S.S.

Jain Subodh Law College

CYBER TERRORISM

Project Submission as per fulfillment of Cyber Law

Submission To: Submitted By:

MS.PRIYANKA CHAUDHRY ANUPAM BHARGAVA

FACULTY OF CYBER LAW Roll no: - 03
X Semester

S.S. Jain Subodh Law College

 TABLE OF CONTENTS

1. Certificate...3
2. Acknowledgement...4
3. Research Methodology5
4. Introduction..6
5. Definition of Cyber Terrorism....7
6. Who are Cyber Terrorist and Why They Do Cyber Terrorism..8
7. Forms of Cyber Terrorism..9
8. Impact of Cyber terrorism.11
9. Indian Laws And Cyber Terrorism12
10. Punishment of Cyber Terrorism.13
11. Protection For Cyber Terrorism.14
12. Conclusion
13. Bibliography

2
 CERTIFICATE

This is to certify that ANUPAM BHARGAVA of X Sem of (B.A.LL.B) has prepared and
submitted the project report enclosed with under my direct and close supervision that this is a
bonafide piece of work done by him. It has not been submitted to any other university or it has it
been published at any time earlier.

MS. PRIYANKA CHAUDHRY

Signature

3
 ACKNOWLEDGEMENT

I take this opportunity to express our humble gratitude and personal regards to
MS.PRIYANKA CHAUDHARY for inspiring me and guiding me during the course of this
project work and also for her cooperation and guidance from time to time during the course of
this project work on the topic.

JAIPUR (Student sign)

5th JULY 2017 ANUPAM BHARGAVA

4
 RESEARCH METHODOLOGY

Aims and Objectives:

The aim of the project is to present a detailed study of the topic CYBER TERRORISM
forming a concrete informative capsule of the same with an insight into its relevance in the
Cyber Laws.

Research Plan
The researchers have followed Doctrinal method.

Scope and Limitations:

In this project the researcher has tried to include different aspects pertaining to the concept of
Cyber terrorism special attention is also provided on Cyber Laws, basis of object of Cyber
terrorism impact of judicial pronouncements on Cyber Terrorism and lastly conclusion.

Sources of Data:
The following secondary sources of data have been used in the project-
Case Study
Websites
Case Laws
Books

Method of Writing and Mode of Citation:

The method of writing followed in the course of this research project is primarily analytical. The
researcher has followed Uniform method of citation throughout the course of this research
project.

5
CHAPTER 1 : - INTRODUCTION

Cyber terrorism is the premeditated use of disruptive activities, or the threat thereof, in cyber
space, with the intention to further social, ideological, religious, political or similar objectives, or
to intimidate any person in furtherance of such objectives.

Computers and the internet are becoming an essential part of our daily life. They are being used
by individuals and societies to make their life easier. They use them for storing information,
processing data, sending and receiving messages, communications, controlling machines, typing,
editing, designing, drawing, and almost all aspects of life.

The most deadly and destructive consequence of this helplessness is the emergence of the
concept of cyber terrorism. The traditional concepts and methods of terrorism have taken new
dimensions, which are more destructive and deadly in nature. In the age of information
technology the terrorists have acquired an expertise to produce the most deadly combination of
weapons and technology, which if not properly safeguarded in due course of time, will take its
own toll. The damage so produced would be almost irreversible and most catastrophic in nature.
In short, we are facing the worst form of terrorism popularly known as "Cyber Terrorism". The
expression "cyber terrorism" includes an intentional negative and harmful use of the information
technology for producing destructive and harmful effects to the property, whether tangible or
intangible, of others. For instance, hacking of a computer system and then deleting the useful and
valuable business information of the rival competitor is a part and parcel of cyber terrorism.

The definition of "cyber terrorism" cannot be made exhaustive as the nature of crime is such that
it must be left to be inclusive in nature. The nature of "cyberspace is such that new methods and
technologies are invented regularly; hence it is not advisable to put the definition in a
straightjacket formula or pigeons hole. In fact, the first effort of the Courts should be to interpret
the definition as liberally as possible so that the menace of cyber terrorism can be tackled
stringently and with a punitive hand.

The law dealing with cyber terrorism is, however, not adequate to meet the precarious intentions
of these cyber terrorists and requires a rejuvenation in the light and context of the latest
developments all over the world.

