new technology against other
nation or nations48. These are not the conventional way of war rather cyber war or net war
between two or more nations which are very much unpredictable. For example between Israel
and Pakistan net war, India and Pakistan net war, China and USA net war.49

b). International cyber terrorist attack. When international Organizations of terrorists link or
communicate between them through internet and their own network to attack any nation, it is
called international cyber terrorist attack. For example, in the year 2001 on 11th September
World Trade Centre and Pentagon attack; immediately after that in the same year on 13th
December 2001 attack at Indian parliament.

c). Use of computer system and internet facilities. Use of computer system and internet facilities
by terrorism group to develop own websites and network to send messages to each other
worldwide are affective mode of cyber terrorism.

d). Cyber terrorists use encryption programmed and digital signature. Cyber Terrorism use
encryption programmed and digital signature to coordinate them using e-mail service which
cannot be read by anyone. Even the national Security Agency through their super computing
system failed to crack terrorist group’s code. The United States of America is fighting against
these attacks from 1990’s

47
Supra note, 40
48
De Vaus, David. Surveys on Social Research. London: UCL Press, 1996. https://trove.nla.gov.au. (visited on
March 15th, 2017)
49
https://www.terrorism.org.(visited on March 15th,2017)

21
e). Terrorists now using Information and Communication Technology (ICT) including satellite
transmission. Terrorists now using ICT including satellite transmission, cell phones, wireless etc.
to communicate with each other and organize for terrorist attack.

f). Flowing ‘warm’, viruses, ‘Trojan horse’. Flowing ‘worm’, ‘virus’, ‘troan horse’ to collapse
Government departments such as defense, intelligence, commerce, academic and health. Access
to Global electronic network and information’s is one way which facilitates cyber terrorism50.

Above mentioned modes are the possible ways of exploitation of ICT by terrorists.
Terrorist’ activities are dependent on certain contributory factors. These are as follows; 51

Motivations of terrorists may be psychological, cultural or national. (i) Cultural motivations

depend on the feelings of native land and outsiders, group and outsiders, community, language
and like. (ii) Psychological motivations depend on satisfaction and dissatisfaction in life, with
family, with community, with society. (iii) National motivations are motivations of military or
business personality for financial purpose with certain goals for benefits.

Organization is very much important for terrorism and in the era of ICT it is increasing day by
day. Within group they do collect information’s from other and plan for further attack very
secretly.

Training is also a very important factor because they train themselves for attack and activities.

Information and Communication Technology are available to all including terrorists. These
are misused sometimes as targets and sometimes as weapons.

As cyberspace has no specific jurisdiction therefore they do not need visa, passport etc. to move
from one country to other country in cyber world.

Terrorist’s activities depend on publicity of their work so that people and Government will be
terrified of possible danger. For example, on 9th August 2005, in West-Bengal Maobadi groups
published for possible attack on 15th August against Government and general people.

50
Supra note. 23
51
A. Jahangiri, Cyberspace, Cyberterrorism and Information Warfare: A Perfect Recipe for Confusion:
http://www.alijahangiri.org(visited on March 12th,2017)

22
Terrorists always try to establish their command and control to earn money which is very
essential for their existence.

Terrorist use process of computer and other information processing devices for breaking,
cracking, hacking, denial of services attack, flowing of virus and objectionable article, altering
important data or deletion of data.

2.7. WHO ARE CYBER TERRORISTS?

There are groups that operate on the goal of propagating terrorism in on the basis of religious or
political goals. One of the known terrorists belongs to the Al Qaeda network. There is no
recorded evidence though that the group operates through the use of cyber technology. In the
developing world of technology though, the terrorist can adopt to the use of the system in
relatively shorter time due to the possible advantages that can be achieved through its use. In
fact, certain groups of terrorists have already employed the use of the cyber technology and its
application in the attainment of goals.52 Thus, the inclusion of this group that can be considered
as the primary group that can commit cyber terrorism is given the required attention to prevent
the damage that can be incurred in incidents of terrorism acts.53

Another concern that is being given attention is the establishment of the “information warfare”
by nations and states that are known to advocate terrorism to attain their goals. Some of the
countries that support terrorism are Syria, Iraq, Iran, Sudan and Libya. Based on the study
conducted in the United States, the said areas have been developing the capability of terrorist
attack though the utilization of the computer 19 technology that can readily be made available.
Upon the attainment of a fully capable weapon, the US is concerned of the possible attack that
can target not even the US but also the partner countries54.
Other groups that can pose a real threat of committing terrorism are those groups that can be
considered as supporters of terrorists and those that are against US and the nations that are
considered as supporters. These groups operate mostly on the basis of fanatic ideologies. These

52
Dick, Ronald. Cyber Terrorism and Critical Infrastructure Protection. 24 July 2002.
53
Supra Note.26
54
. http://www.fbi.gov.(visited on March 12th,2017)

23
groups can be considered as the most volatile group and usually are ones that commits the
attacks of greatest damages. One example of this can be observed in those groups that judge that
the fight to eliminate terrorism worldwide as an anti-Muslim war, the Muslims usually commits
terrorism against US and the nations that support this fight. Thus, a religious motivation arises.
Danger also arises for the nations that share the views and support countries such as the US
which is a common target of terrorist attacks. The groups that commit terrorism only for the
fulfillment and excitement that can be attained belong to those that search for adventure. They
usually ride the issues of clash between various political or national groups. These groups
induced the escalation of the misunderstanding, thus, increasing the probability of terrorism. 55

From American point of view the most dangerous terrorist group is Al-Qaeda which is
considered the first enemy for the US. According to US official’s data from computers seized in
Afghanistan indicate that the group has scouted systems that control American energy facilities,
water distribution, communication systems, and other critical infrastructure.56

After April 2001 collision of US navy spy plane and Chinese fighter jet, Chinese hackers
launched Denial of Service (DOS) attacks against American web sites.

A study that covered the second half of the year 2002 showed that the most dangerous nation for
originating malicious cyber-attacks is the United States with 35.4% of the cases down from 40%
for the first half of the same year. South Korea came next with 12.8%, followed by China 6.2%
then Germany 6.7% then France 4%. The UK came number 9 with 2.2%. According to the same
study, Israel was the most active country in terms of number of cyber-attacks related to the
number of internet users. There are so many groups who are very active in attacking their targets
through the computers. The Unix Security Guards (USG) a pro-Islamic group launched a lot of
digital attacks in May 2002.Another group called World's Fantabulas Defacers (WFD) attacked
many Indian sites. Also there is another pro Pakistan group called Anti India Crew (AIC) who

55
Ibid.
56
Samir Saran, “Time to face up the cyber threats” ORF 1-2 (2017). available at
http://www.orfonline.org/research/time-to-face-up-to-cyber-threats/ ( Visited on Feb 11, 2017).

24
launched many cyber-attacks against India. There are so many Palestinian and Israeli groups
fighting against each other through the means of digital attacks.57

Here are few key things to remember to protect yourself from cyber-terrorism:

1. All accounts should have passwords and the passwords should be unusual, difficult to
Guess.
2. Change the network configuration when defects become know.

3. Check with venders for upgrades and patches.

4. Audit systems and check logs to help in detecting and tracing an intruder.

5. If you are ever unsure about the safety of a site, or receive suspicious email from an
Unknown address, don't access it. It could be trouble.

Some incidents of Cyber Terrorism:-

The following are notable incidents of Cyber Terrorism by cyber terrorist:

• In 1998, ethnic Tamil guerrillas swamped Sri Lankan embassies with 800 e-mails a day over a
two-week period. The messages read "We are the Internet Black Tigers and we're doing this to
disrupt your communications." Intelligence authorities characterized it as the first known attack
by terrorist against a country’s computer systems58.

• During the Kosovo conflict in 1999, NATO computers were blasted with e-mail bombs and hit
with denial-of-service attacks by activists protesting the NATO bombings. In addition,
businesses, public organizations, and academic institutes received highly politicized virus-laden
e-mails from a range of Eastern European countries, according to reports. Web defacements were
also common.

• Since December 1997, the Electronic Disturbance Theater (EDT) has been conducting Web sit-
ins against various sites in support of the Mexican Zapatistas. At a designated time, thousands of

57
FBI. Terrorism 2000/2001. 2001. US: FBI, 2001.
58
Paul T. Augastine, Cyber Crime And Legal Issues,205( Crescent Publication Corporation,
Delhi, 2007 )

25
protestors point their browsers to a target site using software that floods the target with rapid and
repeated download requests. EDT's software has also been used by animal rights groups against
organizations said to abuse animals. Electro hippies, another group of activists, conducted Web
sit-ins against the WTO when they met in Seattle in late 1999.

One of the worst incidents of cyber terrorists at work was when crackers in Romania illegally
gained access to the computers controlling the life support systems at an Antarctic research
station, endangering the 58 scientists involved. More recently, in May 2007 Estonia was
subjected to a mass cyber-attack by hackers inside the Russian Federation which some evidence
suggests was coordinated by the Russian government, though Russian officials deny any
knowledge of this. This attack was apparently in response to the removal of a Russian World
War II war memorial from downtown Estonia.59

 India, UK to Strengthen Cooperation over Tackling Cyber-Terrorism: Theresa

May60

Visiting British Prime Minister Theresa May on Monday said the UK and India faced the shared
threat of terrorism and the two have agreed to strengthen cooperation in tackling use of the
Internet by extremists.
“We both face the shared threat of terrorism as individual countries, as partners, and as global
powers,” May said in a joint media briefing after her talks with Prime Minister Narendra Modi at
the Hyderabad House in New Delhi.
“We have agreed to strengthen our cooperation, in particular, by sharing best practice to tackle
use of internet by violent extremists, she said.
“Prime Minister, Modi and I have agreed to step up our cooperation by negotiating a cyber
framework between our countries.”
Prime Minister May said the UK and India faced an increasing threat of cyber-attacks from other
states, terrorists and criminals operating in cyberspace.
She stressed that she and Prime Minister Modi were personally dedicated to invest in the UK-
India relationship.

59
Manish Kumar Chaubey, Cyber Crimes and Legal Measures 121 (Regal Publications, New Delhi, 2013).
60
Available at: http://meity.gov.in/sites/upload_files/dit/files/Plan_Report_on_Cyber_Security.pdf. 6 (visited on Feb
1, 2017).

26
“We share values and that makes us natural partners.”61

2.8. CYBER TERRORISM: A GREATER THREAT THAN TERRORISM

Terrorism has been an issue that has received public attention ever since the tragedy that
occurred in September 11, 200162. However, there is a "subspecies" of this great threat that
plagues the world which may have the potential to cause even greater consequences. The most
serious and potentially harmful problem facing the world is cyber terrorism. Although the issues
of this problem haven't been sparking interest, the truth of the matter is that it could very well
result in catastrophes far more devastating than terrorism.63

Everyone has Access to the Internet: - Sure, cyber terrorism is a topic that is rarely viewed
upon as being the top priority to stop; however, that does not necessarily mean that the issue is
unimportant. Since the average citizen from businessmen to the librarians all have access to the
internet, new doors have been opened for cyber terrorists to cause mayhem to one's PC and
bypass security to reach to his or her personal information. If one cyber terrorist somehow
manages to get the personal information of another person's, it is like having a robber get a hold
of that money. However, in this situation, the consequence can be even more fatal since the
cyber terrorist has access to the victim's bank account64. This means that all the life savings that
the victim has earned through much effort goes down the drain and now is in possession by the
cyber terrorist. Therefore, cyber terrorism can be even more fatal than a robbery or any other
types of trespass to one's personal information.

