CybEr TErroriSm:

nATionAl And inTErnATionAl pErSpECTivE

SEMINAR COURSE - I

SUBMITTED TO: DR. PROF. EQBAL HUSSAIN

Faculty of Law, Jamia Millia Islamia.

SUBMITTED BY: FARHEEN HAIDER

Sem. IX Sec. B 15BLW0058

1
 TABLE OF CONTENTS

S.NO. TOPIC P.NO.

1 ACKNOWLEDGEMENT 4

2 INTRODUCTION 5

I CYBER TERRORISM AND FUND-RAISING 6

II OBJECTIVES AND REASONS OF 7-8

CYBER TERRORISM

III WHY AND HOW INTERNATIONAL 9

TERRORISTS USE THE INTERNET?

IV INCIDENTS OF CYBER TERRORISM 10-11

CYBER
V TERRORISM IN INDIA 12-13

VI INTERNATIONAL ASPECT ON 14-18

CYBER TERRORISM

VII THE FOCUSES OFINTERNATIONAL 19

HARMONIZATION

3 CONCLUSION 20-21

4 ANALYSIS & SUGGESTIONS 22-29

5 BIBLIOGRAPHY 30

2
 ABSTRACT

Purpose –

The purpose of this article is to illuminate the challenges of global cyber terrorism, and the role of
international organisations in countering the same. The article also appraises the laws prevalent in India to
curb the menace of cyber terrorism one such example being, Section 66F of IT Act, 2000.

Object and Research Methodology

The object of this article is to gain a thorough and a holistic understanding of the causes of its prevalence in
contemporary times:

 Lack of traceability and identification of source;

 Ease of anonymity and lack of accountability.
 Inexpensive compared to other traditional methods;
 Absence of physical barriers or check points;
 Possibility of uninterrupted remote operations;
 Ability to cumulatively expose the vulnerabilities of a large group of people ;

The method of research adopted is descriptive and analytical in nature. I have referred sources from the web as
well as books on the topic of cyber laws and cyber-crimes, besides augmenting the same with my personal
views and knowledge of the topic.

Originality/Value - The article provides various incidents of cyber terrorism and its impact on global citizens,
it also covers the sources of fund, tools to launder money, objectives and targets of cyber-attack, and steps to
be followed for prevention and control.

Keywords – Counterfeiting, Cyber Attacks, Cyber Bullying, Hacking, Identity Theft, Indian Computer
Emergency Team, Phishing, Sabotage, Sniffers, Trojan Horses.

Paper Type - Conceptual paper: This paper is likely to be discursive and will cover philosophical discussions
and comparative studies of diverse works.

3
 ACKNOWLEDGEMENT

Firstly, I would like to express my profound sense of gratitude towards the Almighty for providing me
with the authentic circumstances which were mandatory for the completion of my project.

Secondly, I would like to express my profound gratitude and deep regards to my teacher Dr. Prof
Eqbal Hussain, Faculty of Law, Jamia Millia Islamia for his exemplary guidance, monitoring and
constant encouragement and supervision throughout the course of this assignment based on Cyber
Terrorism: National and International Perspective.

My cardinal thanks are also for my parents, friends and all teachers of law department in our college
who have always been the source of my inspiration and motivation without which I would have never
been able to unabridged my project.

FARHEEN HAIDER

Sem IX, Sec B

Faculty of Law, JMI

4
 INTROUDCTION

Cyber terrorism, as the name indicates means the use of computers and Information Technology to cause
large-scale disruption and widespread fear. The main targets of these attacks are computer operated structure
and other facilities that are critical in nature, such as e-government system, banks, military associations, air
traffic control water systems and power plants. It has been explained as follows:

“Cyber terrorism is convergence of cyberspace and terrorism. They are highly damaging computer-based
attacks by non-state actors against information systems when conducted to course/intimidate governments or
societies in pursuit of self-vested political and social goals.”1

At least two views exist for defining the term cyber terrorism as traditionally understood2:

1. Effects-Based: Cyber terrorism exists when computer attacks result in unsettling effects enough to
generate fear comparable to a traditional act of terrorism, even done via online sources.

2. Intent-Based: Cyber terrorism exists when illegal, politically motivated computer attacks are done to
coerce government or people to further a political objective, or by causing grave harm or severe economic
damage.

Cyber terrorism consists of unlawful attacks and threats of maths against computers, networks and the
information stored therein when done to intimidate or coerce a Government or its people in furtherance of
political or social objectives.

Wars in the 21st century will increasingly require all elements of national power - not just the military. They
will require that economic, diplomatic, financial, law enforcement and intelligence capabilities work
together.

According to the Symbolic Communication theorist P.K. Kraber “as a symbolic act, terrorism can be
analysed much like media of communication consisting of four basic components; transmitter
themselves intended recipient or receiver who are message bombing, explosives and feedback reaction of
targeted audience".3

According to Tsfati, Yariv, and Gabriel Weimann, modern terrorism may be construed as an attempt to
communicate messages through the use of orchestrated violence.4

11th September 2001 was “Cyber Terrorist Attack” in new uncertain information technology and internet
dominated world. On October 2001 the Patriot Act was passed by the United States Congress which
recognised those who break into other computers, commit hacking, cracking and commit other cyber-crimes
which cause loss of National interest could be considered as cyber terrorists and must be prosecuted.

5
1
Himma, Kenneth Einar. “A View of Cyberterrorism Five Years Later.” Internet Security: Hacking, Counterhacking, and Society.
Sudbury, MA: Jones and Bartlett, 2007.
2
Tenth UN Congress on Prevention of Crime & Treatment of Offenders was held in Vienna on April 10-17, 2000.
3
Kraber, P. “Urban Terrorism: Baseline Data and A Conceptual Framework” Social Science Quarterly, 1971, pp. 52, 527-533.
4
Tsfati, Yarivand Gabriel Weimann: “Terror on the Internet, Studies in Conflict and Terrorism” 2002,25317-332.

6
 I. CYBER TERRORISM AND FUND-RAISING

Cyber Terrorism is on increase and it is funded through online credit card fraud. Extremists prefer methods
such as stealing identity and electronic fraud to support terrorist activities. When terrorist groups do not have
the internal technical capability, they may hire organised crime syndicates and cybercriminals from outside
under digital chat rooms. Reports indicate that terrorists and extremists in the middle east and south Asia
may be increasingly collaborating with cybercriminals for the international movement of money and
for the smuggling of arms and illegal drugs. These links with hackers and cybercriminals may be
examples of the terrorists” desire to reline their computer skills, and the relationships forged through
collaborative drug trafficking efforts may also provide terrorists with access to highly skilled computer
programmers.

To be properly called cyber terrorism attacks should be such to result into violence against persons, property
or society, resulting in extreme harm and generate high fear among the people. The beginning of cyber
terrorism can be traced right from early 1905 when the increase in the growth of internet and cyberspace was
visible in this world. Nowadays the terrorists on the cyberspace has more financial backing, higher technical
opportunities and even huge military backing and potential.

Cyberattacks although terrorists have been adept at spreading propaganda and attack instructions on the web,
it appears that their capacity for offensive computer network operations may be limited. The federal bureau
of investigation (FBI) reports that cyberattacks attributed to terrorists have largely been limited to
unsophisticated efforts such as e-mail bombing of ideological foes, denial of service attacks, or defacing of
websites. However, it says, their increasing technical competency is resulting in an emerging capability for
network based attacks.

