INTRODUCTION

The world of Internet today has become a parallel form of life and living. The public are now
capable of doing things which were not imaginable few years ago. The Internet is fast becoming
a way of life for millions of people and also a way of living because of growing dependence and
reliance of the mankind on these machines. Internet has enabled the use of website
communication, email and a lot of anytime anywhere IT solutions for the betterment of human
kind.

Internet, though offers great benefit to society, also present opportunities for crime using new
and highly sophisticated technology tools. Today e-mail and websites have become the preferred
means of communication. Organizations provide Internet access to their staff. By their very
nature, they facilitate almost instant exchange and dissemination of data, images and variety of
material. This includes not only educational and informative material but also information that
might be undesirable or anti-social. Regular stories featured in the media on computer crime
include topics covering hacking to viruses, web-jackers, to internet paedophiles, sometimes
accurately portraying events, sometimes misconceiving the role of technology in such activities.
Increase in cyber-crime rate has been documented in the news media. Both the increase in the
incidence of criminal activity and the possible emergence of new varieties of criminal activity
pose challenges for legal systems, as well as for law enforcement.

Cyber Warfare is using computers over the Internet to conduct acts of warfare against other
websites or groups on the Internet. This could include defacing websites, distributed denial of
service attacks, distributing propaganda, and gathering classified data over the Internet. Cyber
Terrorism is different from Cyber Warfare. Cyber Warfare can be inconvenient from having to
clean up a website from vandalism or suffering from downtime because of a denial of service
attack. With Cyber Terrorism, violence can result from an attack.1

The term “cyber terrorism” was coined in1996 by combining the terms cyberspace and
terrorism. Cyber terrorism is the dark side of the web world. Cyber terrorism is the
premeditated, politically motivated attack against information, computer systems, computer

1
M. A. Vatis.. “Cyber Attacks During the War on Terrorism: A Predictive Analysis,” 2001. Special Report, Institute
for Security and Technology Studies
programs, and data which result in violence against non-combatant targets by sub national
groups or clandestine agents. It is the use of disruptive activities or the threat thereof, in cyber
space, with the intention to further social, ideological, religious, political or similar objectives,
or to intimidate any person in furtherance of such objectives.

According to Mark Pollitt of the Federal Bureau of Investigation, the definition of Cyber
Terrorism is, “the premeditated, politically motivated attack against information, computer
systems, computer programs, and data which results in violence against non-combatant targets
by sub national groups or clandestine agents”. This definition according to Verton, “covers both
cyber terrorism and terrorism in general”, he continues on that, “not only can systems be
attacked through cyber means, but also attacking the physical hardware that makes up computer
systems”.

CYBER WARFARE AND CYBER TERRORISM – AN INSIGHT

Cyber Warfare and Cyber Terrorism have both similarities and differences. They are similar in
sense that both involve using computer systems against other computer systems, although with
Cyber Terrorism the physical system can also be targeted. They are both different because in
Cyber Terrorism, violence can occur, such as people can be hurt or killed.

There are many reasons why these attacks occur. Probably one of the main reasons is to state a
goal or objective that disagrees with a view of another community. For example, an anti-
abortion group defacing an abortion clinic’s website, or performing a denial of service against a
website so that people cannot access it and receive information from it. These would be acts of
Cyber Warfare.2

With Cyber Terrorism, these attacks occur because of numerous reasons. The word terrorism
itself has the word terror in it, which means to strike fear and dread into an individual. There
have been many Terrorism attacks throughout history, including the one on September 11, 2001.
With Cyber Terrorism, it uses that fear and dread by utilizing it over the Internet to attack

2
Cited in E. Montalbano. 2004. “Homeland Security Chair likens ‘Cyber Terrorists’ to Al Qaeda.” CRN News
computer systems that control numerous things, hacking government websites and stealing top
secret information that could be used against that government by the terrorists. Similar to Cyber
Warfare, most terrorist goals, besides striking fear into other groups and nations, is to convey a
political message to the government or nation that they oppose.

There are various reasons for these cyber-attacks are:

• Fear Factor - The most denominator of the majority of the attacks is terrorists wishing to
create fear in individuals groups and societies. The best example is bombing of Bali
Nightclub, in 2002. This night club was nothing but watering for foreign tourists. The
influx of foreign tourists to Bali was significantly reduced after this attack.