Limited Protection: - Another point that makes cyber terrorism stand out is that not everyone
has the security to prevent these cyber terrorists from breaching into one's personal information.
Cyber terrorists use viruses or "worms" to infect a PC for the terrorists' needs. Although getting a
virus can be easily prevented, the majority of the citizens do not have possession of virus

61
Indo-Asian News Service, 07 November 2016/ https://gadgets.ndtv.com.(visited on march 12th,2017)

62
R.K. Pradhan, Cyber Crime and Cyber Terrorism, 79( Manglam Publications, Delhi, 2010, 1 stedn.)
63
Jarvis, L., S. Macdonald and L. Nouri (2014) ‘The Cyberterrorism Threat: Findings from a Survey of
Researchers’, in Studies in Conflict & Terrorism 37(1): 68-90. The final, published version of the article is available
at: http://www.tandfonline.com(visited on March 12th,2017)
64
Mudawi Mukhtar Elmusharaf, Cyber terrorism: The New Kind of Terrorism, Computer Crime Research Center
April8,2004

27
scanners and other protection which can be enforced with a click of a button. Part of the reason
why cyber terrorism is a big issue is based on the fact that people with internet are dubious that a
cyber terrorist is going to break into their account65. Thus, people forget to download virus
scanners the minute they purchase their computers. As time goes by, he/she who was too
skeptical of the consequence could have his/her personal information breached and suffer turmoil
from then on. The principle of karma seems to take place.66
No Identification:- Even so, cyber terrorism is becoming a global conflict in which real
terrorists such as Al-Qaeda hire professional hackers in order to breach into the US embassy and
retrieve information. One of the events that actually did occur with a similar situation was the
breaching of the embassy of Estonia by a cyber terrorist. The outcome was fatal -- infrastructures
such as airplanes, streetlights, subways, and etc. were all disabled and people could not reach
their offices or go back home. This lead to a disaster in the economy and the country was as
helpless as a sitting duck. What's even worse was that the terrorists couldn't be found because the
nation had no traces of the terrorists67. Even the everyday citizen can be a cyber terrorist in
disguise who has the power to disrupt a whole country.68

Although cyber terrorism may be a topic that has been reserved, the devastation and the pursuit
to hack into others' personal information is heavily pursued by a smorgasbord of cyber terrorists
voracious for pay. Even though the internet is saturated with viruses that can infect one's
computer, people don't care for these consequences thinking that it's not ancillary and necessary
to enforce protection. However, these types of people are usually the victims of malicious cyber
terrorists.

65
Wright, Looming Tower(2006),page.133-4
66
Silke, Andrew (2004) ‘The Road Less Travelled: Recent Trends in Terrorism Research’, in Andrew Silke (ed.)
Research on Terrorism: Trends, Achievements and Failures. Abingdon: Routledge: 186-195.

Michael lawless “Terrorism: an International Crime” available at http://www.journal.forces.gc.ca(visited on March

67

13th,2017)
68
Silke, Andrew (2004) ‘The Road Less Travelled: Recent Trends in Terrorism Research’, in Andrew Silke (ed.)
Research on Terrorism: Trends, Achievements and Failures. Abingdon: Routledge: 196-213.

28
2.9. CYBER TERRORISM TODAY AND TOMORROW

It seems fair to say that the current threat posed by cyber terrorism has been exaggerated. No
single instance of cyber terrorism has yet been recorded; U.S. defense and intelligence computer
systems are air-gapped and thus isolated from the Internet; the systems run by posed; the vast
majority of cyber-attacks are launched by hackers with few, if any, political goals and no desire
to cause the mayhem and carnage of which terrorists dream. So, then, why has so much concern
been expressed over a relatively minor threat?69
The reasons are many. First, as Denning has observed, “cyber terrorism and cyber-attacks are
sexy right now. Novel, original, it captures people’s imagination.” Second, the mass media
frequently fail to distinguish between hacking and cyber terrorism and exaggerate the threat of
the latter by reasoning from false analogies such as the following: “If a sixteen-year-old could do
this, then what could a well-funded terrorist group do?” Ignorance is a third factor. Green argues
that cyber terrorism merges two spheres—terrorism and technology—that many people,
including most lawmakers and senior administration officials, do not fully understand and
therefore tend to fear. Moreover, some groups are eager to exploit this ignorance. Numerous
technology companies, still reeling from the collapse of the high-tech bubble, have sought to
attract federal research grants by recasting themselves as innovators in computer security and
thus vital contributors to national security.70 Law enforcement and security consultants are
likewise highly motivated to have us believe that the threat to our nation’s security is severe. A
fourth reason is that some politicians, whether out of genuine conviction or out of a desire to
stoke public anxiety about terrorism in order to advance their own agendas, have played the role
of prophets of doom. And a fifth factor is ambiguity about the very meaning of “cyber
terrorism,” which has confused the public and given rise to countless myths.71

Verton argues that “al Qaeda has shown itself to have an incessant appetite for modern
technology” and provides numerous citations from bin Laden and other al Qaeda leaders to show

69
K. Curran&Others, Civil Liberties and Computer Monitoring, 2004: http://www.jiti.com(visited on
March13th,2017)
70
Stuart Macdonald, Lee Jarvis, Tom Chen and Simon Lavis, (2013) Cyberterrorism: A Survey of Researchers.
Cyberterrorism Project Research Report (No. 1), Swansea University. Available via http://www.cyberterrorism-
project.org (visited on March 13th,2017).
71
Collin, Barry. Where the Physical and Virtual Worlds Converge. 11th Annual International Symposium on
Criminal Justice Issues. IL: University of Chicago, 1996.

29
their recognition of this new cyber weapon. In the wake of the 9/11 attacks, bin Laden reportedly
gave a statement to an editor of an Arab newspaper claiming that “hundreds of Muslim scientists
were with him who would use their knowledge ranging from computers to electronics against the
infidels.” Sheikh Omar Bakri Muhammad, a supporter of bin Laden and often the conduit for his
messages to the Western world, declared in an interview with Verton, “I would advise those who
doubt al Qaeda’s interest in cyber-weapons to take Osama bin Laden very seriously. The third
letter from Osama bin Laden . . . was clearly addressing using the technology in order to destroy
the economy of the capitalist states.”72

“While bin Laden may have his finger on the trigger, his grandchildren may have their fingers
on the computer mouse,” remarked Frank Cilluffo of the Office of Homeland Security in a
statement that has been widely cited. Future terrorists may indeed see greater potential for cyber
terrorism than do the terrorists of today. Furthermore, as Denning argues, the next generation of
terrorists is now growing up in a digital world, one in which hacking tools are sure to become
more powerful, simpler to use, and easier to access. 73
Cyber terrorism may also become more attractive as the real and virtual worlds become more
closely coupled. For instance, a terrorist group might simultaneously explode a bomb at a train
station and launch a cyber attack on the communications infrastructure, thus magnifying the
impact of the event. Unless these systems are carefully secured, conducting an online operation
that physically harms someone may be as easy tomorrow as penetrating a website is today.
Paradoxically, success in the “war on terror” is likely to make terrorists turn increasingly to
unconventional weapons such as cyber terrorism.74The challenge before us is to assess what
needs to be done to address this ambiguous but potential threat of cyber terrorism—but to do so
without inflating its real significance and manipulating the fear it inspires. Denning and other
terrorism experts conclude that, at least for now, hijacked vehicles, truck bombs, and biological
weapons seem to pose a greater threat than does cyber terrorism. However, just as the events of

72
Collin, Barry. Where the Physical and Virtual Worlds Converge. 11th Annual International Symposium on
Criminal Justice Issues. IL: University of Chicago, 1996.
73
Dorothy Denning, “Cyberterrorism” Testimony before the Special Oversight Panel on Terrorism Committee on
Armed Services U.S. House of Representatives (2000), (visited on March 14th 2017),
http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html
74
http://www.asianlaws.org(visited on March 13th,2017)

30
9/11 caught the world by surprise, so could a major cyber assault. The threat of cyber terrorism
may be exaggerated and manipulated, but we can neither deny it nor dare to ignore it.

 'Multi-Pronged Strategy Needed To Tackle Cyber Terror'

A multi-pronged strategy of setting up of a super information- sharing body, better coordination

between government agencies, use of indigenous software and hardware could help in avoiding
cyber terrorism on India, said officials of NGO Cyber Society of India.

"Through shared data-mining and warehousing, hackers get a comprehensive outlook. On the
other hand, government agencies work as islands, not sharing information," the society's founder
chairman R. Ramamurthy told reporters here Tuesday.

According to the society's senior vice president V. Rajendran, India needs a law for data privacy
same as western nations.75

Simple steps like seeking a mobile phone number as an authentication by all email and social
networking site providers in India will not only enable tracing the trail but also fix
responsibilities on content or service providers, society officials said.

The NGO welcomed the government's action in banning bulk SMS and some websites that had
messages threatening people hailing from northeast regions living in other parts of the country.

According to the society, the Indian Computer Emergency Response Team (CERT-IN) has
sufficient teeth to act against cyber attackers and the present laws including the Information
Technology Act are sufficient to deal with the matter.76

Setting up of a super monitoring nodal agency to exclusively look after the cyber security of the
nation should be considered, the officials said.

This agency should be empowered to receive information of potential attacks from intelligence
agencies and take preventive and corrective action with well-defined powers vested with it, they
urged.77

75
http://www.firstpost.com/(visited on Feb 12th,2017)
76
Audrey Kurth Cronin, “Behind the Curve Globalisation and International Terrorism,” International Security 27
(3) (2002/03), p. 47.
77
http://www.firstpost.com(visited on Feb 12th,2017)

31
 CHAPTER-3
INTERNATIONAL CONVENTION ON
CYBER TERRORISM

32
 CHAPTER-3
INTERNATIONAL CONVENTION ON CYBER TERRORISM

3.1. INTRODUCTION

The Convention is the first international treaty on crimes committed via the Internet and other
computer networks, dealing particularly with infringements of copyright, computer-related fraud,
child pornography, hate crimes, and violations of network security.78 It also contains a series of
powers and procedures such as the search of computer networks and lawful interception.

Its main objective, set out in the preamble, is to pursue a common criminal policy aimed at the
protection of society against cybercrime, especially by adopting appropriate legislation and
fostering international cooperation.79

The Convention aims principally at:

 Harmonising the domestic criminal substantive law elements of offences and connected
provisions in the area of cyber-crime
 Providing for domestic criminal procedural law powers necessary for the investigation
and prosecution of such offences as well as other offences committed by means of a
computer system or evidence in relation to which is in electronic form
 Setting up a fast and effective regime of international cooperation

The following offences are defined by the Convention: illegal access, illegal interception, data
interference, system interference, misuse of devices, computer-related forgery, computer-related

78
Arias, Martha L., "The European Union Criminalizes Acts of Racism and Xenophobia Committed through
Computer Systems"/http;//www.wikipedia.org.(visited on April 10, 2017).
79
http://www.itu.int/en/about/Pages/default.aspx (Visited on April 09, 2017).

33
fraud, offences related to child pornography, and offences related to copyright and neighbouring
rights.80

The Convention is the product of four years of work by European and international experts. It
has been supplemented by an Additional Protocol making any publication of racist and
xenophobic propaganda via computer networks a criminal offence, similar to Criminal Libel
laws. Currently, cyber terrorism is also studied in the framework of the Convention.81

International cooperation in order to confront with cyber terrorism has different form of
relationship among government and law enforcement agencies. The cooperative efforts are
divided into three types: international and global efforts, European Convention on cyber
terrorism and regional or international organisation.82

3.2. BUDAPEST CONVENTION ON CYBERCRIME

The Convention on Cybercrime, also known as the Budapest Convention on Cybercrime or just
the Budapest Convention83, is the first international treaty seeking to address Computer crime
and Internet crimes by harmonizing national laws, improving investigative techniques and
increasing cooperation among nations. It was drawn up by the Council of Europe in Strasbourg
with the active participation of the Council of Europe's observer states Canada, Japan and
China.84

The Convention and its Explanatory Report was adopted by the Committee of Ministers of the
Council of Europe at its 109th Session on 8 November 2001. It was opened for signature in
Budapest, on 23 November 2001 and it entered into force on 1 July 2004. As of 28 October
2010, 30 states had signed, ratified and acceded to the convention; while a further 16 states had
signed the convention but not ratified it. On 1 March 2006 the Additional Protocol to the
Convention on Cybercrime came into force. Those States that have ratified the additional

80
https://www.coe.int,(visited on March 15th,2017)
81
Convention on Cyber-terrorism, Article 15,
82
K. Curran&Others, Civil Liberties and Computer Monitoring, 2004: http://www.jiti.com(visited on
March15th,2017)
83
Convention on Cybercrime, Budapest, 23 November 2001
84
Prashant Mali, “Cyber Law & Cyber Crimes 2 (Snow white Publication, Mumbai, second edn., 2015).

34
protocol are required to criminalize the dissemination of racist and xenophobic material through
computer systems, as well as of racist and xenophobic-motivated threats and insults.

ORIGIN: The Budapest Convention was negotiated by the Council of Europe (CoE) Member
States as well as Canada, Japan, South Africa and the United States. It was adopted by the CoE’s
Committee of Ministers at its 109th session, on 8 November 2001,85 opened for signature in
Budapest less than two weeks later, on 23 November 2001, and entered into force on 1 July
2004. As of March 2016, 48 states have ratified the Convention. An additional six states have
signed, but not ratified it – this includes South Africa, one of the original negotiators. In addition,
Russia and San Marino, though Council of Europe member states, neither signed nor ratified.86

The fact that the Convention was drafted without extensive input from developing countries has
been flagged by India repeatedly,87 and is indeed correct. But if this criticism has nevertheless
often left observers baffled, his is arguably with reason. For instance, as recently as 2012, and
only two years after it became possible for non-member states to do so, India signed and ratified
the Convention on Mutual Administrative Assistance in Tax Matters, jointly developed by the
CoE and the OECD. The treaty first came into force in 1995. India had not had any hand in its
negotiation.