6
CHAPTER 2 : - DEFINITION OF CYBER TERRORISM

Before we can discuss the possibilities of cyber terrorism, we must have some working
definitions. The word cyber terrorism refers to two elements: cyberspace and terrorism.

Another word for cyberspace is the virtual world i,e a place in which computer programs
function and data moves. Terrorism is a much used term, with many definitions. For the purposes
of this presentation, we will use the United States Department of State definition: The term
terrorism means premeditated, politically motivated violence perpetrated against noncombatant
targets by sub national groups or clandestine agents.

If we combine these definitions, we construct a working definition such as the following:

Cyber terrorism is the premeditated, politically motivated attack against information, computer
systems, computer programs, and data which result in violence against noncombatant targets by
sub national groups or clandestine agents.

The basic definition of Cyber-terrorism subsumed over time to encompass such things as simply
defacing a web site or server, or attacking non-critical systems, resulting in the term becoming
less useful. There is also a train of thought that says cyber terrorism does not exist and is really a
matter of hacking or information warfare. Some disagree with labeling it terrorism proper
because of the unlikelihood of the creation of fear of significant physical harm or death in a
population using electronic means, considering current attack and protective technologies.

7
CHAPTER 3: - WHO ARE CYBER TERRORIST AND WHY THEY DO
CYBER TERRORISM?

From American point of view the most dangerous terrorist group is Al-Qaeda which is
considered the first enemy for the US. According to US officials data from computers seized in
Afghanistan indicate that the group has scouted systems that control American energy facilities,
water distribution, communication systems, and other critical infrastructure.

After April 2001 collision of US navy spy plane and Chinese fighter jet, Chinese hackers
launched Denial os Service (DoS) attacks against American web sites.
A study that covered the second half of the year 2002 showed that the most dangerous nation for
originating malicious cyber-attacks is the United States with 35.4% of the cases down from 40%
for the first half of the same year. South Korea came next with 12.8%, followed by China 6.2%
then Germany 6.7% then France 4%. The UK came number 9 with 2.2%. According to the same
study, Israel was the most active country in terms of number of cyber-attacks related to the
number of internet users. There are so many groups who are very active in attacking their targets
through the computers.

The Unix Security Guards (USG) a pro-Islamic group launched a lot of digital attacks in May
2002.

Another group called World's Fantabulas Defacers (WFD) attacked many Indian sites. Also there
is another pro Pakistan group called Anti India Crew (AIC) who launched many cyber-attacks
against India.

Cyber terrorist prefer using the cyber-attack methods because of many advantages for it.

It is Cheaper than traditional methods.

The action is very difficult to be tracked.
They can hide their personalities and location.
There are no physical barriers or check points to cross.
They can do it remotely from anywhere in the world.
They can use this method to attack a big number of targets.
They can affect a large number of people.

8
CHAPTER 4 : - FORMS OF CYBER TERRORISM

(I) Privacy violation:

The law of privacy is the recognition of the individual's right to be let alone and to have his
personal space inviolate. The right to privacy as an independent and distinctive concept
originated in the field of Tort law, under which a new cause of action for damages resulting from
unlawful invasion of privacy was recognized. In recent times, however, this right has acquired a
constitutional status, the violation of which attracts both civil as well as criminal consequences
under the respective laws. The intensity and complexity of life have rendered necessary some
retreat from the world. Man under the refining influence of culture, has become sensitive to
publicity, so that solitude and privacy have become essential to the individual. Modern enterprise
and invention have, through invasions upon his privacy, subjected him to mental pain and
distress, far greater than could be inflicted by mere bodily injury. Right to privacy is a part of the
right to life and personal liberty enshrined under Article 21 of the Constitution of India. With the
advent of information technology the traditional concept of right to privacy has taken new
dimensions, which require a different legal outlook. To meet this challenge recourse of
Information Technology Act, 2000 can be taken.
The various provisions of the Act aptly protect the online privacy rights of the citizens. Certain
acts have been categorized as offences and contraventions, which have tendency to intrude with
the privacy rights of the citizens.

(II) Secret information appropriation and data theft:

The information technology can be misused for appropriating the valuable Government secrets
and data of private individuals and the Government and its agencies. A computer network owned
by the Government may contain valuable information concerning defence and other top secrets,
which the Government will not wish to share otherwise. The same can be targeted by the
terrorists to facilitate their activities, including destruction of property. It must be noted that the
definition of property is not restricted to moveables or immoveables alone.

