Law relating to Cyberterrorism

Before looking into the issue of Cyberterrorism it is important to understand that it should
not be confused with Internet and terrorism i.e. Presence of terrorist groups on the
internet.

Cyberterrorism
Defining Cyberterrorism is quite difficult task. However, Asian School of Cyber Laws has
defined the term as:Cyber terrorism is the premeditated use of disruptive activities, or the threat thereof, in
cyber space, with the intention to further social, ideological, religious, political or similar
objectives, or to intimidate any person in furtherance of such objectives.
The underlying premise in this definition is that cyber crime and cyber terrorism differ only
on the basis of the motive and intention of the perpetrator.

Incidence
Lets have look at some major Cyberterrorism incidents to understand the definition.
In 1997, a Bolivian terrorist organization had assassinated four U.S. army personnel. A raid
on one of the hideouts of the terrorists yielded information encrypted using symmetric
encryption. A 12-hour brute force attack resulted in the decryption of the information and
subsequently led to one of the largest drug busts in Bolivian history and the arrest of the
terrorists.
In 1999 hackers attacked NATO computers. The computers flooded them with email and hit
them with a denial of service (DoS). The hackers were protesting against the NATO
bombings in Kosovo. Businesses, public organizations and academic institutions were
bombarded with highly politicized emails containing viruses from other European countries.
In 2001, in the back drop of the downturn in US-China relationships, the Chinese hackers
released the Code Red virus into the wild. This virus infected millions of computers around
the world and then used these computers to launch denial of service attacks on US web

sites, prominently the web site of the White House.

In 2002, numerous prominent Indian web sites were defaced. Messages relating to the
Kashmir issue were pasted on the home pages of these web sites. The Pakistani Hackerz
Club, led by Doctor Neukar is believed to be behind this attack.
In May 2007 Estonia was subjected to a mass cyber-attack by hackers inside the Russian
Federation which some evidence suggests was coordinated by the Russian government,
though Russian officials deny any knowledge of this. This attack was apparently in response
to the removal of a Russian World War II war memorial from downtown Estonia.
In December, 2010 the website of the Central Bureau of Investigation (CBI) was hacked by
programmers identifying themselves as Pakistani Cyber Army.

Tools of Terror
Cyber terrorists use various tools and methods to unleash their terrorism. Some of the
major tools and methodologies are:

Hacking

Virus/Trojan/Worm attacks

Email Related Crimes

Denial of Service Attacks

Use of Cryptography and Steganography

Legal provisions
Amendments under the Information Technology Act, 2000 has defined the term
Cyberterrorism U/Sec. 66F. This is the first ever attempt in India to define the term. It
reads as under:-

Punishment for Cyberterrorism

Whoever,
(A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike
terror in the people or any section of the people by
(i) denying or cause the denial of access to any person authorized to access computer
resource; or
(ii) attempting to penetrate or access a computer resource without authorisation or
exceeding authorised access; or
(iii) introducing or causing to introduce any computer contaminant;
and by means of such conduct causes or is likely to cause death or injuries to persons or
damage to or destruction of property or disrupts or knowing that it is likely to cause damage

or disruption of supplies or services essential to the life of the community or adversely affect
the critical information infrastructure specified under Section 70, or
(B) knowingly or intentionally penetrates or accesses a computer resource without
authorisation or exceeding authorised access, and by means of such conduct obtains
access to information, data or computer database that is restricted for reasons for the
security of the State or foreign relations, or any restricted information, data or computer
database, with reasons to believe that such information, data or computer database so
obtained may be used to cause or likely to cause injury to the interests of the sovereignty
and integrity of India, the security of the State, friendly relations with foreign States, public
order, decency or morality, or in relation to contempt of court, defamation or incitement to an
offence, or to the advantage of any foreign nation, group of individuals or otherwise,
commits the offence of cyber terrorism.

Punishment
Whoever commits or conspires to commit cyber terrorism shall be punishable with
imprisonment which may extend to imprisonment for life. I.e. Imprisonment not exceeding
fourteen years (Sec. 55, IPC)
This Section has defined conventional Cyber attacks like, unauthorised access, denial of
service attack, etc, but as discussed above, motive and intention of the perpetrator
differentiates the attack from an ordinary to an act of terrorism.

Illustration
Rohit, a Hacker, gains unauthorised access into Railway traffic control grid (the grid has
been declared as Critical Information Infrastructure U/Sec. 70) and thereby strikes terror
amongst people, Rohit is said to have done an act of Cyberterrorism.

Sagar Rahurkar
sr@asianlaws.org
Sagar Rahurkar, a Law graduate, is Head(Maharashtra) at Asian School of Cyber Laws.
Sagar specializes in Cyber Law, Intellectual Property Law and Corporate Law. Sagar
also teaches law at numerous educational institutes and has also trained officials from
various law enforcement agencies.

http://www.chmag.in/article/nov2011/law-relating-cyberterrorism