COMPUTERS have dramatically changed the way we live. Financial institutions, businesses, public utilities, governments, and individuals use online computer technology in their routine activities as an indispensable tool.
There is no question about the benefits of these technological advancements: computers facilitate the smooth and efficient running of daily operations; provide access to huge amounts of information; speedup communications; and many more. However, as we become more reliant (addicted) on computers and online communications, we also become more vulnerable to cyberterrorism.
Cyberterrorism is the convergence of terrorism and cyberspace.
• It signifies “unlawful attacks and threats of attack against computers, networks and information stored therein, when done to intimidate or coerce a government, or its people, or, in a larger perspective, the international community, in furtherance of political, religious, or social objectives.”
• To be considered an act of cyberterrorism, in addition to being a cybercrime, an attack should at least cause enough violence or harm to generate fear among the people.
• For instance, it would just be a cybercrime if a person hacks into the e-mail account of a colleague, reads his messages, and then blackmails him. On the other hand, it would be a cybercrime and an act of cyberterrorism if a group of persons, in order to compel a government to perform or refrain from performing a certain act, takes over the controls of the national grid, through the Internet and shuts it down for hours, causing immense inconvenience and hardship to the population.
Another reason for the terrorists opting for the Internet for their nefarious purposes is its capability of broadcasting infinite propaganda from just one computer. People from all over the world could, without any restriction, view and be influenced by this information. At the same time, operating via the Internet is relatively safe for the perpetrators. No hazardous material involved. As cyberterrorism expert Barry C. Collin aptly remarked, “Cyberterrorism, being a digital weapon, preserves the life of the terrorist.”
When it comes to cyber terrorism, one thing is clear; with little more than a computer and an Internet connection, a terrorist, sitting in the comfort of his room, can perform various acts of terrorism, without putting his own life in danger, from bringing a nation’s economy to a halt by hacking into financial systems and networks, to colliding two large passenger aircraft by taking over air traffic control systems.
The tools of cyberterrorism keep evolving and growing with new technologies. Though often invented or innovated for some peaceful purpose and use, latest technologies instantly add to the arsenal of cyberterrorists. These new weapons include: radio frequency weapons, transient electromagnetic devices, electromagnetic bombs, radio frequency munitions, tempest monitoring devices, viruses, worms, and many more. These weapons, most of which are freely available on the Internet enable the user to launch an assault from a great distance from the target; the assault is invisible and untraceable and often a victim stays unaware of an attack until much damage has been done; conquering an enemy without fighting.
The gloomiest illustration of cyberterrorism potential was planned and carried out by the United States National Security Agency, in order to determine the vulnerability of the systems of various branches of the US government, in Operation Eligible Receiver, in 1997.
In it, thirty-five hackers hired by NSA, disabled portions of the Washington DC 911 system, gained access to systems aboard a US Navy cruiser, and were in a position to shut down major portions of the nation’s power grid. Most of the hackers were able to accomplish their tasks without being detected or traced.
If the US government could find hackers that produced these results, terrorist organisations can also find hackers having the same skills.
A country’s increasing dependence on computers and online communications makes it more vulnerable to cyberterrorist attacks. However, this does not mean that only developed countries, like the USA, are facing the threat of cyberterrorism. If a developed country is hit by a devastating cyber-attack, it may also hurt the developing countries that may be relying on the target country in different respects.
By now it is clear that cyberterrorism is no more a fiction. Therefore ways should be developed and maintained to keep ones interest safe. Some of these include:
• Regular updating of operating systems and software.
• Improving the security of our computer networks by the use of cryptography, network firewalls, high fidelity intrusion detection systems, antivirus software, etc.
• Where we have specialized persons for counter-terrorism, we must also have specialised persons for counter-cyberterrorism.
• We in Pakistan must have laws that address cyberterrorism.
Countries all over the world are adopting measures to check cyberterrorist attacks. The Interpol is also playing a significant part in this regard by facilitating data sharing between member nations, conducting operational information analyses, sponsoring training in cyberterrorism issues and providing intelligence to member nations.
In the US, the Federal Bureau of Investigation, the United States Secret Service, the National Security Agency, and the Department of Defence are some of the agencies involved in counter cyberterrorism efforts. Laws dealing with cybercrime and cyberterrorism have also been enacted.
It is time that in Pakistan also we take this thing seriously, as day by day we too are being held hostage by computers, online communications and all other related technologies. Though the government has established the National Response Center for Cyber Crime, operated by the Federal Investigation Agency, but the overall counter-cyberterrorism capabilities of its staff need a lot of improvement. Interestingly, not many people know that it even exists. Also, the counter-cyberterrorism capabilities of the famed ISI are no better than those of the NRCCC. Some even doubt if the ISI has such skills at all.
In the field of legislation, for the first time, the Bill of the Electronic Crimes Act, 2004, along with other cybercrimes, addresses cyberterrorism.
Cyberterrorism is defined in Section 18 (1) as: “Whoever in furtherance of any criminal objective commits a premeditated attack against electronic systems or data, which results in death of any person or causes extreme financial harm, shall be guilty of cyber terrorism.”
The punishment for cyberterrorism is given in Section 18 (2) as: “Whoever commits the offence of cyber terrorism and causes death of any person shall be punished with death or imprisonment for life, and in case of causing extreme financial harm shall be liable for imprisonment of either description for a term which may extend to ten years, or with fine not less than ten million rupees or with both.”
The Bill is under consideration at the moment and we’ll have to wait for the enactment of the Electronic Crimes Act, 2004, to see the actual law.
For the time being, in case of an act of cyberterrorism, the perpetrator can be prosecuted under the provisions of the Electronic Transactions Ordinance, 2002, as given in Chapter 8 of the Ordinance. Though the word “cyberterrorism” is not mentioned, but the provisions of Section 36 and 37 adequately cover most offences like hacking, DoS attacks, DDoS attacks, worms, viruses, etc.