(III) Demolition of e-governance base:

The aim of e-governance is to make the interaction of the citizens with the government offices
hassle free and to share information in a free and transparent manner. It further makes the right to
information a meaningful reality. In a democracy, people govern themselves and they cannot
govern themselves properly unless they are aware of social, political, economic and other issues
confronting them. To enable them to make a proper judgment on those issues, they must have the
benefit of a range of opinions on those issues. Right to receive and impart information is implicit
in free speech. This, right to receive information is, however, not absolute but is subject to
reasonable restrictions which may be imposed by the Government in public interest.

9
(IV) Distributed denial of services attack:

The cyber terrorists may also use the method of distributed denial of services (DDOS) to
overburden the Government and its agencies electronic bases. This is made possible by first
infecting several unprotected computers by way of virus attacks and then taking control of them.
Once control is obtained, they can be manipulated from any locality by the terrorists. These
infected computers are then made to send information or demand in such a large number that the
server of the victim collapses. Further, due to this unnecessary Internet traffic the legitimate
traffic is prohibited from reaching the Government or its agencies computers. This results in
immense pecuniary and strategic loss to the government and its agencies.

It must be noted that thousands of compromised computers can be used to simultaneously attack
a single host, thus making its electronic existence invisible to the genuine and legitimate citizens
and end users. The law in this regard is crystal clear.

(V) Network damage and disruptions:

The main aim of cyber terrorist activities is to cause networks damage and their disruptions. This
activity may divert the attention of the security agencies for the time being thus giving the
terrorists extra time and makes their task comparatively easier. This process may involve a
combination of computer tampering, virus attacks, hacking, etc.

10
CHAPTER 5 : - IMPACT OF CYBER TERRORISM

The intention of a cyber-terrorism attack could range from economic disruption through the
interruption of financial networks and systems or used in support of a physical attack to cause
further confusion and possible delays in proper response. Although cyber attacks have caused
billions of dollars in damage and affected the lives of millions, we have yet witness the
implications of a truly catastrophic cyber terrorism attack. What would some of the implications
be?

Direct Cost Implications

Loss of sales during the disruption
Staff time, network delays, intermittent access for business users
Increased insurance costs due to litigation
Loss of intellectual property - research, pricing, etc.
Costs of forensics for recovery and litigation
Loss of critical communications in time of emergency.

Indirect Cost Implications

Loss of confidence and credibility in our financial systems
Tarnished relationships& public image globally
Strained business partner relationships - domestic and internationally
Loss of future customer revenues for an individual or group of companies
Loss of trust in the government and computer industry.

11
CHAPTER 6 :- INDIAN LAW AND CYBER TERRORISM
In India there is no law, which is specifically dealing with prevention of malware through
aggressive defense. Thus, the analogous provisions have to be applied in a purposive manner.
The protection against malware attacks can be claimed under the following categories:
(1) Protection available under the Constitution of India, and
(2) Protection available under other statutes.

(1) Protection under the Constitution of India:

The protection available under the Constitution of any country is the strongest and the safest one
since it is the supreme document and all other laws derive their power and validity from it. If a
law satisfies the rigorous tests of the Constitutional validity, then its applicability and validity
cannot be challenge and it becomes absolutely binding. The Constitutions of India, like other
Constitutions of the world, is organic and living in nature and is capable of molding itself as per
the time and requirements of the society.

(2) Protection under other statutes:

The protection available under the Constitution is further strengthened by various statutory
enactments. These protections can be classified as:
(A) Protection under the Indian Penal Code (I.P.C), 1860, and
(B) Protection under the Information Technology Act (ITA), 2000.

12
CHAPTER 7 : - PUNISHMENT FOR CYBER TERRORISM

Under Section 66F of the Information Technology Act, 2000 the punishment for cyber terrorism
is given.

