Paper presented at:
II World Congress on Informatics and Law
Madrid,
Spain
September 2002
Paper presented by:
Rohas Nagpal
President,
Asian School of Cyber Laws
rn@asianlaws.org
Rohas Nagpal -Cyber Terrorism- Abstract
2
ABSTRACT
Computer crime has hit mankind with unbelievable severity. In the past, hackers have taken
down national defense systems, taken control of a huge dam, shut down large segments of
America's power grid, silenced the command and control system of the US Pacific Command
in Honolulu, disrupted troop deployments during the Gulf War etc.
Technology savvy terrorists and organized crime syndicates are using 512-bit encryption and
digital steganography to secure their communication channels.
In light of this disturbing scenario, it is prudent to distinguish between cyber crime, a
domestic issue that may have international ramifications and cyber terrorism, an international
issue that may have domestic ramifications.
While a cyber crime can be described simply as an unlawful act wherein the computer is
either a tool or a target or both, cyber terrorism merits a more detailed definition.
The author has proposed the following definition of the term "cyber terrorism":
Cyber terrorism is the premeditated use of disruptive activities, or the
threat thereof, in cyber space, with the intention to further social,
ideological, religious, political or similar objectives, or to intimidate any
person in furtherance of such objectives.
This paper first examines the tools and methodologies of cyber terrorism such as viruses,
worms, Trojans, denial of service attacks and cryptography. The paper then discusses the
proactive and reactive legislative measures undertaken by various countries to counter cyber
crime in general and cyber terrorism in particular.
Finally, the paper discusses some of the major incidents of cyber terrorism that have ravaged
the real and virtual worlds in the recent past.
Rohas Nagpal -Cyber Terrorism- Defining Cyber Terrorism
3
1. DEFINING CYBER TERRORISM
Computer crime has hit mankind with unbelievable severity. Computer viruses, worms,
Trojans, denial of service attacks, spoofing attacks and e-frauds have taken the real and
virtual worlds by storm.
However, all these pale in the face of the most dreaded threat – that of cyber terrorism. In
1998, a 12-year-old boy successfully hacked into the controls for the huge Roosevelt Dam on
the Salt River in Arizona, USA. He might have released floodwaters that would have
inundated Mesa and Tempe, endangering at least 1 million people.
Two cyber terrorist groups—the Unix Security Guards and the World Fantabulous
Defacers—made 111 digital attacks on Indian educational and business sites recently. A pro-
Islamic cyber-alliance now operates across the Internet against U.S., Israeli, and Indian
targets.
In light of this disturbing scenario, it is prudent to distinguish between cyber crime, a
domestic issue that may have international ramifications and cyber terrorism, an international
issue that may have domestic ramifications.
While a cyber crime can be described simply as an unlawful act wherein the computer is
either a tool or a target or both, cyber terrorism merits a more detailed definition.
The author has proposed the following definition of the term "cyber terrorism":
Cyber terrorism is the premeditated use
1 of disruptive activities2, or thethreat
3 thereof, in cyber space4, with the intention5 to further social,ideological, religious, political or similar objectives, or to intimidate
6 anyperson
7 in furtherance of such objectives.The underlying premise in this definition is that cyber crime and cyber terrorism differ only
on the basis of the motive and intention of the perpetrator.
1
Premeditated use implies use preceded by careful planning, thought and / or deliberation.2
Disruptive activities are those that prevent the normal continuance of something.3
The threat need not necessarily be directed towards the target of the act of cyber terrorism, but may be directedtowards any person in whom the target has an interest.
4
The term cyber space used here extends to the entire virtual world, i.e. the Internet, stand alone computers,
every bit of information stored in storage media - removable, non removable, physical and virtual.
5
The term intention implies the reason or purpose for which an act is committed, sought to be committed or
threatened to be committed.
6
To intimidate means to put a person in fear and thereby compel him to do or not to do something that he doesnot desire to do.
7
The term person used here includes a human being, a corporate entity, a State, or a collection thereof.Rohas Nagpal -Cyber Terrorism- Tools of terror
4
2. TOOLS OF TERROR
Cyber terrorists use various tools and methods to unleash their terrorism. Some of the major
tools and methodologies are discussed below:
2.1. Hacking
“Hacking” is a generic term for all forms of unauthorised access to a computer or a computer
network.
Hacking can manifest itself in many ugly forms including “
cyber murders”. A Britishhacker hacked into a Liverpool hospital in 1994 and changed the medical prescriptions for the
patients. A nine-year-old patient who was "prescribed" a highly toxic mixture survived only
because a nurse decided to re-check his prescription. The hacker’s motive – he wanted to
know "what kind of chaos could be caused by penetrating the hospital computer"! Others
have not been so lucky. An underworld don who was only injured in a shoot out was killed
by an overdose of penicillin after a hacker broke into the hospital computers and altered his
prescription.
Hacking is facilitated by many technologies, the major ones being packet sniffing
8, tempestattack
9, password cracking10 and buffer overflow11.8
When information is sent over computer networks, it gets converted into hex and broken into lots of packets.Each packet is identified by a header, which contains the source, destination, size of packet, total number of
packets, serial number of that packet, etc. If a hacker wants to see this information, he uses Packet Sniffing
technology that reconverts the data from hex to the original. This technology is like putting the equivalent of a
phone tap on a computer. Sniffing can be committed when a packet leaves the source or just before it reaches
the destination. For this, the hacker would need to know only the IP Address (the unique number that identifies
each computer on a network). A packet sniffer can log all the files coming from a computer. It can also be
programmed to give only a certain type of information – e.g. only passwords.
9
TEMPEST (Transient Electromagnetic Pulse Emanation Standard) technology allows someone not in the
vicinity to capture the electromagnetic emissions from a computer and thus view whatever is on the monitor. A
properly equipped car can park near the target area and pick up everything shown on the screen. There are some
fonts that remove the high-frequency emissions, and thus severely reduce the ability to view the text on the
screen from a remote location. This attack can be avoided by shielding computer equipment and cabling.