If India, thus, does not a priori refuse to sign a treaty merely because it has not been party to the
negotiations of its provisions, then why make this criticism with regard to the Budapest
Convention? The problem lies in the way in which the geographical imbalance has shaped the
scope, focus and content of the Convention. It has been argued that, if the Cybercrime
Convention includes only a limited number of offences in its section on substantive law, this is
simply because on other offences, a minimum consensus could not be reached. But India as well
as others have raised concerns both about what is included and what is excluded: India’s
priorities simply do not find sufficient reflection in the Budapest Convention as it stands right

85
Explanatory Report to the Convention on Cybercrime, Council of Europe European Treaty Series No. 185,
Budapest,
86
http://www.coe.int,(visited on March 15th, 2017)
87
. Singh, PratapVikram (2013). India Won’t Sign Budapest Pact on Cybersecurity. Governance Now, 15 October,

35
now. Rather than being taken at face value, the criticisms of the treaty’s limited origins thus
should be seen as a short-hand for these more complex points.88

The objective of the Budapest Convention is that the Convention is the first international treaty
on crimes committed via the Internet and other computer networks, dealing particularly with
infringements of copyright, computer-related fraud, child pornography, hate crimes and
violations of network security. It also contains a series of powers and procedures such as the
search of computer networks and Lawful interception. Its main objective, set out in the preamble,
is to pursue a common criminal policy aimed at the protection of society against cybercrime,
especially by adopting appropriate legislation and fostering international co-operation89

Its ratification by the United States Senate by unanimous consent in August 2006 was both
praised and condemned.90 The United States became the 16th nation to ratify the
convention.91 The Convention entered into force in the United States on 1 January 2007.

Senate Majority Leader Bill Frist said: "While balancing civil liberty and privacy concerns, this
treaty encourages the sharing of critical electronic evidence among foreign countries so that law
enforcement can more effectively investigate and combat these crimes".92

The Electronic Privacy Information Centre said:

"The Convention includes a list of crimes that each signatory state must transpose into their own
law. It requires the criminalization of such activities as hacking (including the production, sale,
or distribution of hacking) and offenses relating to child pornography, and expands criminal
liability for intellectual property violations. It also requires each signatory state to implement
certain procedural mechanisms within their laws. For example, law enforcement authorities must

88
https://www.legallyindia.com,(visited on March 17th, 2017)
89
Ronczkowski, Michael. Terrorism and Organized Hate Crime: Intelligence Gathering,
Analysis, and Investigations. Boca, FL: CRC Press, 2004. 17-42.
90
McCullagh, Declan; Anne Broache. "Senate Ratifies Controversial Cybercrime Treaty"(4 August 2006)
91
Anderson, Nate. ""World's Worst Internet Law" ratified by Senate"(4 August 2006)
92
http://www.asianlaws.org

36
be granted the power to compel an Internet service provider to monitor a person's activities
online in real time. Finally, the Convention requires signatory states to provide international
cooperation to the widest extent possible for investigations and proceedings concerning criminal
offenses related to computer systems and data, or for the collection of evidence in electronic
form of a criminal offense. Law enforcement agencies will have to assist police from other
participating countries to cooperate with their mutual assistance requests".

Although a common legal framework would eliminate jurisdictional hurdles to facilitate the law
enforcement of borderless cybercrimes, a complete realization of a common legal framework
may not be possible. Transposing Convention provisions into domestic law is difficult especially
if it requires the incorporation of substantive expansions that run counter to constitutional
principles. For instance, the United States may not be able to criminalize all the offenses relating
to child pornography that are stated in the Convention, specifically the ban on virtual child
pornography, because of its First Amendment's free speech principles. Under Article 9(2)(c) of
the Convention, a ban on child pornography includes any “realistic images representing a minor
engaged in sexually explicit conduct”. According to the Convention, the United States would
have to adopt this ban on virtual child pornography as well, however, the U.S. Supreme Court,
in Ashcroft v. Free Speech Coalition,93 struck down as unconstitutional a provision of the CPPA
that prohibited "any visual depiction” that "is, or appears to be, of a minor engaging in sexually
explicit conduct". In response to the rejection, the U.S. Congress enacted the PROTECT Act to
amend the provision, limiting the ban to any visual depiction “that is, or is indistinguishable
from, that of a minor engaging in sexually explicit conduct”. 94

Accession By Other Non-Council of Europe States

The Convention was signed by Canada, Japan, the United States, and South Africa on 23
November 2001, in Budapest. As of July 2016, the non–Council of Europe states that have
ratified the treaty are Australia, Canada, Dominican Republic, Israel, Japan, Mauritius, Panama,
Sri Lanka, and the United States.

93
AIR 2002, 535 U.S. 234
94
https://supreme.justia.com

37
On 21 October 2013, in a press release, the Foreign Ministry of Colombia stated that the Council
of Europe had invited Colombia to adhere to the Convention of Budapest.95 Colombia has not
acceded to the convention.

3.3. CONTRIBUTION OF OTHER REGIONAL AND INTERNATIONAL

ORGANISATIONS AND GROUPINGS

3.3.1 G-896

The G8 has been formulating policy and action plans to deal with high-tech and
computer-related crimes about a decade now. In December 1997, representatives from 8 major
industrialized nations forming the G8 agreed on a ten point action plan to fight international
computer related crimes. The leaders of the G8 countries endorsed this templates and G8 experts
forming the subgroup on High-Tech Crime continue to meet regularly to cooperate on the
implementation of the action plan97.

3.3.2 OECD98

The Organization For Economic Cooperation And Development (OECD) conducted a

study on from 1983-1985 on the need for consistent national cyber crime laws which culminated
in a 1986 report listing a core group of cyber crime that countries should outlaw.

3.3.3. UN

The United Nations (UN) has also done some work in their attempt to provide some
solution to the problem.99 It has hosted 11 crimes congresses so far and the issues of computer
releated crimes often features on their agenda.100

95
http://www.cancilleria.gov.co(visited on March 23rd, 2017)
96
http://en.g8russia.ru(visited on March 23rd,2017)
97
Michael A. Sussman, The Critical Challenges From International High-Tech And Computer- Related Crime At
The Millennium, 9 Duke J. Comp. &Int’i L. 451, 481-487(1999).
98
http://www.oecd.org(visited on March 23rd,2017)

38
These are just some of the more prominent efforts that are being taken at the regional and
international level in an attempt to improve the global crime-fighting regime against the advent
of technological abuse. Even though they remain largely political and informal cooperative
vehicles,101 they are no less instrumental and important as they reflect political commitment
international policies and consensus.102

3.4. THE EUROPEAN CONVENTION ON CYBER TERRORISM103

The European Convention on the, Suppression of Terrorism” was adopted in 1977 as a

multilateral treaty. The treaty was in 2005 supplemented by the Council of Europe Convention
on the Prevention of Terrorism.104 The European Convention is the first and only international
treaty aimed at protecting society from computer-releated crime, such as crimes committed via
the Internet and other computer network. The stated purpose of the convention is to pursue a
common policy aimed at combating computer related crime through appropriate legislation and
international cooperation. The European Convention addresses three main topics, which also
form its main mission:105

 The harmonization of national substantive laws regarding computer related crime.

 The establishment of effective domestic investigative powers and procedures regarding
computer related crime and electronic evidence.
 The establishment of a prompt and effective system of international cooperation
regarding the investigation and prosecution of a computer-related crime.

99
http://www.cscap.org.(visited on March 23rd 2017)
100
http:// www.unodc.org. (visited on March 23rd 2017)
101
http://www.penal.org(visited on March 23rd 2017)
102
Susan W. Brenner and Joseph J. Schwerha IV, Transnational Evidence Gathering and Local Prosecution of
International Cyber Crime.
103
http://europe.rights.apc.org (visited on March 23rd 2017)
104
The Council of Europe Convention on the Prevention of Terrorism will enter into force June 1, 2007.
105
G.S Bajpai, cyber crime & cyber law 84 (Serials Publication, New Delhi, 2011)

39
 CHAPTER- 4

CYBER TERRORISM: NATIONAL LEGAL

FRAME WORK

40
 CHAPTER- 4

CYBER TERRORISM: NATIONAL LEGAL FRAME WORK

4.1. INTRODUCTION

The phenomenon of the internet has revolutionized the world – the way we communicate, do
business, store information, run machines or even open river gates to control the production of
electricity and maintain water levels in reservoirs. All of this happens at the mere click of a
mouse while sitting at distant places through signals sent via satellites and novel devices based
on digital technologies. The internet is largely a network of computers spread all across the
world and connected to one another through hardware, routers and cables. There are numerous
private or government agencies that keep our precious data in electronic form. Anyone who has a
bank account is being served by networked or stand-alone computers. We use ATMs, debit cards
and credit cards for shopping and use email, cell phones and SMS for communication. Thus, in
the present digitized world, no one can really claim to be unaffected by cyber law
altogether.106Since the Internet "is a cooperative venture not owned by a single entity or
government, there are no centralized rules or laws governing its use? The absence of
geographical boundaries may give rise to a situation where the act legal in one country where it
is done may violate the laws of another country. This process further made complicated due to
the absence of a uniform and harmonised law governing the jurisdictional aspects of disputes
arising by the use of Internet.107In exceptional circumstances, providing the right to protect the
nation's sovereignty when faced with threats recognised as particularly serious in the
international community.108The traditional jurisdictional paradigms may provide a framework to
guide analysis for cases arising in cyberspace. It must be noted that by virtue of Section 1(2) read
with Section 75 of the Information Technology Act, 2000 the courts in India have “long arm
jurisdiction” to deal with cyber terrorism. The menace of cyber terrorism is not the sole

106
Ashwani Kumar Bansal, Book Review: “CyberLaws” 6 The Indian Journal of Law and Technology (IJLT) 155
(2010).
107
G.S Bajpai, On Cyber Crime and Cyber Law 4 (Serials Publications, New Delhi, 2011).
108
Analysis, and Investigations. Boca, FL: CRC Press, 2004. 17-42.

41
responsibility of State and its instrumentalities. The citizens as well as the natives are equally
under a solemn obligation to fight against the cyber terrorism. In fact, they are the most
important and effective cyber terrorism eradication and elimination mechanism. The only
requirement is to encourage them to come forward for the support of fighting against cyber
terrorism. The government can give suitable incentives to them in the form of monetary awards.
It must, however, be noted that their anonymity and security must be ensured before seeking
their help. The courts are also empowered to maintain their anonymity if they provide any
information and evidence to fight against cyber terrorism.109 A timely and appropriate legislation
is always a good step forward to fight cyber terrorism. India has to cover a long gap before it can
secure its traditional boundaries and cyber space.110

4.2. CHALLENGES TO INDIA'S NATIONAL SECURITY

As brought out earlier India has carried a niche for itself in the IT Sector. India's reliance on
technology also reflects from the fact that India is shifting gears by entering into facets of e-
governance. India has already brought sectors like income tax, passports" visa under the realm of
e -governance.111 Sectors like police and judiciary are to follow. The travel sector is also heavily
reliant on this. Most of the Indian banks have gone on full-scale computerization. This has also
brought in concepts of e-commerce and e-banking. The stock markets have also not remained
immune. To create havoc in the country these are lucrative targets to paralyze the economic and
financial institutions. The damage done can be catastrophic and irreversible.112

109
S.75 of The Information Technology Act,2000(Act 21 of 2000),

110
Prichard, J.J. & Mac Donald, L.E. (2004). Cyber Terrorism: A Study of the Extent of Coverage in Computer
Science Textbooks. Journal of Information Technology Education: Research,3,279 289. Informing Science Institute.
https://www.learntechlib.org/p/111454/ visited on April 9, 2017

111
Paul T. Augastine, Cyber Crime And Legal Issues,179(Crescent Publishing Cooperation, New Delhi, 2007)

112
Ibid.

42
 4.2.1. EXISTING COUNTER CYBER SECURITY INITIATIVES

National Informatics Centre (NIC). A premier organization providing network backbone and e-
governance support to the Central Government, State Governments, Union Territories, Districts
and other Governments bodies.113 It provides wide range of information and communication
technology services including nationwide communication Network for decentralized planning
improvement in Government services and wider transparency of national and local governments.

Indian Computer Emergency Response Team (Cert-In). Cert-In is the most important
constituent of India’s cyber community. Its mandate states, 'ensure security of cyber space in
the country by enhancing the security communications and information infrastructure,
through proactive action and effective collaboration aimed at security incident prevention and
response and security assurance'.114

National Information Security Assurance Programme (NISAP). This is for Government

and critical infrastructures, Highlights are:115

(a) Government and critical infrastructures should have a security policy and create a point
Of contact.
(b) Mandatory for organizations to implement security control and report any security
Incident to Cert-In.
(c) Cert-In to create a panel of auditor for IT security.

