Cyber Terrorism: An emerging threat to India By Muthyala Soujanya Priya

Just as there are two sides to every coin so does the technology, thus introducing the concept of cyber terrorism. The greater dependency over technology and the internet had generated perils to the security of the country as well as individuals. Most of the cyber terrorism dangers approach in disguised ways which makes it necessary to spread awareness about it. Cyberspace is being used to intimidate the citizens of the country. With the growing population, there has also been an increase in the crime rate. To sustain the nation against these crimes there has to be the development of new strategies.

The main aim of this essay is to discover the new threat posed to the country in the form of cyber terrorism. This paper attempts to define the term in a clear and simpler way. A study has been made of the challenges of fighting this terrorism. India’s existing counter-terrorism strategies had been examined carefully and countermeasures were described. This paper leads to the elucidation of the cybersecurity in a simpler way using illustrative examples. Many research papers, books, and prominent websites were referred for this study. It provides the reader with an insight into the depth of the danger.

Introduction

According to a report by NCRB, India recorded 21,796 cyber-crimes in 2017 with an increase of 77% from 2016. With the advancement of technology around the world, new methods have emerged which pose a great threat of destruction and loss to the country. These new methods that are adopted by terrorists are more dangerous than the old form of terrorism.

Technology which can be used for various advantageous things, on the other hand, can also be used destructively. Almost in every sector including Government institutions, railways, Judiciary, Aviation, Defence, Banks, etc. are using technology to the maximum extent for storing information, communicating, controlling, etc.

All these sectors are striving to be fully computerized. Online payments have become common and it is used widely from small retailers to large companies and even in few government organizations. With the world developing at a faster rate there is an increase in the competition among the countries that leads to a stronger feeling of nationalism which is also one of the reasons for terrorism. In this modern world, we are confronting a new mode of terrorism known as “Cyber Terrorism”. There is a lot of confusion and misconception among people about cyber terrorism.

What is Cyber Terrorism?

There is no proper delineation of cyber terrorism which is globally abided.

Dorothy E. Denning defines cyberterrorism as, “Cyber-dependent crime perpetrated for political objectives to provoke fear, intimidate and/or coerce a target government or population, and cause or threaten to cause harm. Examples of this narrow conception of Cyberterrorism include attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss. Serious attacks against critical infrastructures could be acts of Cyberterrorism, depending on their impact”.

According to, The IT Act,2000 as amended by the Information Technology (Amendment) Act, 2008, a crime of Cyber Terrorism under Section 66-F:

“Whoever, with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any Section of the people by – denying or cause the denial of access to any person authorised to access computer resource; or attempting to penetrate or access a computer resource without authorisation or exceeding authorised access; or introducing or causing to introduce any computer contaminant and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or knowingly, intentionally penetrates or accesses a computer resource without authorisation or exceeding authorised access, and by means of such conduct obtains access to information, data, computer database that is restricted for reasons of the security of the state or foreign relations; or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, Friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism”.

By the above-quoted definitions, it is evident that there is a distinction between cyber terrorism and cybercrimes. Cybercrimes are usually committed by individuals for their own personal benefits without causing harm to national security. But cyber terrorism includes group activities that are politically motivated to damage the integrity and security of a country.

Techniques used by Cyber Terrorists

1. Hacking: Unauthorised access to a computer system or network is hacking. This technique has become famous because of its free availability of tools like Ping of Death, Hacker Evolution, Netstat live, Advanced Port Scanner, etc.

For example, recently Indian scholars, activists, and journalists were targeted by the hackers using spyware, known as Pegasus which was secretly installed into their phones using a vulnerability in the WhatsApp app that provided access to their text messages and location.