(A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror
in the people or any section of the people by
(i) denying or cause the denial of access to any person authorized to access computer resource; or
(ii) attempting to penetrate or access a computer resource without authorization or exceeding
authorized access; or
(iii) introducing or causing to introduce any computer contaminant,
and by means of such conduct causes or is likely to cause death or injuries to persons or damage
to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption
of supplies or services essential to the life of the community or adversely affect the critical
information infrastructure specified under Section 70; or
(B) knowingly or intentionally penetrates or accesses a computer resource without authorization
or exceeding authorized access, and by means of such conduct obtains access to information,
data or computer database that is restricted for reasons of the security of the State or foreign
relations; or any restricted information, data or computer database, with reasons to believe that
such information, data or computer database so obtained may be used to cause or likely to cause
injury to the interests of the sovereignty and integrity of India, the security of the State, friendly
relations with foreign States, public order, decency or morality, or in relation to contempt of
court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of
individuals or otherwise,
commits the offence of cyber terrorism.
(2) Whoever commits or conspires to commit cyber terrorism shall be punishable with
imprisonment which may extend to imprisonment for life.

13
CHAPTER 8 : - PROTECTION FROM CYBER TERRORISM

Currently there are no foolproof ways to protect a system. The completely secure system can
never be accessed by anyone. Most of the militaries classified information is kept on machines
with no outside connection, as a form of prevention of cyber terrorism. Apart from such
isolation, the most common method of protection is encryption. The wide spread use of
encryption is inhibited by the governments ban on its exportation, so intercontinental
communication is left relatively insecure. The Clinton administration and the FBI oppose the
export of encryption in favor of a system where by the government can gain the key to an
encrypted system after gaining a court order to do so. The director of the FBI's stance is that the
Internet was not intended to go unpoliced and that the police need to protect people's privacy and
public-safety rights there. Encryption's drawback is that it does not protect the entire system, an
attack designed to cripple the whole system, such as a virus, is unaffected by encryption.

Others promote the use of firewalls to screen all communications to a system, including e-mail
messages, which may carry logic bombs. Firewall is a relatively generic term for methods of
filtering access to a network. They may come in the form of a computer, router other
communications device or in the form of a network configuration. Firewalls serve to define the
services and access that are permitted to each user. One method is to screen user requests to
check if they come from a previously defined domain or Internet Here are few key things to
remember to protect from cyber-terrorism:
1. All accounts should have passwords and the passwords should be unusual, difficult to guess.
2. Change the network configuration when defects become know.
3. Check with venders for upgrades and patches.
4. Audit systems and check logs to help in detecting and tracing an intruder.
5. If you are ever unsure about the safety of a site, or receive suspicious email from an unknown
address, don't access it. It could be trouble. Protocol (IP) address. Another method is to prohibit
Telnet access into the system.

14
CHPTER 9 : - CONCLUSION

The problems associated with the use of malware are not peculiar to any particular country as the
menace is global in nature. The countries all over the world are facing this problem and are
trying their level best to eliminate this problem. The problem, however, cannot be effectively
curbed unless popular public support and a vigilant judiciary back it. The legislature cannot enact
a law against the general public opinion of the nation at large. Thus, first a public support has to
be obtained not only at the national level but at the international level as well. The people all
over the world are not against the enactment of statutes curbing the use of malware, but they are
conscious about their legitimate rights.

Thus, the law to be enacted by the legislature must take care of public interest on a priority basis.
This can be achieved if a suitable technology is supported by an apt legislation, which can
exclusively take care of the menace created by the computers sending the malware. Thus, the
self-help measures recognized by the legislature should not be disproportionate and excessive
than the threat received by the malware. Further, while using such self-help measures the
property and rights of the general public should not be affected. It would also not be
unreasonable to demand that such self-help measures should not themselves commit any illegal
act or omission.

Thus, a self-help measure should not be such as may destroy or steal the data or secret
information stored in the computer of the person sending the malware. It must be noted that two
wrongs cannot make a thing right. Thus, a demarcating line between self-help and taking law in
ones own hand must be drawn. In the ultimate analysis we must not forget that self-help
measures are watchdogs and not blood-hounds, and their purpose should be restricted to
legitimate and proportionate defensive actions only. In India, fortunately, we have a sound legal
base for dealing with malware and the public at large has no problem in supporting the self-help
measures to combat cyber terrorism and malware.

15
 BIBLIOGRAPHY

BOOKS:

VAKUL SHARMA

WEBSITES:

www.legalserviceindia.com
www.lawyersclubindia.com/

16