10
A password is a type of secret authentication word or phrase used to gain access. Passwords have been usedsince Roman times. Internal to the computer, passwords have to be checked constantly. So, all computers try to
"cache" passwords in memory so that each time a password is needed the user does not need to be asked. If
someone hacks into the memory of a computer, he can sift the memory or page files for passwords.
Password crackers are utilities that try to ‘guess’ passwords. One way, the dictionary attack, involves trying out
all the words contained in a predefined dictionary of words. Ready-made dictionaries of millions of commonly
used passwords can be freely downloaded from the Internet. Another form of password cracking attack is ‘brute
force’ attack. In this attack, all possible combinations of letters, numbers and symbols are tried out one by one
till the password is found out.
11
Also known as buffer overrun, input overflow and unchecked buffer overflow, this is probably the simplestway of hacking a computer. It involves input of excessive data into a computer. The excess data "overflows"
into other areas of the computer’s memory. This allows the hacker to insert executable code along with the
input, thus enabling the hacker to break into the computer.
Rohas Nagpal -Cyber Terrorism- Tools of terror
5
2.2. Trojans
In the 12th century BC, Greece declared war on the city of Troy because the prince of Troy
abducted the queen of Sparta with a wish to make her his wife. The Greeks besieged Troy for
10 years but met with no success as Troy was very well fortified.
In their last effort, the Greeks pretended to be retreating, leaving behind a huge wooden
horse. The people of Troy saw the horse, and, thinking it was a present from the Greeks,
pulled the horse into their city, unaware that the hollow wooden horse had the best Greek
soldiers inside.
Under the cover of night, the Greek soldiers snuck out, opened the gates of the city, and later,
together with the rest of their army, killed the entire army of Troy.
Similar to the wooden horse, a Trojan horse program pretends to do one thing while actually
doing something completely different.
Trojans are of various types, the important ones being:
i. Remote Administration Trojans
12ii. Password Trojans
13iii. Privileges-Elevating Trojans
14iv. Key loggers
15v. Destructive Trojans
1612
They let a hacker access the victim's hard disk, and also perform many functions on his computer (copy files,shut down his computer, open and close his CD-ROM tray etc.).
13
Password Trojans search the victim’s computer for passwords and then send them to the attacker or the authorof the Trojan. There are Trojans for every kind of password. These Trojans usually send the information back to
the attacker via email.
14
These Trojans are usually used to fool system administrators (the system administrator is considered to be theking of the network as he has the maximum privileges on the network). They can either be bound into a
common system utility or pretend to be something harmless and even quite useful and appealing. Once the
administrator runs it, the Trojan will give the attacker more privileges on the system.
15
These Trojans log all of the victim’s keystrokes on the keyboard (including passwords), and then either savethem on a file or email them to the attacker once in a while. Key loggers usually don't take much disk space and
can masquerade as important utilities, thus making them very hard to detect.
16
These Trojans can destroy the victim’s entire hard drive, encrypt or just scramble important files. Some mightseem like joke programs, while they are actually destroying every file they encounter.
Rohas Nagpal -Cyber Terrorism- Tools of terror
6
2.3. Computer Viruses
A computer virus is a computer program that can infect other computer programs by
modifying them in such a way as to include a copy of it.
Viruses are very dangerous; they are spreading faster than they are being stopped, and even
the least harmful of viruses could be fatal. For example, a virus that stops a hospital lifesupport
computer could be fatal.
Over the years thousands of viruses have ravaged the information of computer users, the most
(in)famous ones being Melissa
17, ExploreZip18, Chernobyl19, I Love You virus20, PakistaniBrain
21, Stoned-Marijuana22, Cascade23 and Michelangelo24.17
This virus, when it was first noticed on 26th March 1999 was the fastest spreading virus the world over. Thevirus by itself was quite harmless. It merely inserted some text into a document at a specified time of the day.
What caused the maximum harm was that the virus would send itself to all the email addresses in the victim’s
address book. This generated enormous volume of traffic making servers all over the world crash.
18
In its activities it was similar to Melissa, but there was one major difference. ExploreZip, first discovered inJune 1999, was not a virus but a Trojan. This means that it was incapable of replicating itself. Thus, the Melissa
virus had more far reaching presence. Also, ExploreZip was more active. It not only hijacked Microsoft Outlook
but also selected certain files and made their file size zero – reduced their data to nothing. Those files were then
of no use to the user and they could not be recovered.
19
The Chernobyl, or PE CIH, virus activates every year on the 26th of April – on the anniversary of theChernobyl, Ukraine, nuclear power plant tragedy. The virus wipes out the first megabyte of data from the hard
disk of a personal computer thus making the rest of the files of no use. Also, it also deletes the data on the
computer’s Basic Input-Output System (BIOS) chip so that the computer cannot function till a new chip is fitted
or the data on the old one is restored. Fortunately only those BIOSes, which can be changed or updated, face a
threat from this virus.
20
In May 2000, this deadly virus beat the Melissa virus hollow – it became the world’s most prevalent virus. Itstruck one in every five personal computers in the world. Losses incurred due to this virus were pegged at US $
10 billion. The virus used the addresses in the victim’s Microsoft Outlook and e-mailed itself to those addresses.
The email, which was sent out, had "ILOVEYOU" in its subject line. The attached file was named "LOVELETTER-
FOR-YOU.TXT.vbs". People wary of opening email attachments were conquered by the subject line
and those who had some knowledge of viruses, did not notice the tiny .vbs extension and believed the file to be
a text file. The message in the e-mail was "kindly check the attached LOVELETTER coming from me".
This virus has a destructive effect. Whereas Melissa merely inserts some text into the affected documents at a
particular instant during the day, this virus first selects certain files and then inserts its own code in lieu of the
original data contained in the file. This way it creates ever-increasing copies of itself.
21
This is the first virus known to have spread all over the world.22
This virus was originally written in New Zealand and would regularly display a message, which said, “YourPC is stoned. Legalize Marijuana.”
