NEW LAW COLLEGE ,PUNE

CYBER LAW ASSIGNMENT

TOPIC: Cyber Terrorism

SUBMITTED BY : HRITHIKA SINGH

ROLL NO. : 19

CYBER TERRORISM

Cyberattacks can come in the form of viruses, malware, email phishing, social media fraud - the
spectrum of cyber threats is limitless. We are more interconnected than ever before, but for all of the
advantages, that connectivity leaves us vulnerable to the risks of fraud, theft, abuse, and attack.
Cybercrime can have wide-ranging impacts, at the individual, local, state, and national levels.

Organized cybercrime, state-sponsored hackers, and cyber espionage can pose national security risks to
our country and our critical infrastructure.

Transportation, power, and other services may be disrupted by large scale cyber incidents. The extent of
the disruption is highly uncertain as it will be determined by many unknown factors such as the target
and size of the incident.

Vulnerability to data breach and loss increases if an organization's network is compromised. Information
about a company, its employees, and its customers can be at risk.

Individually-owned devices such as computers, tablets, mobile phones, and gaming systems that
connect to the Internet are vulnerable to intrusion. Personal information may be at risk without proper
security.
Misuse of statistics and communications technologies

There is growing concern over the misuse of data and communications technologies (ICT) by way of
terrorists, especially the Internet and new digital technology, to dedicate, incite, recruit for, fund or
plan terrorist acts. Member States have careworn the significance of multi-stakeholder cooperation in
tackling this threat, inclusive of amongst Member States, global, nearby and sub regional groups, the
non-public quarter and civil society.

In decision 2341 (2017), the Security Council calls upon Member States “to set up or give a boost to
national, regional and worldwide partnerships with stakeholders, both public and personal, as suitable,
to share records and enjoy so that it will save you, protect, mitigate, look into, reply to and get over
damage from terrorist assaults on critical infrastructure facilities, inclusive of through joint schooling,
and use or status quo of applicable communique or emergency caution networks.”

Counter-terrorism Cybersecurity initiatives

The UN Office of Counter-Terrorism (UNOCT) has numerous tasks in the subject of new technology,
together with a venture on the usage of social media to accumulate open supply information and
virtual proof to counter terrorism and violent extremism while respecting human rights. It has provided
expertise in global fora on using unmanned aerial systems (UAS) and could increase similarly
programming in this region.

In specific, the Cybersecurity and New Technologies programme pursuits to decorate capacities of
Member States and private organizations in stopping cyber-attacks performed by using terrorist actors
in opposition to essential infrastructure. The mission programme also seeks to mitigate the effect and
recover and restore the focused systems must such cyber-assaults occur.

Cybersecurity task

Solution, selected as part of Cyber Challenge occasion, addressing on line terrorist sports, will be
provided at the UN Office at Vienna (UNOV) on 5-6 December. Categories consist of:

:Kinetic cyber-attacks to essential infrastructure and/or IoT devices

:Spread of terrorist content on line

:Online terrorist communications

:Digital terrorist financing

Conventions
As of 2016 there were eighteen conventions and predominant legal units that specifically address
terrorist sports and cyber terrorism.

1963: Convention on Offences and Certain Other Acts Committed on Board Aircraft

1970: Convention for the Suppression of Unlawful Seizure of Aircraft

1971: Convention for the Suppression of Unlawful Acts Against the Safety of Civil Aviation

1973: Convention at the Prevention and Punishment of Crimes against Internationally Protected Persons

1979: International Convention in opposition to the Taking of Hostages

1980: Convention at the Physical Protection of Nuclear Material

1988: Protocol for the Suppression of Unlawful Acts of Violence at Airports Serving International Civil
Aviation

1988: Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms Located on the
Continental Shelf

1988: Convention for the Suppression of Unlawful Acts towards the Safety of Maritime Navigation

1989: Supplementary to the Convention for the Suppression of Unlawful Acts in opposition to the Safety
of Civil Aviation

1991: Convention at the Marking of Plastic Explosives for the Purpose of Detection

1997: International Convention for the Suppression of Terrorist Bombings

1999: International Convention for the Suppression of the Financing of Terrorism

2005: Protocol to the Convention for the Suppression of Unlawful Acts in opposition to the Safety of
Maritime Navigation

2005: International Convention for the Suppression of Acts of Nuclear Terrorism

2010: Protocol Supplementary to the Convention for the Suppression of Unlawful Seizure of Aircraft

2010: Convention on the Suppression of Unlawful Acts Relating to International Civil Aviation

2014: Protocol to Amend the Convention on Offences and Certain Acts Committed on Board Aircraft