• Spectacular Factor - Spectacular means attacks aimed at either creating huge direct losses
and/or resulting in a lot of negative publicity. In 1999, the Amazon.com Web site was
closed for some time due to a denial of service (DOS) attack.

• Vulnerability factor - Cyber activities do not always end up with huge financial losses.
Some of the most effective ways to demonstrate an organization’s vulnerability is to
cause a denial of service to the commercial server or something as simple as the
defacement of an organization’s Web pages, very often referred to as computer graffiti.

In general, today’s cyber-attacks consist primarily of:

• Virus and worm attacks that are delivered via e-mail attachments, Web browser
scripts, and vulnerability exploit engines.

• Denial of service attacks designed to prevent the use of public systems by legitimate
users by overloading the normal mechanisms inherent in establishing and maintaining
Computer-to-computer connections.

• Web defacements of informational sites that service governmental and commercial

interests in order to spread disinformation, propaganda, and/or disrupt information
flows.
 • Unauthorized intrusions into systems that lead to the theft of confidential and/or
proprietary information, the modification and/or corruption of data, and the inappropriate
usage of a system for launching attacks on other systems.

CYBER WARFARE & CYBER TERRORISM – VICTIMS & EXAMPLES

With Cyber Warfare, any website on the Internet and the people who are affiliated with them
can be affected by Cyber Warfare attacks. Going back to the previous example of the abortion
clinic, not only has the website been defaced by an anti-abortion group, it effects the people who
run the website, mainly those of the abortion clinic, and people who support abortion can be
affected by this act of vandalism. Also depending on the intensity of the vandalism, the clinic
itself can lose credibility. On the other side of this spectrum, the people who are against abortion
are pleased with the results.

Another example of who is affected by Cyber Warfare would be going back to the denial of
service attack against a website. Say this website is a bank website, and a hacker performs a
denial of service attack against this website. The website can now not be accessed by its patrons,
causing them not to be able to access their accounts, forcing them to physically go to the bank to
perform their daily transactions, increasing the business of the bank with lots of unhappy
patrons. This also affects the reputation of the banks online security, possibly scaring people out
of that bank and into another bank where they may feel more secure. On a side note, this attack
could have been performed by a rival bank to scare people out of one bank and having them
come to their bank. These are just a few possible ways of Cyber Warfare.3
With Cyber Terrorism either a small amount of people can be affected or entire nations can be
affected. A sinister Cyber Terrorism plot that was foiled would have occurred sometime in 1996
in London. Members of the Irish Republican Army (IRA) were planning to blow up and destroy
six key electric substations in London. Had the IRA succeeded in their goal, they would have
disrupted power to major portions of London for months. To figure out which substations to
bomb, they used libraries and open sources of information to select key nodes that would impact
the grid the most. This example would have been a terror attack and would have stuck fear into
the people of London. This would also be an example of a physical attack on computer systems.
3
T. Spellman. 2004. “Expert: U.S. At Risk of Cyberterrorism.” The Dartmouth Online, 19 April 2004
In Verton, 2001, when an Australian man used the Internet and stolen control software to release
one million litres of raw sewage into public parks. The reason behind this was to get back at a
company that would not hire him, so he got back at the community and the company by
releasing the sewage. This was not as much of a terror attack as a revenge attack, but it made the
community aware that some government and local utility systems are not safe, and can be
utilized against them. Also, with the release of the sewage, some of the animals and marine life
in the area were killed.

CYBER CRIME – WORLD PERSPECTIVE

The prospect of internet-based warfare has come to the fore after a series of high-profile
international attacks. It has emerged that a gang of hackers, believed to be from China, had
infiltrated computer systems at the Pentagon and launched attacks on government networks in
Britain, Germany, India and Australia. US officials, who have labelled the group Titan Rain,
have accused them of operating under the auspices of officials in Beijing. Another strike in
Estonia, which has one of the most hi-tech governments in the world, was initially blamed on
hackers backed by the Russian authorities. However, only one teenager, an Estonian, has been
arrested in connection with the incident so far.
The annual E-Crime congress is one the largest gatherings of those who work to combat cyber-
crime. Delegates included banking experts, police and IT industry luminaries, all keen to
discover new ways to fight online crime.4

