CYBER WARFARE AND

CYBER TERRORISM

MEDHA SURABHI
BA.LLB(4th Year)
KIIT School of Law

Electronic
Electroniccopy
copyavailable
availableat:
at:https://ssrn.com/abstract=2122633
http://ssrn.com/abstract=2122633
 CONTENTS

INTRODUCTION……………………………………………………………………. 3

CYBER WARFARE AND CYBER TERRORISM –

AN INSIGHT……………………………………………………………………….... 4

CYBER WARFARE AND CYBER TERRORISM –

VICTIMS & EXAMPLES…..................................................................................... 6

CYBER CRIME & WORLD PERSPECTIVE……………………………………….. 8

PREVENTION/FIGHTING CYBER WARFARE AND CYBER TERRORISM…... 9

CYBER LAW IN INDIA…………………………………………………………….. 10

CONCLUSION………………………………………………………………………. 12

REFERNCES………………………………………………………………………… 15

2|P ag e

Electronic
Electroniccopy
copyavailable
availableat:
at:https://ssrn.com/abstract=2122633
http://ssrn.com/abstract=2122633
 INTRODUCTION

The world of Internet today has become a parallel form of life and living. The public are now
capable of doing things which were not imaginable few years ago. The Internet is fast becoming
a way of life for millions of people and also a way of living because of growing dependence and
reliance of the mankind on these machines. Internet has enabled the use of website
communication, email and a lot of anytime anywhere IT solutions for the betterment of human
kind.

Internet, though offers great benefit to society, also present opportunities for crime using new
and highly sophisticated technology tools. Today e-mail and websites have become the preferred
means of communication. Organizations provide Internet access to their staff. By their very
nature, they facilitate almost instant exchange and dissemination of data, images and variety of
material. This includes not only educational and informative material but also information that
might be undesirable or anti-social. Regular stories featured in the media on computer crime
include topics covering hacking to viruses, web-jackers, to internet paedophiles, sometimes
accurately portraying events, sometimes misconceiving the role of technology in such activities.
Increase in cyber crime rate has been documented in the news media. Both the increase in the
incidence of criminal activity and the possible emergence of new varieties of criminal activity
pose challenges for legal systems, as well as for law enforcement.

Cyber Warfare is using computers over the Internet to conduct acts of warfare against other
websites or groups on the Internet. This could include defacing websites, distributed denial of
service attacks, distributing propaganda, and gathering classified data over the Internet. Cyber
Terrorism is different from Cyber Warfare. Cyber Warfare can be inconvenient from having to
clean up a website from vandalism or suffering from downtime because of a denial of service
attack. With Cyber Terrorism, violence can result from an attack.

The term ―cyber terrorism‖ was coined in1996 by combining the terms cyberspace and terrorism.
Cyber terrorism is the dark side of the web world. Cyber terrorism is the premeditated, politically

3|P ag e

Electronic copy available at: https://ssrn.com/abstract=2122633

motivated attack against information, computer systems, computer programs, and data which
result in violence against noncombatant targets by sub national groups or clandestine agents. It is
the use of disruptive activities or the threat thereof, in cyber space, with the intention to further
social, ideological, religious, political or similar objectives, or to intimidate any person in
furtherance of such objectives.

According to Mark Pollitt of the Federal Bureau of Investigation, the definition of Cyber
Terrorism is, ―the premeditated, politically motivated attack against information, computer
systems, computer programs, and data which results in violence against noncombatant targets by
sub national groups or clandestine agents‖. This definition according to Verton, ―covers both
cyber terrorism and terrorism in general‖, he continues on that, ―not only can systems be
attacked through cyber means, but also attacking the physical hardware that makes up computer
systems‖.

CYBER WARFARE AND CYBER TERRORISM – AN INSIGHT

Cyber Warfare and Cyber Terrorism have both similarities and differences. They are similar in
sense that both involve using computer systems against other computer systems, although with
Cyber Terrorism the physical system can also be targeted. They are both different because in
Cyber Terrorism, violence can occur, such as people can be hurt or killed.