Motivations for cyberattacks

There are many specific motives for cyberattacks, with the majority being for economic reasons.
However, there is growing proof that hackers are becoming greater politically inspired. Cyberterrorists
are conscious that governments are reliant at the internet and feature exploited this as a result. For
example, Mohammad Bin Ahmad As-Sālim's piece '39 Ways to Serve and Participate in Jihad' discusses
how an electronic jihad ought to disrupt the West thru focused hacks of American websites, and
different assets seen as anti-Jihad, modernist, or secular in orientation

Many of the cyberattacks aren't performed for cash, rather the cyberattacks are carried out due to
distinctive ideological beliefs and because of trying to get personal revenge and outrage toward
corporation or person, the cybercriminal is attacking.An employee might want to get revenge on a
organisation if they were mistreated or wrongfully terminated.

Other motivations for cybercriminals consist of:

:Political dreams

:Competition among corporations

:Cyberwarfare between two international locations

:Money

Political goals encourage cyber-attackers because they're no longer glad with candidates and they may
need positive candidates to win the election, consequently, they might modify the election balloting to
help their preferred candidate win.

Competition between companies can also stir up a cyberattack, as one business enterprise can lease a
hacker to conduct the assault on a employer as they might want to check the rival organisation's
protection. This may even benefit a agency as it will force their competitor's clients to think that the
company isn't always secure because of them getting cyber attacked resultseasily and they do not need
any of their private credentials getting leaked.

Cyberwarfare is motivation for international locations that are combating each different. This is
especially used to weaken the opposing united states by way of compromising its center structures and
the nations information and other vulnerable records.

Money is motivating for cyber assaults for ransomware, phishing, and facts robbery because the cyber
criminals can in another way touch the victims and ask for cash and in return the information stays safe

Important information like dates of birth and full names were leaked for thousands of patients who
were tested for Covid19. This information was made accessible on Google and was leaked from
government websites. The job portal IIMjobs was attacked and the information of 1.4 million people
looking for jobs was leaked. The information leaked was quite extensive including the location of users
and their names and phone numbers. The information for 500,000 Indian police personal was sold on a
forum in February 2021. The information contained much personal information. The data was from a
police exam taken in December 2019
An operation may be finished with the aid of all people anywhere inside the global, for it could be
executed thousands of miles faraway from a target. An attack can cause extreme harm to a important
infrastructure which may result in casualties.

Some attacks are carried out in furtherance of political and social objectives, as the following examples
illustrate:

In 1996, a computer hacker allegedly related to the White Supremacist motion briefly disabled a
Massachusetts ISP and damaged a part of the ISP's report maintaining system. The ISP had attempted to
forestall the hacker from sending out global racist messages underneath the ISP's call. The hacker signed
off with the risk: "you've got yet to see true digital terrorism. This is a promise."

In 1998, Spanish protesters bombarded the Institute for Global Communications (IGC) with heaps of
bogus e-mail messages. E-mail was tied up and undeliverable to the ISP's customers, and help strains
had been tied up with people who could not get their mail. The protestors additionally spammed IGC
workforce and member bills, clogged their Web web page with bogus credit card orders, and
threatened to rent the same methods towards businesses using IGC services. They demanded that IGC
prevent web hosting the Web site for the Euskal Herria Journal, a New York-primarily based publication
assisting Basque independence. Protestors stated IGC supported terrorism due to the fact a section at
the Web pages contained substances at the terrorist institution ETA, which claimed obligation for
assassinations of Spanish political and safety officers, and assaults on army installations. IGC ultimately
relented and pulled the web site because of the "mail bombings."

In 1998, ethnic Tamil guerrillas tried to disrupt Sri Lankan embassies by means of sending massive
volumes of email. The embassies received 800 e-mails a day over a -week duration. The messages read
"We are the Internet Black Tigers and we're doing this to disrupt your communications." Intelligence
authorities characterized it as the first regarded attack by terrorists in opposition to a rustic's pc
systems.

During the Kosovo struggle in 1999, NATO computers have been blasted with e-mail bombs and hit
with denial-of-service assaults by means of hacktivists protesting the NATO bombings. In addition,
agencies, public agencies and academic institutes acquired distinctly politicized virus-laden e-mails from
quite a number Eastern European international locations, in step with reports. Web defacements were
also common. After the Chinese Embassy changed into by accident bombed in Belgrade[citation
needed], Chinese hacktivists published messages which include "We might not stop attacking till the
war stops!" on U.S. Government Web websites.