(d) All organizations to be subject to a third party audit from this panel once a year.

(e) Cert-In to be reported about security compliance on periodic basis by the

Organizations.
Indo-US Cyber Security Forum (IUSCSF). Under this forum (set up in 2001) high power
delegations from both side met and several initiatives were announced. Highlights are:116

113
The Hindustan Times, January 15, 1996

114
Cherian Samuel, “Cybersecurity and Cyberwarfare” 650 Seminar 26 (2013).
115
Jayadev Parida, “Need to beef up India’s cyber security policies and mechanisms” available at:
http://www.orfonline.orgs. (visited on Feb 1, 2017).
116
Nina Godbole, Sunit Belapure, Cyber Security: Understanding Cyber Crimes,Computer Forensics and Legal
Perspecives, 283 (Wiley India Pvt.Ltd.New Delhi, 2011).

43
(a) Setting up an India Information Sharing and Analysis Centre (ISAC) for better cooperation
in anti-hacking measures.

(b) Setting up India Anti Bot Alliance to raise awareness about the emerging threats in
cyberspace by the Confederation of Indian Industry (CII).

(c) Ongoing cooperation between India’s Standardization Testing and Quality Certification
(STQC) and the US National Institute of Standards and Technology (NIST) would be expanded
to new areas.

(d) The R&D group will work on the hard problems of cyber security. Cyber forensics and anti-
spasm research.

(e) Chalked the way for intensifying bilateral cooperation to control cyber crime

Between the two countries.

4.3. CYBER ATTACKS IN THE INDIAN CONTEXT

India faces a serious threat from cyber terrorists and steps should be taken to thwart them, a
cyber-security. The country is vulnerable to cyber terrorism and any such attack will bring it to a
standstill and will have long-term impact on business and investment, said Ankit Fadia, who
helped Mumbai Police to trace the email sent by terrorists soon after 26/11 attacks. Ankit warned
that India could face cyber terrorism on the scale of the one witnessed in Estonia in 2007 117. The
small Baltic country came to a standstill due to three-week wave of massive cyber-attacks. The
banking system, stock trading, communications, airports, railway stations and several other key
activities could be paralyzed due to such attacks. In the recent cases of Ahmadabad and Delhi
blasts, criminals hacked into Wi-Fi systems of individuals to send terror mails.118
These incidents are all a form of protest rather than acts of terrorism or violence. Besides, they
did not cause any physical harm or injury. However, the matter of concern is the realization that
any person with reasonable security knowledge can access critical information. These personnel
could well be terrorists trying to destroy our country. These incidents clearly demonstrate the

117
In Depth: Air India – The Victims, CBC News Online, 16 March 2005
118
The Hindu, Feb, 8, 2017.

44
high levels of risks involved in the cyber space today.119 Cyber terrorists can be domestic
Kashmiri terrorists or international terrorists such as Al Qaeda. Terrorists may be classified as
cyber terrorists whether they solely rely on cyber terrorism to further their cause, or whether they
use cyber terrorism in addition to other more conventional forms of terrorism. Almost every
facet of modern life today, including financial institutions, production facilities and government
functions, has become increasingly dependent on computer technology. The economy and trade
of the developing nations is highly dependent on electronic transactions, which are vulnerable to
a cyber terrorist attack. Acts of cyber terrorism between two nations can gradually transform
itself to cyber skirmishes and ultimately to an all-out cyber war. A similar situation is developing
between India and Pakistan which began in 1998.120 Major Targets of Pakistani Hackers in the
past have been the Gujarat Government, Ministry of External Affairs, and India Gandhi Centre
for Atomic Research, India Online Bazaar, Indian National IT Promotion, India Today, Nuclear
Science Centre and Telecommunication companies.121

A recent breach include that by a Swedish security professional by the name of Dan Egested
creating a sensation by finding out the e-mail passwords of about 100 senior Indian government
officials including several embassy officials and DRDO officers and thereafter posting them on
the internet. The access to the confidential correspondence could have had serious repercussions
on national security. Another incident concerned the hacking of the website of one of the major
banks and infesting it with malicious coded that downloaded about 22 Trojans to any individual
who visited the home page of the bank. Some of these Trojans could be ‘Key loggers' resulting
in the compromising of security of all the bank's customers. Yet another incident demonstrated
the power of SMS/phone spoofing through the websites. In a well published TV programme, a
chartered accountant from Ahmadabad showed how he could put through a call in the name of

119
Indian Muslims hailed for not burying 26/11 attackers , Sify News, 2009-02-19, http://sify.com, March 26th,2017
120
A year after attacks, Mumbai is just as vulnerable; at vigils, many call for police reform" (Press release). Chicago
Tribune. 2009-11-26. http://www.chicagotribune.com. Visited on March 26th, 2017

121
Janet J. Prichard, Laurie E. MacDonald Cyber Terrorism: A Study of the Extent of Coverage in Computer
Science, JITE-Research Volume 3,2014, Informing Science Institute

45
the home minister to another minister. Also, the web server of the National Police Academy was
penetrated and a phishing site hosted thereon. Is there a similar danger of an act of cyber
terrorism, seeking to damage or destroy critical infrastructure, emanating from India because of
the availability of qualified information technology experts in terror groups. This question is
likely to occupy the attention of terrorism experts following the announcement by the Mumbai
Police on October 6, 2008, of the arrest of 20 suspected members of the so-called Indian
Mujahideen (IM), who had played a role in the serial blasts in Ahmadabad on July 26, 2008, in
the abortive attempt to organise similar blasts in Surat the next day and in the serial blasts in
New Delhi on September 13, 2008.122Among those arrested are four IT-savvy members of the
IM, who had played a role in sending the e-mail messages in the name of the IM before and after
the Ahmadabad blasts and before the New Delhi blasts by hacking into Wi-Fi networks in
Mumbai and Navin Mumbai. According to a report prepared by the Computer Emergency
Research Team from the central IT ministry, a total of 692 websites have been hacked into in
September alone. The unit has now asked the respective state governments (Haryana and UP) to
secure their own websites. ‘We have instructed all state governments to install security measures,
especially for those sites which contain sensitive data,'' said a senior ministry official. According
to sources, almost all types of websites have been affected — dotcom, dotin, dotgovt and even
dotedu. ‘‘A total of 511 websites in the domain of dotin have been affected — 74% of all those
affected — while 20% of the websites are in the dotcom domain. In our own IT department, a
total of 63 attacks have been reported. Curiously, 21 of these attacks have come from hackers
based in China,'' said a senior government official. The National Security Council Secretariat
(NSCS) has ordered a high-level inquiry into the supply of encryption devices last year to the
Indian Air Force and the National Technical Research Organisation (NTRO) by state owned,
Bangalore-based Bharat Electronics Limited (BEL). A senior NSCS officer confirmed that the
government has come across instances of Chinese companies indulging in industrial espionage
and accessing top secret data, including those of Indian companies, by hacking into the
servers.123

122
Dorothy Denning, “Cyberterrorism” Testimony before the Special Oversight Panel on Terrorism Committee on
Armed Services U.S. House of Representatives (2000), accessed April 15 2017,
http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html

S. M. Furnell and M. J. Warren, “Computer Hacking and Cyber Terrorism: The Real Threats in the New
123

Millennium?” Computers and Security 18 (1999), p. 28.

46
4.3.1. INDIAS INITIATIVES AGAINST CYBER TERRORISM
The Government of India has put in place some mechanisms to counter the threat of cyber
terrorism. Some of the initiatives are enumerated in succeeding paragraphs.

 Indian Computer Emergency Response Team (CERT-In). This is a functional

organization of the department of Information Technology, Ministry of Information and
Communications Technology, Government of India, with the objective of securing Indian
cyber space. CERT-in provides Incident Prevention and Response services as well as
Security Quality Management Services. Its proactive services include advisories, security
alerts, vulnerability notes and security guidelines to help organizations secure their
systems and networks. The reactive services include minimizing damage on occurrence
of security incidents.124
 National Cyber Security Assurance Framework. This is being established by the
CERT-In for protection of Critical Information Infrastructure. As part of this, 57
‘Security Auditors' have been empanelled for auditing, undertaking vulnerability
assessment and penetration testing of computer systems and networks of various
organizations of the government, critical infrastructure organizations and those in other
sectors of the Indian economy. The CERT -In acts as the mother CERT in the country
helping the formulation of sectorial CERTS in critical fields.125
 Collaboration with Vendors. The CERT has initiated steps to collaborate with IT
product vendors and security vendors such as Microsoft, Cisco, Redhat, eBay, McAfee,
Symantec etc. for security assurance.
 International Collaboration. The CERT is also collaborating with international security
organizations and CERT's to facilitate exchange of information related to latest cyber
security threats and international practices. It became a member of the Asia Pacific CERT
(APCERT) in Mar 2006 and of the Forum for Incident Response and Security Teams
(FIRST) in Dec 06. It also organized numerous workshops including the ones for the
ASEAN countries in Aug 06 and the ARF in Sep 06. The ARF Workshop on cyber

124 124
International Telecommunications Union (ITU), available at: http://www.itu.int/en/ITU-
D/Statistics/Pages/default.aspx (visited on Feb 09, 2017).
125
http://www.cyberterrorism.org.(visited on April 12th,2017)

47
 security was attended by 58 delegates from 20 countries apart from various other
representatives. The topics of discussion included the Threat of Cyber Terrorism -
National Perspective, Government Initiatives on Cyber Security and protection of critical
information infrastructure, Cyber Security - Trends and Protection Strategy to counter
Cyber Terrorism and Areas of Cooperation.126

The Information Technology Act, 2000 and IT Act Amendment 2006. This sets forth computer
offenses that are outlawed including the tampering with computers, unauthorized access,
damaging or destroying data therein, publishing obscenity, and disclosing private information
with consent. The amendment had recommended that the Act should provide for defining ‘Cyber
Terrorism' as an offence under the Act. It is necessary to recognize that ‘Cyber Terrorism'
includes both ‘Use of ICT in support of Physical Terrorism' as well as ‘Terrorism in Cyber
Space'.127 However, cyber terrorism does not find a mention in the 2006 Amendment. But, the
ITAA 2006 authorises the Indian Computer Emergency Response Team (CERT-In) to serve as
the nodal agency in respect of Critical Information Infrastructure for coordinating all actions
relating to information security practices, procedures, guidelines, incident prevention, response
and report. The Director of the Indian Computer Emergency Response Team may call for
Information pertaining to Cyber Security from the service providers, intermediaries or any other
person. Any person who fails to supply the information called for shall be punishable with
imprisonment for a term which may extend to one year or with fine which may extend to one
lakh rupees or with both.

Indo-US Joint Working Group. India and U.S. have realized the need for cooperation on counter-
terrorism. Indo-US Joint Working Group on Counter-Terrorism was established in January 2000
as a symbol of their personal commitment to intensify bilateral cooperation as a critical element
in the global effort against terrorism. They also announced the establishment of a Joint Cyber-
Terrorism Initiative.128

126
http;//www.nyls.edu.visited on April 17Th 2017
127
HM announces measures to enhance security" (Press release). Press Information Bureau (Government of India).
2008-12-11. http://pib.nic.in. visited April 17th 2017
128
Ibid.