23
This virus is also called “Falling Letters” or “1701”. It initially appeared as a Trojan horse in the form of aprogram designed to turn off the Num-Lock light on the user’s keyboard. In fact, what it did was to make the
characters on the screen drop in a heap to the bottom of the screen.
24
This virus is titled after famous Italian Renaissance artist Michelangelo Buonarroti. It gets activated everyyear on the artist’s birthday – 6
th March.Rohas Nagpal -Cyber Terrorism- Tools of terror
7
2.4. Computer Worms
The term “worm”, in relation to computers, was used for the first time by science fiction
author John Brunner in his book called “The Shockwave Rider”.
A computer worm is a self-contained program (or set of programs) that is able to spread
functional copies of itself or its segments to other computer systems (usually via network
connections). Unlike viruses, worms do not need to attach themselves to a host program.
There are two types of worms – host computer worms
25 and network worms26.The first computer worm was developed for the assistance of air traffic controllers in 1971.
This “worm” programme would notify air traffic controllers when the controls of a plane
moved from one computer to another. In fact, this worm named “creeper” would travel from
one computer screen to the other on the network showing the message, “I’m creeper! Catch
me if you can!” The difference was that this creeper did not reproduce itself.
The world has seen thousands of worms, the more (in)famous ones being the Internet
Worm
27, the SPAN network worm28 and the Christmas tree Worm29.25
Host computer worms are entirely contained in the computer they are on and use network connections only tocopy themselves to other computers. The original terminates itself after launching a copy on another host (so
there is only one copy running somewhere on the network at a given moment). They are also called "rabbits".
26
Network worms consist of multiple parts (called "segments"), each running on different machines (andpossibly performing different actions), using the network for several communication purposes. Network worms
that have one main segment, which coordinates the work of the other segments are sometimes called
"octopuses".
27
On November the 22nd, 1988, Robert Morris, a Cornell University science graduate accidentally released hisworm on a very large network in the area. This network was named Arpanet, which later became the Internet.
The worm managed to infect approximately three thousand computers during eight hours of activity.
The Internet worm disabled all those machines by making copies of itself and thus clogging them. During
repairs, many machines had to be completely taken off the network till all copies of the worm could be totally
removed.
28
On the 16th of October 1989, a worm named WANK infected many computers on a network. This worm, if itfound that it had system privileges, would change the system announcement message to “Worms against
Nuclear Killers!” The message was graphically shown as the first letters of each word and the last three letters
of the last word.
29
The Christmas tree worm was a combination of a Trojan horse and a chain letter. This mainframe wormmanaged to paralyze the IBM network on Christmas day 1987. The worm was written in a language called
Exec. It asked the user to type the word “Christmas” on the screen. Then it drew a Christmas tree and sent itself
to all the names of people stored in the user files “Names” and “Netlog” and in this way propagating itself.
Rohas Nagpal -Cyber Terrorism- Tools of terror
8
2.5. Email Related Crime
Email has emerged as the world’s most preferred form of communication. Like any other
form of communication, email is also misused by criminals.
The ease, speed and relative anonymity of email has made it a powerful tool for criminals.
Some of the major email related crimes are email spoofing
30, spreading Trojans, viruses andworms; email bombing
31, threatening emails, defamatory emails.2.6. Denial of Service Attacks
In January 2002, Cloud Nine, a UK based Internet Service Provider (ISP), was forced to shut
shop after a week-long Denial of Service attack (DoS) resulted in the complete stoppage of
its service.
Denial of Service (DoS) attacks are aimed at denying authorized persons access to a
computer or computer network. These attacks may be launched using a single computer or
millions of computers across the world. In the latter scenario, the attack is known as a
distributed denial of service (DDoS) attack.
The main reason for the vulnerability of computer systems to DoS attacks is the limited
nature of computer and network resources, be it bandwidth, processing power, storage
capacities or other resources.
DoS attacks pose another challenge, namely timely detection and source identification. These
attacks are usually launched from ‘innocent’ systems
32 that have been compromised by theattackers. All the attacker needs to do to launch a DDoS attack is install a Trojan in many
computers, gain control over them and then employ them in sending a lot of requests to the
target computer.
DDoS attacks are a very perturbing problem for law enforcement agencies mainly because
they are very difficult to trace. In addition, usually these attacks target sensitive systems or
networks sometimes even those that are vital to national security. Sometimes, even when the
perpetrators can be traced, international extradition laws may prove a hitch in bringing them
under the authority of the law.
30
A spoofed email is one that appears to originate from one source but actually has been sent from anothersource.
31
Email bombing refers to sending a large number of emails to the victim causing his email server to crash.32
Numerous websites allow the “free” and simple download of Trojans. This feature is especially interesting toamateur hackers who like harassing their friends. What they are left unaware of is that these free Trojans that
they download are designed so as to give the creator absolute control over the computer systems of the users of
the Trojan and their intended victims. Such computers become innocent pawns in a denial of service attack.
Rohas Nagpal -Cyber Terrorism- Tools of terror
9
Some of the common modes of DoS attacks are teardrop
33, SYN attack34, UDP flooding35,Land attacks
36, Bandwidth Consumption37, Consumption of Other Resources38 and Ping ofDeath
39.33
The Teardrop attack exploits the vulnerability present in the reassembling of data packets. Data sent using theTCP/IP protocol is broken into packets at the origin and rejoined at the destination. Presuming that 3000 bytes
of data are being sent from X to Y, the transaction could look something like this:
Packet number 1 contains bytes number 0001 through 1000
Packet number 2 contains bytes number 1001 through 2000
Packet number 3 contains bytes number 2001 through 3000
In case of a teardrop attack, the transaction could be something like this:
Packet number 1 contains bytes number 0001 through 1000
Packet number 2 contains bytes number 0801 through 2000
Packet number 3 contains bytes number 1501 through 3000
This kind of repetition of bytes within data packets can cause the recipient system to crash / hang / reboot.
34
When two computers, say X and Y establish a TCP/IP connection, the initial transaction, known as a threewayhandshake, is something like this. (Note: SYN means Synchronization packet while ACK means
Acknowledgement packet).
X sends a SYN packet to Y. Y replies with a SYN ACK packet. X then replies with an ACK packet.