Since December 1997, the Electronic Disturbance Theater (EDT) has been undertaking Web take a seat-
ins towards diverse web sites in guide of the Mexican Zapatistas. At a chosen time, hundreds of
protestors factor their browsers to a target website the usage of software that floods the goal with rapid
and repeated down load requests. EDT's software program has additionally been used by animal rights
companies in opposition to corporations stated to abuse animals. Electrohippies, every other institution
of hacktivists, carried out Web take a seat-ins towards the WTO once they met in Seattle in past due
1999. These sit-ins all require mass participation to have lots impact, and as a result are more applicable
to use by using activists with the aid of terrorists.

In 2000, a Japanese investigation revealed that the government turned into using software evolved
with the aid of pc businesses affiliated with Aum Shinrikyo, the doomsday sect answerable for the sarin
fuel assault at the Tokyo subway gadget in 1995. "The authorities observed one hundred styles of
software packages utilized by at the least 10 Japanese government agencies, together with the Defense
Ministry, and more than eighty main Japanese groups, such as Nippon Telegraph and Telephone."
Following the discovery, the Japanese authorities suspended use of Aum-evolved applications out of
situation that Aum-related agencies may have compromised protection by using breaching firewalls.
Having access to touchy systems or information, permitting invasion with the aid of outsiders, planting
viruses that could be prompt later, or planting malicious code that would cripple pc systems and key
information gadget.

In March 2013, The New York Times said on a pattern of cyber attacks in opposition to U.S. Monetary
institutions believed to be instigated with the aid of Iran in addition to incidents affecting South Korean
economic establishments that originate with the North Korean government.

In August 2013, media corporations which includes The New York Times, Twitter and the Huffington
Post lost manage of some of their websites after hackers assisting the Syrian government breached the
Australian Internet organization that manages many major web page addresses. The Syrian Electronic
Army, a hacker organization that has formerly attacked media businesses that it considers hostile to the
regime of Syrian president Bashar al-Assad, claimed credit for the Twitter and Huffington Post hacks in a
sequence of Twitter messages. Electronic information confirmed that NYTimes.Com, the handiest
website with an hours-lengthy outage, redirected visitors to a server managed by means of the Syrian
institution earlier than it went dark.

Pakistani Cyber Army is the name taken by a collection of hackers who are regarded for his or her
defacement of websites, specifically Indian, Chinese, and Israeli groups and governmental groups,
claiming to symbolize Pakistani nationalist and Islamic hobbies.The group is concept to have been active
due to the fact at least 2008,and keeps an energetic presence on social media, especially Facebook. Its
individuals have claimed duty for the hijacking of web sites belonging to Acer, BSNL, India's CBI, Central
Bank, and the State Government of Kerala.

British hacker Kane Gamble, sentenced to 2 years in teenagers detention, posed as CIA leader to get
entry to noticeably touchy facts. He also "cyber-terrorized" excessive-profile U.S. Intelligence officers
consisting of then CIA leader John Brennan or Director of National Intelligence James Clapper. The
choose said Gamble engaged in "politically prompted cyber terrorism.In March 2021 hackers affiliated
with Russia have been suggested to have targeted Lithuanian Officials and choice makers. The cyber-
espionage institution APT29 which is believed to have finished the attacks utilized the united states's
personal IT infrastructure towards corporations involved inside the development of a COVID-19 vaccine.

On 21 March 2021, the CNA was attacked with a ransomware attack, which prompted the enterprise to
haven't any manipulate over its community. CNA Financial Corporation is certainly one of the biggest
coverage agencies primarily based within the United States. It gives cyber coverage to its clients.This
attack caused the organization to lose get admission to to on line offerings and commercial enterprise
operations. Thus, the CNA had to pay forty million greenbacks to regain manage of its network. At first,
the CNA decided to ignore the hackers through trying to remedy the problem independently, however
they couldn't find a manner, in order that they surrendered money to the institution inside every week.
The institution responsible for this assault is referred to as Evil Corp. They used a brand new sort of
malware referred to as Phoenix CrytoLocker. The new malware encrypted 15,000 gadgets on the
network and employees operating remotely while logged into the organization's VPN for the duration of
the attack.The FBI strongly discourages groups from paying ransomware because it encourages greater
attacks within the future, and statistics might not get returned.

On 7 May 2021, the Colonial Pipeline became hit with a cyberattack that disrupted oil distribution. The
Colonial Pipeline is a pipeline that controls almost 1/2 (45%) of the oil that runs thru the East Coast of
the US. This assault precipitated the corporation to turn off the pipeline, which it had by no means
finished earlier than. Thus, many humans panicked shopping for gas at gas stations, and the government
idea this assault might quick spread. Ultimately, the Colonial Pipeline paid almost an quantity of five
million dollars really worth of cryptocurrency. Even though the Colonial paid all the money, the system
did not switch on as swiftly as it used to.[91] The hacker accused of this attack is a collection called
DarkSide. The money that the Colonial paid went to DarkSide, but there are other entities concerned as
nicely. For now, DarkSide has decided to stop its operations.