1. Trojan horse: A Trojan is software that seems lawful but is actually harmful that damages computers. It usually deceives the computer user. There are various types of trojans like Backdoor Trojan, DDoS, Downloader Trojan, Fake AV Trojan, etc.
2. Spreading Viruses and Worms: Viruses and worms are usually spread through email attachments from one computer to another computer and put the operating system at risk. They spread at a faster rate.
3. Crimes through emails: Though many Cyber-crimes can be committed through emails, email bombing results in more serious problems. Email bombing means sending numerous emails to the victim by which the victim’s computer crashes or loses network connectivity. Denial of Service (DoS) attacks can also be carried out through emails.
4. Encryption: Most of the terrorist groups today use encryption as a tool to hide and escape from detection. They use encryption codes designed by others.
   Mujahedeen Secrets is one of the famous encryption tools used by Al-Qaeda. In this Digital age, terrorists are well versed with all the encryption techniques.

Challenges of Fighting Cyber Terrorism

Information and communications technology (ICT): The dependence on ICTs results in attacks against critical infrastructure. It also causes financial damages to businesses. ICT is one of the major risks for the military as well as civil communications. Both developed and developing countries greatly depend on ICT.

For example, terrorists in the 26/11 Mumbai attack used the latest technology to communicate and assist in the bombings like Google Earth and VoIP calls to get away from phone-tapping.

• Internet growth: Globally the number of internet users increased from only “413 million” in 2000 to over 3.4 billion in 2016. With this rapid growth of the internet, it is strenuous for the police force to identify the offenders as illegal activities increases.
• The Easy Availability of Devices and Access: Cyber terrorism is cheap and accessible as the offenders can download software tools and use them for committing crimes. They don’t need to use the latest technology for crimes as they only need a piece of equipment for carrying out illegal activities. Another important piece of equipment is internet access. Terrorists use Public Internet terminals, Open (wireless) networks, hacked networks, and Prepaid services without registration requirements for easy access to the internet without being identified which is called “wardriving”.
• Lack of Control: Due to poor control over internet communications the criminal investigations are delayed.
• International Support: Cybercrimes can be committed without any presence at the crime site. Offenders from other countries committing a crime in our country must be investigated which is impossible without international cooperation. This leads to delay in investigations as all countries would not be willing to cooperate.
• Google Dorking: With the easy availability of internet users can attain any information. There are many web pages and blogs through which the offenders can acquire information about how to build a bomb or learn hacking techniques. “Google Dorking” or “Google hacking” is an information-gathering tool used by offenders to find security holes.
• Botnets: It is a malware that is used to collect data about targets. Botnets are a group of compromised computers running programs under external control. It is used to carry out illegal activities. It is a threat to the police force as it is difficult to trace offenders using botnets. The original offender can easily hide.
• Anonymous communications: On one side anonymous emails are boon to users as they can express themselves over politics and government without revealing their identity, on the other side these emails can also be misused by the offenders. Many emails can be created without actual verification and public internet terminals could also be used which makes them difficult to identify.