Only upon completion of these steps is the TCP/IP connection established.
In a SYN attack, numerous SYN packets, all having bad source IP addresses (e.g. non-existent IP address), are
sent to the target machine. The target machine responds to each SYN packet with a SYN ACK packet and waits
for the ACK packet. Since the source IP address in all these is bad, the ACK packet never comes. Meanwhile
the requests get added to the queue resulting in blockage of resources. A sufficiently large number of such SYN
packets can crash / hang / reboot the system.
35
In this attack, the intruder uses forged UDP packets (UDP or User Datagram Protocol is a protocol for theInternet) to connect the ‘echo’ service on one machine to the ‘chargen’ service on another machine. Chargen
(character generator) is a server that “babbles”. When you connect to it, it produces characters in an endless
stream. Echo simply echoes back any data that is sent to it. These protocols are normally used for testing
purposes. The result is that the two services consume all available network bandwidth between them. The
network connectivity for the network may be affected.
36
A Land attack differs from a SYN attack in that instead of a bad source IP address, the IP address of the targetsystem is used as the source IP address, thus creating an infinite loop.
37
All the bandwidth available to a network can be consumed if someone generates numerous data packets anddirects them to the target network.
38
Apart from network bandwidth, there are other resources available that, if harmed, may make it difficult andsometimes impossible for the system to operate.
39
Ping of Death can occur when one machine sends another a very large data packet – the size exceeding 65536bytes. When the receiving machine receives the packet it is in the form of small data packets. The receiving
computer then tries to reassemble the packet. When reassembled, the final packet proves to be excessively large
and causes a buffer overflow. This method (although no longer as much in use) can cause anything from system
hangs, crashes, or reboots in the victim machine.
Rohas Nagpal -Cyber Terrorism- Tools of terror
10
2.7. Cryptography
A disturbing trend that is emerging nowadays is the increasing use of encryption, highfrequency
encrypted voice/data links, steganography
40 etc. by terrorists and members oforganized crime cartels.
Notable examples are those of Osama bin Laden
41, Ramsey Yousef42, Leary43, the Calicartel
44, the Dutch underworld45 and the Italian mafia.Strong encryption is the criminal’s best friend and the policeman’s worst enemy. If a criminal
were to use 512-bit symmetric encryption, how long would it take to decrypt the information
using brute force techniques?
Suppose that every atom in the known universe (there are estimated to be 2
300 of them)becomes a computer capable of checking 2
300 keys per second, then it would take 2162millennia to search 1% of the key space of a 512-bit key. The universe is believed to have
come into existence less than 2
24 years ago.Some of the (in) famous cases of criminals using encryption technologies are:
1. Aum Shinri Kyo (Supreme Truth) Case
4640
Steganography, literally meaning covered writing, involves the hiding of data in another object. It can be usedto hide text messages within image and audio files.
41
The alleged mastermind behind the September 11 attack on the World Trade Center in the USA is believed touse steganography and 512-bit encryption to keep his communication channels secure.
42
He was behind the bombing the World Trade Center in the USA in 1993 and an aircraft belonging to ManilaAir in 1995
43
He was sentenced to 94 years in prison for setting off fire bombs in the New York (USA) subway system in1995. Leary had developed his own algorithm for encrypting the files on his computer.
44
This cartel is reputed to be using sophisticated encryption to conceal their telephone communications, radiosthat distort voices, video phones which provide visual authentication of the caller's identity, and instruments for
scrambling transmissions from computer modems.
45
Dutch organized crime syndicates use PGP and PGPfone to encrypt their communications. They also usepalmtop computers installed with Secure Device, a Dutch software product for encrypting data with IDEA. The
palmtops serve as an unmarked police / intelligence vehicles database.
46
On March 20, 1995, the Aum Supreme Truth cult dropped bags of sarin nerve gas in the Tokyo subway,killing 12 people and injuring 6,000 more. Members of the cult had developed many chemical and biological
weapons, including Sarin, VX, Mustard gas, Cyanide, botulism, anthrax and Q fever. It is believed that
preparations were underway to develop nuclear capability. The cult was also believed to be developing a "death
ray" that could destroy all life! The records of the cult had been stored in encrypted form (using RSA
asymmetric algorithm) on computers. The enforcement authorities were able to decrypt the information as the
relevant private key was found in a floppy disk seized from the cult’s premises. The encrypted information
related plans of the cult to cause mass deaths in Japan and USA.
Rohas Nagpal -Cyber Terrorism- Tools of terror
11
2. Bolivian terrorists case
473. James Dalton Bell case
484. Kevin Poulson case
4947
In 1997, a Bolivian terrorist organization had assassinated four U.S. army personnel. A raid on one of thehideouts of the terrorists yielded information encrypted using symmetric encryption. A 12-hour brute force
attack resulted in the decryption of the information and subsequently led to one of the largest drug busts in
Bolivian history and the arrest of the terrorists.
48
James Bell had launched a vendetta against the Internal Revenue Service (IRS) of the USA. His activitiesincluded intimidating IRS officials, rewarding those who killed selected government employees and
contaminating an area outside IRS premises in many states of the USA with Mercaptan (a stink gas). After his
arrest, the investigators were able to decrypt PGP encrypted messages that he had received only because he
divulged the passphrase to his private key.
49
Kevin Poulson was a skilled hacker who rigged radio contests and burglarized telephone-switching officesand hacked into the telephone network in order to determine whose phone was being tapped and to install his
own phone tapping devices. Poulson had encrypted files documenting everything from the phone tapping he had
discovered to the dossiers he had compiled about his enemies. The files had been encrypted several times using
the Data Encryption Standard. A US Department of Energy supercomputer took several months to find the key.
The result yielded nearly ten thousand pages of evidence.
Rohas Nagpal -Cyber Terrorism- Legal issues
12
3. LEGAL ISSUES
3.1. Unauthorised Access
The new law concept of unauthorised access is sometimes compared to the traditional law
concept of trespass. However, in most countries, this traditional law concept cannot be
stretched to protect information stored in computers.