On 30 May 2021, JBS was uncovered to a cyberattack of ransomware which delayed the plant's meat
production. JBS is the arena's largest meat producer that provides meat-related merchandise for
humans. This attack induced the shutdown of all 9 red meat factories inside the United States and
disrupted chicken and pork manufacturing. In addition, hard work had to be cut because of the closings
of the factories, and the value of meat expanded because of no meat being produced. Ultimately, JBS
had to pay eleven million greenbacks worth of cryptocurrency to regain manipulate.A group called REvil
changed into accountable for the attack. REvil is a set based totally inside the usa of Russia this is also
one of the maximum productive ransomware groups.

In the summer season of 2021, crimes dedicated in Cyprus, Israel and Lithuania[99] were categorized
through professionals as Internet terrorism. Anonymous persons informed law enforcement authorities
through the internet approximately mined business centers and workplace homes. Main goal become
the playing company Affise. According to Ambassador John R. Bolton,those occurrences are vibrant
examples of Internet terrorism. Amb. Bolton believes that they're outcomes of economic battle stirred
most of the owners of Affise, PlayCash and "CyberEye-25" institution. According to the professional, all 3
companies gain illicit income related to criminal activities at the Internet.

In early December 2021 it become suggested least 9 U.S State Department had their telephones
hacked by using an unknown attacker. All 9 personnel had Apple Iphones. The hack, which passed off
over numerous months, became performed thru the usage of iMessages that had a software program
connected that once despatched, without having to be interacted with, installed spyware referred to as
Pegasus. The software used was developed and sold with the aid of an Israel-primarily based adware
development corporation named NSO Group.

In December 2021 at the least five US defense and tech corporations had been hacked by way of a
collection running from China. The institution took advantage of an exploit used in these enterprise's
software program to behavior their marketing campaign which came to light in upcoming months. The
goal of these breaches had been passwords in addition to having the aim of intercepting personal
communications. As of proper now the quantity of the harm is uncertain because the breaches are
ongoing.
In April 2022 Taiwan News stated that an Anonymous-affiliated hacker Cyber Anakin had shriveled
COVID-19 and beneath 5 days long "Operation Wrath of Anakin: No Time to Die", hacked Chinese
computer systems which protected government websites, agricultural management systems, coal
mine protection interfaces, nuclear electricity plant interfaces, and satellite tv for pc interfaces, as acts
of retaliation. Besides that he had defaced 5 Russian web sites in protest in opposition to 2022 Russian
invasion of Ukraine.

Sabotage

Non-political acts of sabotage have triggered monetary and different damage. In 2000, disgruntled
worker Vitek Boden brought about the release of 800,000 litres of untreated sewage into waterways in
Maroochy Shire, Australia.

More these days, in May 2007 Estonia turned into subjected to a mass cyber-attack in the wake of the
elimination of a Russian World War II struggle memorial from downtown Tallinn. The attack became a
dispensed denial-of-carrier assault in which selected web sites were bombarded with site visitors to
force them offline; nearly all Estonian authorities ministry networks as well as important Estonian
financial institution networks had been knocked offline; in addition, the political party website of
Estonia's Prime Minister Andrus Ansip featured a counterfeit letter of apology from Ansip for removing
the memorial statue. Despite hypothesis that the attack had been coordinated by the Russian
authorities, Estonia's protection minister admitted he had no conclusive evidence linking cyber attacks
to Russian government. Russia known as accusations of its involvement "unfounded", and neither NATO
nor European Commission experts have been able to discover any conclusive evidence of reliable
Russian government participation. In January 2008 a person from Estonia turned into convicted for
launching the assaults against the Estonian Reform Party website and fined.

Cyber-terrorism is not unusual nowadays. There is a complex community of personal and public groups
utilized in supervising the Internet. Even so, the complexity of the gadget is main to an growth inside the
response time because of diverse bottlenecks on the subject of data drift. As a result, a paradigm shift in
protection auditing in our on-line world is needed. An technique based totally on clever marketers may
additionally lower the time needed to acquire and manner the basic data. A multi-agent gadget with the
purpose of supporting the consumer, the security expert, and the security officer is presented on this
chapter. The system will system local understanding databases in addition to outside facts supplied with
the aid of social networks, news feeds, and other sorts of posted records available at the Internet. An
govt precis can be automatically generated and supplied to the safety leader of the corporation using
the system. Also, the machine can also offer advice to normal customers while disputable choices
regarding computing node security must be made.