The FBI has predicted that terrorists will either develop or hire hackers for complementing large
conventional attacks with cyberattacks. During his testimony regarding the 2007 annual threat
assessment, FBI director Robert Mueller observed that terrorists increasingly use the internet to
communicate, conduct operational planning, proselytise, recruit, train and to obtain logistical and
financial support. That is a growing and increasing concern for U.S.

In addition, continuing publicity about internet computer security vulnerabilities may encourage terrorists
interest in attempting a possible computer network attack, or cyberattack, against US critical infrastructure.
The internet, whether accessed by a desktop computer or by the many available handheld devices, is the
medium through which a cyberattack would be delivered. However, for a targeted attack to be successful, the
attackers usually require that the network itself remain intact, unless the attackers assess that the perceived
gains from shutting down the network entirely would offset the accompanying loss of their own
communication. A future targeted cyberattack could be effective if directed against a portion of the us.
Critical infrastructure, and if timed to amplify the effects of a simultaneous conventional physical or

7
chemical, biological, radiological, or nuclear terrorist attack.

8
 II. OBJECTIVES AND REASONS OF CYBER TERRORISM

Cyber terrorism has special features to make a distinction between a cyber terror attack and the activities of a
hacker. The cyber terrorist attack is pre-defined, and the victims are generally specific targets and the cyber
terrorist’s attacks objective is to destroy or damage specific targets like political, civil, economic, energy and
military infrastructure. And the object is to cause fear to achieve their political, religious or economic goals.
They persuade people to believe that the victims are vulnerable and their machinery negligent.

The objectives of a cyberattack may include the following four areas:

1. Loss of integrity, such that information could be modified improperly;

2. Loss of availability, where mission critical information systems are rendered unavailable to authorised
users;

3. Loss of confidentiality, where critical information is disclosed to unauthorised users; and

4. Physical destruction, where information systems create actual physical harm through commands that
cause deliberate malfunctions.

Publicity would also potentially be one of the primary objectives for a terrorist cyberattack. Even a
marginally successful cyberattack directed at the united states would garner considerable publicity. Some
suggest that were such a cyberattack by an international terrorist organization to occur and become known
to the public, regardless of the level of success of the attack, concern by many citizens and cascading
effects might lead to widespread disruption of critical infrastructures.

Thus, an attack should result in violence against persons or property, or at least cause enough harm to
generate fear. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination,
or severe economic loss would be the examples of cyber terrorism.

A terrorist’s ability to control, disrupt or alter the command and monitoring functions performed by these
systems could threaten regional and national security.

In modern times terrorism as a means and method to cause fear and undue violence against individuals,
groups or countries has posed a very menacing effect and as a big challenge in this world. The cause of
terrorism in this world are numerous including religious, geographical and against countries by one
country against the other countries. While terrorism is a complicated, complex and a very challenging task,
and is condemned by most of the people is almost all the countries in this world yet there is no unanimity
among the people about the methods to regulate the phenomenon of terrorism in this world. Historically,
many ways, means and methods have been used by people to terrorise one group of individuals or
countries or to terrorise the other group of individuals or countries.

9
10
Cyber terrorism is an attractive option for modern terrorists for several reasons:

First, it is cheaper than traditional terrorist methods. All a terrorist needs is a personal computer and an
online connection. Terrorists do not need to buy weapons such as guns and explosives; instead, they can
create and deliver computer viruses through a telephone line, a cable, or a wireless connection.

Second, cyber terrorism is more anonymous than traditional terrorist methods. Many Internet surfers,
terrorists use online “screen names” or log in as an unidentified “guest user,” making it very hard for security
agencies and police forces to track down their real identity. And in cyberspace there are no physical barriers
such as checkpoints to navigate, borders to cross, and customs agents to outsmart.

Third, the variety and number of targets are enormous of potential targets guarantee that terrorists
can find weaknesses and vulnerabilities to exploit. Several studies have shown that critical
infrastructures, such as electric power grids and emergency services, are vulnerable to a cyber
terrorist attack because the infrastructures and the computers system that run them are highly complex,
making it effectively impossible to eliminate all weaknesses.

Fourth, cyber terrorism can be conducted remotely, a feature that is especially appealing to terrorists.
Cyber terrorism requires less physical training, psychological investment, risk of mortality, and travel than
conventional forms of terrorism, making it easier for terrorist organizations to recruit and retain followers.

Fifth, cyber terrorism has the potential to affect directly a larger number of people than traditional
terrorist methods, thereby generating greater media coverage, which is ultimately what terrorists want.

The modern age being an era of elevated levels of technology where in computers, computers systems, the
cyberspace and internet have become immensely popular. And even the terrorists also use internet and
cyberspace frequently to achieve their terrorist’s objectives. The possibility of speedy, anonymous, to size,
accurate and timely information with the help of internet and cyberspace gives competitive advantage to the
terrorist and terrorists groups.

The decentralised nature of the internet as a medium and the associated difficulty in responding to emerging
threats can match the franchised nature of terrorist organizations and operations. It is unclear how great a role
the internet plays in coordinating the efforts of a particular group or strategy. Many Arabic language websites
are said to contain coded plans for new attacks. Some reportedly give advice on how to build and operate
weapons and how to pass through border checkpoints.

Thus, Cyber terrorist prefer using the cyber platform because it is Cheaper than traditional methods; the
action is very difficult to be tracked; they can hide their personalities and location; there are no physical
barriers or check points to cross; they can do it remotely from anywhere in the world; they can use this
method to attack a big number of targets; they can affect a large number of people.

11
12
 III. WHY AND HOW INTERNATIONAL TERRORISTS USE THE INTERNET?

The internet is used as a prime recruiting tool for insurgents. Extremists use chat rooms, dedicated servers
and websites, and social networking tools as propaganda machines, as a means of recruitment and
organization, for training grounds, and for significant fund-raising through Cyber Terrorism. These
websites and other internet services may be run by international terrorist groups, transnational Cyber
Terrorism organizations, or individual extremists. YouTube channels and Facebook pages of Taliban
and Al Qaeda supporters may radicalise western-based sympathisers, and provide a means for
communication between these “lone wolf" actors and larger organised networks of terrorists.

Other news articles report that a younger generation of terrorists and extremists, such as those behind the July
2005 bombings in London, are learning new technical skills to help them avoid detection by various nations”
law enforcement computer technology.

Internet’s Ponzi schemes, identity theft, counterfeiting, and other types of computer fraud have been shown
to yield high profits under a shroud of anonymity.

According to press reports, Indonesian police officials believe the 2002 terrorist bombings in Bali were
partially financed through online credit card fraud. There may be some evidence that terrorist organizations
seek the ability to use the internet itself as a weapon in an attack against critical infrastructures. Also, links
between terrorist organizations and cybercriminals may show a desire to hone a resident offensive cyber
capability in addition to serving as a means of procuring funds. To some observers, the term “cyber
terrorism” is inappropriate, because a widespread cyberattack may simply produce annoyances, not terror,
as would a bomb, or other chemical, biological, radiological, or nuclear explosive weapon. However, others
believe that the effects of a widespread computer network attack would be unpredictable and might
cause enough economic disruption, fear, and civilian deaths to qualify as terrorism.

Some of the contents found in terrorist’s computers are: (i) hits on websites that contained “sabotage
handbook” (ii) handbooks containing Internet tools, planning a hit, anti-surveillance methods, “cracking”
tools and (iii) Al-Qaeda actively researched publicly available information concerning critical infractures
posted on websites. While dealing with terrorist’s computers attention must be paid to studying their
ideology, history motivation and capabilities.