To fill in this lacuna, several countries have enacted legislations pertaining to unauthorised
access of computers. These include Australia
50, Canada51, Denmark52, Finland53, France54,Germany
55, Greece56, India57, Luxembourg58, the Netherlands59, Norway60, Spain61,Sweden
62, Switzerland63, the United Kingdom64 and the United States65.Some countries e.g. Belgium, Japan
66 and Austria67 do not have special criminal lawprovisions against unauthorised access.
50
Part VI A of Crimes Act, 191451
Article 342.1 Criminal Code (the slightly wider concept of "interception" is used as against "access")52
Section 263 (2) and (3) Penal Code53
Chapter 38 Section 8 of the Penal Code (as amended 1990)54
Article 462-2 Criminal Code, amended in 198855
Section 202a Penal Code56
Article 370 C (2) Criminal Code, as amended in 198857
Section 43 (a) of the Information Technology Act, 200058
Article 509-1 Penal Code, as amended in 199359
Article 138a (1), (2) Criminal Code, amended 199260
Section 145 Penal Code, amended 198761
Article 256 Criminal Code 199562
Section 21 Data Protection Act63
Article 143bis Criminal Code64
Sections 1, 2 Computer Misuse Act 199065
The Electronic Communications Privacy Act of 1986 (18 U.S.C. §§ 2510-2521, 2701-2710, 3117, 3121-3126), the Computer Fraud and Abuse Act of 1984, 1986 (codified at 18 U.S.C. §§ 1029, 1030) as well as
various state laws.
66
In Japan, unauthorised access is, also after the criminal law reform of 1987, only punishable with regard tocertain consequences of the offence, e.g. as obstruction of business (Article 234-2 Penal Code) or theft of
electricity (Article 245, 235 Penal Code).
Rohas Nagpal -Cyber Terrorism- Legal issues
13
The laws relating to unauthorised access reflect divergent approaches ranging from
provisions that criminalize "mere" access to computer systems
68, to those punishing accessonly in cases where the accessed data is protected by security measures
69, stored in aprotected system
70, where the perpetrator has harmful intentions71, where information isobtained, modified or damaged
72 or where a minimum damage is caused73.Some countries
74 combine several of these approaches with a basic unauthorised accessoffence and the creation of qualified forms of access carrying more severe sanctions.
Some laws, like those of Singapore
75, Canada76 and USA77 criminalize preparatory acts suchas "password swapping".
3.2. Computer Espionage
The fact that legal provisions developed for tangible property cannot be easily applied to
intangible property is made apparent by an analysis of the applicability of traditional trade
secret protection law to electronic records.
Theft of corporeal information (e.g. books, papers etc, CD ROMs, floppy disks) is easily
covered by traditional penal provisions. However, the problem begins when electronic record
are copied quickly, inconspicuously and often via telecommunication facilities. Here the
“original” information, so to say, remains in the “possession” of the “owner”.
67
In Austria, unauthorised access is punishable under special circumstances under the aspects of data protection(Section 49 Data Protection Act) and alteration of data (Section 126a Criminal Code) or at least attempt thereof
68
Australia, Denmark, England, Greece and the majority of states of the USA69
Germany, the Netherlands, Norway70
India, Singapore, USA71
Canada, France, Israel, New Zealand, Scotland72
India and some states of the USA73
Spain74
E.g., Finland, the Netherlands, India, the United Kingdom75
Section 8 of the Computer Misuse Act76
Section 342.1 of the Criminal Code77
As per USA Title 18 Section 1030 (a) (6) of the United States Code "whoever ... knowingly and with intent todefraud traffics ... in any password or similar information through which a computer may be accessed without
authorisation". Californian Law penalises one who "knowingly and without permission provides or assists in
providing a means of accessing a computer"; see Californian Penal Code Section 502 (c) (6).
Rohas Nagpal -Cyber Terrorism- Legal issues
14
The laws of countries like Austria
78, Belgium79, Germany80, Greece and Italy81, do not applythe traditional provisions on theft and embezzlement to the unauthorised "appropriation" of
electronic information, as they require that tangible property be taken away with the intention
of permanently depriving the victim of it.
In Japan
82, the definition of the intention of unlawful appropriation has been widened, andincludes the intent to use property only temporarily; nevertheless, Japanese law still requires
the taking of tangible property and cannot be applied if data are accessed via
telecommunication facilities e.g. the Internet.
In India
83, the definition of theft mandates that “movable” property be taken out of thepossession of a person without his consent. Although this would apply to theft of electronic
information stored in tangible media (e.g. hard disks, CD ROMs etc), it would not apply to
data accessed via telecommunication facilities.
This problem in applying the general property law to cover electronic data is solved by
special provisions of trade secrets law. Legal provisions of Austria
84, Germany85, Finland86,France
87, Italy88 and Spain89 protect trade secrets by prohibiting certain acts of obtaininginformation, either by provisions of the penal code or by penal or civil provisions of acts
against unfair competition.
9078
Section 127 Criminal Code79
Section 461 Penal Code80
Sections 242, 246 Penal Code81
Sections 624, 646 Penal Code82
Article 235, 252, 253 Penal Code.83
Section 378, Indian Penal Code84
Sections 11, 12, 19 of the Act Against Unfair Competition and Sections 122-124 Criminal Code85
Sections 17, 18, 20 of the Act Against Unfair Competition86
Chapter 30 Sections 4-6 of the Penal Code (as amended 1990)87
Section 418 Criminal Code88
Section 623 Penal Code89
Articles 278, 279, 280 Criminal Code 1995.90
See, for Austria, Sections 11, 12, 19 of the Act Against Unfair Competition and Sections 122-124 CriminalCode; for Germany, Sections 17, 18, 20 of the Act Against Unfair Competition; for Finland, chapter 30
Sections 4-6 of the Penal Code (as amended 1990); for France, Section 418 Criminal Code; for Italy.
Section 623 Penal Code; for Spain, Articles 278, 279, 280 Criminal Code 1995.