There are many reasons why these attacks occur. Probably one of the main reasons is to state a
goal or objective that disagrees with a view of another community. For example, an anti-abortion
group defacing an abortion clinic‘s website, or performing a denial of service against a website
so that people cannot access it and receive information from it. These would be acts of Cyber
Warfare.

With Cyber Terrorism, these attacks occur because of numerous reasons. The word terrorism
itself has the word terror in it, which means to strike fear and dread into an individual. There
have been many Terrorism attacks throughout history, including the one on September 11, 2001.

4|P ag e

Electronic copy available at: https://ssrn.com/abstract=2122633

With Cyber Terrorism, it uses that fear and dread by utilizing it over the Internet to attack
computer systems that control numerous things, hacking government websites and stealing top
secret information that could be used against that government by the terrorists. Similar to Cyber
Warfare, most terrorist goals, besides striking fear into other groups and nations, is to convey a
political message to the government or nation that they oppose.

There are various reasons for these cyber attacks are:

 Fear Factor – The most denominator of the majority of the attacks is terrorists wishing to
create fear in individuals groups and societies. The best example is bombing of Bali
Nightclub, in 2002. This night club was nothing but watering for foreign tourists. The
influx of foreign tourists to Bali was significantly reduced after this attack.

 Spectacular Factor – Spectacular means attacks aimed at either creating huge direct losses
and/or resulting in a lot of negative publicity. In 1999, the Amazon.com Web site was
closed for some time due to a denial of service (DOS) attack.

 Vulnerability factor - Cyber activities do not always end up with huge financial losses.
Some of the most effective ways to demonstrate an organization‘s vulnerability is to
cause a denial of service to the commercial server or something as simple as the
defacement of an organization‘s Web pages, very often referred to as computer graffiti.

In general, today‘s cyber attacks consist primarily of:

 Virus and worm attacks that are delivered via e-mail attachments, Web browser
scripts, and vulnerability exploit engines.

 Denial of service attacks designed to prevent the use of public systems by legitimate
users by overloading the normal mechanisms inherent in establishing and maintaining

5|P ag e

Electronic copy available at: https://ssrn.com/abstract=2122633

 computer-to-computer connections.

 Web defacements of informational sites that service governmental and commercial

interests in order to spread disinformation, propaganda, and/or disrupt information
flows.

 Unauthorized intrusions into systems that lead to the theft of confidential and/or
proprietary information, the modification and/or corruption of data, and the inappropriate
usage of a system for launching attacks on other systems.

CYBER WARFARE AND CYBER TERRORISM – VICTIMS & EXAMPLES

With Cyber Warfare, any website on the Internet and the people who are affiliated with them can
be affected by Cyber Warfare attacks. Going back to the previous example of the abortion clinic,
not only has the website been defaced by an anti-abortion group, it effects the people who run the
website, mainly those of the abortion clinic, and people who support abortion can be affected by
this act of vandalism. Also depending on the intensity of the vandalism, the clinic itself can lose
credibility. On the other side of this spectrum, the people who are against abortion are pleased
with the results.

Another example of who is affected by Cyber Warfare would be going back to the denial of
service attack against a website. Say this website is a bank website, and a hacker performs a
denial of service attack against this website. The website can now not be accessed by its patrons,
causing them not to be able to access their accounts, forcing them to physically go to the bank to
perform their daily transactions, increasing the business of the bank with lots of unhappy patrons.
This also affects the reputation of the banks online security, possibly scaring people out of that
bank and into another bank where they may feel more secure. On a side note, this attack could
have been performed by a rival bank to scare people out of one bank and having them come to
their bank. These are just a few possible ways of Cyber Warfare.

