Opinion / Analysis

Cyberterrorism: The Reality of Virtual Warfare in India

Rajat Kumar Kujur
August 09, 2008

Conceptually speaking, terrorism is a dynamic concept, and India, being one of the oldest victims of terrorism, has witnessed many facets of it. As India increasingly goes online, the dangers posed by Internet terrorism are beginning to escalate. Cyberterrorism in India has now grown into a highly dynamic phenomenon that is difficult to track. Jaipur, Bangalore and Ahmedabad: almost all the terrorist attacks on Indian soil in the recent past have established an e-connection, a dangerous nexus between the virtual world and the real terrorists. Most recently, the Indian Mujahideen, which claimed responsibility for the Ahmedabad blasts, had given information about the explosions in explosive e-mails. The 14-page threat mail sent to television channels just five minutes before last Saturday’s serial bomb blasts in Ahmedabad was sent from an email ID created just 10 minutes earlier. Newspapers and television stations received a similar email after the Jaipur serial blasts in May of this year. 

A few months back, an IP address from China intruded into the secured Indian cyber territory. The hackers attacked the official website of all important Ministry of External Affairs, managed by servers located in the national capital. Though the government has officially denied this, the hackers are believed to have stolen login identities and passwords of a host of Indian diplomats and sneaked away with ‘top secret’ state information. Recently, the Cabinet Secretariat, Govt. of India website (cabsec.gov.in) came under severe attack and was defaced for several hours. There have been mounting cyber attacks, particularly on government Websites, for the past year, adopting hacking and other intrusive methods. As per the information tracked by and reported to the Indian Computer Emergency Response Team (CERT-In), Department of Information Technology, a number of government websites have been hacked from January 2005 to February 2008. These attacks are not isolated incidents of something as generic or basic as hacking. They are far more sophisticated and complete, and there is a method to the madness.

Cyberterrorism can be defined as unlawful attacks or threats of attacks against computers, networks and the information stored therein with a motive to intimidate or coerce a government or its people in furtherance of political or social objectives. Furthermore, to qualify as cyber terrorism, an attack should result in violence against persons or property or at least cause enough harm to generate fear. Cyberspace is now being globally used by terrorist organizations for propaganda, to garner support, generate funds and recruit potential members. The Internet provides terrorists with relative anonymity and a means to conceal themselves. Unlike earlier, in India, terrorists are now using email, instant messaging and other internet-based mediums to communicate with one another. As India moves closer towards becoming the global IT leader, it is also becoming increasingly vulnerable to cyber attacks against its infrastructure.

It may sound exaggerated today, but cyberterrorism in India is gradually becoming a catastrophic phenomenon. The irony is despite the real threat, India does not have a national strategy for countering insurgency in cyberspace. The draft amendments to the IT Act 2000 do not have a single clause related to cyberterrorism, which compromises India's national security, sovereignty, and integrity. There is no policy on cyber warfare except for some localized attempts by intelligence agencies. Internationally, India is not a signatory to the 45-nation international convention on cyber crimes, which has the US, EU, South Africa, etc, as its members.

On the other hand, the cybercrime cells of various security agencies don’t have the adequate talent to intercept terrorists' communication via the internet. It’s high time that intelligence agencies start recruiting classified experts who can examine various vulnerabilities in IT systems. Though the Government of India does have a Computer Emergency Response System, it acts mainly after the damage has been done. The Signals Core of the Indian Army has professionals working on information warfare. Still, not many individuals are keen to join them as the salary levels are very low compared to what one gets in an IT company. 

Indian leadership needs to wake up to the threat; the emails sent in Ahmedabad and other attacks too were not just to claim responsibility. Rather, they were Indian Mujahideen’s Declaration of open cyberwar against India. As a new, more computer-savvy generation of terrorists is coming out of age, the potential threat from cyberterrorism seems set to increase. Defending against e-terrorism is a difficult task, and one of the critical tasks is to create a lawful society on the Internet and to educate people about the rights and wrongs of online life, which would further pave ways to detect and prosecute a potential threat. A full-fledged cyber attack on India may be a distant reality today, but one cannot deny the threat posed by cyberterrorism. Counter-terrorism is a dilemma of all time, and for all governments, efforts must be made to find ways at all levels to mitigate, counter, and combat the threat of virtual warfare.

Author Note
Author is associated with the Society for the Study of Peace and Conflict, New Delhi