North Atlantic Treaty Organization (NATO) believes cyber warfare poses as great a threat as a
missile attack. NATO is treating the threat of cyber warfare as seriously as the risk of a missile
strike. Among the chief threats is cyber terrorism, in which attempts are made to shut down
online communication networks or use the internet to attack official institutions. Although some
have warned of the possible threat since the 1980s, it is only in recent years that the issue has
made it onto the radar of governments around the world.5

Suleyman Anil, in-charge of protecting NATO against computer attacks and head of NATO's
computer incident response centre, said at the E-Crime congress held in London "Cyber defence
4
D. Verton. Cyberterrorism & security: New definitions for new realities, paper presented at the Cato Institute
Book Forum, 12 November 2003b, Washington, DC.
5
is now mentioned at the highest level along with missile defence and energy security. We have
seen more of these attacks and we don't think this problem will disappear soon. Unless globally
supported measures are taken, it can become a global problem."

Kevin Poulsen, a former hacker who is now an editor with technology magazine Wired, has
accused politicians and the media of overplaying the fear factor. He opined before the London
E- Crime congress "In some ways, Estonia's attacks were less sophisticated than previous 'cyber
wars' - like those between Israeli and Palestinian hackers, India and Pakistan, China and the US.
Despite the lack of hard evidence on the nature or identities of cyber terrorists, however, the
threat is deemed serious enough for the White House to allocate $6bn (£3bn) for strengthening
its systems against attack.

PREVENTION/ FIGHTING THE CYBER WARFARE & CYBER

TERRORISM
The real issue is how to prevent cyber-crime. For this, there is need to raise the probability of
apprehension and conviction. There is no way to be completely secure from any type of Cyber
Warfare or Cyber Terrorism attack. The more security a computer system has in place, the easier
it can become to attack this system. For Cyber Warfare, one has to deal with securing
information systems, including computer networks, and all the data of a corporation or
government entity, having a good IT security team and security plan will help protect the
company’s data. For Cyber Terrorism, physical systems need to be guarded, and if they are high
priority targets subject to attack, the appropriate measures to secure this data need to be in
place.6

India has a law on evidence that considers admissibility, authenticity, accuracy, and
completeness to convince the judiciary. The challenge in cyber-crime cases includes getting
evidence that will stand scrutiny in a foreign court. Police has to ensure that they have seized
exactly what was there at the scene of crime, is the same that has been analysed and the report
presented in court is based on this evidence. It has to maintain the chain of custody. The threat is
not from the intelligence of criminals but from our ignorance and the will to fight it. The law is

6
DeNileon, Guy, “The Who, What Why and How of Counter-terrorism Issues,” American Water Works Association
Journal, May 2001, Volume 93, No. 5, pp. 78–85,
stricter now on producing evidence especially where electronic documents are concerned.7

CYBER LAWS IN INDIA

Cyber Law is seen as an essential component of criminal justice system all over the world. The
same applies to cyber law of India as well. The computer is the target and the tool for the
perpetration of crime. It is used for the communication of the criminal activity such as the
injection of a virus/worm which can crash entire networks.

The Information Technology (IT) Act, 2000, specifies the acts which have been made
punishable. Since the primary objective of this Act is to create an enabling environment for
commercial use of I.T., certain omissions and commissions of criminals while using computers
have not been included. With the legal recognition of Electronic Records and the amendments
made in the several sections of the IPC vide the IT Act, 2000, several offences having bearing
on cyber-arena are also registered under the appropriate sections of the IPC.

India is the 12th country of the world having a cyber law. It covers areas like e-governance, e-
commerce, cyber contraventions and cyber offences. However, some critics and cyber law
experts have questioned the strength of IT Act, 2000.

Although India has done a good job by enacting the IT Act, 2000 yet it failed to keep it updated.
For instance, we need express provisions and specified procedures to deal with issues like denial
of service (DOS), distributed denial of services (DDOS), bot, botnets, trojans, backdoors, viruses
and worms, sniffers, SQL injections, buffer overflows etc. These issues cannot be left on mere
luck, implied provisions or traditional penal law of India (IPC). Even issues like cyber war
against India or cyber terrorism against India have not been incorporated into the IT Act, 2000
yet.