India’s Counter-Terrorism Strategies

• Indian Computer Emergency Response Team (Cert-In): It is an organization of Government of India which aims to secure India’s cyberspace by responding to cyber-attacks. It also functions to spread awareness among citizens regarding security practices, reports and forecasts cyber incidents. Cert-In collects and examines the information about cyber incidents.
• Cyber Swachhta Kendra: It is a centre for botnet cleaning and malware analysis under the Ministry of Electronics and Information Technology (MeitY), Government of India. This center is a unit under Cert-In which enhances cybersecurity in the country by providing information and raising awareness about the malware and botnets.
• Cyber Security Policy: Following the leaks by NSA whistle-blower Edward Snowden about the spying of US government agencies on Indian users, the Government of India presented Cyber Security Policy in 2013 with an objective to safeguard the country from cyber-attacks. It aims to protect the privacy of citizens. A pan-India dedicated cybersecurity grid is envisaged that would maintain the entire national Internet user base on a dedicated platform for monitoring service mechanisms (Indians).
• National Investigation Agency (NIA) Amendment Bill: Restating ‘zero tolerance’ policy by the government against terrorism, Lok Sabha passed NIA Bill on July 8, 2019, which amends the NIA Act,2008 to give more power to anti-terror agency. This Bill enables the agency to investigate and probe cases of Scheduled Offences, including those committed outside India. The setting up of Special Courts for the trial of scheduled offenses is also a key change in the Bill. The main purpose of this Bill is to speed up the investigations.
• India-US Cyber Security Forum 2001: This conference was held bilaterally after the visit of former Indian Prime Minister, Atal Bihari Vajpayee to the U.S to counter-terrorism in both the countries. Some of the key features include Interaction of security forces of both the countries by identifying and safeguarding common concerns in cybersecurity, Establishment of India “Information Sharing and Analysis Centre” (ISAC) and India Anti Bot Alliance to raise awareness regarding anti-hacking measures, Expansion to new areas by the collaboration between US National Institute of Standards and Technology (NIST) and India’s Standardization Testing and Quality Certification (STQC).
• INTERPOL: International Criminal Police Organization (INTERPOL) is an inter-governmental organization with 194 countries as its members. It has three main crime programs: Counter-Terrorism, Organised and Emerging Crime, Cybercrime. A part of these programs includes training police officials, assisting member countries in identifying and analyzing cybercriminals. They connect police officials of all the countries providing them access to databases.
• IMPACT: International Multilateral Partnership Against Cyber Threats (IMPACT) is a non-profit global organization designed to assist member countries in tackling cybercrimes. It has four main activities: Global Resource Centre (GRC), Training and Skills Development, Security Assurance & Research, Centre for Policy and International Co-operation. It works with INTERPOL, Council of Europe, OECD, etc. to enhance cybersecurity globally. International Telecommunication Union (ITU) declared IMPACT as its physical home for cybersecurity measures. It has 191 countries as members including India.
• FIDO Alliance: The report released by World Economic Forum with the collaboration of FIDO Alliance, has suggested five top passwords fewer authentication technologies, ready for implementation by global companies. They are biometrics, behavioral analytics, zero-knowledge proofs, QR codes, and security keys. This report shows that primary dependence over passwords is not secure and better authentication practices should be incorporated.

Despite these strategies of India to combat cyber terrorism, there is still growth of cybercrimes in the country. According to NCRB, countrywide 1.7 Cybercrimes were committed per one lakh population in 2017. This report manifests the failure of India’s strategies. Hence the security measures have to be more strengthened to safeguard the nation.

Conclusion

With the expansion of new modes of terrorist attacks, the old ways to defend terrorism are proving to be incompetent. New strategies have to be framed in order to protect critical infrastructures. The offenders are well versed with all the existing practices which give them opportunities to escape easily and step forward with the use of the latest technologies. Legislators need to take cyber threats seriously.

There are many loopholes in the existing laws and policies which need modifications. Negotiating with terrorist groups can be a utilitarian way to decrease violence. It can be difficult to approach any settlements with the terrorists but in this way, the long-lasting disputes could be solved.

Law enforcement departments and other Judicial offices need to facilitate themselves with the latest technology. Training and awareness are other important aspects while dealing with cybersecurity. Audit systems and check logs to help in detecting and tracing an intruder. Passwords should be difficult and uncommon. Not responding to unknown emails and links is a way to prevent any cyber-attack.

The latest anti-virus software must be installed on computers. Avoid using open wireless networks as they are more prone to dangers. If something unusual is detected in the computer then it must be immediately verified with the network provider. However, these are a few measures to combat terrorism. Re-examination of existing beliefs and re-educating legislators regarding the perils of cyber terrorism. It is the responsibility of every individual to shield national security in their own capabilities.

-By Muthyala Soujanya Priya, GITAM School of Law, Visakhapatnam

---

References

[1] Sumant Sen, NCRB data: Cybercrimes reached a new high in 2017, THE HINDU (Feb. 04, 2020, 16:50 PM), https://www.thehindu.com/data/cyber-crime-cases-in-india-jumped-77-in-2017-compared-to-2016/article29889061.ece.