6|P ag e

Electronic copy available at: https://ssrn.com/abstract=2122633

With Cyber Terrorism either a small amount of people can be affected or entire nations can be
affected. A sinister Cyber Terrorism plot that was foiled would have occurred sometime in 1996
in London. Members of the Irish Republican Army (IRA) were planning to blow up and destroy
six key electric substations in London. Had the IRA succeeded in their goal, they would have
disrupted power to major portions of London for months. To figure out which substations to
bomb, they used libraries and open sources of information to select key nodes that would impact
the grid the most. This example would have been a terror attack and would have stuck fear into
the people of London. This would also be an example of a physical attack on computer systems.

In Verton, 2001, when an Australian man used the Internet and stolen control software to release
one million liters of raw sewage into public parks. The reason behind this was to get back at a
company that would not hire him, so he got back at the community and the company by releasing
the sewage. This was not as much of a terror attack as a revenge attack, but it made the
community aware that some government and local utility systems are not safe, and can be
utilized against them. Also, with the release of the sewage, some of the animals and marine life
in the area were killed.

CYBER CRIME & WORLD PERSPECTIVE

The prospect of internet-based warfare has come to the fore after a series of high-profile
international attacks. It has emerged that a gang of hackers, believed to be from China, had
infiltrated computer systems at the Pentagon and launched attacks on government networks in
Britain, Germany, India and Australia. US officials, who have labeled the group Titan Rain, have
accused them of operating under the auspices of officials in Beijing. Another strike in Estonia,
which has one of the most hi-tech governments in the world, was initially blamed on hackers
backed by the Russian authorities. However, only one teenager, an Estonian, has been arrested in
connection with the incident so far.

7|P ag e

Electronic copy available at: https://ssrn.com/abstract=2122633

The annual E-Crime congress is one the largest gatherings of those who work to combat cyber
crime. Delegates included banking experts, police and IT industry luminaries, all keen to
discover new ways to fight online crime.

North Atlantic Treaty Organization (NATO) believes cyber warfare poses as great a threat as a
missile attack. NATO is treating the threat of cyber warfare as seriously as the risk of a missile
strike. Among the chief threats is cyber terrorism, in which attempts are made to shut down
online communication networks or use the internet to attack official institutions. Although some
have warned of the possible threat since the 1980s, it is only in recent years that the issue has
made it onto the radar of governments around the world.

Suleyman Anil, in-charge of protecting NATO against computer attacks and head of NATO's
computer incident response centre, said at the E-Crime congress held in London "Cyber defense
is now mentioned at the highest level along with missile defense and energy security. We have
seen more of these attacks and we don't think this problem will disappear soon. Unless globally
supported measures are taken, it can become a global problem."

Kevin Poulsen, a former hacker who is now an editor with technology magazine Wired, has
accused politicians and the media of overplaying the fear factor. He opined before the London E-
Crime congress "In some ways, Estonia's attacks were less sophisticated than previous 'cyber
wars' - like those between Israeli and Palestinian hackers, India and Pakistan, China and the US.
Even those attacks fell short of a cyber war, at least as experts have defined the term. I'm
sceptical that real cyber war, or cyber terrorism, will ever take place."

Despite the lack of hard evidence on the nature or identities of cyber terrorists, however, the
threat is deemed serious enough for the White House to allocate $6bn (£3bn) for strengthening
its systems against attack.

8|P ag e

Electronic copy available at: https://ssrn.com/abstract=2122633

 PREVENTION/FIGHTING CYBER WARFARE AND CYBER TERRORISM

The real issue is how to prevent cyber crime. For this, there is need to raise the probability of
apprehension and conviction. There is no way to be completely secure from any type of Cyber
Warfare or Cyber Terrorism attack. The more security a computer system has in place, the easier
it can become to attack this system. For Cyber Warfare, one has to deal with securing
information systems, including computer networks, and all the data of a corporation or
government entity, having a good IT security team and security plan will help protect the
company‘s data. For Cyber Terrorism, physical systems need to be guarded, and if they are high
priority targets subject to attack, the appropriate measures to secure this data need to be in place.