They use the following tools for their attacks like Sniffers, Rootkits, Network vulnerability Analysers,
Spoofing, Trojan Horses, Worms and Dos. They also use defacement to embarrass. The terrorists who
attacked the parliament on Dec 13, 2001 used the Steganography images for transmitting mails in encrypt
form. They use websites to actively recruit members and publicize propaganda as well as to raise and
transmit funds.

13
14
 IV. INCIDENTS OF CYBER TERRORISM

Serious attacks against critical infrastructures could be acts of cyber terrorism, depending on their impact.
Though critical information infrastructure of Defence, Nuclear installations like, Bhabha Atomic Research
Centre, Ministry of External Affairs etc. are air-gapped" making very difficult to check, but co-ordinated
attacks, with other national Government’s support the attack on national critical infrastructures is an
imminent danger. Though current situation in India elsewhere in world the Cyber Terrorism is not effective
but gearing up for the more likely situation as PRO-ACTIVE measure will prevent the attack and can
minimize the loss.

The increasing reports of cyber terrorism in India and around the world indicate the wide range of facilities
which are vulnerable because of the use of IT. Reports of cyber terrorism around the world include the July,
2009 cyber-attacks against the US and South Korea the Estonia) cyber-attacks and the Georgia 2008 cyber-
attacks where the internet scum government and political agencies, e-banking services, etc, were attacked
through distributed denial of service attacks, mass e-mail, spamming and website defacements and other
form of cyber-attacks as the landing of a US unmanned aerial vehicle (UAV) in Iran by a spoofing attack
through the feeding of false information to the drone. Apart from these, the onset of viruses like Stuxnet
and Duqu which are directed at industrial sabotage are a major concern. Alarmingly, the Stuxnet virus was
first used to attack Tehran’s nuclear programme, which destroyed its nuclear centrifuges by attacking the
PLC’s in 2010.

After Pokhran tests in 2001 hackers attacked on Bhabha Atomic Research Centre to steal nuclear test data. In
2002 Delhi police found out several mobile and landline connections with Abu Salem Ansari and other
terrorist groups through International Mobile Equipment Identity.6 E-mail message in the year 2002 and
August 2005 to attack important places of Kolkata and New Delhi respectively was cyber terrorism.

Internet becomes a way to engage in War. That is why cyber war or net war may be called War in the
Information Way or 1-Way. Taiwan against China, Israel against Palestine, India against Pakistan, China
against the USA and so on are some examples of Cyber War in 1-Way or Superhighway. Terrorists can very
easily attack through 1-Way their targets. Sometimes they attack 1-Way too to fulfil their ends.

In India, attacks like those described above have been carried out. A total of 90 in 2008, 119 in 2009, 252 in
2010 and 219 in 2011 Indian government websites have reported to have been hacked. Currently, the Delhi
police has been directed by the courts in an application (titled Tanikella Rastogi Associates v. State) under
Sections 156(3) and 200 of the Criminal Procedure Code to investigate hacking of hundreds of Indian and
international websites including critical government websites, by Pakistan’s group hackers PakCyberEaglez.

Cyber terrorism in Jammu and Kashmir. In Jammu and Kashmir, the Website and network are used by
terrorists for communication between senior commanders in the Kashmir valley and control station. Between
Kashmir Valley and DOD, a “Udhampur” Rajauri regions and North-South Pir Panjal range there were Lines
15
of Site (LOS) to provide network facilities.

16
Earlier terrorists used to use High Frequency Radio Network as means of communication. In April-May 2003
three cellular phones and one satellite phone were recovered in Surankat area by army operation, In India,
terrorists are also users of BSNL network along with STD and ISD facilities to connect with Pakistan and
other countries.

Terrorists of Ayodhya incident June 2005. On 23rd July 2005, Indian Police found mobile phone link with
Unani doctor Irfan Khan and terrorist of Ayodhya incidents. In this connection one of the terrorist was
identified as Amin@zuber native village man of Dr. Khan. During this search police also unearthed two
militants in Akbarpur who rented a room, where the police found out torn hand sketch of Ayodhya incident
and 4th July newspapers. Just after one hour of Ayodhyya Temple attack it was found out on Tuesday
through a caller identifying mobile phone system that Gazi Misbah-ud-Din was the operational Chief of
Kashmir’s biggest indigenous militant outfit. The mobile phone conversation as claimed was “Hello, this is
Gazi. Note it down we have not done it. In fact, we condemn this attack. It is a handiwork of Hindu
extremists and right wing political parties. For, only they have benefited from this attack”.

It was not only Gazi who picks up BSNL or Airtel phone rather all militants use these for terrorist activities.
In March 2000, Japan’s Metropolitan Police Department reported that a software system they had procured
to track 150 police vehicles, including unmarked cars, had been developed by the Aum Shinryko cult, the
same group that gassed the Tokyo subway in 1995, killing 12 people and injuring 6,000 more. At the time
of the discovery, the cult had received classified tracking data on 115 vehicles. Further, the cult had
developed software for at least 80 Japanese firms and 10 government agencies. They had worked as
subcontractors to other firms, making it almost impossible for the organizations to know who was
developing the software. As subcontractors, the cult could have installed Trojan horses to launch or
facilitate cyber terrorist attacks later.

Most of the Indian websites are hacked by Pakistani hacker groups. Terrorists are keen to attack in
superhighway because it is not only easier, quicker and cheaper but also in cyber world it is easy to tide one-
self to avoid evidence as there is no need of visa to visit other countries, sitting in home Land they can attack
large number of targets.

We have evidence of the Distributed Denial of Service attack on let October 2002 by which 9 out of 13
servers were jammed. In 1997, Swedish hackers jammed emergency telephone systems in the West Central
Florida. In the years 1998, 2000, 2001 and 2002 attack on NASA and the USA Defence Department,
Educational and Health Departments, attack on World Trade Centre and Pentagon and attack on the Indian
Parliament were victims of cyber terrorism.

In 1998, ethnic Tamil guerrillas swamped Sri Lankan embassies with 800 e-mails a day over a two-week
period. Messages read "We are the Internet Black Tigers and we're doing this to disrupt your
communications." Intelligence authorities characterized it as the first known attack by terrorists against a

17
country's computer systems. Therefore, from the result of these attacks we can perceive how dangerous this
crime can be.

18
 V. CYBER TERRORISM IN INDIA

Indian Government and e-business sectors raised voice to act against anti Indian hacking especially Pakistani
hackers. Now cyber-crimes are dealt with following the Criminal Procedure Code, the Indian Penal Code and
the Information Technology Act 2000. Though the Information Technology Act 2000 provides for
Information Technology (Appellate) Tribunal and accordingly Rules 2000 were made but till date these are
not implemented. We do not have any Legislation specially dealing with cyber-crimes like Malaysia has.
However, NASSCOM President Kiran Karnik also expressed his view towards establishment of Fast Track
Court to deal with cyber terrorism.

 Indian Computer Emergency Response Team

As proposed by the proposed Information Technology (Amendment) Bill 2006, S. 70A was inserted.

Under S. 70A (1) the Indian Computer Emergency Team (CERT/ IN) shall serve as the national nodal
agency in respect of Critical Information Infrastructure for coordinating all actions relating to information
security practices, procedures, guidelines, incident prevention, response and report.

Under S. 70A (2) the director of the CERT may call for information pertaining to cyber security from the
service providers intermediaries or any other person.

Failure to supply this information shall be punishable under S. 70A (3) with imprisonment for a term which
may extend to one year or with fine which may extend up to rupees one lakh or with both.

Under S. 70A (4) the Director may by order delegate his power to officers not below the rank of Deputy
Secretary to the Government of India.

