Cyber-terrorism, Computer Crime and Reality
The aim of this article is to define Cyber-terrorism. With that in mind, the first part of this article analyzes the notion of terrorism, a broad category to which the species “Cyber-terrorism” belongs. The second part of this article, on the other hand, is fundamentally about determining the scope of the term Cyber-terrorism, and presenting the challenges that this creates in a global and interconnected world.
What is Cyber-terrorism?
Much has also been written on the topic of Cyber-terrorism, despite lacking unanimous consensus regarding its scope and meaning. As it were, for Cyber-terrorism to be, effectively, a form of terrorism, it must meet the structure, harm principle and elements of terrorism. As a result, the scope of Cyber-terrorism is, as its name suggests, based on the “place” in which it occurs or the “medium” through which it is carried out: in cyberspace instead of the physical world. From this point of view, Cyber-terrorism is not an autonomous crime, which should be punished independently. Rather, it implies a kind of terrorism characterized by a unique method of execution.
That Cyber-terrorism is defined by its location or the medium through which it is executed can be criticized to some extent. To address such criticisms, a comparison can be made to aircraft hijacking terrorist acts, such as the 9/11 terrorist attacks on the World Trade Center; or vehicle-based terrorist attacks, such as when a truck deliberately drove into a crowd of people on the Nice promenade in 2016. In reality, the scope of Cyber-terrorism appears to follow the general tendency for many “real world” phenomena to be replicated online. Thus, it is common to talk about “cyber activism” (Milan and Hintz, 2013) as a type of activism carried out online; or “cyberbullying” (Kraft and Wang, 2009) being a type of bullying which also occurs online. Similarly, it’s not difficult to imagine that, with the rise of terrorism, there has also emerged it’s virtual strain: Cyber-terrorism.
How often do cyber attacks occur?
Cyber attacks hit businesses every day. Former Cisco CEO John Chambers once said, “There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.” According to the Cisco Annual Cybersecurity Report, the total volume of events has increased almost fourfold between January 2016 and October 2017.
Why do people launch cyber attacks?
Cybercrime has increased every year as people try to benefit from vulnerable business systems. Often, attackers are looking for ransom: 53 percent of cyber attacks resulted in damages of $500,000 or more.
Cyberthreats can also be launched with ulterior motives. Some attackers look to obliterate systems and data as a form of “hacktivism.”
What is a botnet?
A botnet is a network of devices that has been infected with malicious software, such as a virus. Attackers can control a botnet as a group without the owner’s knowledge with the goal of increasing the magnitude of their attacks. Often, a botnet is used to overwhelm systems in a distributed-denial-of-service attack (DDoS) attack.
Cyber-terrorism punishment in India
Section 66F of the IT Act prescribes punishment for cyber terrorism. Whoever, with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people, denies or causes the denial of access to any person authorized to access a computer resource, or attempts to penetrate or access a computer resource without authorisation or exceeding authorised access, or introduces or causes the introduction of any computer contaminant, and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect critical information infrastructure, is guilty of 'cyber terrorism'. Whoever knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorised access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons for the security of the State or foreign relations, or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, is also guilty of 'cyber terrorism'.
Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life.
There is no provision in the IPC that mirrors section 66F of the IT Act, though section 121 of the IPC (waging, or attempting to wage war, or abetting waging of war, against the Government of India) does cover this offence partially.
Types of Cyber-terror capability
In 1999 the Center for the Study of Terrorism and Irregular Warfare at the Naval Postgraduate School in Monterey, California defined three levels of cyberterror capability:
- Simple-Unstructured: the capability to conduct basic hacks against individual systems using tools created by someone else. The organization possesses little target-analysis, command-and-control, or learning capability.
- Advanced-Structured: the capability to conduct more sophisticated attacks against multiple systems or networks and possibly, to modify or create basic hacking-tools. The organization possesses an elementary target-analysis, command-and-control, and learning capability.
- Complex-Coordinated: the capability for a coordinated attack capable of causing mass-disruption against integrated, heterogeneous defenses (including cryptography). Ability to create sophisticated hacking tools. Highly capable target-analysis, command-and-control, and organization learning-capability.