India has a law on evidence that considers admissibility, authenticity, accuracy, and
completeness to convince the judiciary. The challenge in cyber crime cases includes getting
evidence that will stand scrutiny in a foreign court. For this India needs total international
cooperation with specialized agencies of different countries. Police has to ensure that they have
seized exactly what was there at the scene of crime, is the same that has been analyzed and the
report presented in court is based on this evidence. It has to maintain the chain of custody. The
threat is not from the intelligence of criminals but from our ignorance and the will to fight it. The
law is stricter now on producing evidence especially where electronic documents are concerned.

To combat Cyber Terrorism in the United States, the U.S. Department of Defense made the
United Stated Strategic Command in charge of dealing with Cyber Terrorism, and it established
through the Joint Task Force-Global Network operations. Other governments should also set up
Cyber Terrorism divisions and come up with some sort of plan in case a Cyber Attack on their
nation was to occur.

CYBER LAW IN INDIA

Cyber Law is seen as an essential component of criminal justice system all over the world. The
same applies to cyber law of India as well. The computer is the target and the tool for the

9|P ag e

Electronic copy available at: https://ssrn.com/abstract=2122633

perpetration of crime. It is used for the communication of the criminal activity such as the
injection of a virus/worm which can crash entire networks.

The Information Technology (IT) Act, 2000, specifies the acts which have been made
punishable. Since the primary objective of this Act is to create an enabling environment for
commercial use of I.T., certain omissions and commissions of criminals while using computers
have not been included. With the legal recognition of Electronic Records and the amendments
made in the several sections of the IPC vide the IT Act, 2000, several offences having bearing on
cyber-arena are also registered under the appropriate sections of the IPC.

India is the 12th country of the world having a cyber law. It covers areas like e-governance, e-
commerce, cyber contraventions and cyber offences. However, some critics and cyber law
experts have questioned the strength of IT Act, 2000.

Although India has done a good job by enacting the IT Act, 2000 yet it failed to keep it updated.
For instance, we need express provisions and specified procedures to deal with issues like denial
of service (DOS), distributed denial of services (DDOS), bot, botnets, trojans, backdoors, viruses
and worms, sniffers, SQL injections, buffer overflows etc. These issues cannot be left on mere
luck, implied provisions or traditional penal law of India (IPC). Even issues like cyber war
against India or cyber terrorism against India have not been incorporated into the IT Act, 2000
yet.

Some of these issues are also cross-linked with capacity building requirements of India in the
field of cyber security in India and cyber forensics in India. A crucial truth that India failed to
appreciate is that e-governance in India is useless till we are capable of securing it as well.
Without the crucial capabilities in the fields of cyber security and cyber forensics, India is
heading towards a big trouble. Even the basic ‘e-mail tracking‘ procedures sometimes pose as a
big challenge before the law enforcement agencies in India. Interestingly, some of the legal
experts have shown their support for prosecuting owners of e-mail addresses and Internet

10 | P a g e

Electronic copy available at: https://ssrn.com/abstract=2122633

Protocol addresses relying upon ‘common law principles‘ not knowing exactly the nature of the
Internet.

It would be a ‘dangerous trend‘ to follow to arrest or detain suspects on the basis of mere ‘IP
addresses‘ or ‘e-mail addresses‘ as they are very easy to be spoofed and forged. Even MAC
addresses can be spoofed in certain circumstances and for many purposes, particularly for
identity theft cases in wireless connections. It is important to apply common sense and first
ascertain the identity of real culprit. Of course, it requires tremendous cyber forensics expertise
to correctly trace the culprit. The recent case of wrongfully arresting an innocent person and
imprisoning him for a considerable time is a glaring example of faulty and novice cyber
forensics application in India. The inability of the Government of India to meet these
conspicuous deficiencies of the legal enablement of ICT systems in India is stifling the growth of
ICT laws in India.