“Cyber-crime” is not defined under the present Act. Possible definition of cyber-crime may be as follows:
“Human conducts which are prohibited by State under criminal law and which are related to Information
Technology as target or as tools.” But to have specific concept of cyber-crime, definition of crime itself must
be Specific we can define crime as human conduct, which are prohibited by the State through criminal law.

This was very important step taken by Indian legislature by Amendment Bill 2006 though after six years of
the Information Technology Act 2000. This must be enforced immediately. So far, the intermediaries and
internet service providers are concerned there is great need to change the law by imposing liabilities on them
for cyber terrorism and other cyber-crimes which are committed through their service or services. So far, the
interception or monitoring of computer resource is concerned, amendment of S. 69 must be welcomed.

There is a great need of immediate safeguards or guidelines to be prescribed by appropriate Government

which are to be followed by authorised authority for interception or monitoring or decryption process to
prevent and control cyber terrorism and other cyber-crimes.

19
20
The Amendment Bill 2006 proposed to reduce responsibilities of intermediaries that they shall not be liable
for any third-party information data or communication link made available by intermediaries. Where for
websites there is no notice to intermediaries and no question of failure of care and caution on their part, they
will not be liable for any websites or links provided by them as intermediaries.

Therefore, if terrorist’s website is not prohibited or banned with proper notice, intermediary will not have
any responsibility for providing link to those websites.

The law enforcement agencies must be very active about prompt action to find out any relevant links and
websites, and to notify immediately to intermediaries accordingly.

Cyber terrorism is attractive because it is cheaper, anonymous, the variety and number of targets an:
enormous. And which can be conducted remotely. In India with the amendment of it (amendment) act,
2008, a new provision has been introduced for the punishment for cyber terrorism” and new section 66F
states as follows:

S. 66F. Punishment for Cyber Terrorism. -( 1) Whoever, -

(A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people
or any other section of the people by-

(i) denying or cause the denial of access to any person authorized to access computer resource; or

(ii) attempting to penetrate or access a computer resource without authorization or exceeding authorized
access; or

(iii) introducing or causing to introduce any computer contaminant, and by means of such conduct causes or
is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing
that it is likely to cause damage or disruption of supplies or services essential to the life of the community or
adversely affect the critical information infrastructure specified under section 70, or

(B) knowingly or intentionally penetrates or accesses a computer resource without authorization exceeding
authorized access, and by means of such conduct obtains access to information, data or computer database
that is restricted for reasons for the security of the State or foreign relations; or any restricted information,
data or computer database, with reasons to believe that such information, data or computer databases
obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of
India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in
relation to contempt of Court, defamation or incitement to an offence, or to the advantage of any
foreign nation, group of individuals or otherwise, Commits the Offence of cyber terrorism.

(2) Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which
may extend to imprisonment for life.
21
22
 VI. INTERNATIONAL ASPECT ON CYBER TERRORISM

Terrorism is a kind of threat or generating fear in minds of people or Government which is not predictable.
For example, 11th September 2001 attack on World Trade Centre, Pentagon in the United States of America,
on 7th July 2005 attack in London, attack in Mumbai, Kashmir in the year 2006, Defacement of Indian
Military sites in India by hackers in July 2005, even in the year 2000 flowing of “I love you” virus to
collapse internet and computer system etc. are a few examples of terrorist attack.

a) Federal Government Efforts to Address Cyber Terrorism

Several U.S. Government organizations appear to monitor terrorist websites and conduct a variety of
activities aimed at countering them. Given the sensitivity of federal government Programmes responsible
for monitoring and in filtrating websites. Information regarding the organizations and their specific
Activities is deemed classified or law enforcement-sensitive and is not publicly available. The federal
government organizations responsible for monitoring and infiltrating jihadist websites. It should be noted
that the actions associated with Organizations listed below could be conducted by employees.

 Central Intelligence Agency (CIA): development, surveillance, and analysis of websites, commonly
referred to as honey pots, for purposes of attracting existing and potential jihadists searching for
forums to discuss terrorism-related activities.5

 National Security Agency (NSA): surveillance of websites and rendering them inaccessible.

 Department of Defence(DOD): surveillance of websites focused on discussions of perceived

vulnerabilities of overseas U.S. military facilities and disabling those that present threat to operations.

 Department of Justice (DOI): development of polices and guidelines for creating, interacting
within, surveilling, and rendering inaccessible websites created by individuals wishing to use the
internet as a forum for inciting or planning terrorism-related activities.

 Federal Bureau of Investigation (FBI): monitoring of websites and analysis of information for
purposes of determining possible terrorist plans and threats to US Security interests.6

 Department of homeland security (DHS): monitoring of websites and analysis of information for
purposes of determining possible threats to the homeland.7

5
Ellen Nakashima, "Dismantling of Saudi-CIA Web site illustrates need for clearer cyberwar policies," Washington Post, March
19, 2010, http://www.washingtonpost.com/wp-dyn/content/article/2010/03/18/AR2010031805464.html.
6
Testimony of Steven Chabinsky, Deputy Assistant Director, Cyber Division, Federal Bureau of Investigation, before the Senate
Judiciary Committee, Subcommittee on Terrorism and Homeland Security, "Cybersecurity: Preventing Terrorist Attacks and
Protecting Privacy in Cyberspace," November 17, 2009, http://www.fbi.gov/congress/congress09/chabinsky111709.htm.
7
DHS, Privacy Impact Assessment for the Office of Operations Coordination and Planning, "2010 Winter Olympics Social Media
Event Monitoring Initiative”.
23
24
Numerous other federal government organizations have cyber security responsibilities focused on policy
development, public awareness campaigns, and intergovernmental and private sector coordination efforts.
Information gleaned from the agencies may at times be used to help inform and advise non-federal
government entities responsible for safeguarding a geographic area or activity that has been discussed in an
online jihadist forum.

b) Federal Government Monitoring and Response.

Several reasons exist that may provide justification for the federal government to monitor websites owned,
operated or frequented by individuals suspected of supporting International jihadist activity that pose a threat
to US Security Interests.

For Example, a recent controversy in the united states about a proposed burning of copies of the Quran on
the ninth Anniversary of the September 11, 2001, attacks led to increased chatter on international jihadist
websites. The FBI reportedly disseminated an intelligence bulletin specifically noting online threats to the
pastor and church planning to conduct this even and more general threats to U.S. global interests.

c) The United States Signed the Convention on Cyber Crime.

In November 2001, the United States signed the Convention on Cyber Crime which was the first
International, multilateral treaty which specifically ask all the member States for international co-operation
in the investigation and prosecution of the cyber criminals; which includes extradition of criminals,
searches and seizures, prosecutions with substantive and procedural provisions. The very next year, the
United States passed the Cyber Security Enhancement Act 2002 to prevent and control cyber terrorism and
other cyber-crimes and to implement security measures.

In United States v Dino A. Amato, the US. District Court in Ohio charged the defendant, a 37-year-old man
for knowingly violating the regulations and administrative order of NASA. Defendant was a former contract
employee of computer service at the NASA in November 2001.

When he was in employment, he downloaded “zipped” computer file called “zip”42” from internet. He then
transmitted same through internet to an e-mail account holder of NASA e-mail server more than 7 times with
intention to cause damage of about $ 12,000. He was charged for the violation of Title 18, U.S.C. S. 799 and
for violating NASA’s rules and regulation. He was punished with 1 Year imprisonment and $100,000 fine.

According to Dewang Mehtia, former President of NASSCOM about 635 Indian websites were hacked
during the year 2000.8 The awareness on e-security was very poor in India; Companies here were spending
only 0.8 percent of their information technology spending annually as against the world average of 5.5
percent.