48
Internet Security Center. The Ministry of Information Technology decided in 2003 to establish a
$20 million Internet security center in New Delhi. The center addresses computer security
incidents, publishes alerts, and promotes information and training. Software Technology Parks
India (STPI)—an autonomous body of the government—has a stake in the proposed center. The
Center for Development of Advanced Computing (C-DAC) and the Defence Research and
Development Organisation (DRDO) have been at the forefront of information security
technologies. The Networking and Internet Software Group of the C-DAC, for example, is
working on the development of “core network security technologies,” which include C-DAC's
Virtual Private network, crypto package, and prototype of e-commerce applications.129

FIRST-India (Forum for Incident Response and Security Teams)130 is a non-profit organization
for facilitating “trusted interaction amongst teams from India conducting incident response and
cyber security tasks. Membership is open to private and public sector organizations in India,
including the Defense Public Sector Undertakings. There is a growing partnership between the
defence and private industry to evolve IT security solutions for the defence information
infrastructure. In this regard, the development of 'Trinetra', an encryption system for secure
communications by the Indian Navy in collaboration with IIT Kanpur deserves special mention.
The private companies offer a wide base of security solutions ranging from security auditing and
consulting to implementation of solutions like firewalls, encryption technology and intrusion
detection devices. Defense Information Warfare Agency131. The armed forces have established
an information warfare agency under the tri-service integrated defense staff. The new agency,
called the Defense Information Warfare Agency (DIWA), will manage all aspects of IW, such as
psychological operations, cyber war, and electromagnetic and sound waves. It will be the nodal
agency that will make policies for all the three services as well as formulate countermeasures to
enemy propaganda. Resource Centre for Cyber Forensics (RCCF). Taking note of the rising
cases of cybercrimes, the government has set up at the Centre for Development of Advanced
Computing (CDAC) at Thiruvananthapuram. The RCCF will develop a cyber-forensics tool kit,
carry out R&D in cyber forensics to meet the requirements of the law enforcement agencies and

129
Sandeep Joshi, “India to push for freeing Internet from U.S.” The Hindu, December 7, 2013.
130
Cherian Samuel, “Cybersecurity and Cyberwarfare” 650 Seminar 26 (2013).
131
http://abcnews.go.com. Visited on April 17th 2017

49
provide technical services including training to such agencies. The central government has
developed several tools for cyber forensics, which includes disk forensics, network forensics and
device forensics. Even as Internet population in India has crossed 100 million, cybercrimes are
on the rise. There are many kinds of cybercrimes – Phishing attacks, Identity Theft, Website
hacking, creating Trojans / viruses (among others) all amount to cybercrimes. The reasons for
cyber-crimes are vary as well. Some do it out of hate, some out of greed while some do it just for
kicks! At same time some cyber-attacks (if it can be called so...) are for constructive security
feedback as well. One of the main targets of attacks world over are government websites – They
not only provide big coverage to attacker, but also provide with very sensitive secretive
government data. Govt. of India today published the number of cyber-attacks it witnessed over
last 3 years. Here are the details:132

As per numbers released by National Crime Records Bureau, Cyber Crime cases registered under
IT Act more than doubled, from 420 to 966 between year 2009 and 2010.

132
Supra Note 81.

50
We have covered about three instances where high-profile government websites were hacked and
defaced. However, the actual number of Government Websites that were hacked are quite huge.

A total number of 90, 119, 252 and 219 Government websites tracked by the Indian Computer
Emergency Response Team (CERT-In) were hacked / defaced by various hacker groups in the
year 2008, 2009, 2010 and Jan–Oct 2011 respectively.133

4.4. CYBER TERRORISM: LAW AND POLICY

The Information Technology Act, 2000 came into force on 17th October, 2000. This act was
amended vide notification dated 27th October, 2009.134

133
Manish Kumar Chaubey, Cyber Crimes and Legal Measures 121 (Regal Publications, New Delhi, 2013).
134
The Information Technology Act, 2000 (Act 21 of 2000), available at http://meity.gov.in/content/it-act-2000-dpl-
cyber-laws. (Visited on Feb 1, 2017).

51
The Information Technology Act, 2000 was introduced on 9th June, 2000. Mitigation that has
led to the introduction of the information technology act, 2000 was the model law of electronic
known as the United Nation Commission of International Trade Law which was introduced in
the general assembly of UN by its resolution No. 51 of 162 dated 30th January, 1997 which has
recommended that all the states should give favourable consideration to the said model law
which contained equal legal treatment of user of electronic communication and paper based
communication.135 The preamble of Act 21 of 2000 provide legal recognition for transactions
carried out by means of electronic data interchange and other means of electronic
communication, commonly referred to as “electronic commerce”, which involve the use of
alternatives to paper-based methods of communication and storage of information, to facilitate
electronic filing of documents with the Government agencies and further to amend the Indian
Penal Code, the Indian Evidence Act, 1872, the Banker’s Books Evidence Act, 1891 and the
Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto ;

Whereas the General Assembly of the United Nations by resolution A/RES/51/162 dated 30th
January, 1997 has adopted the Model Law on Electronic Commerce adopted by the United
Nations Commission on International Trade law. And whereas the said resolution recommends,
inter, alia, that all states give favourable consideration to the said Model law when they enact or
revise their laws, in view of the need for uniformity of the law applicable to alternatives to paper-
based methods of communication and storage of information.136

The Information Technology Act, 2000 came into force on 17th October, 2000. It has 94 sections
divided into 13 chapters. Gradually the Act was amended on 5th February, 2009 being the
Amendment No. of 2009 which has introduced the world digital signature instead of electronic
signature as provided under Chapter II of Section 3 of the Act. In Section 2, Clause (ha) was
introduced after the word (h) which provides the communication device.137 It reads as under:

135
Barkha& U. Rama Mohan, Cyber Law & Crimes, 189 (Asia Law House, Hyderabad,2007)
136
R.K.Pradhan, Cyber Crime And Cyber Terrorism ,260 ( Manglam Publications, Delhi, 2010, 1 stedn.)
137
Bare Act, The Information Technology Act, 2000 (Act 21 of 2000) (Allahabad Law Publications, Allahabad ,
2016). See the Preamble of the Act.

52
“Communication device” means cell phones, personal digital assistance or combination of both
or any other device used to communicate, send or transmit any text, video, audio or image ;” In
the Advanced Law Lexicon, the ‘Cyber law’ deals with the computers and the internet. Rather
we can say as a computerized process.

National Cyber Security Policy – 2013

In the light of growth of IT sector in the country, an ambitious plan for rapid social
transformation and inclusive growth for creating secure computing environment and to protect
information and information infrastructure in cyberspace, of late, the Government of India has
formulated a new National Cyber Security Policy, 2013 with some very important objectives. 138

The main objectives of the policy are bellows:

1. To create a secure cyber ecosystem in the country, generate adequate trust

& confidence in IT systems and transaction in cyberspace and thereby enhance adoption
of it in all sectors of the economy.
2. To create an assurance framework for design of security policies and for promotion and
enabling action for compliance to global security standards and best practices by way of
conformity assessment (product, process, technology & people).
3. To strengthen the Regulatory framework for ensuring a Secure Cyberspace ecosystem.
4. To enhance the protection and resilience of Nation’s critical information infrastructure by
operating a 24 x 7 National Critical Information Infrastructure Protection Centre
(NCIIPC) and mandating security practices related to the design, acquisition,
development, use and operation of information resources.139
5. To develop suitable indigenous security technologies through frontier technology
research, solution oriented research, proof of concept, pilot development, transition,
diffusion and commercialization leading to widespread deployment of secure ICT

138
National Cyber Security Policy, 2013, available at:
http://meity.gov.in/sites/upload_files/dit/files/National_cyber_security_policy-2013(1).pdf. 1(visited on Feb 1,
2017).
139
.International Telecommunications Union (ITU), available at: http://www.itu.int/en/ITU-
D/Statistics/Pages/default.aspx (visited on Feb 09, 2017).

53
 products/processes in general and specifically for addressing National Security
requirements.
6. To enable effective prevention, investigation and prosecution of cyber crime and
enhancement of law enforcement capabilities through appropriate legislative intervention.
7. To create a culture of cyber security and privacy enabling responsible user behavior &
action through an effective communication and promotion strategy.
8. To enhance global cooperation by promoting shared understanding and leveraging
relationships for furthering the cause of security of cyberspace.140
Apart from the above objectives of the policy also have certain strategies that are as follows:

a. Creating a secure cyber ecosystem

b. Creating an assurance framework
c. Creating an assurance framework
d. Creating an assurance framework
e. Creating mechanisms for security threat early warning, vulnerability management and
response to security threats
f. Securing E-Governance services
g. Protection and resilience of Critical Information Infrastructure
h. Promotion of Research & Development in cyber security
i. Reducing supply chain risks
j. Human Resource Development
k. Creating Cyber Security Awareness
l. Developing effective Public Private Partnerships
m. Information sharing and cooperation
n. Prioritized approach for implementation.141

140
Sandeep Joshi, “India to push for freeing Internet from U.S.” The Hindu, December 7, 2013.
141
Cherian Samuel, “Cybersecurity and Cyberwarfare” 650 Seminar 26 (2013).

54
4.4.1. SECTION 66F PUNISHMENT FOR CYBER TERRORISM142

(1) Whoever,-

(A) With intent to threaten the unity, integrity, security or sovereignty of India or to strike terror
in the people or any section of the people by-

(i) Denying or cause the denial of access to any person authorized to access computer
resource; or

(ii) Attempting to penetrate or access a computer resource without authorisation or exceeding

authorized access; or

(iii) Introducing or causing to introduce any Computer Contaminant and by means of such
conduct causes or is likely to cause death or injuries to persons or damage to or destruction of
property or disrupts or knowing that it is likely to cause damage or disruption of supplies or
services essential to the life of the community or adversely affect the critical information
infrastructure specified under section 70, or

(B) knowingly or intentionally penetrates or accesses a computer resource without authorisation

or exceeding authorized access, and by means of such conduct obtains access to information,
data or computer database that is restricted for reasons of the security of the State or foreign
relations; or any restricted information, data or computer database, with reasons to believe that
such information, data or computer database so obtained may be used to cause or likely to cause
injury to the interests of the sovereignty and integrity of India, the security of the State, friendly
relations with foreign States, public order, decency or morality, or in relation to contempt of
court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of
individuals or otherwise, commits the offence of cyber terrorism.

(2) Whoever commits or conspires to commit cyber terrorism shall be punishable with
imprisonment which may extend to imprisonment for life’.

Advanced Law Lexicon, 3rd edition 2005 has defined the same in the word of “Cyberspace”. It
has used to a term as ‘floating ‘in an electronic environment, which is accessible internationally.

142
Section 32 of The Information Technology Act 10 of 2009, ( w.e.f. 27-10-2009)

55
Then the Author has also defined the ‘Cyber theft’ known as the act of using as online computer
service. In the dictionary ‘Cyber law’ is defined as under:-143

“The field of law dealing with computers and the Internet including such issues as intellectual
property rights, freedom of expression, and free access to information”

The definition of Computer under section 2(1) (i) The Information Technology Act provides
as under:144

“Computer” means any electronic, magnetic, optical or other high speed data processing device
or system which performs logical, arithmetic, and memory functions by manipulations of
electronic, magnetic or optical impulses, and includes all input, output, processing, storage,
computer software, or communication facilities which are connected or related to the computer
in a computer system or computer network ;

Section 1(2) of the Information Technology Act, 2000 reads as under:-145

“It shall extend to the whole of India and, save as otherwise provide din this Act, it applies
also to any offence or contravention hereunder committed outside India by any person.”

4.4.2 PROVISIONS RELATING TO JURISDICTION IN CYBER SPACE UNDER THE

INFORMATION TECHNOLOGY ACT, 2000

The most powerful invention of the 20th Century is the information and communication
technology for the society and its application for the society development such as administration
of Information and Communication Technology in judicial system will play as integral role for
the society to trust on its judicial process, due to its inherent advantage of fast processing, Trivial
retrieval, less human intervention, relatively low cost of development and in some criminal cases
where physical presence is an issue this solution is the best one .

143
Samir Saran, “Time to face up the cyber threats” ORF 1-2 (2017). available at http://www.orfonline.org

(Visited on April 11, 2017).

144
The Information Technology Act, 2000( Act 21 of 2000)
145
Ibid.

56
The offences under the Information Technology Act are as under:146

(1) Tampering computer source documents.147

(2) Hacking with Computer System Data alteration.148

(3) Punishment for sending offensive messages through communication service etc.149
(4) Punishment for dishonestly receiving stolen computer resource or communication device150
(5) Punishment for identity theft151
(6) Punishment for cheating by personation by using computer resource.152

(7) Punishment for violation of privacy.153

(8) Punishment for cyber terrorism.154

(9) Publishing obscene information.155

(10) Punishment for publishing or transmitting of material containing sexually act, etc.
in electronic form.156
(11) Punishment for publishing or transmitting of material depicting children in sexually
Explicit act etc. in electronic form.157
(12) Preservation and retention of information by Intermediaries158

146
The Information Technology Act, 2000( Act 21 of 2000)
147
Sec 65 of The Information Technology Act, 2000
148
Sec 66, ibid
149
Sec 66A, ibid
150
Sec 66B, ibid
151
Sec 66C, ibid
152
Sec 66D,ibid
153
Sec 66E, ibid
154
Sec 66F, ibid
155
Sec 67, ibid
156
Sec 67A, ibid
157
Sec 67B, ibid
158
Sec 67C, ibid

57
(13) Un-authorized access to protected System159

(14) Penalty for misrepresentation160

(15) Breach of Confidentiality and privacy161

(16) Punishment for disclosure of information in breach of lawful contract162

(17) Publishing false Digital Signature Certificates.163

159
Sec 70, ibid
160
Sec 71, ibid
161
Sec 72, ibid
162
Sec 72A,ibid
163
Sec 73, ibid

58
4.4.3. JURIDICTION UNDER THE INDIAN PENAL CODE IN RELATION TO CYBER
OFFENCES

(i) Sending threatening messages by email164

(ii) Sending defamatory messages by email165

(iii)Forgery of electronic records166

(iv) Bogus websites, cyber frauds167

(v) Email spoofing168

(vi) Web-jacking169

(vii) E-Mail Abuse170

(viii) Online sale of drugs171

(ix) Online sale of Arms172

164
Sec 503, IPC
165
Sec 499, IPC
166
Sec 463, IPC
167
Sec 420, IPC
168
Sec, IPC
169
Sec 383,IPC
170
Sec 500,IPC
171
NDPS ACT 1985
172
The Arms Act 1878

59
 CHAPTER-5

JUDICIAL RESPONSE: NATIONAL &

INTERNATIONAL

60
 CHAPTER-5

JUDICIAL RESPONSE: NATIONAL & INTERNATIONAL

5.1. INTRODUCTION

In the past few years there have not been that many reported cases of cyber-terrorism as it is a
fairly new concept and not many people know about it. Although it is on the increase as more
people are gaining access to the internet and therefore more cases will become apparent as the
future goes on.