Rohas Nagpal -Cyber Terrorism- Legal issues
15
Canada, Denmark
91, Germany92, the Netherlands93, Sweden94, the United Kingdom and theUnited States
95 have strengthened penal and civil trade secret protection laws in recent years.3.3. Computer Sabotage
Traditional legal provisions for damage to property, vandalism and mischief were developed
to protect tangible objects and hence their application to electronic information poses several
challenges.
In the criminal codes of Belgium
96 and Canada97, the mere erasure of information withoutdamaging the physical medium did not fall under the provisions of damage to property, since
electronic impulses are not considered to be "corporeal property" and interference with the
use of the physical medium is not thought of as "destruction".
However, the law in countries like Austria
98, Denmark99, Germany100, Italy101, Japan102,Netherlands
103, Norway104, Spain105, and Sweden106, considers the deliberate damage ordestruction of information on tapes or discs as damage to property or vandalism.
This approach is based on the premise that the perpetrator either damages or interferes with
the function of the physical tape or disc upon which the information is stored.
91
The qualifications in Section 263 and 264 Penal Code, amended in 1985.92
Section 17 of the Act Against Unfair Competition, amended in 198693
Article 138a (2) of the Dutch Criminal Code94
Section 21 Data Protection Act, chapter 10 Section 5 Criminal Code, Protection of Trade Secrets Act 199095
The Economic Espionage Act of 1996 (18 U.S.C. §§ 1831-1839)96
Sections 528, 559 Penal Code97
Sections 428, 430 Criminal Code98
Section 125 Penal Code99
Section 291 Penal Code100
Section 303 Penal Code101
Sections 420, 635 Penal Code102
Articles 258-261 Penal Code and in addition Articles 233, 234 concerning obstruction of business103
Section 350 Criminal Code104
Section 291 Penal Code105
Articles 547 et seq. of the old Criminal Code106
Chapter 12 Section 1 Criminal CodeRohas Nagpal -Cyber Terrorism- Legal issues
16
However problems occur in cases in which data is not recorded on corporeal carriers but is
merely transmitted.
In order to clarify the situation, legislation has been enacted in Austria
107, Canada108,Denmark
109, Germany110, Finland111, France112, India113, Japan114, the Netherlands115,Spain
116, Sweden117, Switzerland118, the United Kingdom119 and the United States120.In these countries the statutes use different legislative techniques. Finland has amended the
traditional statutes on mischief, vandalism or damage to tangible property.
Japanese law covers all kinds of documents and not only computer-stored data. Austria,
Germany, France, India, Japan, the Netherlands, New Zealand, Spain, the United Kingdom
specifically protect the integrity of computer-stored data. Some legal systems also include
specific qualifications for computer sabotage leading to the obstruction of business or of
national security.
Independent statutes, which protect the integrity of computer-stored data, have the advantage
that they can include the destruction or erasure of computerised data and their alteration or
manipulation (a form of attack which is typical for information but not for tangible property),
as well as the interference with the lawful use or access of data.
Such comprehensive statutes can be found in Austria, Canada, Germany, India, Singapore,
Luxembourg and France.
107
Section 126a Penal Code108
Section 430(1.1) Criminal Code109
Section 193 Penal Code, amended in 1985110
Sections 303a and 303b Penal Code111
Chapter 35 Sections 1-3, amended 1990, chapter 34 Section 1 para. 2 Penal Code, amended 1995112
Articles 462-3 and 462-4 Criminal Code113
Section 66 of the Information Technology Act, 2000114
Articles 234-2, 258, 259 Penal Code115
Articles 350a, 350b Criminal Code116
Article 264.2 Criminal Code 1995117
Section 21 Data Protection Act118
Article 144bis Criminal Code119
Section 3 Computer Misuse Act 1990120
Section 18 U.S.C. § 1030 (a) (5), as well as various state laws.Rohas Nagpal -Cyber Terrorism- Legal issues
17
The Indian law specifically addresses computer viruses and imposes civil
121 and criminalliabilities
122 for introducing a computer virus123 or computer contaminant124 into a computer.Six US states have laws specifically addressing the virus problem.
125 In most of these states,the law provides for criminal liability for the introduction or insertion of a "computer virus",
a "destructive program" or a "computer contaminant". Minnesota and Nebraska have gone a
step further by criminalising the act of "distribution without authorisation and with intent to
damage or destroy any computer system or software or data".
Italy
126 and the Netherlands127 have taken a similar approach. Switzerland has an evenbroader provision and not only the "production of a malicious program" but also giving
instructions to create such programs is a crime
128.3.4. Denial of Service
The laws of some countries, including Australia
129, Canada130, Germany131, India132 andSingapore
133 contain specific clauses relating to denial of service attacks. In other countries,denial of service would come under clauses relating to damage to computers or to data.
121
Section 43 (c) of the Information Technology Act, 2000 provides for damages up to Rs 1 crore.122
Section 66 of the Information Technology Act, 2000 applies if the virus causes any damage.123
A "computer virus" has been defined as any computer instruction, information, data or programme thatdestroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to
another computer resource and operates when a programme, data or instruction is executed or some other event
takes place in that computer resource.
124
"Computer contaminant" has been defined as any set of computer instructions that are designed— (a) tomodify, destroy, record, transmit data or programme residing within a computer, computer system or computer
network; or (b) by any means to usurp the normal operation of the computer, computer system, or computer
network.
125
The six US states are California, Illinois, Maine, Minnesota, Nebraska, and Texas.126
The new Italian law (Section 614 of the Criminal Code, introduced in December 1993) criminalises theintroduction, communication or passing on of a data processing program which was the purpose or the effect of
damaging a data processing or telecommunication system or its data or programs or of interrupting or altering its
operation.
127
The new Dutch provision covers "any person who intentionally or unlawfully makes available or distributesany data which is meant to do damage by replicating itself in an automated system, however, shall not be an
offence to carry out the act ... with the object of limiting damage resulting from such data."
128
"Anyone, who creates, imports, distributes, promotes, offers, makes available, circulates in any way, or givesinstructions to create programs, that he/she knows or has to presume to be used for, (unauthorised deleting,
modifying or rendering useless of electronically or similarity stored or transmitted data), will be punished".