25
8
National Association of Software and Service companies; For details see http://www.BBCNews. com/10thJanuary2001/News.

26
 d) Professional efforts of International Criminal Police Organization (Interpol)

Many international organizations qualify for professional organizations, because their goals and activities are
focused on certain specific issues; these organizations include Interpol, the International Telecommunications
Union, etc. However, professional efforts here primarily mean substantial actions in the field of cybersecurity
protection and Cyber Terrorism prevention. Although some other organizations also greatly contribute to
coordinating cybersecurity protection, their emphasis is not necessarily on the law. By this standard, this
section only analyses the actions of the International Criminal Police Organization (Interpol).

As an international law-enforcement organization with 184 members, Interpol started to tackle computer
crime very early, coordinating law-enforcement agencies and legislations, in regard to which Interpol made
efforts to improve counter-Cyber Terrorism capacity at the international level.

In regard to law enforcement, Interpol has provided a technical guidance in Cyber Terrorism detection,
investigation and evidence collection. The Interpol Information Technology Crime Investigation Manual was
compiled by the European Working Party on Information Technology Crime. Compared with the substantive
and procedural law harmonization of today's Convention on Cyber Terrorism, the Manual developed a
technological law-enforcement model to improve the efficiency of combating Cyber Terrorism.

e) The Asia-Pacific Economic Cooperation (APEC)

In the Asia-Pacific region, the APEC coordinates its 21 member economies to promote cybersecurity and to
tackle risks brought about by Cyber Terrorism. The APEC has conducted a capacity-building project on
Cyber Terrorism for member economies in relation to legal structures and investigative abilities, where
advanced APEC economies support other member-economies in training legislative and investigative
personnel.

The Telecommunications and Information Ministers of the APEC economies issued the Statement on the
Security of Information and Communications Infrastructures and a Programme of Action in 2002, supporting
measures taken by members to fight against misuse of information.

The Ministers and Leaders of APEC have made a commitment to "endeavour to enact a comprehensive set of
laws relating to cybersecurity and Cyber Terrorism that are consistent with the provisions of international
legal instruments, including the UN General Assembly Resolution 55/63 and Convention on Cyber Terrorism
by October 2003."

In 2005, The sixth APEC Ministerial Meeting on the Telecommunications and Information Industry passed
the Lima Declaration, "encouraging all economies to study the Convention on Cyber Terrorism (2001) and to
endeavour to enact a comprehensive set of laws relating to cybersecurity and Cyber Terrorism that are
consistent with international legal instruments, including UN General Assembly Resolution 55/63 (2000) and
the Convention on Cyber Terrorism (2001).
27
28
 f) The Council of Europe (COE)

The Council of Europe has been working to tackle rising international anxiety over the risks brought about
by the automatic processing of personal data since the early 1980s. In 1981, Council of Europe
implemented Convention for the Protection of Individuals with Regard to Automatic Processing of
Personal Data which was revised according to Amendment to Convention ETS No. 108 Allowing
European Community to Accede, 15 June 1999, and Additional Protocol to Convention ETS No. 108 on
Supervisory Authorities & Trans-border Data Flows, 8 June 2000. Convention covers protection of personal
data in both public & private sectors.

Chapter II of the Convention established basic principles for data protection, one of which is data security
(Article 7), covering the prohibition of accidental or unauthorized access, alteration and dissemination.

In the 2004 Conference on Cyber Terrorism, the Council of Europe called for "wide and rapid" access to and
"effective implementation" of the Convention on Cyber Terrorism, raising awareness in the highest political
level, and encouraging cooperation between public and private sectors.

In the 2005 Conference on Cyber Terrorism, the Council of Europe expressed concern about the fast-
increasing threats and serious social and economic results of Cyber Terrorism including terrorist activity on
the Internet, noting that most Cyber Terrorism recognized the need for effective and compatible laws and
tools to enable efficient cooperation to combat Cyber Terrorism, calling upon public and private
cooperation, and encouraging access to the Convention on Cyber Terrorism.

In 2006, the Council of Europe launched a Project against Cyber Terrorism, intended to grant assistance to
the development of national legislation in line with the provision of the Convention, training of judges,
prosecutors and law-enforcement officers, and training of criminal justice officials and 24/5 contact points in
international cooperation.

g) The European Union

The EU took a series of actions to tackle Cyber Terrorism through impelling a coordinated law enforcement
and legal harmonization policy. Civil liberty has also been a focus in the anti-Cyber Terrorism field.

On 27 November 2001, a plenary session took place in Brussels of the EU Forum on Cyber Terrorism,
organized by the EC, and where the primary discussion was about the retention of traffic data.9 In April
2002, the Commission of the European Communities presented a proposal for a Council Framework
Decision on Attacks against information systems, and this proposal constitutes the case of the Decision of
24 February 2005. Today, comprised of 27 member states and three candidate countries, the EU
remains active in addressing Cyber Terrorism.

29
9
(EU Forum on Cyber Terrorism, 2001).

30
 h) The United Nations (UN)

There are numerous global organizations. Nevertheless, UN is capable of being identified as the only global
organization that forms a forum of its 191 member states with fuller functions. Compared with professional
organizations, the UN does not limit its activities to certain domains.

In Resolution 55/63, the General Assembly noted value of the following measures to combat computer
misuse:

a. To ensure the elimination of safe havens for cybercriminals;

b. To coordinate cooperation in the investigation and prosecution of Cyber Terrorism;

c. To exchange information for fighting Cyber Terrorism;

d. To train and equip law-enforcement personnel to address Cyber Terrorism;

e. To protect the security of data and computer systems from Cyber Terrorism;

f. To permit the preservation of and quick access to electronic data pertaining to particular criminal
investigations;

g. To ensure mutual assistance regimes for the timely investigation of Cyber Terrorism and the timely
gathering and exchange of evidence;

h. To remind the general public of the requirement to prevent and combat Cyber Terrorism;

i. To design information technologies to help to prevent and detect Cyber Terrorism;

j. To consider both the protection of individual freedoms and privacy and the preservation of the
capacity of Governments to fight Cyber Terrorism.

i) The Organization of American States (OAS)

As other regional organizations, the Organization of American States (OAS) with 35 member states is also
highly concerned about the issue of Cyber Terrorism. Through its forum for the Ministers of Justice or of the
Ministers or Attorneys General of the Americas (REMJA), the OAS has long recognized the central role that
a sound legal framework plays in combating Cyber Terrorism and protecting the Internet.

The Group of Experts has been devoted to analysing Cyber Terrorisms, to inspecting domestic Cyber
Terrorism law, and to finding ways of cooperating in the Inter-American system of combating Cyber
Terrorism. The Group of Experts has held four meetings. The Meeting of the Ministers of Justice or of the
Ministers or Attorneys General of the Americas (REMJA III) has urged member states to take steps to
endorse Cyber Terrorism law; harmonize Cyber Terrorism laws to make international cooperation possible.

31
32
 j) The Commonwealth of Nations

The Commonwealth of Nations took a direct and timely action in the harmonizing laws of its member states.
The Convention on Cyber Terrorism has become one of the legislative choices in substantive criminal law,
covering the offences of illegal access, interfering with data, interfering with computer systems, illegal
interception of data, illegal data, and child pornography.

VII. THE FOCUSES OF INTERNATIONAL HARMONIZATION

From the above presentation on international actions in anti-Cyber Terrorism areas, we can further
summarize the major themes of these international organizations.

(i) Promotion of security awareness at the international level

The typical actions in this aspect have been taken by the UN. The UN's two Resolutions (55/63 (2000) and
56/121 (2001)) on Combating the Criminal Misuse of Information Technology recalled the importance of the
Group of Eight principles, and urged states to take these principles into account.