[2] Syed Mohd Uzair Iqbal, 2013, Cyber Crime & Cyber Terrorism in India, Ph.D. thesis, Aligarh Muslim University, Aligarh (Feb. 25, 2020, 15:30 PM), http://hdl.handle.net/10603/63591.

[3] UNODC, Cybercrime Module 14 Key Issues, UNODC ORGANIZATION (Feb. 04, 2020, 18:30 PM), https://www.unodc.org/e4j/en/cybercrime/module-14/key-issues/cyberterrorism.html.

[4] ADVOCATE PRASHANT MALI, CYBER LAW & CYBER CRIMES 20-21 (2015).

[5] BBC News, Pegasus breach: India denies WhatsApp hack amid outrage (Jan. 30, 2020, 10:00 AM), https://www.bbc.com/news/world-asia-india-50258948.

[6] Mathiha Nehla Hani & Aswathy Rajan, A Critical Study on Cyber Terrorism with Reference with 26/11 Mumbai Attack, 119 IJPAMS 17, 1617-1636 (2018).

[7]Jeremy Kahn, Mumbai Terrorists Relied on New Technology for Attacks, N.Y. TIMES (Feb. 11, 2020, 17:00 PM), https://www.nytimes.com/2008/12/09/world/asia/09mumbai.html.

[8] Max Roser, Hannah Ritchie & Esteban Ortiz-Ospina, Internet, OUR WORLD IN DATA (Feb. 06, 2020, 19:30 PM), https://ourworldindata.org/internet.

[9] Gabi Sobliye, Search Smarter by Dorking, THE KIT (Feb. 12, 2020, 23:36 PM), https://kit.exposingtheinvisible.org/how/google-dorking.html.

[10] Ministry of Electronics and Information Technology, Government of India, Roles and Functions, CERT-IN (Feb. 07, 2020, 14:30 PM), https://www.cert-in.org.in/.

[11] Ministry of Electronics and Information Technology, Government of India, About Us, CYBER SWACCHTA KENDRA (Feb. 07,2020,18:40 PM), https://www.cyberswachhtakendra.gov.in/about.html.

[12] Aksheev Thakur, Pan-India cybersecurity grid needed, DC, Jan 12, 2020, p.9.

[13] Business Today, Lok Sabha passes NIA Amendment Bill to give more power to anti-terror agency; here’s all you need to know, BUSINESS TODAY (Jan. 30, 2020, 15:30 PM), https://www.businesstoday.in/current/economy-politics/lok-sabha-passes-nia-amendment-bill-to-give-more-power-to-anti-terror-agency-here-all-you-need-to-know/story/364609.html.

[14] Ibid.

[15] Ministry of External Affairs, India-US Cyber Security Forum – Fact Sheet, GOVERNMENT OF INDIA (Feb. 08, 2020, 13:20 PM), https://www.mea.gov.in/bilateral-documents.htm?dtl/6014/IndiaUS+Cyber+Security+Forum++Fact+Sheet.

[16] IMPACT, International Multilateral Partnership Against Cyber-Terrorism, INTERNATIONAL TELECOMMUNICATION UNION, (Feb. 12, 2020, 17:45 PM), http://www.itu.int/ITU-D/conferences/rpm/2009/asp/documents/IMPACTOverview.pdf.

[17] Ibid.

[18] Davos, Passwordless safety pitched at Davos, DC, Jan 23, 2020, p.11.

[19] Ibid.

[20] Sen, supra note 1.

[21] Sarah Gordon & Richard Ford, Cyberterrorism, 21 COSE, 636-647 (2002), 10.1016/S0167-4048(02)01116-1.

---

1. A Roadmap to India’s Food Security in the 21st Century by Drishti Verma