129
Section 76C Crimes Act 1914130
Section 430(1.1) Criminal Code131
Section 303b Criminal CodeRohas Nagpal -Cyber Terrorism- Legal issues
18
3.5. Offensive Information
The dissemination of racist statements, hate speech, and violence related information via the
Internet has raised numerous legal questions. The major issues that need to be examined are
in respect of the liability of the author of the material and the additional liability of the
network service provider.
A great diversity and variety of provisions can be found when examining provisions on
incitement to violence (Canada
134, Germany135, Switzerland136), hatred (Canada137, Ireland138,Spain
139) or racism (Spain140, Portugal141, Sweden142, Switzerland143; UK144).Many countries, e.g. Austria
145, Denmark146, Finland147, Germany148, India149 andSwitzerland
150, apply their criminal laws to illegal Internet content, e.g. pornography and hatespeech, stored on foreign server.
132
Section 43(f) Information Technology Act, 2000133
Section 7, Computer Misuse Act134
Section 318 Criminal Code135
Section 111 Criminal Code136
Article 135 Criminal Code137
Section 319 Criminal Code138
Section 2 of the Prohibition of Incitement of Hatred Act 1989139
Article 510 Criminal Code140
Article 607.2 Criminal Code141
Articles 239, 240 Criminal Code142
Chapter 16 Section 8 Criminal Code143
Article 261 bis Criminal Code144
Section 19 Public Order Act 1986145
Sections 62, 67 (2) Austrian Criminal Code146
Section 9 Danish Criminal Code147
Section 10 Finnish Penal Code148
Sections 3, 9 German Criminal Code149
Section 1(2) and 75 Information Technology Act, 2000150
Sections 3 (1), 7 (1) Swiss Criminal CodeRohas Nagpal -Cyber Terrorism- Legal issues
19
In such cases, not only is the place of commission taken into account, but also the place of
potential results.
3.6. Cryptography
While some countries impose no control on the use of cryptography
151, others regulate theimport and export of cryptography through a licensing regime
152. In some countries, there areno import controls, but export is controlled
153. In other countries, import and export ofcryptography is restricted
154. Some countries have laws that empower the Government toorder compulsory decryption of information under special circumstances
155.At the international level the erstwhile COCOM
156 (dissolved in March 1994) and theWassenaar Arrangement
157 have played an important role in the control of cryptography.3.7. Laws Specific to Cyber Terrorism
In this context, this paper examines the provisions of the law of the USA, UK and India.
3.7.1 United States of America
Section 814 of The Patriot Act
158 is titled “Deterrence And Prevention Of Cyberterrorism”.This section amends section 1030(a)(5) of title 18, United States Code.
151
Argentina, Singapore, Egypt152
Burma (Myanmar), Belgium, China, Hungary, India, Israel, Kazakhstan, Moldova, Pakistan, Poland, Russia,South Korea, Vietnam
153
Australia, Estonia, Finland, Germany, Greece, Ireland, Italy, Japan, Romania, Switzerland, United Kingdom,United States of America
154
Belarus, Canada, Czech republic, Denmark, France, Latvia, The Netherlands and New Zealand155
Italy, India, Spain156
The Coordinating Committee for Multilateral Export Controls (COCOM) was an international organizationfor the mutual control of the export of strategic products and technical data from member countries to proscribed
destinations. The main goal of the COCOM regulations was to prevent cryptography from being exported to
"dangerous" countries - usually, the countries thought to maintain friendly ties with terrorist organizations (such
as Libya, Iraq, Iran, and North Korea). Exporting to other countries was usually allowed, although States often
required a license to be granted.
157
The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods andTechnologies is signed by Argentina, Australia, Austria, Belgium, Canada, the Czech Republic, Denmark,
Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Luxembourg, the Netherlands, New Zealand,
Norway, Poland, Portugal, the Republic of Korea, Romania, the Russian Federation, the Slovak Republic,
Spain, Sweden, Switzerland, Turkey, UK, USA, Bulgaria and Ukraine. It controls the export of weapons and
dual-use goods (i.e. goods that can be used both for a military and for a civil purpose) like cryptography. The
initial provisions were largely the same as old COCOM regulations. The Wassenaar provisions are not directly
applicable: each member state has to implement them within national legislation for them to have effect.
Rohas Nagpal -Cyber Terrorism- Legal issues
20
The amended section punishes any person who causes unauthorised damage to a protected
computer
159 by either:(i) knowingly causing the transmission of a program, information, code, or
command, or
(ii) intentionally and unauthorisedly accessing a protected computer
This section applies only in cases where the conduct of the accused caused
160—(i) loss
161 to one or more persons162 during any 1-year period163 aggregating at least$5,000 in value, or
(ii) the actual or potential modification or impairment of the medical examination,
diagnosis, treatment, or care of one or more individuals, or
(iii) physical injury to any person, or
(iv) a threat to public health or safety, or
(v) damage
164 affecting a computer system used by or for a government entity infurtherance of the administration of justice, national defense, or national security.
Section 816 of The Patriot Act is titled “Development and Support of Cyber security Forensic
Capabilities”. This section empowers the Attorney General to establish adequate regional
computer forensic laboratories and provide support to existing computer forensic
laboratories, in order that all such computer forensic laboratories have the capability to:
(1) provide forensic examinations with respect to seized or intercepted computer
evidence relating to criminal activity (including cyber terrorism),
158
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and ObstructTerrorism (USA PATRIOT ACT) Act of 2001.
159
The term ''protected computer'' means a computer – (a) exclusively for the use of a financial institution orthe United States Government, or, in the case of a computer not exclusively for such use, used by or for a
financial institution or the United States Government and the conduct constituting the offense affects that use by
or for the financial institution or the Government; or (b) which is used in interstate or foreign commerce or
communication;
160
Or, in the case of an attempted offence, would, if completed, have caused161
‘Loss’ means any reasonable cost to any victim, including the cost of responding to an offense, conducting adamage assessment, and restoring the data, program, system, or information to its condition prior to the offense,
and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service
162
‘Person’ means any individual, firm, corporation, educational institution, financial institution, governmentalentity, or legal or other entity.