(ii) Promotion of security awareness at the state level

All international organizations have made efforts to promote security awareness at domestic level. There is
concern from government and media sources about potential damage that could be caused by cyberterrorism,
and this has prompted efforts by government agencies such as the Federal Bureau of Investigations (FBI) and
Central Intelligence Agency (CIA) to put an end to cyberattacks and cyberterrorism.10

(iii) Harmonization of legislation

Legal harmonization has been a major emphasis on the work of various international organizations.
Harmonization in Europe started in the 1980s and a recent achievement was Convention on Cyber Terrorism.

(iv) Coordination and cooperation in law enforcement

Interpol's European Working Party on Information Technology Crime compiled Computer Crime manual to
provide technical guidance in law enforcement. Convention on Cyber Terrorism also covers cooperative
mechanisms in law enforcement against Cyber Terrorism. EU discussed about retention of traffic data in
2001.

(v) Direct anti-Cyber Terrorism actions

The direct international anti-Cyber Terrorism actions comprise two fundamental aspects: Cyber Terrorism
prevention and Cyber Terrorism investigation. They have been more valuable before international
harmonization in legislation could come into being.

33
10
Laqueur, Walter; C., Smith; Spector, Michael (2002). Cyberterrorism. Facts on File. pp. 52–53. Retrieved 5 December 2016.

34
 CONCLUSION

For prevention and control of cyber terrorism the national internet security standards must be strong and of
world standard. Specially the Government agencies must choose LAN (Local Area Network) for internal
communications and they must adopt their own secret and confidential fibre method about their activities to
fight against virus, worm, denial of service attack, attack hacking in net way which are possible tools and
modes of cyber terrorism.

Other most important techniques required to prevent and control attack by terrorists in cyberspace is regular
updating of antivirus software, changing passwords and updating of operating system. Very important need
of the day is awareness, information technology educational and training among people who use net and
Government agencies and even who use non-Governmental computer system.

There is a need for International initiatives to prevent and control net warfare here is needed to improve
infrastructure of law enforcing agencies with speedy development of new multimedia technology. Only a
police officer not below the rank of Deputy Superintendents Police (DSP)can register or investigate hacking
and other cyber-crime, that means they are not easily accessible to attacked victims. And as a result, most of
the cases are going unreported and uninvestigated. Therefore, the rank of police must be brought down to
even below the rank of Inspector of Police.

Granting membership numbers to net-users for period and asking for this numbers for every use is very
authentic procedure which is followed by 1-way/Sify.com. Every cyber cafes and ISPs must follow the same
procedures to prevent cyber-crimes.

Before allowing to download or copy or internet connection every tune ISPs must ask for latest anti-virus
scan. Cyber cafes, ISPs and industries must adopt Bio-metric technologies to prevent cyber-crime. It will
recognise and record voice, authenticate personal identification, record fingerprint, finger and hand geometry,
record signature verification for example, how much time one takes for Signature, keystroke, typing and like;
record facial features, iris scan that is, the coloured part of eyes and retinal scan, DNA identification,
brainwave, ear pattern and like.

Deletion of confidential data after its application is another way to intact our information in cyberspace.
Though it will be preserved in guiding bin and when law enforcing agencies will need to reapply it, they a
restore deleted data again for their use. When we need to sell any used information-processing devices, we
instead delete all our data stored or available in it. Anyone can earn 50 lakhs or 50 crores who commits this
offence.

In Bangladesh, most of the cyber cafes have started to take record of net user’s personal information in detail
such as name, address, blood group, phone numbers, arrival and departure time to help the Government to
prevent and control cyber-crimes.

35
The turning point of terrorist activities may be identified in the year July 2006, when Delhi police was asking
cyber café owners to ask for photo identity cards from every net user and to maintain register for in and out.

Similar apprehensions or danger. Therefore, we must build relationship of trust and confidence between
cyber café and net users; By that process cyber cafes must be responsible or negligent; non-negligent and
unintentional discloser of those information’s Websites like Facebook, Twitter and the like need to be
completely banned and blocked immediately as these are identified as objectionable and illegal. The
Information Technology(Amendment) Bill 2006 proposed to reduce liability of intermediaries, this must not
be implemented if we need to combat cyber terrorism and other Cyber Terrorisms. There is a great need for
establishment of electronic courts and electronic learning process for people in India to prevent and control
Cyber Terrorisms. In India, fortunately, we have a strong legal basis for managing malware and the public
has no trouble supporting self-help measures to combat cyber-terrorism and malware.

New multimedia technology and internet have become part of our daily life in contemporary society and
have made life easier, quicker and cheaper. Computers are not only useful for communication and
information processing but also useful for typing, editing, drawing, copying, printing, musical purposes,
microwave, door keys, remote car driving, to use as remote control, in the form of wireless, mobile phone
and so on with ever increasing utility around human society.

Problems associated with the use of malware are not specific to any country since the threat is of a global
nature. Countries around the world are facing this problem and are trying their best to eliminate this problem.
The problem, however, cannot be effectively curbed unless it is supported by public support and a vigilant
judiciary system. The legislator cannot issue a law against the nation's general public in general. Therefore,
public support must be achieved first and foremost not only at the national level but also at the international
level. People around the world are not against the attribution of statutes that restrict the use of malware, but
are aware of their legitimate rights.

Therefore, the law to be promulgated by the legislator must pay attention to the public interest as a priority.
This can be achieved if appropriate technology is supported by appropriate legislation, which can only
address the threat created by the computers that send malware. Therefore, self-help measures
recognized by the legislator should not be disproportionate and excessive to threats received by malware.
Also, when using self- help measures, property and public rights should not be compromised. Nor would it
be unreasonable to ask that such self-help measures should not commit any omission of illegal acts.

Therefore, a self-help measure should not be such as to destroy or steal secret data or information stored on
the computer of the person who sends the malware. It should be noted that two mistakes cannot make the
right thing. Therefore, a demarcation line must be traced between self-help and law enforcement in hand.
Ultimately, we must not forget that self-help measures are "guard dogs and non-blooded dogs", and their
purpose should be limited to legitimate and proportionate defensive actions.

36
 ANALYSIS & SUGGESTIONS

The Analysis has been made on the basis of the questionnaire prepared by our team and suggestions has
been put forward on the basis of the same.

1. Whether cyber terrorism increase stress and anxiety?

Answer

TABLE 1
State/trait anxiety
measure STAI

Study
Study 2a, n =
  1a, n = 1027  907 

PerpetratorTreatment group  Unidentified  Hamas 

Control: no terrorism  2.3  2.7 

Cyberterrorism, non-lethal: asset and data loss (Study 1);

disclosure of account information, loss of funds (Study 2)  3.5  3.4 

Cyberterrorism, lethal: deaths and injuries  3.6  3.6 

Conventional (kinetic) terrorism, lethal: deaths and

injuries    4.0 

Significance  P < 0.001  P < 0.001 

F2,1035 = F3,942 =
ANOVA (Analysis of Variance)  139.65  34.23 

Analysis

Table 1 describes how anxiety increases as attacks become more severe. Every form of terrorism, whether
cyber or kinetic, lethal or non-lethal, increased anxiety and other negative emotions. Conventional (kinetic)
terrorism had the greatest effect upon all measures of negative affect and anxiety followed by lethal and non-
lethal cyberterrorism. However, the effects of lethal and non-lethal cyberterrorism were not statistically
distinguishable. Each kind of cyberterrorism generated increasing levels of anxiety. As an ongoing feature of
Israeli life, conventional terrorist attacks provoke anxiety more readily than cyberterror attacks.
37
38
 2. Whether the government is able to protect critical infrastructures and data and to prevent cyber – terrorism?