Some reported cases of cyber terrorism where in May 2007, after the removal of a World War II
memorial in Estonia, hackers attacked a number of critical institutions (banks, ministries,
parliament, and news media organizations). Estonia, one of the most wired and freely available
to internet countries in Europe, traced the attacks back to the Russian Kremlin, though they later
admitted they had no real substantial evidence. Estonia later called on the European Union to
make cyber-attacks a criminal offense. Eventually, a member of the Nashi pro-Kremlin youth
group admitted to being the source of the attacks173.

Another attack, referenced in Dr. Denning’s same above testimony, involved the NATO (North
Atlantic Treaty Organization): In 1999, NATO’s computers were hit with Denial of Service
Attacks (DDOS) and e-mail blasts by “hacktivists” protesting the (then known as) Yugoslavia
bombings. E-mails laced with viruses were sent from a number of Eastern European countries,
and website spamming/hacking was also prevalent. Chinese “hacktivists” posted messages that
said, “We won’t stop hacking until the war stops!”And of course, most recently, another group of
hacktivists — calling themselves only “Anonymous” — launched a heap of Denial of Service
attacks toward such corporations as Visa, MasterCard, Amazon.com, and Paypal.com, among
others, in order to protest their withdrawal of financial and structural support for Wiki Leaks, the
controversial whistleblower website that leaked Afghanistan war logs and secret diplomatic
cables to the public, in 2010. In one case, the attacks were so severe that Mastercard.com was
knocked completely offline.174

173
Supra note. 84
174
Maura Conway, “The Media and Cyberterrorism”, p. 11.

61
In 1998, a 12-year-old hacker broke into the computer system that controlled the floodgates of
the Theodore Roosevelt Dam in Arizona, according to a June Washington Post report. If the
gates had been opened, the article added, walls of water could have flooded the cities of Tempe
and Mesa, whose populations total nearly 1 million.175

CASE 1176

Ahmadabad is the cultural and commercial heart of Gujarat state, and one of the largest cities of
India. On July 26, 2008, a series of 21 bomb blasts hit Ahmadabad within a span of 70 minutes.
56 people were killed and over 200 people were injured. Several TV channels stated that they
had received an e-mail from a terror outfit called Indian Mujahidin claiming responsibility for
the terror attacks.

First Mail was sent on 26th July, 2008 from Email Id “alarbi_gujarat@yahoo.com” from IP
Address. 210.211.133.200 which traced to Kenneth Haywood’s House at Navi Bombay. His
Unsecured WIFI router was misused by terrorists to send terror mail from his router. As log
system is disabled, Police were unable to find out the details of the MAC address of the culprit.

Second Mail was sent on 31st July, 2008 from “alarbi_gujarat@yahoo.com” from IP Address:
202.160.162.179 which traced out to Medical College at Vaghodiya, Baroda, and Gujarat. It was
little bit difficult to trace this mail as the mail has been sent using proxy server & fake mail script
but finally Police with the help of Cyber experts traced out the original IP address.

Third Mail was sent on 23rd August, 2008 from “alarbi.alhindi@gmail.com” from IP address:
121.243.206.151 which traced to Khalsa College at Bombay. Again Unsecured WIFI router was
misused to send an email.

Forth Mail was sent on 13th September, 2008 from “al_arbi_delhi@yahoo.com” which traced to
Kamran Power Limited at Bombay. In this case also WIFI router was misused to send the
threatening mail.

175
ibid

Ahemadabad blast: Lie Detector, Narco Tests on US national Haywood”. Times of India. 13 th August 2008.
176

Retrived on 5th April 2017

62
CASE 2177

Mumbai is the capital state of Maharashtra state and largest city in India. Attack was made on 26
November 2008 and lasted until 29 November. Attacks consist of more than ten coordinated
shooting and bombings. An FBI witness had investigated that terrorists were in touch with their
handlers in Pakistan through Callphonex using VOIP.
Wanted accused in the 26/11 attack case had communicated with terrorists using an email ID
which was accessed from ten IP addresses – Five from Pakistan, two USA, two Russia and one
Kuwait. Kharak_telco@yahoo.com was the email ID used by wanted accused while
communicating with terrorists via Voice over Internet Protocol (VoIP) through New Jersey-
based Callphonex. According to the owner of “Callphonex”, on October 20, he had received a
mail from name "Kharak Singh", expressing desire to open an account with Callphonex.
Accused has used following services of Callphonex:-

• 15 calls from computer to phone,

• 10 calls to common client accounts and
• Direct inward dialing
They have accessed the email ID from ten IP addresses of which, five belonged to Pakistan.
One of the addresses (118.107.140.138) was traced to Col R Sadat Ullah of Special
Communication Organisation, Qasim Road, Rawalpindi, Pakistan. Three addresses were traced
to World Call network Operations and the fifth came from SajidIftikar, EFU House, Jail Road in
Pakistan. Other five IP addresses, from where the email address “kharak_telco@yahoo.com” was
accessed, were traced to FDC Servers.net in Chicago (USA), AhemedMekky in Kuwait and
Vladimir N Zernov at Joint Stock Company, Moscow.178

“26/11 Mumbai Terror Attacks Aftermath: Security Audits Cried Out On 227 Non – Major
177

Seaports Till date”

63
CASE 3179

A Brazilian man was charged by a federal grand jury in New Orleans for his role in a conspiracy
to sell a network of computers infected with malicious software, Acting Assistant Attorney
General Matthew Friedrich of the Criminal Division and Jim Letten, US Attorney for the Eastern
District of Louisiana, announced on Friday. Leni de Abreu Neto, 35, of Taubate, Brazil, is
charged with one count of conspiracy to cause damage to computers worldwide. The indictment
alleges that more than 100,000 computers worldwide were damaged. If convicted, Neto faces a
maximum penalty of five years in prison and up to three years of supervised release. Neto also
faces the greater of a $250,000 fine or the gross amount of any pecuniary gain or the gross
amount of any pecuniary loss suffered by the victims.

According to the indictment, Neto participated in a conspiracy along with others, including an
unindicted coconspirator, NordinNasiri, 19, of Sneak, Netherlands, to use, maintain, lease and
sell an illegal botnet.180 As defined in the indictment, a botnet is a network of computers that
have been infected by malicious software, commonly referred to as "bot code." Bot code is
typically designed to permit an operator or controller to instruct infected computers to perform
various functions, without the authorization and knowledge of their owners, such as launching
denial of service attacks to disable targeted computer systems or sending spam e-mail.
Installation of bot code is typically accomplished by "hacking" computers with particular
security vulnerabilities.181 Bot code typically contains commands for infected computers to
search local networks or the Internet for other computers to infect, thereby increasing the botnet's
size and power. The indictment alleges that prior to May 2008, Nasiri was responsible for
creating a botnet consisting of more than 100,000 computers worldwide, and that Neto used the
botnet and paid for the servers on which the botnet was hosted. According to the indictment,
between May and July 2008, Neto agreed initially with Nasiri to broker a deal to lease the botnet
to a third party. The indictment alleges Neto expected the botnet to be used to send spam through
the infected computers. Subsequently, Neto agreed with Nasiri to broker the sale of the botnet
and underlying bot code to the third party for 25,000 euros. Neto was apprehended by Dutch

179
Brazil cyber terrorism case, https://igarape.org.br(visited on April 21st,2017)
180
. http://www.cybercrimes.net.(visited on April 21st, 2017)
181
Hoffman, Bruce. inside terrorism. New York: Columbia University press, 1988. p. 11

64
authorities on July 29, 2008, in the Netherlands and is currently in confinement in the
Netherlands pending resolution of extradition proceedings. Nasiri was also apprehended by
Dutch authorities and is being prosecuted by Dutch authorities in the Netherlands. The case is
being prosecuted by Trial Attorney JaikumarRamaswamy of the Criminal Division's Computer
Crime and Intellectual Property Section, with extensive assistance from Senior Counsel Judith
Friedman of the Criminal Division's Office of International Affairs. The case is being
investigated by the Cyber Squad of the FBI's New Orleans field office, with assistance from the
Dutch Hi-Tech Crimes Unit and the Cyber Section of the Brazilian Federal Police.182

CASE 4183

In February, the internet infrastructure company Cloudflare announced that a bug in its platform
caused random leakage of potentially sensitive customer data. Cloudflare offers performance and
security services to about six million customer websites (including heavy hitters like Fitbit and
OKCupid), so though the leaks were infrequent and only involved small snippets of data, they
drew from an enormous pool of information.

Google vulnerability researcher Tavis Ormandy discovered the problem on February 17, and
Cloudflare patched the bug within hours, but the data leakage could have started as early as
September 22, 2016. Leaked data was only deposited on a small subset of Cloudflare customer
sites, and usually it wasn't visible on the pages themselves. Search engines like Google and Bing
that crawl the web, though, automatically cached the errant data—everything from gibberish to
users' Uber account passwords and even some of Cloudflare's own internal cryptography keys—
making it all easily accessible through search.

Cloudflare worked with search engines ahead of and after the announcement to remove the
leaked data from caches, and experts noted that it was unlikely that hackers used the data
malevolently; the random leaks would have been difficult to weaponize or monetize efficiently.
But any exposed sensitive data creates risks. The incident was also significant as a reminder of
how much rides on large internet infrastructure and optimization services like Cloudflare. Using

182
Cloud Bleed case on cyber terrorism, 22 september, 2016, https://igarape.org.br(visited on April 21st, 2017)
183
Ibid.

65
one of these services makes sites much more robust and secure than they probably would be on
average if owners attempted to build defenses themselves. The tradeoff, though, is a single point
of failure. A bug or a damaging attack affecting a company like Cloudflare can impact, and
potentially endanger, a significant portion of the web.

CASE 5 184

Plaintiff is an internet marketing company that contracts with individuals and entities to act as an
internet referral agent. Plaintiff performs internet marketing services for entities and individuals
on its websites to generate sales leads for those entities and individuals, often known as
`merchants.’185 The sales leads are directed by Plaintiff to the merchants' websites or provided
telephone numbers to reach a merchants' call center for each sales lead that generates an actual
sale. Plaintiff receives a commission for each referral that leads to a sale. Additionally, Plaintiff
performs search engine optimization for some merchants which results in a merchant's website
appearing earlier when a customer performs an internet search. 186

From January of 2004, Plaintiff entered into a series of agreements with Clear Link to provide
affiliate and optimization services. Eventually, Clear Link terminated Plaintiff. .Clear Link 1)
misappropriated various websites associated with Plaintiff and 2) changed all of Plaintiff's
account passwords so that Plaintiff could not (and cannot) access websites that it created
pursuant to its work with Clear Link. In addition, Clear Link continues to utilize certain websites,
sub-domains and optimization work provided by Plaintiff. Plaintiff filed a complaint against the
defendants. In its complaint, Plaintiff asserted several causes of action, one of which was unfair
competition under the Utah Unfair Competition Act (UUCA). 187

The type of `unfair competition’ alleged by Margae is `cyber terrorism.’ `Cyber terrorism’ is
defined, in part, as `willfully communicating, delivering, or causing the transmission of a

184
Margae, Inc. V. Clear Link Technologies, Llc, 620 F.Supp.2d 1284 (2009)

185
http:// www.nyls.edu.(visited on April 21st,2017)
186
http://www.gizbot.com(visited on April 21st, 2017)
187
Supra note 138

66
program, code, or command without authorization or exceeding authorized access’ which `leads
to a material diminution in value of intellectual property.’ Margaecontends, that Clear Link's
unauthorized use of its web pages lead to the diminution of those web pages' value because
Margae was deprived of the commissions it was owed from their use.Margae’s cyber-terrorism
claim was brought under Utah Code § 13-5a-103, which creates a civil cause of action for unfair
competition. Section 13-5a-102(4)(a) of the Utah Code defines “unfair competition” as “an
intentional business act or practice that” is (i) unlawful, unfair or fraudulent or leads to a material
diminution in value of intellectual property and constitutes (i) cyber-terrorism, infringement of a
patent, trademark or trade name, a software license violation or predatory hiring practices.
Section 13-5a-102(2) defines cyber-terrorism as any of the following:188

(a) The unlawful use of computing resources to intimidate or coerce others;

(b) Accessing a computer without authorization or exceeding authorized access;

(c) Willfully communicating, delivering, or causing the transmission of a program, information,

code, or command without authorization or exceeding authorized access;

(d) Intentionally or recklessly:

 Intends to defraud or materially cause damage or disruption to any computing resources

or to the owner of any computing resources; or

 Intends to materially cause damage or disruption to any computing resources indirectly

through another party's computing resources.

