Cyber Terrorism...A New Challenge to Law Enforcement Agencies

.

 

[This article was first published in CID Review-June 2002 from Crime Branch CID Tamil Nadu]

In the post September 11, 2001 scenario, “Terrorism” has attracted the attention of law enforcement authorities (LEAs) all over the world.  In a society where Internet has become a common tool of Communication, Information Dissemination, Business and Governance, it is natural that “Cyber Terrorism” has also gained the attention of LEA s along with Terrorism per-se and other Crimes. 

Scope and Definition of Cyber Terrorism 

Before we discuss some of the challenges that Cyber Terrorism poses on the society and the LEA s, it is necessary to understand the scope of the term “Cyber Terrorism”. 

Cyber Terrorism has the following two dimensions.  

1.      “Terrorism in Real World or Meta Space” using the Cyber Space as a conduit.

2.       “Terrorism in Cyber Space” involving destruction of Cyber properties.  

Terrorism in Meta space results in an adverse effect on Meta society persons and property. When Al Queda terrorists use Internet to down load the topography of the Indian Parliament building and plan an attack based on such information or use Internet to communicate amongst the members of the attacking team and their superiors, we are talking of a Meta Society terrorist act using Cyber tools. Similarly when an e-mail chain is set-off on the internet spreading a false story on the Godhra tragedy or a website such as daliststan.org is being published, there is an attempted use of Cyber space to further the terrorist movement in the Meta society. 

On the other hand, when the hackers of the Anti India Force of Pakistan attack Indian websites and deface them, we are talking of a Cyber Property of an Indian being attacked. In a more sophisticated attack, the website of economic significance such as the National Stock Exchange may be disabled through a virus or a Distributed Denial of Service attack causing stoppage of a vital commercial activity.  

Some acts of Terrorism in Cyber space may not affect the Metaspace properties directly, even though the psychological impact of a well planned terrorist attack on Cyber property can be devastating even on Meta society persons and property. 

Since Meta society Terrorism laws are some times inadequate to meet the contingencies of the Cyber Space and Cyber Society Laws may be inadequate to deal with “Terrorist” acts, there is enough scope for Cyber terrorists to slip between the two legislations and escape conviction. 

The most important challenge before LEA s is therefore to understand the legal framework applicable to Cyber Terrorism and work within its limitations and yet meet the expectations of the society. 

Additionally, like in the case of Meta Society Terrorism, the LEA s will have to neutralize the motivating forces behind the raise of Terrorist movements in an accepted civilized manner, not providing an opportunity for Terrorists to hide behind human rights Activists. This may require careful handling of the Intelligence related functions without being accused of “Privacy Invasion” or “Censorship”. 

Lastly given that the Cyber Environment is built on “Communication” , Cyber terrorism is capable of being operated remotely with a highly distributed network of operators and creating all kinds of “Jurisdictional” problems relating to Intelligence gathering, Investigation and Conviction. 

Cyber Terrorism therefore poses a challenge far different from what the LEA s are accustomed to and needs a well planned Anti Cyber Terrorism Action Plan to prevent the country being devastated through the invisible Cyber space attacks. 

Let us look at each of these challenges in a little more detail to understand the issues involved. 

Laws Regarding Cyber Terrorism 

Presently there are established laws that govern the “Terrorism” in Meta Space. However, there are no special laws governing “Cyber Terrorism”. 

On October 17, 2000 special laws governing Cyber Crimes became effective in India with the passage of Information Technology Act 2000 (ITA-2000). Subsequently, the special act for Terrorism, POTA was also enacted with effect from 24th October 2001. We need to therefore look at the laws governing “Cyber Terrorism” within these laws and any other associated legislation that may come into effect by cross reference including the IPC. 

Terrorism in Meta Space using Cyber space as a conduit is to be governed by the laws of the Meta space such as POTA with evidence gathered from Cyberspace as per the provisions of ITA-2000 which brought in some changes in the Indian Evidence Act.  

On the other hand, “Terrorism” in Cyber Space is a different aspect. Unfortunately, when ITA-2000 was enacted, the focus of legislation was not on “Cyber Terrorism”. ITA-2000 therefore addresses some issues of Cyber Crimes but does not adequately address the issues of “Cyber Terrorism”. 

Cyber Terrorism under POTA 

POTA defines terrorism mainly as an act against the Government involving explosives or bio chemical weapons likely to cause death of a person or destruction of property. These are more relevant to the Meta society and extending it to the Cyber Terrorism is a laboured exercise. 