1st Qtr
2nd Qtr

Answer : 66.7% people answered in the affirmative the government policies and infrastructure is able to prevent
cyber terrorism.

Analysis: None of the attacks prompted outrage or lack of confidence in the government. On the contrary, the
manipulations prompted support for greater government intervention to assure security. It is no surprise then, that
confidence in the government is generally unaffected by cyber terrorism and may even increase in its wake.

39
3. Whether the political attitudes like security, civil Liberties, government regulation and Military Retaliation are
satisfactory pertaining to the cyber- terrorism?

Answer:

Study 1, n = Study 2, n = Study 3, n =

  1027  907  522 

Unidentified (% Hamas (% Anonymous (%

Perpetrator policy  agreeinga)  agreeinga)  agreeinga) 

Domestic cyber policy       

Surveillance       

Monitor for suspicious

expressions    67  54 

Read emails    46  23 

Monitor Facebook Twitter    61  48 

Regulation of business to
maintain cybersecurity  69  62  78 

Willingness to give up
privacy for security  54  44   

Retaliatory policy following

a hostile cyber attack       

Cyberattack on military
facilities    84  86 

Cyberattack on military and

civilian facilities    78  69 

Conventional attack on
military facilities    60  37 

Conventional attack on   65  31 

military and civilian

40
 Study 1, n = Study 2, n = Study 3, n =
  1027  907  522 

Unidentified (% Hamas (% Anonymous (%

Perpetrator policy  agreeinga)  agreeinga)  agreeinga) 

facilities 

Overall, the high percentages of support reflect widespread backing for these policies. Well over 50% support
government monitoring of emails for suspicious expressions and roughly 50% are willing to give up privacy
for security and allow the government to monitor social media (Facebook, Twitter). At the same time, 23%
will permit the government to read emails, a figure that doubles to 46% when the perpetrator is Hamas.

Looking beyond surveillance to retaliatory policy we see how military strikes, particularly cybernetic but also
kinetic, command significant support from the public. In response to cyberterrorism, the vast majority (69–
89%) support retaliatory cyberattacks against military and civilian targets while a significant number (31–65%)
support conventional, ‘kinetic’ counter attacks.

To explain why individuals hold different attitudes about surveillance and military retaliation, we looked at a
number of factors. The experimental manipulations within each study had no direct effect on political attitudes
as they did on anxiety and did not affect the extent to which individuals supported different types of retaliation.
That is, support for surveillance, regulation or military action was not affected by exposure to a simulated
cyberattack (With the exception of Study 1, (unidentified perpetrator), where the willingness to give up privacy
increased as the manipulation grew more severe.). Similarly, self-reported exposure to cyberattacks did not
affect attitudes towards these policies. Instead, variables that explain greater support for government
interference include political and religious conservatism, threat perception and the identity of the perpetrator.
Support from right-wing religious conservatives is consistent with the right’s traditional demand for security
and their support for the current right-wing government. Among our subjects, the odds that right-wing
conservatives would support militant policies were up to two times higher than those on the left. Beyond the
role of political orientation, however, lie the effects of threat perception. As threat perception (in contrast to
direct exposure to cyber violence) grows, individuals demand greater security from their government. Here, the
odds were 1.3–2.2 times higher that individuals with high levels of threat perception will support surveillance,
government regulation and military retaliation compared to those with lower perceptions of threat.

41
Our data also suggest that the identity of the perpetrator matters. Note how support for government
surveillance and, in particular, retaliatory ‘military’ strikes is appreciably greater when the manipulation
focused on a known terrorist group, Hamas, (Study 2) rather than on a hacktivist group, Anonymous (Study 3).
Our question was framed generally and asked whether subjects would support military retaliation following a
cyberattack. We did not ask whether they would support an attack against Hamas or Anonymous or their
sponsors. Nevertheless, and as Table  demonstrates, subjects participating in the Hamas experiment favoured
government surveillance far more than those in Study 3 (Anonymous) and supported conventional military
attacks of either sort (limited or large scale) by a margin of nearly 2:1. One reason may be that the
manipulation triggered fears of Hamas and burgeoning Islamic radicalism. Another reason may be the
recognition that Hamas, like ISIS, has infrastructures and territory vulnerable to conventional attack.

4.What is the extent of risk perception in cyber terrorism?

Answer:
Risk assessment
Cybe
r
What are the Cyber terro
chances of a terror r Convention Total
cyberattack Contro non- letha al Sig. averag
causing:  l  lethal  l  terrorism  ANOVA  ea 

1. Theft of data,
assets, identity  3.0  3.1  3.1  3.2  NS  3.1 

2. Attacks on
state facilities:
military, stock
exchange,
government
offices  3.7  3.7  3.5  3.8  NS  3.6 

3.
Destruction/dama
ge of critical <0.001 F3,90
infrastructuresb  4.4  4.7  4.6  4.8  7 = 5.9  4.6 

4. Loss of life or <0.001 F3,90

limbc  2.7  2.7  3.1  3.2  8 = 19.22  2.9 

Analysis

The data demonstrate how experimental manipulations exacerbate some assessments of risk from
42
cyberterrorism. After viewing video clips of cyber or conventional terror attacks with lethal consequences,
subjects’ perceptions of risk to life, limb and infrastructures were significantly greater than of those viewing the
more benign clips (rows 3, 4). When asked to assess the chances of a cyberattack-causing destruction of critical
infrastructures the average response rose from 4.4 in the control group to 4.8 in the conventional terrorism group.
Similarly, when asked to assess the chances of a cyberattack-causing loss of life and limb the average response
rose from 2.7 in the control group to 3.2 in the conventional terrorism group. On the other hand, the
manipulations did not affect the risk associated with data theft or attacks on the stock exchange or government
offices (rows 1, 2). These stayed constant across the manipulations. These attitudes reflect concerns about the
future threat of cyberterrorism. The risk associated with identity theft, asset loss and attacks on the government
offices is stable, while the risk associated with significant bodily or infrastructural harm is not. Individuals seem
to think they understand the risks of non-lethal cyberterrorism but seem unsure about the risks of lethal
cyberterrorism when, in fact, our data indicate much the opposite. They underestimate the danger of non-lethal
cyberterrorism while often overestimating the danger of lethal terrorism particularly when the perpetrator is a
known terrorist organization. As such, it is important to notice that the perception of threat, in part, contradicts
reality. For many subjects, the risk of an attack that destroys or damages critical infrastructures, which has yet to
materialize to any significant degree (average 4.6), is significantly ‘greater’ than the risk of an attack on stock
exchanges, government offices, personal computers, banks and credit cards that are clear and present dangers
(average 3.6). While these outcomes might be partially explained by a manipulation that primes subjects for
threats to infrastructures, our control group viewed no attack and still assessed some risks unrealistically high. At
the same time the average perception of risk associated with the theft of data, assets and identity (average 3.1)
was little different from a risk that a cyberattack would bring death or injury (average 2.9). They perceive the
risk of these hazards equally despite the fact that the former is relatively common and the latter non-existent.

4. Whether cyberterrorism affects the psychological aspect of victim?

1st Qtr
2nd Qtr

Answer: 70% people given answer in affirmation that cyberterrrorism affects the psychological aspect of
the victim. 30% population given answer in negation .