The present cyber law of India does not cover these issues and there is a dire need of
incorporating the same as soon as possible.

Some of the Statutory Provisions under Indian Law to combat cyber crimes are:

The Indian parliament considered it necessary to give effect to the resolution by which the
General Assembly adopted Model Law on Electronic Commerce adopted by the United Nations
Commission on Trade Law. As a consequence of which the Information Technology Act 2000
was passed and enforced on 17th May 2000. The preamble of this Act states its objective to
legalise e-commerce and further amend the Indian Penal Code 1860, the Indian Evidence Act
1872, the Banker‘s Book Evidence Act1891 and the Reserve Bank of India Act 1934. The
basic purpose to incorporate the changes in these Acts is to make them compatible with the Act
of 2000. So that they may regulate and control the affairs of the cyber world in an effective
manner.

The Information Technology Act deals with the various cyber crimes in chapters IX & XI. The
important sections are Ss. 43,65,66,67.

11 | P a g e

Electronic copy available at: https://ssrn.com/abstract=2122633

 i. Section 43 in particular deals with the unauthorised access, unauthorised downloading,
virus attacks or any contaminant, causes damage, disruption, denial of access,
interference with the service availed by a person. This section provide for a fine up to Rs.
1 Crore by way of remedy.
ii. Section 65 deals with ‗tampering with computer source documents‘ and provides for
imprisonment up to 3 years or fine, which may extend up to 2 years or both.
iii. Section 66 deals with ‗hacking with computer system’ and provides for imprisonment up
to 3 years or fine, which may extend up to 2 years or both.
iv. Section 67 deals with publication of obscene material and provides for imprisonment up
to a term of 10 years and also with fine up to Rs. 2 lakhs

CONCLUSION

Cyber Warfare and Cyber Terrorism are a growing threat in this world. More and more groups
are becoming aware of the possibility of Cyber Warfare and Cyber Terrorism. Cyber Terrorism
has been occurring within the last twenty years and as time progresses and more and more
nations become even more computerized, there will be more and more attacks through
cyberspace.

A survey released by the UK government has revealed that the British public is now more fearful
of cyber crime than burglary and crimes against the person. According to its results, Internet
users fear bankcard fraud the most (27 percent), followed by cyber crime (21 percent) and
burglary (16 percent). This shows that hi-tech crime has firmly overtaken conventional
burglaries, muggings and thefts in the list of the public‘s fears, as the Internet has become firmly
embedded into the British society, with some 57 percent of households having online access.
Interestingly, University of Abertay in Dundee, Scotland (UK) is now offering a BSc Hons in
Ethical Hacking and Countermeasures.

Although hard, it is possible to try and combat cyber terrorism through the securing of systems,
but there will always be an exploit someplace whether it‘s through the computer or through the

12 | P a g e

Electronic copy available at: https://ssrn.com/abstract=2122633

gullible user. Cyber Terrorism and Cyber Warfare are a looming threat in this technologically
advancing world.

Even America finds itself unprepared for the threat of cyber war and terrorism. In a speech given
this January at the Newseum in Washington, D.C., Secretary of State Hillary Clinton set a strong
warning to anyone who would seek to carry out a cyber attack on the United States: ―As we work
to advance freedoms, we must also work against those who use communication networks as tools
of disruption and fear. Governments and citizens must have confidence that the networks at the
core of their national security and economic prosperity are safe and resilient. Now this is about
more than just petty hackers who deface websites. Our ability to bank online, use electronic
commerce, and safeguard billions of dollars in intellectual property are all at stake if we cannot
rely on the security of our information networks. States, terrorists, and those who would act as
their proxies must know the United States will protect our networks Those who disrupt the free
flow of information in our society or any other pose a threat to our economy, our government,
and our civil society. Countries or individuals that engage in cyber attacks should face
consequences and international condemnation.‖

The traditional national defense strategies are ill suited to protect the nations against this threat.
Enemies can launch a devastating attack, from almost anywhere—a café in London, a cave in
Afghanistan, or a coffee shop in our Midwest. They can mobilize large networks of captured
computers from around the world to do their bidding. They can do so with almost no trail, no
return address. Enemies of this kind, attacks of this nature, are almost impossible to deter, and
even harder to preempt.

