Cyber Terrorism:- Major aspects & Challenges in India

Manish Kumar*

Shashank Gupta**

Introduction:

There is often a large amount of confusion as to what cyber terrorism is. More specifically, what
cyber-attacks can we actually define as acts of terrorism? The internet has allowed for a vast
exchange of information. Thus has created a cyber space in which both criminals and terrorists
can implement attacks/communications. This use of cyber space results in there no longer being
simply a physical threat of terrorism. When we consider what cyber terrorism actually is, we must
first understand the motivations behind cyber-attacks. Cyber-attacks can come in many differing
forms, and it is these forms that help us understand whether the attack is of crime or terror.
According to ‘Wikipedia’, “Cyberterrorism is the use of the Internet to conduct violent acts that
result in, or threaten, loss of life or significant bodily harm, in order to achieve political or
ideological gains through threat or intimidation. It is also sometimes considered an act of Internet
terrorism where terrorist activities, including acts of deliberate, large-scale disruption of
computer networks, especially of personal computers attached to the Internet by means of tools
such as computer viruses, computer worms, phishing, and other malicious software and hardware
methods and programming scripts.” Cyberterrorism can be also defined as the intentional use of
computers, networks, and public internet to cause destruction and harm for personal objectives.
NATO defines cyberterrorism as "a cyberattack using or exploiting computer or communication
networks to cause sufficient destruction or disruption to generate fear or to intimidate a society
into an ideological goal".

Some Examples of Cyber Terrorism1:

Terrorism can occur over the public internet, over private computer servers, or even through
secured government networks. There are many ways in which a person can use electronic means
to create fear and violence. It is less expensive to purchase a computer than to buy guns or
bombs, making this approach appealing for many potential criminals worldwide. It can be

1
Available at https://study.com/academy/lesson/what-is-cyber-terrorism-definition-cases-examples.html
anonymous and conducted at a great distance away from the target. For just a few examples,
consider these situations:

 Terrorists may break into the private servers of a corporation or of an agency in order to
exploit trade secrets, steal banking information, or perhaps the private data of their
employees.
 Global terror networks may disrupt a major website in order to create a public nuisance
or inconvenience, or even more seriously, or can try to stop a website publishing content
with which they are not agree.
 Terrorists could try to access and disable the signal which flies drones or otherwise
controls military technology or its communication signals etc.

Forms of Cyber Terrorism2:

i) Violation of individual’s Privacy:

The law6 of privacy is the recognition of the individual's right to be let alone. The right to
privacy as an independent concept originated in the field of Tort law, under which a new cause
of action for damages resulting from unlawful infringement of privacy was recognized. In recent
times, this right has obtained a constitutional status, the violation of which attracts both civil as
well as criminal consequences under the respective laws. Right to privacy is a part of the right to
life and personal liberty enshrined under Article 21 of the Constitution of India. With the advent
of information technology the traditional concept of right to privacy has taken new dimensions,
which require a different legal outlook. To meet this challenge recourse of Information
Technology Act, 2000 can be taken.
The various provisions of the Act protect the online privacy rights of the citizens. Certain acts
have been categorized as offences and contraventions, which have tendency to intrude with the
privacy rights of the citizens.

ii) Data theft and appropriation of secret information:

2
Available at http://www.legalserviceindia.com/article/l169-Cyber-Terrorism.html
The information technology can be misused for appropriating the valuable Government secrets
and data of private individuals and the Government and its agencies. A computer network owned
by the Government may contain valuable information concerning defence and other top secrets,
which the Government will not wish to share otherwise. The same can be targeted by the
terrorists to facilitate their activities, including destruction of property. It must be in mind that
the definition of property is not restricted to moveable or immovable alone.
In R.K. Dalmia v Delhi Administration 1, the Supreme Court held that the word ‘property’ is used
in the I.P.C in a much wider sense than the expression ‘movable property’. There is no good
reason to restrict the meaning of the word ‘property’ to moveable property only, when it is used
without any qualification. Whether the offence defined in a particular section of IPC can be
committed in respect of any particular kind of property, will depend not on the interpretation of
the word "property" but on the fact whether that particular kind of property can be subject to the
acts covered by that section.

iii) Demolition of e-governance base:

The aim of e-governance is to make the interaction of the citizens with the government offices
hassle free and to share information in a free and transparent manner. It further makes the right to
information a meaningful reality. In a democracy, people govern themselves and they cannot
govern themselves properly unless they are aware of social, political, economic and other issues
confronting them. To enable them to make a proper judgment on those issues, they must have the
benefit of a range of opinions on those issues. Right to receive and impart information is implicit
in free speech. This, right to receive information is, however, not absolute but is subject to
reasonable restrictions which may be imposed by the Government in public interest.

iv) Network damage and disruptions:

The main aim of cyber terrorist activities is to cause networks damage and their disruptions. This
activity may divert the attention of the security agencies for the time being thus giving the
terrorists extra time and makes their task comparatively easier. This process may involve a
combination of computer tampering, virus attacks, hacking, etc.
Major cases relating to cyber terrorism3:

There are many cases related to cyber terrorism which may be illustrated as under:

Case 1. The website of the Bhabhah Atomic Research Centre (BARC) at Trombay was hacked
in 1998. The hacker's gained access to the BARC's computer system and pulled out virtual data.