Analysis: First, cyberterrorism aggravates anxiety and personal insecurity. Secondly, lethal and non-lethal
43
terrorism exacerbate perceptions of threat and personal insecurity. Thirdly, many people, particularly those
with high levels of threat perception, are willing to support strong government policies. These policies split
along two lines and include foreign policy (e.g. cyber and/or kinetic military responses to cyberattacks) and
domestic policy (e.g. tolerance of government surveillance and control of the Internet). As threat perception
increases, individuals take increasingly stringent political views. Like conventional terrorism, cyberterrorism
hardens political attitudes as individuals are willing to exchange civil liberties and privacy for security and
support government surveillance, greater regulation of the Internet and forceful military responses in response
to cyberattacks. And while these measures are meant to ensure national security, such foreign and particularly
domestic policies may adversely affect the unfettered discourse necessary for a vibrant and open democratic
society.

Nevertheless, cyberterrorism does not significantly undermine confidence in the national government or its
institutions any more than conventional terrorism does. This was evident from our confidence measures
comparing a control group to those exposed to depictions of conventional and cyberterrorism. As noted at the
head of this article, such broad measures of confidence are not always affected by terrorism or other traumatic
events. On the contrary, such events often strengthen public confidence as occurred in the USA post 9/11 [11,
9]. These findings about confidence go hand in hand with demands for greater security. As individuals,
particularly those with heightened levels of threat perception, demand more government oversight, they
cannot express a lack of confidence in the government without unease. Supporters of intrusive government
regulation and surveillance must be confident that the authorities will do their jobs effectively and without
abusing the greater authority they now enjoy.

This does not mean governments can remain quiescent. This is true for governments in Israel, whose
population was the subject of these studies, and just as important for governments in the USA, Europe and
elsewhere. Just as 20th-century studies of the psychology of terrorism in Israel informed post 9/11 research,
the effects of cyberterrorism in Israel are equally relevant. Cyberterrorism is a transnational phenomenon. In
fact, the effects of cyberterrorism may prove weaker in Israel than elsewhere as research develops. For
Israelis, Hamas is a known quantity, a partner to a long simmering but, to date, manageable conflict that
occasionally erupts into sustained violence. To pursue its goals Hamas must publicize its demands and
attacks. Attribution is not an issue. For ISIS and the proxies of hostile nations, on the other hand, this is not
necessarily true. Attacks are difficult to attribute with certainty and hacktivist demands are often unknown,
thereby allowing foreign governments to conduct offensive cyber operations by proxy. Such attacks trade on
uncertainty and disruption that may exacerbate anxiety, threat and risk perception in many Western nations to
a greater extent than we have seen in Israel.

The outsized risk attributed to threats to life, limb and infrastructure track previous studies that ascribe
relatively high levels of risk perception to hazards associated with uncertainty and dread risk, i.e. events
‘perceived by lack of control, dread, catastrophic potential and fatal consequences’. Lichtenstein describe how
media exposure, particularly sensational media coverage, catastrophic outcomes and lack of direct experience
skew assessments of risk. To some extent, cyberterrorism fits these models. Although there are only
hypothetical lines between cyberattacks and mass casualties, the great risk attributable to infrastructure
damage and loss of life and limb might be explained by their possible catastrophic effects, the benefits that
they provide (thereby making them a likely target as well as a significant source of concern if threatened), the
inability to always identify perpetrators or their motives, and the division of opinion among experts that only
exacerbates uncertainty. The role of media coverage remains unstudied but may provide insight into the high
risks that many people associate with cyberterrorism. Slovic also reminds us that a kinetic terrorist attack
comes with significant ‘signal value’, the perception that an event will reverberate in the future and generate
further death, destruction and mayhem . The result is to overestimate risk. On the other hand, and in contrast
to the studies cited, cyberterrorism has never caused death or injury. As such, cyber risk, with is peculiar
counterfactual (if we protect ourselves nothing will continue to happen), is likely to be the next frontier of risk
perception theory.

44
Finally, our data suggest that threat perception and not only actual cyber events drive the cognitive effects of
cyberterrorism. While individuals demand Internet surveillance and regulation, and forceful military
responses to cyberattack following the experimental manipulations, many people are responding to their fears
rather than to specific cyber events. In other words, it does not take exposure to actual events to trigger
anxiety, rather the perception of threat alone. These results are consistent with studies that document how
simply raising and lowering terror threat alerts can increase anxiety and depression and foster a willingness to
‘accept both restrictions on their personal freedoms … and violent actions against others’ [48]. Here, too,
there is no actual attack in the offing, only the fear of an attack. Threat perception, not an actual attack is
sufficient to unsettle individuals to the extent many terrorists desire. As a result, authorities will need to
recognize that they cannot reduce fears of cyberterrorism and its pervasive effects solely by eliminating
cyberattacks that will, quite possibly, only grow more severe. Rather, policymakers must think about ways to
enhance resilience in much the way they have in the context of kinetic terrorism and other disasters.

Suggestions:

It suggests that the government, the private sector and the academic community should effectively communicate
the risks of cyberterrorism and take steps that will help instill effective cybersecurity practices. Furthermore, if
individuals feel they can communicate their concerns to their government and the authorities are attentive.
These efforts are intertwined. Providing cybersecurity depends, in part, upon securing compliance with
cybersecurity measures. Compliance, in turn, depends upon how accurately the public assesses the risk of
cyberattacks and upon how successfully government and private agencies communicate cyber risks and the
precautions that individuals must take.

To secure computer systems, we draw attention to the many programmes in schools and businesses to impart the
knowledge and skills individuals need to maintain personal cybersecurity. Currently, it is our impression that the
only evaluation tool is performative, i.e. how well end-users master and adopt the necessary skills to protect
their online assets (e.g. recognizing malware, changing passwords, updating firewalls). To fully assess the
benefits of these tools, further research is required to understand how these educational and intervention
programmes might impart the fear/stress reducing skills to cope with cyberterrorism and to improve resiliency,
i.e. withstand adverse psychological effects of cyberterrorism, overcome feelings of vulnerability and regain a
sense of control. Experience with kinetic terrorism also points to the benefits of psychological intervention.
Mitigating the deleterious effects of cyberterrorism and strengthening resilience may diminish the impact of
cyberterrorism and the chance it will spill over into militancy, kinetic war and protracted conflict.

45
 BIBLIOGRAPHY
1. PRIMARY SOURCES
The Constitution of India,1950.
Information Technology Act, 2000.

2. SECONDARY SOURCES

 BOOKS
1. APARNA VISWANATHAN, CYBER LAW: Indian & International Perspectives (Lexis Nexis
Butterworth, Nagpur, 2nd ed.)

2. BARKHA & U. RAMA MOHAN, CYBER LAW & CRIMES (Asia Law House, Hyderabad, 3rd ed.)

3. DENZYL P. DAYAL, Handbook of CYBER CRIMES (Dominant Publishers & Distributors Pvt.
Ltd., New Delhi, 1st ed.)

4. GARIMA TIWARI, UNDERSTANDING LAWS: Cyber Laws & Cyber Crimes (Lexis Nexis
Butterworth, Nagpur, 4th ed.)

5. HARISH CHANDER, Cyber Laws and IT Protection (PHI Publications, 4th ed.)

46
6 . HARISH GOEL, CYBER CRIME (Rajat Publications, New Delhi, 1st ed.)

7. PAWAN DUGGAL, Textbook on CYBER LAW (Universal Law Publishing, 2nd ed.)

 WEB SOURCES

1. www.scconline.com
2. www.lexisnexisindia.com
3. www.heinonline.com
4. www.manupatra.com
5. www.indiakanoon.com

 ARTICLES FROM NEWSPAPERS

1. The Hindu
2. The Times of India
3. The Tribune

47