In the face of threats, the systems that are to be depend upon, are vulnerable to the most
simplistic of hackers, even as constant efforts by sophisticated enemies to penetrate the systems,
probe vulnerabilities, plan future attacks and inject sleeper weapons into the IT systems is faced.

It is high time to make concentrated effort otherwise nations would leave themselves
unacceptably open to a devastating attack on our nation. Such an attack could compromise the

13 | P a g e

Electronic copy available at: https://ssrn.com/abstract=2122633

integrity of the financial industry. It could turn off the power to entire regions of the nation. It
could strike at any one of vital infrastructure sectors without warning and with devastating effect.

In Indian law, cyber crime has to be voluntary and willful, an act or omission that adversely
affects a person or property. The IT Act provides the backbone for e-commerce and India‘s
approach has been to look at e-governance and e-commerce primarily from the promotional
aspects looking at the vast opportunities and the need to sensitize the population to the
possibilities of the information age. There is the need to take in to consideration the security
aspects.

It is prudent that rethinking is done to work out approach to cyber warfare and cyber terrorism. It
is the time to act now to secure the strategic digital assets, public and private. These systems
must be built upon technologies that tested and proven secure against the advanced threats that is
faced now, and to plan ahead to the best of ability to face in the coming years. If we can act now,
we will not only be secure, but we will also be poised to capitalize on the real promise of the
digital revolution.

14 | P a g e

Electronic copy available at: https://ssrn.com/abstract=2122633

 REFERENCES

1. Cyber-Warfare. Wikipedia. Retrieved on April 25, 2008, from http://en.wikipedia.org/wiki/

Cyber-warfare Pollitt, M.M. (1997, October).
2. Cyberterrorism: Fact or Fancy? Proceedings of the 20th National Information Systems
Security Conference, 285-289
3. Verton, D (2003). Black Ice: The Invisible Threat of Cyber-Terrorism, 27-28
4. Johnson Bobbie (2008), The Guardian, Thursday 6 March 2008
5. Information Techology Act, 2000 including its amendments, 2006
6. Dalal Praveen (2009), Perry4Law
7. The Washington Post, Internet War, Jan. 25, 2010, available at http://www.
washingtonpost.com/wp‐dyn/content/article/2010/01/24/AR2010012402755.html.
8 Kim Zetter, Hackers Targeted Oil Companies for Oil Location Data, Wired.com, Jan. 26,
2010, available at http://www.wired.com/threatlevel/2010/01/hack‐for‐oil.
9. Federal News Radio, New Cyber Attacks Target Defense Contractors, Jan. 22, 2010, available
at http://www.federalnewsradio.com/?nid=15&sid=1870555.
10. Singh Talwant, Addl. Distt. & Sessions Judge, Delhi, Cyber Law & Information Technology,
available at http://www.indlii.org/CyberLaw.aspx
11. Clinton Hillary, US Secretary of State (2010), Remarks of the Secretary on Internet Freedom,
delivered Jan. 21, 2010, at the Newseum, Washington, D.C.
12. Habiger Gen. Eugene E., USAF (Ret.) (2010) Cyber warfare and Cyber Terrorism: The need
for a new US Strategic Approach, The Cyber Secure Institute, Provoking Cyber Security
Change White Paper Series, White Paper 1:2010

- OOO -

15 | P a g e

Electronic copy available at: https://ssrn.com/abstract=2122633