Present article describes the meaning and remedies of various forms of cyber-terrorism in the Indian Context. There are various provisions of law that are effective against Cyber Terrorism. [Read More]
Meaning of the term “Cyber Terrorism”
Cyber terrorism is described as the use of cyberspace to harm the general public while also disrupting the target country’s legitimacy and sovereignty. The electronic medium or the interconnected network of computers is referred to as cyberspace.
According to Black’s Law dictionary, cyber terrorism is defined as the act of “Making new viruses to hack websites, computers, and networks”.
The U.S Federal Bureau of Investigation defines cyber terrorism as a “premeditated attack against a computer system, computer data, programs, and other information with the sole aim of violence against clandestine agents and subnational groups”.
Modes of Cyber Terrorism
Following are some of the modes of Cyber Terrorism:
- Hacking into the systems and databases owned by the government of the target country and appropriating sensitive information of national importance.
- Destructing and destroying the entire database of the government hosted on cyberspace along with all backups by introducing a virus or malware into the systems.
- Temporarily causing disruptions to the network of the government of the target nation and distracting the top officials so that they can pursue other means of terrorism.
- Distributed denial of service attack (“DDOS”): The terrorists through this attack first infect the systems by introducing viruses and then take control over the systems. The systems are then accessed by the terrorists from any location who manipulate the data and access the information.
Steps taken, to curb the situation
National Cyber Crime Reporting Portal: It is a government of India project to make it easier for victims and complainants to register cyber-crime grievances online. This website only handles complaints about cybercrime, with an emphasis on cybercrime against women and children.
Indian Computer Emergency Response Team: It is the national nodal agency for responding to computer security incidents as and when they occur.
National Cyber Security Policy: This is a policy framework by the Department of Electronics and Information Technology. It aims to protect the public and private infrastructure from cyber-attacks.
www.cybercrime.gov.in: The Government has launched online cybercrime reporting to enable complainants to report complaints pertaining to Child Pornography/Child Sexual Abuse Material, rape/gang rape imageries, or sexually explicit content. The Central Government has rolled out a scheme for the establishment of the Indian Cyber Crime Coordination Centre (I4C) to handle issues related to cybercrime in the country in a comprehensive and coordinated manner.
Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre): It has been launched for providing detection of malicious programs and free tools to remove such programs.
Personal Data Protection Bill: The Personal Data Protection Bill, 2019 was introduced by the Ministry of Electronics and Information technology in Lok Sabha. It was inspired by the principles of the General Data Protection Regulation, 2016. The aim and premise of this Bill are to protect personal information and create a Data Protection Authority to do so. It aims to control the use of data by both public and private entities. It regulates the collection of data by both Indian governments and businesses. It also applies to international companies that deal with the personal data of Indian citizens.
As half of the world population has started using the internet for various purposes, the concern about data is very important. The smartphone that we use has AI that analyses us. It collects information about us from our habits to health issues. And usage of these AI technologies is inevitable in this 21st century. So, it is very important to protect the details of the individuals. Thus, countries around the world have started to pay attention to creating data-related laws and policies to protect people.
In India, the protection of data, its usage, and issues related to it are regulated by the Information Technology Rules, 2011 under the IT Act, 2000. This rule states that a company shall be held liable if any negligence happened while maintaining data security standards.
Any processing of data can only be done by the consent of the data principle. This bill provides certain rights to data principles with respect to their personal data, such as confirmation on whether their personal data has been processed, seeking correction, completion, or erase of their data, and restricting continuing disclosure of their personal data.
To examine and provide recommendations on the said bill, a Joint Parliamentary Committee (JPC) is formed. It was constituted in December 2019. It consists of 20 members from Lok Sabha and 10 from Rajya Sabha. On 21st September, P.P. Chaudhary (Member of JPC) moved the motion for a time extension. Through a voice vote, the motion was passed by Lok Sabha. The house extended the time up to the second week of the winter session of the parliament 2020 for submission of reports and recommendations.
Indian Penal Code on Cyber Terrorism:
Section 292 of IPC: Although this Section was drafted to deal with the sale of obscene material, it has evolved in the current digital era to be concerned with various cybercrimes. The publication and transmission of obscene material or sexually explicit act containing children, etc. which are in electronic form are also governed by this section. Though the crimes mentioned above seem to be alike, they are recognized as different crimes by the IT Act and IPC. The punishment imposed upon the commission of such acts is imprisonment and fine of up to 2 years and Rs. 2000. If any of the aforementioned crimes are committed for the second time, the imprisonment could be up to 5 years and the fine could be imposed up to Rs. 5000.
Section 354C of IPC: The cybercrime deal with under this provision is capturing or publication of a picture of private parts or acts of a woman without such person’s consent. This section exclusively deals with the crime of ‘voyeurism’ which also recognizes watching such acts of a woman as a crime. If the essentials of this Section (such as gender) are not satisfied, Section 292 of IPC and Section 66E of IT Act, 2000 is broad enough to consider the offences of a similar kind. The punishment includes 1 to 3 years of imprisonment for first-time offenders and 3 to 7 years for second-time offenders.
Section 354D of IPC: This section describes and punishes ‘stalking’ including both physical and cyberstalking. If the woman is being monitored through electronic communication, the internet, or email or is being bothered by a person to interact or contact despite her disinterest, it amounts to cyber-stalking. The latter part of the Section states the punishment for this offence as imprisonment extending up to 3 years for the first time and 5 years for the second time along with a fine imposed in both instances.
