CYBER TERRORISM ATTACKS

CYBER TERRORISM

by- Vidushi Arya

IT has opened the avenues of the world and has exposed the technology to each person relating to anything and everything across the globe . It may be used by some for doing some constructive work and by the others for destructive work. Some of the destructive elements which exist all across the globe are the terrorists. Terrorists apart from other illegal means , use internet for planning and carrying out terrorist attacks.

According to Mark Pollitt , who was a special agent working for the FBI defined Cyber Terrorism as :

“Cyber terrorism is the premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub national groups or clandestine agents.”[1]

METHODS OF CYBER TERRORISM ATTACKS

• Physical Attack: Incase of physical attacks the computer infrastructure gets damaged using conventional methods like bombs, fire, etc.
• Syntactic Attack: Incase of syntactic attacks the computer infrastructure gets damaged by modifying the logic of the system in order to introduce delay or make the system unpredictable. In such attacks computer viruses and trojans are used.
• Semantic Attack: In case of semantic attacks the confidence of the user in the system if exploited. In this attack the information keyed which is entered in the system while entering and exiting it gets modified without the knowledge of the user for inducing errors into it.

TOOLS FOR CYBER TERRORISM

The cyber terrorists use various kinds of tools to achieve their malicious objectives which are as follows:

• Hacking: One of the most prominent method or tool used by the cyber terrorists is hacking. It is an universal term which is used for any kind of unauthorized access to a computer network or the computer itself. Packet sniffing, tempest attack, password cracking and buffer outflow are some of the ingredient technologies which facilitate hacking.
• Trojans: These are programmes which profess to do a thing while they are actually meant to something very different, eg: wooden Trojan horse of 12th Century BC.
• Computer Viruses: are computer programmes that infect other computers , programmes by modifying them , also they spread really fast.
• Computer Worms: is a programme or a set of programmes which is capable of spreading copies of itself or its segments to the other computer systems usually through network connections.
• E-mail related Crime: worms and viruses usually have to attach themselves to a host programme in order to be injected. Some e-mails are used as host for these viruses and worms , also they are used for the purpose of spreading disinformation, threats and defamatory content.
• Denial of Service: such attacks have the objective of denying the authorized persons access to a computer or a computer network.
• Cryptology: In the recent times the terrorists have started using encryptions , high frequency encrypted data/voice links, etc. It is an extremely difficult task to decrypt the information that the terrorists are sending using 512 bit symmetric encryption.

LAWS IN INDIA TO PREVENT TERRORISM

• Section 66F of the IT Act,2000.

It defines cyber terrorism as well as provides the punishment for the same. It reads as under:

” (1) Whoever,–

 (A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by–

 (i) denying or cause the denial of access to any person authorised to access computer resource; or (ii) attempting to penetrate or access a computer resource without authorisation or exceeding authorised access; or

 (iii) introducing or causing to introduce any computer contaminant, and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure specified under section 70; or

 (B) knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorised access, and by means of such conduct obtains access to information, data or computer data base that is restricted for reasons of the security of the State or foreign relations; or any restricted information, data or computer data base, with reasons to believe that such information, data or computer data base so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism.

 (2) Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life.”[2]

• Section 70 of the IT Act

It deals with protected systems , and reads as under:

” (1) The appropriate Government may, by notification in the Official Gazette, declare any computer resource which directly or indirectly affects the facility of Critical Information Infrastructure, to be a protected system.

 Explanation.–For the purposes of this section, ―Critical Information Infrastructure means the computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety.

(2) The appropriate Government may, by order in writing, authorise the persons who are authorised to access protected systems notified under sub-section (1).

(3) Any person who secures access or attempts to secure access to a protected system in contravention of the provisions of this section shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine.

 (4) The Central Government shall prescribe the information security practices and procedures for such protected system.”

• Section 70A of the IT Act, 2000.

It explains about the National Nodal Agency , which has responsibility of taking the required measures and performing the R&D for the purposes of  protection the Critical Information Infrastructure. It reads as under:

” (1) The Central Government may, by notification published in the Official Gazette, designate any organisation of the Government as the national nodal agency in respect of Critical Information Infrastructure Protection.