Section 3 of POTA 2002 defines a “Terrorist Act” with reference to

  1. Intention
  2. Means
  3. Effect.

 According to the section, “Terrorist Act” is defined as any act or thing  

With Intent to 

(a)    threaten the unity, integrity, security or sovereignty of India or

(b)   strike terror in the people or any section of the people  

By

i) Using bombs, dynamite or other explosive substances or inflammable substances or firearms or other lethal weapons or

ii) Poisons or noxious gases or other chemicals or

iii) By any other substances (whether biological or otherwise) of a hazardous nature or

iv) By any other means whatsoever,  

in such a manner as to  

a) Cause, or likely to cause, death of, or injuries to any person or persons or

b) Loss of, or damage to, or destruction of, property or disruption of any supplies or services essential to the life of the community or

c) causes damage or destruction of any property or equipment

i) Used or intended to be used for the defense of India or

ii)  In connection with any other purposes of the Government of India, any State Government or any of their agencies, or

d) Detains any person and threatens to kill or injure such person in order to compel the Government or any other person to do or abstain from doing any act;.

It is important to note that the intentions to constitute an act of Terrorism under POTA include not only an act that threatens the unity and integrity of the country but also to “Strike Terror”. The definition is however conditional to the use of specific tools such as explosives etc and also causing death or damage to certain kinds of property. 

Unfortunately, the “Means” mentioned in the above definition does not directly mention use of “Computer” or “Internet” unless we try to extent the meaning of “Any other means”.  

Further, by restricting the type of property involved to certain class of property belonging to the Government, the Act fails to cover cases of “Damage to Public Property” that can also strike terror to the common man. 

Today, terrorism is not restricted at striking and damaging the physical targets of the Government. Striking at “Economic Targets” and undermining the economy of the country is also considered an important terrorist strategy. Also, many vital Information assets are today owned by non Government sector and excluding them from being considered as potential terrorist targets under POTA could be an oversight.  

To give an example, recently there was an attempt to create a “Run” on Global Trust Bank in Hyderabad by spreading a rumour through e-mails. The same could have been attempted on any of the Government owned Banks also. It would be wrong to say that an attack on Global Trust Bank is not a terrorist act while an attack on Indian Bank would be so. 

We can therefore state that the definition of terrorism under POTA is not wide enough to cover classic acts of Cyber terrorism involving hacking of websites of private sector companies since it is restricted to “Explosives and Bio Chemical “ usage for destroying Government property and Critical supplies. 

Contrast this with the definition of “Terrorism” given by FBI in USA which defines Terrorism as “The unlawful use of force or violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives… through the exploitation of systems deployed by the target”. 

Besides, the US Patriot Act which was passed after the September 11, 2001 attack has also recognized the Cyber terrorism angle by mandating the setting up of a national network of electronic crime task forces, throughout the United States, for the purpose of preventing, detecting, and investigating various forms of electronic crimes, including potential terrorist attacks against critical infrastructure and financial payment systems. In view of this clear definition, the LEAs in USA can use all the powers under the US Patriot act even if a terrorist attacks a private Cyber property of Yahoo or E-Bay. 

LEA s in India do not have similar legal support and are under a weak ground when it comes to handling Cyber terrorism. In most cases of Cyber terrorism, they have to invoke IPC and use Cyber evidence to prove the crime. This imposes all the restrictions that are normally available at the time of investigation and intelligence gathering. With the well known difficulties involved in capturing, preserving and presentation of transient Cyber Evidence in an Indian Court, achieving  conviction of a Cyber Terrorist in India under IPC through normal courts is an unenviable task for the Indian Police. 

To elaborate, we can take the powers available to “intercept Communication” for the purpose of investigation. The “Interception Powers” provided under POTA are far superior to the provision under ITA-2000 and also the Indian Telegraph Act (Set to be replaced with the Communication Convergence Act shortly). To invoke these powers, the offence has to be defined as a “Terrorist Act” under POTA and therefore most of the Cyber Terrorist attacks may be outside such powers. 

The non classification of an offence as “Terrorism” under POTA will also make it difficult to use the power to hold a person who has funded the transaction or otherwise assisted in holding the property belonging to the terrorist responsible for the terrorist act. If this power is available, the LEA can force ISP s to block the terrorist websites such as dalitstan.org or otherwise force the ISP s to cooperate in the tracing of the accused.  