Case 2. In 2002, numerous prominent Indian web sites notably that of the Cyber Crime
Investigation Cell of Mumbai were defaced. Messages relating to the Kashmir issue were left on
the home pages of these web sites.

Case 3. In the Purulia arms drop case, the main players used the internet extensively for
international communication, planning and logistics.

Case 4. In 2007, the two Indian doctors involved in the Glasgow airport attack used Computers
for terrorist’s activities.

Case 5. Former Indian President, Dr. A.P.J. Abdul Kalam has expressed concern over the free
availability of sensitive spatial pictures of nations on the internet. He pointed out that the internet
could be utilized effectively for gathering information about the groupings of terrorists.
According to him, Earth observation by "Google Earth" was a security risk to the nation.
www.fas.org and "Google Earth" provide free availability of such high resolutions. On 26
November 2008, the Bombay bomb blasts militants examined the layout and landscape of the
city using only images from "Google Earth”.

The Information Technology Act, 2000:

So far as India is concerned in order to combat cyber terrorism through law, the
Information Technology (Amendment) Act, 2008 has been enacted to include the
same within the meaning of offences and therefore, is made punishable. Though,
cyber terrorism has not been defined, but sec. 66(f) of the Information Technology
(Amendment) Act, 2008 prescribes as to when cyber terrorism is said to have been
committed. Sec. 66(f) of the said Act reads as to the following effect-
3
Legal Dimensions of Dreaded Cyber Terrorism in India, By Maneela Bansal, available at
http://classic.austlii.edu.au/au/journals/ANZCompuLawJl/2010/7.pdf
“Whoever:- (A) With the intent to threaten the unity, integrity, security or
sovereignty of India or to strike terror in the people or any section of the people by
—

(i) By denying or cause the denial of access to any person authorized to access
computer resource; or (ii) Attempting to penetrate or access a computer resource
without authorization or exceeding authorized access; or (iii) Introducing or causing
to introduce any computer contaminant;

And by means of such conduct causes or is likely to cause death or injuries to

persons or to damage to or destruction of property or disrupts or knowing that it is
like to cause damage or disruption of supplies or services essential to the life of the
community or adversely affect the critical information infrastructure specified under
section 70, or

(B) Knowingly or intentionally penetrates or accesses a computer resource without

authorization or exceeding authorized access, and by means of such conduct obtains
access to information, data or computer database that is restricted for reasons for
the security of the state or foreign relations, or any restricted information, data or
computer database, with reasons to believe that such information, data or computer
database so obtained may be used to cause or likely to cause injury to the interests
of the sovereignty and integrity of India, the security of the state, friendly relations
with foreign states, public order, decency or morality, or in relation to contempt of
court, defamation or incitement to an offence, or to the advantage of any foreign
nation, group of individuals or otherwise, Commits the offence of cyber terrorism.  

(2) Whoever commits or conspires to commit cyber terrorism shall be punishable

with imprisonment which may extend to imprisonment for life.”

Case laws in India:

India has got some reported cybercrime convictions in various parts of the nation. However,
some important cases have been pronounced by Indian courts as case laws for this field. The
latest case law relating to electronic evidence which forms foundation for cybercrime
investigation, is given, in case of Anvar PK v. P K Basheer by the Apex Court of India. In the
said matter, the Supreme Court of India has held: “Any documentary evidence by way of an
electronic record under the Evidence Act, in view of Sections 59 and 65A, can be proved only in
accordance with the procedure prescribed under Section 65B. Section 65B deals with the
admissibility of the electronic record. The purpose of these provisions is to sanctify secondary
evidence in electronic form, generated by a computer. It may be noted that the Section starts with
a non obstante clause. Thus, notwithstanding anything contained in the Evidence Act, any
information contained in an electronic record which is printed on a paper, stored, recorded or
copied in optical or magnetic media produced by a computer shall be deemed to be a document
only if the conditions mentioned under sub-Section (2) are satisfied, without further proof or
production of the original. The very admissibility of such a document, i.e., electronic record
which is called as computer output, depends on the satisfaction of the four conditions under
Section 65B (2).” In State of Delhi v. Mohd. Afzal & Others 2003 (3) JCC 1669 also known as
the Parliament House Attack case, the Delhi High Court held that electronic records are
admissible as evidence. The appeal was filed in the Supreme Court of India in State v Navjot
Sandhu(2005) 11 SCC 600, wherein the Hon’ble Supreme Court held that in the said case, the
certificate containing the details in Section 65B (4) is not filed, but that does not mean that
secondary evidence cannot be given. The law permits such evidence to be given in the
circumstances mentioned in the relevant provisions, namely, Ss. 63 and 65 of the Indian
Evidence Act 1872. Further, the Supreme Court of India in K.K.Velusamy vs. N.Palanisamy
(2011) 11 S.C.C.275, considered the issue regarding the telephonic conversation recording and
formed a conclusion that a disc containing recording of telephonic conversation could be valid
evidence according to Section 3 of the Evidence Act and Section 2 (t) of the IT Act. The
Supreme Court has further pointed out that electronically recorded conversation is admissible in
evidence, if the conversation is relevant to the matter in issue and the voice is identified and the
accuracy of the recorded conversation is proved by eliminating the possibility of erasure addition
or manipulation.