In the case of Kalandi Charan Lenka v. The State of Odisha, the victim received certain obscene messages from an unknown number which damages her character. Moreover, emails were sent and the fake Facebook account was created by the accused which contained morphed pictures of the victim. Hence, the accused was found prima facie guilty for cyberstalking by the High Court under various provisions of the IT Act and Section 354D of IPC
Section 411 of IPC: This deals with a crime that follows the offences committed and punished under Section 379. If anyone receives a stolen mobile phone, computer, or data from the same, they will be punished in accordance with Section 411 of IPC. It is not necessary that the thief must possess the material. Even if it is held by a third party knowing it to be others, this provision will be attracted. The punishment can be imposed in the form of imprisonment which can be extended up to 3 years or fine or both.
Section 419 and Section 420 of IPC: These are related provisions as they deal with frauds. The crimes of password theft to meet fraudulent objectives or the creation of bogus websites and commission of cyber frauds are certain crimes that are extensively dealt with by these two sections of IPC. On the other hand, email phishing by assuming someone’s identity demanding password is exclusively concerned with Section 419 of IPC. The punishments under these provisions are different based upon the gravity of the committed cybercrime. Section 419 carries a punishment up to 3 years of imprisonment or fine and Section 420 carries up to 7 years of imprisonment or fine.
Section 468 of IPC: If the offences of email spoofing or online forgery are committed for committing other serious offences i.e., cheating, Section 468 comes into the picture which defines the punishment of seven years of imprisonment or fine or both.
Section 469 of IPC: If the forgery is committed by anyone solely to disrupt a particular person or know that such forgery harms the reputation of a person, either in the form of a physical document or through online, electronic forms, he/she can be imposed with the imprisonment up to three years as well as fine.
Section 500 of IPC: This provision penalizes the defamation of any person. With respect to cybercrimes, sending any kind of defamatory content or abusive messages through email will be attracted by Section 500 of IPC. The imprisonment carried with this Section extends up to 2 years along with a fine.
Section 504 of IPC: If anyone threatens, insults, or tries to provoke another person to effect peace through email or any other electronic form, it amounts to an offence under Section 504 of IPC. The punishment for this offence extends up to 2 years of imprisonment or fine or both.
Section 506 of IPC: If a person tries to criminally intimidate another person either physically or through electronic means with respect to the life of a person, property destruction through fire or chastity of a woman, it will amount to an offence under Section 506 of IPC and punishment of imprisonment where the maximum period is extended up to seven years or fine or both.
Section 509 of IPC: This Section deals with the offence of uttering a word, showing a gesture, and committing an act that has the potential to harm the modesty of a woman. It also includes the sounds made and the acts committed infringing the privacy of a woman. If this offence is committed either physically or through electronic modes, Section 509 gets attracted and the punishment would be imprisonment of a maximum period of one year or fine or both.
Timeline of some Cyber Crime Cases
- 2010: Stuxnet worm was found by VirusBlokAda. Stuxnet was unusual in that while it spread via Windows computers.
- 2011: Sony announced that a hacker stole details for 77 million PlayStation Network users, including personally identifiable information and financial details.
- 2012: Shamoon virus began destroying over 35,000 computer systems, rendering them inoperable. The virus was used to target the Saudi government by destroying the state-owned national oil company Saudi Aramco.
- 2013: Yahoo experienced a data breach that resulted in the theft of 3 billion user accounts.
- 2014: US retailer Home Depot’s point of sale systems were breached. Attackers stole 50 million personal credit card details.
- 2015: Carbanak case was a $1 billion heist that combined the elements of an APT attack, malware-facilitated fraud, ATM malware, and high street crime.
- 2016: The largest-ever distributed denial of service (DDoS) attack took place, which used over 1 million connected devices in the Internet of Things, that was compromised by the attackers due to software vulnerabilities.
- 2017: WannaCry attack, allegedly launched by North Korea, unleashed a type of ransomware that not only locks down content on user devices but also rapidly spreads in the system.
- 2018: Iranian hackers were alleged of making a data-wiping malware called Dustman.
- 2019: International law enforcement agencies made 61 arrests and shut down 50 dark web accounts used for illegal activity in a joint operation
- 2020: High-profile Twitter accounts were hacked.
Modern Information technologies can leverage economic as well as social benefits. The states have worked diligently to realize a common vision of an ICT environment that is safe, free, peaceful, and accessible. In all attempts, the issue does not seem to be resolved. From a psychological perspective, cyber and terrorism are two growing yet convincing fears that remain unresolved and need rigorous analysis to resolve the fear of the unknown. The fear and anxiety that accompanies these ideas, coupled with the confusion, makes it all the more necessary to consider the serious implications of their existence. The source of the problem is not just the technologies that are prone to vulnerabilities, errors, and flaws but human behaviour is too at fault due to its inclination towards the negative and destructive forces, mainly to overcome insecurities, feelings of revenge, cheating, and rebel to destroy.
Cyberspace and associated ICT methods have been used by several State and non-State actors for a variety of malicious purposes. As a consequence, people’s trust in technology and related goods and services is eroding daily.
The Information Technology Act, 2000 has outlined bound offences and penalties to overpower omissions, that are known to return inside the characterization of cybercrimes. Change is necessary and needed, as the dilemmas posed by new technical advances every day cannot be prevented. Criminals have changed their tactics and embraced advanced technologies, and non-public corporations and organizations in India will have to change their mechanisms to tackle the issues in a coordinated manner to protect society, the legal system, and compliance authorities.