The last three alternatives are very similar to crimes that are outlawed by Utah’s Criminal Code.
Section 76-6-703 of the Utah Code makes it a crime to (i) access a computer without
authorization and cause damage a computer, software or data, (ii) use a computer to execute a
scheme to defraud and (iii) use a computer to interrupt computer services to someone authorized
to receive them. So to a great extent, the UUCA pulls these basic computer crimes into its
definition of cyber-terrorism as that term is used in the unfair competition statute. 189

188
Ibid.
189
http:www.cybercrime.net(visited on April 21st,2017)

67
CASE 6190

Two days before France's presidential runoff in May, hackers dumped a 9GB trove of leaked
emails from the party of left-leaning front-runner (now French president) Emmanuel Macron.
The leak seemed orchestrated to give Macron minimal time and ability to respond, since French
presidential candidates are barred from speaking publicly beginning two days before an election.
But the Macron campaign did release statements confirming that the En Marche! party had been
breached, while cautioning that not everything in the data dump was legitimate.

The attack was less strategic and explosive than the WikiLeaks releases of pilfered DNC emails
that dogged Hillary Clinton's presidential campaign in the US, but Macron also had the
advantage of observing what had happened in the US and preparing for potential assaults.
Researchers did findevidence that the Russian-government-linked hacker group Fancy Bear
attempted to target the Macron campaign in March.
After the email leak heading into the election, the Macron campaign said in a statement,
"Intervening in the last hour of an official campaign, this operation clearly seeks to destabilize
democracy, as already seen in the United States' last president campaign. We cannot tolerate that
the vital interests of democracy are thus endangered."

CASE 7191

In a landmark judgment in the case of National Association of Software and Service

Companies vs Ajay Sood & Others, delivered in March, '05, the Delhi High Court declared
'phishing' on the internet to be an illegal act, entailing an injunction and recovery of damages.
Elaborating on the concept of 'phishing', in order to lay down a precedent in India, the court
stated that it is a form of internet fraud where a person pretends to be a legitimate association,
such as a bank or an insurance company in order to extract personal data from a customer such as
access codes, passwords, etc. Personal data so collected by misrepresenting the identity of the
legitimate party is commonly used for the collecting party's advantage. Court also stated, by way

190
Macron Campaign Hack Case, http://www.gizbot.com(visited on April 21st, 2017)
191
NASSCOM Vs. AJAYSOOD & OTHERS AIR 2005 DLT 596.

68
of an example, that typical phishing scams involve persons who pretend to represent online
banks and siphon cash from e-banking accounts after conning consumers into handing over
confidential banking details

The Delhi HC stated that even though there is no specific legislation in India to penalize
phishing, it held phishing to be an illegal act by defining it under Indian law as "a
misrepresentation made in the course of trade leading to confusion as to the source and origin of
the e-mail causing immense harm not only to the consumer but even to the person whose name,
identity or password is misused." The court held the act of phishing as passing off and tarnishing
the plaintiff’s image .
The plaintiff in this case was the National Association of Software and Service Companies
(Nasscom), India's premier software association. The defendants were operating a placement
agency involved in head-hunting and recruitment. In order to obtain personal data, which they
could use for purposes of headhunting, the defendants composed and sent e-mails to third parties
in the name of Nasscom

The high court recognized the trademark rights of the plaintiff and passed an ex-parte ad interim
injunction restraining the defendants from using the trade name or any other name deceptively
similar to Nasscom. The court further restrained the defendants from holding themselves out as
being associates or a part of Nasscom.
The court appointed a commission to conduct a search at the defendants' premises. Two hard
disks of the computers from which the fraudulent e-mails were sent by the defendants to various
parties were taken into custody by the local commissioner appointed by the court. The offending
e-mails were then downloaded from the hard disks and presented as evidence in court.
During the progress of the case, it became clear that the defendants in whose names the
offending e-mails were sent were fictitious identities created by an employee on defendants'
instructions, to avoid recognition and legal action. On discovery of this fraudulent act, the
fictitious names were deleted from the array of parties as defendants in the case.
Subsequently, the defendants admitted their illegal acts and the parties settled the matter through
the recording of a compromise in the suit proceedings. According to the terms of compromise,
the defendants agreed to pay a sum of Rs1.6 million to the plaintiff as damages for violation of

69
the plaintiff's trademark rights. The court also ordered the hard disks seized from the defendants'
premises to be handed over to the plaintiff who would be the owner of the hard disks.
This case achieves clear milestones: It brings the act of "phishing" into the ambit of Indian laws
even in the absence of specific legislation; It clears the misconception that there is no "damages
culture" in India for violation of IP rights; This case reaffirms IP owners' faith in the Indian
judicial system's ability and willingness to protect intangible property rights and send a strong
message to IP owners that they can do business in India without sacrificing their IP rights.

CASE 8192
Bureau of Police Research and Development at Hyderabad had handled some of the top cyber
cases, including analysing and retrieving information from the laptop recovered from terrorist,
who attacked Parliament. The laptop which was seized from the two terrorists, who were gunned
down when Parliament was under siege on December 13 2001, was sent to Computer Forensics
Division of BPRD after computer experts at Delhi failed to trace much out of its contents.
The laptop contained several evidences that confirmed of the two terrorists' motives, namely the
sticker of the Ministry of Home that they had made on the laptop and pasted on their ambassador
car to gain entry into Parliament House and the fake ID card that one of the two terrorists was
carrying with a Government of India emblem and seal.
The emblems (of the three lions) were carefully scanned and the seal was also craftly made along
with residential address of Jammu and Kashmir. But careful detection proved that it was all
forged and made on the laptop193.

CASE 9 194
The Case of Suhas Katti is notable for the fact that the conviction was achieved successfully
within a relatively quick time of 7 months from the filing of the FIR. Considering that similar
cases have been pending in other states for a much longer time, the efficient handling of the case

192
Attack on Parliament (2001), The bench comprising Justice P.Venkatarama Reddi & P.P. Naolekar heard and
decided State(N.C.T. OF Delhi) v. Navjot Sandhu, the judgment was delivered on 04/08/2005.
193
http://www.indiancybersecurity.com(visited on April 25th,2017)
194
State Of Tamil Nadu Vs. Suhas Katti(2004)

70
which happened to be the first case of the Chennai Cyber Crime Cell going to trial deserves a
special mention.

The case related to posting of obscene, defamatory and annoying message about a divorcee
woman in the yahoo message group. E-Mails were also forwarded to the victim for information
by the accused through a false e-mail account opened by him in the name of the victim. The
posting of the message resulted in annoying phone calls to the lady in the belief that she was
soliciting.
Based on a complaint made by the victim in February 2004, the Police traced the accused to
Mumbai and arrested him within the next few days. The accused was a known family friend of
the victim and was reportedly interested in marrying her. She however married another person.
This marriage later ended in divorce and the accused started contacting her once again. On her
reluctance to marry him, the accused took up the harassment through the Internet.
On 24-3-2004 Charge Sheet was filed u/s 67 of IT Act 2000, 469 and 509 IPC before The
Hon'ble Addl. CMM Egmore by citing 18 witnesses and 34 documents and material objects. The
same was taken on file in C.C.NO.4680/2004. On the prosecution side 12 witnesses were
examined and entire documnets were marked as exhibits.

The Defence argued that the offending mails would have been given either by ex-husband of the
complainant or the complainant herself to implicate the accused as accused alleged to have
turned down the request of the complainant to marry her.
Further the Defence counsel argued that some of the documentary evidence was not sustainable
under Section 65 B of the Indian Evidence Act. However, the court relied upon the expert
witnesses and other evidence produced before it, including the witnesses of the Cyber Cafe
owners and came to the conclusion that the crime was conclusively proved.
Ld. Additional Chief Metropolitan Magistrate, Egmore, delivered the judgement on 5-11-04 as
follows: “The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act
2000 and the accused is convicted and is sentenced for the offence to undergo RI for 2 years
under 469 IPC and to pay fine of Rs.500/-and for the offence u/s 509 IPC sentenced to undergo 1
year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000
to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently.

71
"The accused paid fine amount and he was lodged at Central Prison, Chennai. This is considered
as the first case convicted under section 67 of Information Technology Act 2000 in India.

CASE 10195
In this case the Supreme Court delivered its landmark judgment, The apex court had been called
upon to examine the constitutional validity of Section 66A of the Information Technology Act,
2000 and its various factors from the perspective of the various principles enshrined in the Indian
Constitution. In an unprecedented judgement it declared that the said section was
unconstitutional, marking the day as a time of elation for free speech activists. However, the said
judgment was also a landmark as it upheld the power of interception under Section 69A of the
Information Technology Act, 2000 as enshrined under the law. The Supreme Court also
upheld Section 79 of the Act, pertaining to intermediary liability, but with a caveat:
intermediaries in India will have to act only on court order or on order of governmental agency.
The said judgment once again restated the principle that any provision of law, concerning the
real as well as virtual world, will have to ensure acquiescence with the Indian Constitution.

The year 2015 was also significant as it saw India hosting the International Conference on
Cyberlaw, Cybercrime & Cybersecurity in New Delhi, with representatives of lots of countries in
attendance. The Hon'ble Chief Justice of India, Justice TS Thakur speaking at the conference
emphasised the need for new laws to deal with cybercrimes and cyber terror. The conference
discussions and recommendations further contributed to the developing cyberlaw jurisprudence
in India.

CASE 11196
The mysterious hacking group known as the Shadow Brokers first raised in August 2016,
claiming to have penetrated the spy tools of the elite NSA-linked operation known as the
Equation Group. The Shadow Brokers offered a sample of so-called stolen NSA data and tried to
auction off a bigger trove, following up with leaks for Halloween and Black Friday in 2016.

195
ShreyaSinghal vs. Union of IndiaAIR 2015, SC 1523.
196
Shadow Brokers Case 2016 Https://www.wired.com(visited on April 27,2017)

72
This April, though, marked the group's most impactful release yet. It included a trove of
particularly significant alleged NSA tools, including a Windows exploit known as EternalBlue,
which hackers have since used to contaminate targets in two high-profile ransomware attacks.

The identity of the Shadow Brokers is still unknown, but the group's leaks have rejuvenated
debates about the menace of using bugs in commercial products for intelligence-gathering.
Agencies keep these faults to themselves, instead of notifying the company that makes the
software so the vendor can cover the vulnerabilities and protect its customers. If these tools get
out, they potentially endanger billions of software users.

CASE 12197

On May 12 a strain of ransomware called WannaCry blowout around the world, enormous
hundreds of thousands of targets, including public utilities and large corporations. Notably, the
ransomware temporarily crippled National Health Service hospitals and facilities in the United
Kingdom, limping emergency rooms, delaying vital medical procedures, and creating chaos for
many British patients.
Though powerful, the ransomware also had significant flaws, including a mechanism that
security experts effectively used as a kill switch to render the malware inert and stem its spread.
US officials later settled with "moderate confidence" that the ransomware was a North Korean
government project gone crooked that had been intended to raise revenue while wreaking chaos.
In total, WannaCry almost 52 bitcoins, or about $130,000—not much for such viral ransomware.
WannaCry's reach came in part thanks to one of the leaked Shadow Brokers Windows
vulnerabilities, EternalBlue. Microsoft had released the MS17-010 patch for the bug in March,
but many institutions hadn't applied it and were therefore vulnerable to WannaCry infection.

197
Wannacry Case May 12, 2017, Https://www.wired.com(visited on April 27,2017)

73
CASE 13198

On March 7, WikiLeaks published a data trove containing 8,761 documents allegedly stolen
from the CIA that contained extensive documentation of alleged spying operations and hacking
tools. Revelations included iOS and Android vulnerabilities, bugs in Windows, and the ability to
turn some smart TVs into listening devices.