Some of these issues are also cross-linked with capacity building requirements of India in the
field of cyber security in India and cyber forensics in India. A crucial truth that India failed to
appreciate is that e-governance in India is useless till we are capable of securing it as well.
Without the crucial capabilities in the fields of cyber security and cyber forensics, India is

7
Larissa Paul, “When Cyber Hacktivism Meets Cyberterrorism,” SANS Institute, February 19, 2001
heading towards a big trouble. Even the basic ’e-mail tracking’ procedures sometimes pose as a
big challenge before the law enforcement agencies in India. Interestingly, some of the legal
experts have shown their support for prosecuting owners of e-mail addresses and Internet
Protocol addresses relying upon ’common law principles’ not knowing exactly the nature of the
Internet.

It would be a ’dangerous trend’ to follow to arrest or detain suspects on the basis of mere ’IP
addresses’ or ’e-mail addresses’ as they are very easy to be spoofed and forged. Eve n MAC
addresses can be spoofed in certain circumstances and for many purposes, particularly for
identity theft cases in wireless connections. It is important to apply common sense and first
ascertain the identity of real culprit. Of course, it requires tremendous cyber forensics expertise
to correctly trace the culprit. The recent case of wrongfully arresting an innocent person and
imprisoning him for a considerable time is a glaring example of faulty and novice cyber
forensics application in India. The inability of the Government of India to meet these
conspicuous deficiencies of the legal enablement of ICT systems in India is stifling the growth
of ICT laws in India.

The present cyber law of India does not cover these issues and there is a dire need of
incorporating the same as soon as possible.

Some of the Statutory Provisions under Indian Law to combat cyber-crimes are:

The Indian parliament considered it necessary to give effect to the resolution by which the
General Assembly adopted Model Law on Electronic Commerce adopted by the United Nations
Commission on Trade Law. As a consequence of which the Information Technology Act 2000
was passed and enforced on 17th May 2000. The preamble of this Act states its objective to
legalise e-commerce and further amend the Indian Penal Code 1860, the Indian Evidence Act
1872, the Banker’s Book Evidence Act1891 and the Reserve Bank of India Act 1934. The basic
purpose to incorporate the changes in these Acts is to make them compatible with the Act of
2000. So that they may regulate and control the affairs of the cyber world in an effective
manner.

The Information Technology Act deals with the various cyber-crimes in chapters IX & XI. The
important sections are Ss. 43,65,66,67.
i. Section 43 in particular deals with the unauthorised access, unauthorised downloading,
virus attacks or any contaminant, causes damage, disruption, denial of access,
interference with the service availed by a person. This section provide for a fine up to Rs.
1 Crore by way of remedy.
ii. Section 65 deals with ‘tampering with computer source documents' and provides for
imprisonment up to 3 years or fine, which may extend up to 2 years or both.
iii. Section 66 deals with ‘hacking with computer system’ and provides for imprisonment
upto 3 years or fine, which may extend up to 2 years or both.
iv. Section 67 deals with publication of obscene material and provides for imprisonment
upto a term of 10 years and also with fine up to Rs. 2 lakhs.
CONCLUSION

Cyber Warfare and Cyber Terrorism are a growing threat in this world. More and more groups
are becoming aware of the possibility of Cyber Warfare and Cyber Terrorism. Cyber Terrorism
has been occurring within the last twenty years and as time progresses and more and more
nations become even more computerized, there will be more and more attacks through
cyberspace.

A survey released by the UK government has revealed that the British public is now more
fearful of cyber-crime than burglary and crimes against the person. According to its results,
Internet users fear bankcard fraud the most (27 percent), followed by cyber-crime (21 percent)
and burglary (16 percent). This shows that hi-tech crime has firmly overtaken conventional
burglaries, muggings and thefts in the list of the public’s fears, as the Internet has become firmly
embedded into the British society, with some 57 percent of households having online access.
Interestingly, University of Abertay in Dundee, Scotland (UK) is now offering a BSc Hons in
Ethical Hacking and Countermeasures.