 (2) The national nodal agency designated under sub-section (1) shall be responsible for all measures including Research and Development relating to protection of Critical Information Infrastructure.

(3) The manner of performing functions and duties of the agency referred to in sub-section (1) shall be such as may be prescribed.”

• Section 70B of the IT Act,2000.

It deals with appointment and functions of the Indian Computer Emergency Response Team , which is meant to serve as the National Agency for carrying out functions relating Cyber Security. It reads as under:

” (1) The Central Government shall, by notification in the Official Gazette, appoint an agency of the Government to be called the Indian Computer Emergency Response Team.

(2) The Central Government shall provide the agency referred to in sub-section (1) with a Director General and such other officers and employees as may be prescribed.

(3) The salary and allowances and terms and conditions of the Director-General and other officers and employees shall be such as may be prescribed.

 (4) The Indian Computer Emergency Response Team shall serve as the national agency for performing the following functions in the area of cyber security,–

(a) collection, analysis and dissemination of information on cyber incidents; (b) forecast and alerts of cyber security incidents;

 (c) emergency measures for handling cyber security incidents;

 (d) coordination of cyber incidents response activities;

 (e) issue guidelines, advisories, vulnerability notes and white papers relating to information security practices, procedures, preventation, response and reporting of cyber incidents;

 (f) such other functions relating to cyber security as may be prescribed.

(5) The manner of performing functions and duties of the agency referred to in sub-section (1) shall be such as may be prescribed.

(6) For carrying out the provisions of sub-section (4), the agency referred to in sub-section (1) may call for information and give direction to the service providers, intermediaries, data centres, body corporate and any other person.

(7) Any service provider, intermediaries, data centres, body corporate or person who fails to provide the information called for or comply with the direction under sub-section (6), shall be punishable with imprisonment for a term which may extend to one year or with fine which may extend to one lakh rupees or with both.

(8) No court shall take cognizance of any offence under this section, except on a complaint made by an officer authorised in this behalf by the agency referred to in sub-section (1).”

Some Common Steps that one can take to prevent themselves from cyber terrorism:

• One should be very vigilant while opening an e-mail attachments.
• One should often update their softwares.
• Should create difficult passwords in order to protect data, and opt for options like two-step verifications available on G-mail, Yahoo, whatsapp, etc.
• Should always downloads Anti-virus softwares.
• Should always clean unwanted data from phones and apps frequently, and uninstall unsed applications or services.

Some Common Examples of Cyber Terrorist Attacks could be :

• The 9/11 Twin Tower Attack.: An Al-Qaeda laptop was located in Afghanistan , and various hits were found on certain websites that consisted “Sabotage Handbooks”. It was seen that Al-Qaeda has actively investigated the information relating to critical infrastructure which was provided on the websites.
• Ahemdabad bomb blast.: During the investigation it was found that a mail was being sent to a group of terrorists using the id: alarbi_gujrat@yahoo.com . A persons unsecured Wifi router was being illegal used by the terrorists to communicate information , also it was observed during the investigation that even after the blast some mails were being exchanged using the same Wifi connection.
• 26/ 11 Mumbai Attacks.: The 26/11 Mumbai attacks was a major set back for the entire country. However, what must not be neglected is the fact that our army had made the country proud. During the investigation process it was observed that the terrorists were communicating with handlers of the mission through Callphonex and Voice over internet Protocol. The id that they were using for communicating information was found to be accessed from 10 different IP addresses.

Conclusion

The act of cyber terrorism is very horrifying because of various reasons. It can not only cause damage to one’s computer system or networks but has even caused people their lives. The technology does bring with it it’s pros cons . What is difficult is to catch and keep a track of these cyber terrorists , as these are qualified people indulged in practices which cause thousands of people across the globe their lives. The governments have tried their best to provide for mechanisms to fight these battles , however there is still more to be done.

[1] Serge Krasavin, “What is Cyber-Terrorism?”, Computer Research Centre.