163
For purposes of an investigation, prosecution, or other proceeding brought by the United States only, itincludes loss resulting from a related course of conduct affecting 1 or more other protected computers).
164
‘Damage’ means any impairment to the integrity or availability of data, a program, a system, or information.Rohas Nagpal -Cyber Terrorism- Legal issues
21
(2) provide training and education for Federal, State, and local law enforcement
personnel and prosecutors regarding investigations, forensic analyses, and
prosecutions of computer related crime (including cyber terrorism),
(3) assist Federal, State, and local law enforcement in enforcing Federal, State,
and local criminal laws relating to computer-related crime,
(4) facilitate and promote the sharing of Federal law enforcement expertise and
information about the investigation, analysis, and prosecution of computerrelated
crime with State and local law enforcement personnel and prosecutors,
including the use of multi jurisdictional task forces, and
(5) carry out such other activities as the Attorney General considers appropriate.
3.7.2 United Kingdom
As per The Terrorism Act, 2000
165, the term "terrorism" includes the use or threat of actionthat is
i. designed seriously to interfere with or seriously to disrupt an electronic system
ii. designed to influence the government or to intimidate the public or a section of the
public, and
iii. made for the purpose of advancing a political, religious or ideological cause.
3.7.3 India
Although the term “cyber terrorism” is absent from the terminology of the Indian law, section
69 of the Information Technology Act is a strong legislative measure to counter the use of
encryption by terrorists.
This section authorizes the Controller of Certifying Authorities (CCA) to direct any
Government agency to intercept any information transmitted through any computer
resource
166.Any person who fails to assist the Government agency in decrypting the information
167sought to be intercepted is liable for imprisonment up to 7 years.
165
Section 1 and 2166
The reasons for such an order must be recorded in writing. The order can be made on the following grounds:(1) in the interest of the sovereignty or integrity of India (2) in the interest of the security of the State (3) in the
interest of friendly relations with foreign States (4) for preserving public order (5) for preventing incitement to
the commission of any cognizable offence.
167
The information referred to in this section would include email messages, password protected files,steganographic images, encrypted information etc.
Rohas Nagpal -Cyber Terrorism- Incidents
22
4. MAJOR CYBER TERRORISM INCIDENTS
Iraqi hackers disrupted troop deployments during the Gulf War.
In 1994, a 16-year-old English boy took down some 100 U.S. defense systems.
In 1997, 35 computer specialists used hacking tools freely available on 1,900 web sites to
shut down large segments of the US power grid. They also silenced the command and control
system of the Pacific Command in Honolulu.
Since December 1997, the Electronic Disturbance Theater (EDT) has been conducting web
sit-ins against various sites in support of the Mexican Zapatistas. At a designated time,
thousands of protestors point their browsers to a target site using software that floods the
target with rapid and repeated download requests. EDT's software has also been used by
animal rights groups against organizations said to abuse animals. Electrohippies, another
group of hacktivists, conducted web sit-ins against the WTO when they met in Seattle in late
1999.
In 1998, a 12-year-old boy successfully hacked into the controls for the huge Roosevelt Dam
on the Salt River in Arizona, USA. He was in a position to release flood waters that would
have inundated Mesa and Tempe, endangering at least 1 million people.
In 1998, Spanish protestors bombarded the Institute for Global Communications (IGC) with
thousands of bogus e-mail messages. E-mail was tied up and undeliverable to the ISP's users,
and support lines were tied up with people who couldn't get their mail. The protestors also
spammed IGC staff and member accounts, clogged their Web page with bogus credit card
orders, and threatened to employ the same tactics against organizations using IGC services.
They demanded that IGC stop hosting the web site for the Euskal Herria Journal, a New
York-based publication supporting Basque independence. Protestors said IGC supported
terrorism because a section on the Web pages contained materials on the terrorist group ETA,
which claimed responsibility for assassinations of Spanish political and security officials, and
attacks on military installations. IGC finally relented and pulled the site because of the "mail
bombings".
In 1998, ethnic Tamil guerrillas swamped Sri Lankan embassies with 800 e-mails a day over
a two-week period. The messages read, "We are the Internet Black Tigers and we're doing
this to disrupt your communications". Intelligence authorities characterized it as the first
known attack by terrorists against a country's computer systems.
During the Kosovo conflict in 1999, NATO computers were blasted with email bombs and
hit with denial of service attacks by hacktivists protesting the NATO bombings. In addition,
businesses, public organizations, and academic institutes received highly politicized virusladen
e-mails from a range of Eastern European countries, according to reports. Web
defacements were also common.
Rohas Nagpal -Cyber Terrorism- Incidents
23
In 2000, the Asian School of Cyber Laws was repeatedly attacked by Distributed Denial of
Service attacks by “hactivists” propagating the “right to pornography”. The Asian School of
Cyber Laws has spearheaded an international campaign against pornography on the Internet.
In 2001, in the back drop of the downturn in US-China relationships, the Chinese hackers
released the Code Red virus into the wild. This virus infected millions of computers around
the world and then used these computers to launch denial of service attacks on US web sites,
prominently the web site of the White House.
In 2001, hackers broke into the U.S. Justice Department's web site and replaced the
department's seal with a swastika, dubbed the agency the "United States Department of
Injustice" and filled the page with obscene pictures.
In the first six months of 2002 the hacker group GFORCE-Pakistan has conducted more than
150 reported cyber attacks against Indian targets to further its ideas on the Kashmir issue.
In 2002, numerous prominent Indian web sites were defaced. Messages relating to the
Kashmir issue were pasted on the home pages of these web sites. The Pakistani Hackerz
Club, led by “Doctor Neukar” is believed to be behind this attack.
Join LAWyersClubIndia's network for daily News Updates, Judgment Summaries, Articles, Forum Threads, Online Law Courses, and MUCH MORE!!"
Tags :Intellectual Property Rights