Although hard, it is possible to try and combat cyber terrorism through the securing of systems,
but there will always be an exploit someplace whether it’s through the computer or through the
gullible user. Cyber Terrorism and Cyber Warfare are a looming threat in this technologically
advancing world.
Even America finds itself unprepared for the threat of cyber war and terrorism. In a speech given
this January at the Newseum in Washington, D.C., Secretary of State Hillary Clinton set a strong
warning to anyone who would seek to carry out a cyber-attack on the United States: “As we
work to advance freedoms, we must also work against those who use communication networks
as tools of disruption and fear. Governments and citizens must have confidence that the
networks at the core of their national security and economic prosperity are safe and resilient.
Now this is about more than just petty hackers who deface websites. Our ability to bank online,
use electronic commerce, and safeguard billions of dollars in intellectual property are all at stake
if we cannot rely on the security of our information networks. States, terrorists, and those who
would act as their proxies must know the United States will protect our networks. Those who
disrupt the free flow of information in our society or any other pose a threat to our economy, our
government, and our civil society. Countries or individuals that engage in cyber-attacks should
face consequences and international condemnation.”

The traditional national defence strategies are ill suited to protect the nations against this threat.
Enemies can launch a devastating attack, from almost anywhere—a cafe in London, a cave in
Afghanistan, or a coffee shop in our Midwest. They can mobilize large networks of captured
computers from around the world to do their bidding. They can do so with almost no trail, no
return address. Enemies of this kind, attacks of this nature, are almost impossible to deter, and
even harder to pre-empt.

In the face of threats, the systems that are to be depend upon, are vulnerable to the most
simplistic of hackers, even as constant efforts by sophisticated enemies to penetrate the systems,
probe vulnerabilities, plan future attacks and inject sleeper weapons into the IT systems is faced.

It is high time to make concentrated effort otherwise nations would leave themselves
unacceptably open to a devastating attack on our nation. Such an attack could compromise the
integrity of the financial industry. It could turn off the power to entire regions of the nation. It
could strike at any one of vital infrastructure sectors without warning and with devastating
effect.

In Indian law, cyber-crime has to be voluntary and wilful, an act or omission that adversely
affects a person or property. The IT Act provides the backbone for e-commerce and India’s
approach has been to look at e-governance and e-commerce primarily from the promotional
aspects looking at the vast opportunities and the need to sensitize the population to the
possibilities of the information age. There is the need to take in to consideration the security
aspects.

It is prudent that rethinking is done to work out approach to cyber warfare and cyber terrorism. It
is the time to act now to secure the strategic digital assets, public and private. If we can act now,
we will not only be secure, but we will also be poised to capitalize on the real promise of the
digital revolution.

REFRENCES

1. Cyber-Warfare. Wikipedia. Retrieved on April 25, 2008, from http://en.wikipedia.org/wiki/

Cyber-warfare Pollitt, M.M. (1997, October).
2. Cyberterrorism: Fact or Fancy? Proceedings of the 20th National Information Systems
Security Conference, 285-289
3. Verton, D (2003). Black Ice: The Invisible Threat of Cyber-Terrorism, 27-28
4. Johnson Bobbie (2008), The Guardian, Thursday 6 March 2008
5. Information Technology Act, 2000 including its amendments, 2006
6. Dalal Praveen (2009), Perry4Law
7. The Washington Post, Internet War, Jan. 25, 2010, available at http://www.
washingtonpost.com/wp-dyn/content/article/2010/01/24/AR2010012402755.html.
8 Kim Zetter, Hackers Targeted Oil Companies for Oil Location Data, Wired.com, Jan. 26,
2010, available at http://www.wired.com/threatlevel/2010/01/hack-for-oil.
9. Federal News Radio, New Cyber Attacks Target Defense Contractors, Jan. 22, 2010,
available at http://www.federalnewsradio.com/?nid=15&sid=1870555.
10.Singh Talwant, Addl. Distt. & Sessions Judge, Delhi, Cyber Law & Information Technology,
available at http://www.indlii.org/CyberLaw.aspx
11.Clinton Hillary, US Secretary of State (2010), Remarks of the Secretary on Internet Freedom,
delivered Jan. 21, 2010, at the Newseum, Washington, D.C.
12.Habiger Gen. Eugene E., USAF (Ret.) (2010) Cyber warfare and Cyber Terrorism: The need
for a new US Strategic Approach, The Cyber Secure Institute, Provoking Cyber Security
Change White Paper Series, White Paper 1:2010