Wikileaks called the dump "Vault 7," and the organization has followed the initial release with
frequent, smaller disclosures. These revelations have detailed individual tools for things like
using Wi-Fi signals to track a device's location, and persistently surveilling Macs by controlling
the fundamental layer of code that coordinates hardware and software.
WikiLeaks claims that Vault 7 reveals "the majority of the CIA hacking arsenal including
malware, viruses, trojans, weaponized 'zero day' exploits, malware remote control systems and
associated documentation." It is unclear, though, what proportion of the CIA toolbox the
disclosures actually represent. Assuming the tools are legitimate, experts agree that the leaks
could cause major problems for the CIA, both in terms of how the agency is viewed by the
public and in its operational abilities. And as with the Shadow Brokers releases, Vault 7 has led
to heated debate about the problems and risks inherent in government development of digital spy
tools.

198
Wikileaks Via Vault 7 Case, March 7, 2017, Https://www.wired.com(visited on April 27,2017)

74
 CHAPTER -6

CONCLUSION AND SUGGESTIONS

75
 CONCLUSION

The present society is continuously being dependent in the advent of the computer technology.
The integration of the virtual and the physical world is attaining an essential function in the
society through time. Due to the increasing role of the technology in most establishments that
include the private and the public sectors it has been the target of the increasingly prevalent
crime in the cyber world, the cyber terrorism. This entails in increasing danger. The study aim to
present the possible danger that can be brought about by cyber terrorism in the society. Based on
the conducted study cyber terrorism is the operation undertaken in the virtual network that causes
death and destruction private and public establishments. Research results showed the increasing
threat of the cyber terrorism in the society and the population of different nations. Population is
in need of the knowledge with regards to the threat caused by cyber terrorism. This is due to the
fact that it is a common misconception that leads to the underestimation of the threats that can be
brought to the society. One of the most significant results is in relation to the possible reaction of
the population to the threats of cyber terrorism. This is on the basis of the level of awareness of
the members of the population on the issue of cyber terrorism. The effect of the knowledge on
the issue can either be fear or action. Fear is a result of the fact that no standard security
measures in the cyber world are present. Thus, there exist the dangers of cyber occurrence that
can be uncontrollable. Knowing the real essence of the issue, on the contrary, induce advocacy
for the eradication of such crime.

Persons with less exposure to the computer technology can also have varying reaction scan also
have different reaction. Some can dismiss the issue as unimportant due to the fact that the crime
occurs in the virtual world that can be considered as unreal by some. This is due the fact that
these individuals has less access to the cyber world and have no background information on the
possible effects that can be incurred from the occurrence of cyber terrorism. This is without
knowing that almost every establishment has great dependence on the cyber world which seemed
insignificant to some. One scenario that can result is the fear of the unknown, which in this case
a new technology. This is because most people fear any phenomenon which is un familiar. Cyber
terrorism has become an increasingly popular issue due to the fact that is has already tapped the
psychological, political and economic aspects. Due to the fact that no real evidence and record of

76
occurrence can be found relating to cyber terrorism, there had been a notion that this cyber crime
is a myth. Destruction of different establishment that can be related to cyber activities is a reality
though.

The subject of great concern is the shift from the conventional to cyber terrorism. This is due to
the fact that it can favour the operation of cyber terrorism with all the advantages that it can
offer. This trend can make the prevention of the spread of this cyber-crime almost impossible.
This is due to the fact that there is no security program that can control the proliferation of the
cyber-crimes. In view of this situation, exponential increase of the incidence of cyber-crimes can
occur because there are no standards and laws that can prevent the occurrence of such incidence.
The course of action of the terrorists can be undertaken through the certain stages of action. The
first is the adaptation of the different aspects of cyber terrorism. This will enable these groups to
operate at a greater coverage with higher efficiency. The frightening generalization regarding the
cyber technology and cyber terrorism is the fact that there is a high efficiency in the application
of such systems. The terrorist groups can maximize the advantages of this system. In fact, the
application includes the propaganda purposes, source of financial growth and for the
communication within the group and with transaction to other groups outside their own system.
Another important consideration in the utilization of the cyber technology in terrorism is the fact
that the level of complexity differs with the application of the computer system. The use
computers for non-violent purposes vary from those that are engaged in cyber terrorism. The use
of cyber technology for inflicting harm on the target of the cyber terrorism can be attributed from
a more powerful form of hardware device. This requires a higher level of knowledge on the basis
of the operation and the creation of programs and network settings that can affect the target of
the attack. Any computer system can be a weapon for the cyber terrorism; it is mainly on the
basis of the knowledge of the operator, the transportation in the system, and the susceptibility of
the victim of the attack.

In planning for the possible utilization of cyber terrorism, it must be taken into consideration that
due to the fact that most actions is undertaken though the system, it can be a less threatening
form of terrorism. It can be viewed as an aid in the undertaking of the course of action such as
destabilizing a system and acquiring the needed back ground information of the target

77
organisation, group or establishment. It aids the other forms of terrorism for it can be considered
as being less frightening as compared to the physical forms of terrorism.

Cyber terrorism then, is most effective in the attack of cyber structures. In cases though that
involve the destruction of the entire structure the aid of other forms of terrorism is required.
Cyber terrorism can destroy the database components of a particular system but destruction of
the establishment that can take a longer period of time and hampering and disrupting the activity
can be done through the application of the physical forms of terrorism such as the planting of
explosives. Cyber terrorism disrupts the routine activity of the victim while physical forms of
terrorism can cease any possible operation and can even cause death or injuries.
On the basis of the study that was undertaken, it can be concluded that due to the increasing
dependence of the population to the cyber technology, the possibility of the terrorists to consider
the application of cyber terrorism also increases. As the influence of the computer technology
amplifies, the susceptibility of the system to terrorist attacks also grows proportionally. In this
scenario, without the development of the security system that can control the exponential taking
over of the cyber influence the incidence of cyber crime increases. It can be concluded that more
detrimental effects can be incurred in the future due to the fact that it had developed more
influence during that time and there is a higher possibility of the feasibility of its use by future
terrorists. Thus, it can be considered that there is an elevated level of threat in the future which is
comparatively higher that the danger that it can create in the present era.

 A fully operational cyber command is the need of the hour, given that India’s digital
capabilities lag significantly behind regional and global players.
Two things set aside India’s digital spaces from that of major powers such as the United States
and China: design and density. India is a net information exporter. Its information highways
point west, carrying with them the data of millions of Indians. This is not a design flaw, but
simply reflects the popularity of social media platforms and the lack of any serious effort by the
Indian government to restrict the flow of data. Equally important is the density of India’s
cyberspace. Nearly 500 million Indians use the Internet today, but they do not access the Internet
from the same devices. Apple’s market share in the U.S., for instance, is 44 per cent, but iPhones
account for less than 1 per cent in India. The massive gap between the security offered by the

78
cheapest phone in the Indian market and a high-end smartphone makes it impossible for
regulators to set legal and technical standards for data protection.

SUGGESTIONS

Presently there are no full data verification approaches to ensure a framework. The complete
secure framework can never be accessed by anybody. The vast majority of the militaries grouped
data is continued machines with no outside association, as a manifestation of avoidance of cyber
terrorism. Apart from such seclusion, the most well-known strategy for assurance is encryption.
Across the board the utilization of encryption is hindered by the governments ban on its
exportation, so intercontinental correspondence is left moderately frail. The Clinton organization
and the FBI restrict the fare of encryption for a framework where by the administration can pick
up the way to an encoded framework in the wake of picking up a court request to do so. The
director of the FBI's stance is that the Internet was not planned to go unplaced and that the police
need to secure individuals' security and open well being right there. Encryption's disadvantage is
that it does not protect the entire system, an attack designed to cripple the whole system, such as
a virus, is unaffected by encryption. Others advance the utilization of firewalls to screen all
interchanges to a system, including email messages, which may convey rationale bombs.
Firewall is a moderately nonexclusive term for methods of filtering access to a network. They
may come in the form of a computer, router other communications device or in the form of a
network configuration. Firewalls serve to define the services and access that are acceptable to
each user. One method is to screen user requests to check if they come from a previously defined
domain or Internet Protocol (IP) address. An alternate system is to forbid Telnet access into the
system.

Here are few key things to remember to protect from cyber-terrorism:

1. All records ought to have passwords and the passwords ought to be peculiar, hard to
guess.
2. Change the network configuration when imperfections become to be known.
3. Check with venders for upgrades and patches.
4. Audit systems and check logs to help in detecting and tracing an intruder.

79
5. If you are ever unsure about the safety of a site, or receive suspicious email from an
unknown address, don't access it. It could be trouble.
6. The effective implementation and enforcement of IT law is an urgent need.
7. A Cyber Crime Cell/Police Station should be developed to handle cases dealing with
computer offences.
8. A Cyber Forensic Laboratory with all updated technologies should be endorsed to detect
computer related crimes.
9. Public Awareness Programmes should be carried out to sensitized public and particularly
police officers about the Information Technology Act, 2000/2008.

80
 BIBLIOGRAPHY

Legislations:

 The Arms Act, 1878

 Code of Criminal Procedure, 1973
 Indian Evidence Act,1872
 The Information Technology Act, 2000
 Narcotics Drugs and Psychotropic Substances Act, 1985
 Indian Penal Code, 1860

International conventions:

 Budapest Convention on CyberCrime

 The European Convention on Cyber Crime
 Regional and International Organisations and Groupings

Books:

 Augustine Paul T. Cyber Crime and Legal Issues, Crescent Publishing Corporation,(1st
ed. 2007).
 Bajpai G.S., Cyber Crime and Cyber Law, Serials Publications, (1st ed., 2011)
 Barkha & U Raman Mohan, Cyber Law and Crimes, Asia Law House,( 1st ed., 2007)
 Chaubey R.K., An Introduction To Cyber Crime And Cyber Law,Orient Publishing Co.,
Allahabad,( 1st ed. 2013)
 Das Gupta M, Cyber Crime in India,Vibhavari Publication, Shakarpur, Delhi, (2015)
 Evenson, Robert E. And Larry E. Westphal, Cyber Terrorism and Its Effects, 1995,
 Jain Atul, Cyber Crime: Issues Threat and Managements, Isha Books, Delhi, 2005 Vol.
II, 2005
 Katria R.P. & S.K.P. Srinivas, Cyber Crime, Orient Publishing House, New Delhi,( 1st
ed., 2013)
 Maskus, Keith E, Cyber Warfare, International Threat, World Bank, 1997

81
  Mishra J.P., An Introduction To Cyber Law, 1st ed. 2012
 Park, Walter G. And Juan Carlos Ginarte, Terrorism and Its Changing Forms, 1997,
 .Pradhan, R.K Cyber Crime and Cyber Terrorism, Mangalam Publications.Delhi 1st ed.
2010
 Samuel T.M. – Samuel Maria, Computer Crime and Information Technology Misuse,
Vol. II, 2008
 Singh Yatindra, Cyber Law, Universal Law Publishing co., vol.6, 2010

ARTICLES:

 Borensztein, E., J. De Gregorio, and J.-W. Lee, 1998, “How big the cyber crime is in 21st
century.

 Coe, David T., Elhanan Helpman, and Alexander W. Hoffmaister, 2001, “Space laws,”
The Space law Journal.

 Gould, David M. and William C. Gruben, 20036, “The Role of Intellectual Property
Rights in Economic Growth,” Journal of Development Economics

 Maskus, Keith E., 1999a, “Proctive measures against cyber terror” Australian law Papers

 Janet J. Prichard, Laurie E. MacDonald Cyber Terrorism: A Study of the Extent of

Coverage in Computer Science, JITE-Research Volume 3,2014, Informing Science
Institute

 Stephen Herzog, Revisiting the Estonian Cyber Attacks: Digital Threats and
Multinational Responses, 2011 journal of Strategic Security,
 Jarvis, L., S. Macdonald and L. Nouri (2014) ‘The Cyberterrorism Threat: Findings from
a Survey of Researchers’, in Studies in Conflict & Terrorism 37(1): 68-90.
 Justice S. Muralidhar, Jurisdictional Issues In Cyberspace, Volume 6, 2010

82
Websites:

 http://www.cyberterrorism. Org.
 http://www.cyberspace.org.
 http://www.terrorism.org.
 http://www.f.b.i cyber.gov

 http://www.gizbot.com

 http://www.wired.com

 http://www.indiancybersecurity.com

 http:// www.nyls.edu

 http://www.cybercrimes.net.

 http://europe.rights.apc.org

 http://www.oecd.org.

 http://www.cscap.org

 http:// www.unodc.org

 http://www.penal.org

 https://supreme.justia.com

 http://www.cancilleria.gov.co

 http://en.g8russia.ru

 www.legalservicesindia.com

 https://www.researchgate.net.

83
News Paper:

 Indian express newspaper, May 13,2016

 Indo-Asian News Service, 07 November 2016

 Time of India

 ABC News

 CBC News

 Sify News

 The Hindustan Times

 New York Times

84