Immediate action is therefore called upon to include Cyber Terrorism also under the definition of “Terrorism” under POTA. 

Neutralizing the Motivation 

The terrorist organizations thrive in a democratic society often misusing the freedom of speech guaranteed to them by the state. In the Cyber terrorism scenario, this may be in the form of running websites that publish false and mischievous information to alienate the public from the Government so that the terrorists on the ground can carry out their subversive activities. 

 For every Sivarasan and Dhanu who carries out an actual terrorist attack, there are several Nalini s who sympathize with the cause of the terrorists and make the terrorist act possible.  

LEA s have to therefore exercise a strategy to silence the propaganda that sustains terrorism. The websites dalitstan.org and Hinduism.org and the post Godhra e-mail chain distribution, stare in our face as examples of such covert mobilization of public sympathy to anti national cause. Unless the LEAs take steps to block objectionable content in web sites, e-mail or chat rooms, it would be difficult to curb Cyber Terrorism. 

Any thought of such actions to silence propaganda will however attract an allegation of undue curbs on the freedom of speech. It is therefore necessary for the LEA s to ensure that they tread the middle path of protecting the public from malicious propaganda while at the same time avoiding putting a curb on genuine public opinion that is opposing the views of the Government of the day.  This is a tough task. 

One of the ways by which a propaganda can be countered is to provide an opposing view in a manner which dilutes the impact of the propaganda. For example, for every anti Indian view point on Kashmir on a website, there has to be a counter viewpoint which should be made available to every visitor of the anti Indian site. This can be done through an interception at the ISP level.  

Cyber intelligence gathering is another area where the LEA s are often accused of violating the “Privacy Rights”. Any evesdropping or filtering of communication will come under the purview of this charge of “Privacy Invasion”.  The LEA s will have to therefore follow a system by which the intelligence gathering mechanisms work under proper supervision with and safety measures against misuse.  

FBI has in the past devised software in the form of “Carnivore” and “Magic Lantern” to tap the communications that pass through a suspect’s system. These have been objected to vehemently by Citizen’s rights groups in USA.  

In order to avoid similar accusations in India, the LEA s should develop an appropriate strategy through which a good public rapport is built up for such intelligence activities. One way by which this can be achieved is by developing a Public participation in the intelligence mechanism through accredited “Ethical Hackers” and “Cyber Patrol Agents”. This would be helpful both from the point of view of the complexity of the technology involved as well as the vastness of the Cyber Patrol area. Such Cyber Patrolling Agents may be given responsibilities for monitoring content in specific chat rooms, e-mail lists, websites etc.  

Jurisdictional Problems 

Jurisdictional issues are the biggest hurdles in any Cyber Crime investigations. In the Cyber Terrorism cases, this problem assumes a new dimension since terrorists easily get a safe harbour in another country to launch their attacks in Cyber space.  

Hence even after tracing the origin of a terrorist attack to a particular IP address it may be impossible to investigate further and bring the culprits to book. 

The only remedy for this is to “Counter Attack” the terrorists through Cyber Space and destroy their infrastructure. This is like a “Hot Pursuit” in a “Cyber War” and requires counter hacking capabilities which can destroy the system of a terrorist or otherwise intercept their communication capabilities. 

Additionally, countries which have friendly relations need to enter into suitable Anti Cyber Terrorism Treaties to help each other when required. India can take a lead in this regard in forging such an alliance in South East Asia which may include Sri Lanka, Singapore, Malaysia, Thailand, and Philippines etc. 

It may also be worthwhile to develop a mechanism within India to ensure  co-ordination between different State Police forces to enable them instantly come together in case of a Cyber Crime investigation. If necessary, a separate national task force for Cyber Crimes needs to be set up as an apex body to investigate Cyber Crimes.  

In summary, Cyber Terrorism is a growing menace in the Cyber space and poses, many challenges to the Law Enforcement Agencies. In order to assist the Indian LEAs in improving their capabilities to handle Cyber Terrorism, it is necessary to make appropriate legal changes to include Cyber Terrorism under POTA, create a public support system for “Ethical Hacking” and “Cyber Patrolling” and also accept “Counter Attacks” as one of the effective strategies for curbing Cyber Terrorism.

  Naavi

Your Views can be sent here



For Structured Online Courses in Cyber laws, Visit Cyber Law College.com

.

Back To Naavi.org