Recommendations:
 In order to counter the ill-effects of cyber terrorism on critical infrastructures and businesses as
well as the social and psychological effects that these attacks have on citizens, a
multidimensional and comprehensive strategic approach should be put in place 4. Various
suggestions under various fields can be given as under:

1)Legislative Framework − Enact an Internet regulation with respect to the various threats
posed by cyber terrorism; including the monitoring of social media platforms in order to detect,
respond and deter any possible spreading of terrorist propaganda, radicalization communications
between individuals and known terrorist elements, activities of data mining for the purpose of
planning terrorist attacks or recruitment of individuals and other terrorist related Internet usages;
as well as monitoring terrorist activities in the Dark Net. Adequate mechanisms ensuring respect
the freedom of expression and privacy must be developed. Moreover, monitoring should be
undertaken with consistency and integrity to target terrorists and others who pose a threat to
national security. − Develop a framework regulating Open Data to prevent activities of data
mining for the purpose of planning terrorist attacks.

2)Partnerships − Strengthen cooperation between all stakeholders of the public and private
sector, i.e. the government including security forces, cyber security experts, telecommunication
network operators, internet service providers and civil society. − Strengthen stakeholders
‘capacities as well as civil society by raising awareness regarding cyber security to prevent
threats.

3) National Strategies-It has become indispensable to analyze cyber terrorism accurately, i.e.
studying its objectives, motivation and the resources used; monitoring strategies and activities;
and analyzing and evaluating risks for damage they could cause. In parallel it is necessary to
formulate several national strategies, such as: − a National Cyber Security Strategy that aims to
develop and enhance cyber security to be secure and resilient to cyber threats. The strategy must
outline the objectives and the implementation plan to help create the conditions for all
stakeholders to work effectively on cyber security, and raise the level of awareness and
knowledge throughout the society; − a National Response and Risk Management Strategy to
identify and characterize cyber threats, assess the vulnerability of critical assets to those threats,
determine the risk, identify ways to reduce those risks and prioritize risk reduction measures; −
4
The Threat of Cyber Terrorism and Recommendations for Countermeasures, By Mayssa Zerzari, available at
https://www.cap-lmu.de/download/2017/CAPerspectives-Tunisia-2017-04.pdf
an holistic National Communication Strategy to enhance trust between citizens, security forces
and media; − a National Strategy to Counter Terrorist Online Propaganda as terrorists remain
resilient in maintaining constant distribution of its propaganda and its adaptability towards online
removal of jihadist content.

4 International Cooperation − Coordinate action and conclude agreements with other states
regarding crimes related to cyber terrorism (including information exchange to prevent cyber
terrorist operations); − Regulate the prevention and treatment of this crime and the exchange of
information and evidence. This will include the activation of extradition agreements for
cybercrime offenses; − Promote the exchange of information, best practices and lessons learnt
between states in preventing and countering cyber terrorism.

Conclusion:

Cyber-terrorism has negative effects. Whether an individual is a direct or indirect victim of a

cyber-terror attack, he or she can be left groping in the dark if no prior preparations. The impacts
of a cyber-attack are pretty much the same as any other terror attack on an organization.
Although fighting against a highly sophisticated and intelligent cyber-terrorism can be a no-win
situation, it can be minimized or even stopped with proper technology, experts, and the
willingness to respond to it. However, there are things that can be done before, during, and after
a cyber-terrorism attack. First, organizations should anticipate cyber-attacks. We should not ask if
cyber-attack is going to occur because they always happen. For this reason, we should think
about prevention strategies and what can do now and we should not wait until we are attacked so
that we can do something because it will be too late and damage will have already occurred.
Whenever an attack occurs, the main goal is to keep the organization running and, therefore, we
should respond immediately to enhance continuity. Besides, we should invest in technologies
andexperts to monitor the systems 24 hours a day, seven days a week, and 365 days a year
because cyber terrorism is a 24/7, 365 days-a-year giant that never sleeps and never stops
preying.