Definition of Terrorism

• Bruce Hoffman of Georgetown University has defined terrorism as

“violence—or equally important, the threat of violence—used and
directed in pursuit of, or in service of, a political aim.”
• Similarly, Louise Richardson of Oxford University believes terrorism is
“deliberately and violently targeting civilians for political purposes.”
Definition of Cyber-Terrorism
• There is no universally agreed upon definition of cyberterrorism, but
the term generally refers to an attack which uses electronic means
(such as a computer worm, virus or malware) to penetrate and
seriously interfere with critical infrastructure. Critical infrastructure
means the facilities, services and networks which, if taken offline for
an extended period, would create a serious risk to public health, the
economy, the environment or national security.

• “A cyberattack using or exploiting computer or communication

networks to cause sufficient destruction or disruption to generate fear
or to intimidate a society into an ideological goal.“ – NATO

• "The use of computer network tools to shut down critical

national infrastructure (such as energy, transportation,
government operations) or to coerce or intimidate a
government or civilian population". - Center for
Strategic/Int’l Studies
Types of Cyber Attacks
Eavesdropping Attack

• Eavesdropping attacks occur through the interception of network traffic. By eavesdropping, an attacker can
obtain passwords, credit card numbers and other confidential information that a user might be sending over
the network. Eavesdropping can be passive or active:
• Passive eavesdropping — A hacker detects the information by listening to the message transmission in the
network.
• Active eavesdropping — A hacker actively grabs the information by disguising himself as friendly unit and by
sending queries to transmitters. This is called probing, scanning or tampering.
• Detecting passive eavesdropping attacks is often more important than spotting active ones, since active
attacks requires the attacker to gain knowledge of the friendly units by conducting passive eavesdropping
before.
Denial of Service / Distributed Denial of Service

• A Denial-of-Service attack overwhelms a system’s resources so that it cannot

respond to service requests.
• A Distributed Denial of Service attack is also an attack on system’s resources, but it
is launched from a large number of other host machines that are infected by
malicious software controlled by the attacker.
• Unlike attacks that are designed to enable the attacker to gain or increase access,
denial-of-service doesn’t provide direct benefits for attackers. It’s enough to have the
satisfaction of service denial.
Phishing and Spear Phishing Attacks

• Phishing attack is the practice of sending emails that appear to be from trusted sources with the goal of
gaining personal information or influencing users to do something. It combines social engineering and
technical trickery.
• It could involve an attachment to an email that loads malware onto your computer.
• It could also be a link to an illegitimate website that can trick you into downloading malware or handing
over your personal information.
• Spear phishing is a very targeted type of phishing activity. Attackers take the time to conduct research
into targets and create messages that are personal and relevant.
• Because of this, spear phishing can be very hard to identify and even harder to defend against.
War Driving
• War driving, also called access point mapping, is the act of locating and possibly
exploiting connections to wireless local area networks while driving around a city or
elsewhere.
• To do war driving, you need a vehicle, a computer (which can be a laptop), a
wireless Ethernet card set to work in promiscuous mode, and some kind of
an antenna which can be mounted on top of or positioned inside the car.
• Because a wireless LAN may have a range that extends beyond an building, an outside
user may be able to intrude into the network, obtain a free Internet connection, and
possibly gain access to records and other resources
Logic Bomb
• A logic bomb is a piece of code intentionally inserted into a software system that will set
off a malicious function when specified conditions are met. For example, a programmer
may hide a piece of code that starts deleting files (such as a salary database trigger),
should they ever be terminated from a company
• Software that is inherently malicious, such as viruses and worms, often contain logic
bombs that execute a certain payload at a pre-defined time or when some other
condition is met. This technique can be used by a virus or worm to gain momentum and
spread before being noticed.
• To be considered a logic bomb, the payload should be unwanted and unknown to the
user of the software.
Man-in-the-Middle (MitM) Attack

• A MitM attack occurs when a hacker inserts itself between the communications of a client and a server.
• The common types of man-in-the-middle attack is Session hijacking
• An attacker hijacks a session between a trusted client and network server. The attacking computer substitutes its IP address for the
trusted client while the server continues the session, believing it is communicating with the client. For instance, the attack might
unfold like this:
1. A client connects to a server.
2. The attacker’s computer gains control of the client.
3. The attacker’s computer disconnects the client from the server.
4. The attacker’s computer replaces the client’s IP address with its own IP address and
5. spoofs the client’s sequence numbers.
6. The attacker’s computer continues dialog with the server and the server believes it is still communicating with the client.
Forms of Cyber-terrorism
Target of Control System

• Used to disable or manipulate physical infrastructure

• E.g: the provision of electrical networks, railroads, or water supplies
• Infiltrated to have wide negative impacts on particular geographical
areas by using the Internet to send malicious programs or by
penetrating security systems
• Literatures have shown that many agree that if an cyber attack
comes, it will probably be against CNI (critical national infrastructure)
How attacks on Control System works
• 1. Data-poisoning: Malicious actors could use machine-learning algorithms to wage data-poisoning attacks
on automated biotech supply chains. As bio-experiments are increasingly run by AI software, a malware
could corrupt engineering instructions, leading to the contamination of vital stocks of antibiotics, vaccines
and expensive cell-therapies.

• 2. Genetic-engineering: Cloud labs let you control up to 50 types of bio-experiments from anywhere in the
world while sitting at your computer. Hackers could rely on such automated workflow to modify the genetic
makeup of the E. coli bacteria and turn it into a multi-drug resistant bio-agent.

• 3. Delivery: As a next step, hackers could harness off-the-shelf drones, and equip them with aerosols, to
spread the multi-drug resistant bacteria within water-systems or on farms. Farmers already use drones to
spray insecticides on crops.

• 4. False narratives: Finally, hackers could inundate social media with warning messages about contaminated
antibiotics, sowing fear and confusion among afflicted populations.
Hybrid cyber terrorism
• The use of the Internet for terrorist activities such as propaganda,
recruitment, radicalization, fundraising, data mining, communication,
training, and planning for actual terrorist attacks.
• a) Propaganda and Psychological Warfare
• b) Communication and Networking
• c) Fundraising
• d) Data Mining, Recruitment and
Training
• a) Propaganda and Psychological Warfare:
• The Internet is being used by terrorists and terrorist organizations to spread and
manage their propaganda through information warfare, to impart their ideology, to
conduct psychological warfare as well as to radicalize and recruit new members from
all over the world, through terrorist websites, online magazines, and various social
media platforms

• DAESH (or the so called Islamic State) had seven media agencies under its central
media command (with Amaq being the most prominent one) and 37 media offices
operating in various countries. Similarly, al-Qaeda formed a media arm known as As-
Sahab and The Global Islamic Media Front (GIMF), as well as online magazines such
as “Inspire and Resurgence” to reinforce their propaganda.
b) Communication and Networking

• Terrorists groups have used social media platforms (like Telegram) and encrypted
messaging system applications (such as Kik, SuperSpot, Wickr, Whatsapp, Gajim),
online gaming chat rooms, coded messages or steganography for covert
discussions, direct and private communications purposes (that includes
networking with other members of the group, interaction with recruits and
supporters) and planning and coordination of physical attacks as well as planning
hacking operations.

• Terrorist organizations have been using the Telegram application since the end of
2015 due to its encryption and secure use
c) Fundraising

• Funding for terrorist related activities (acquire weapons or support the war effort by
providing funds to the families of fighters) is no longer simply done through charity
organizations. Instead, it is also being done by donation through social media platforms
and blogs, and the use of the bitcoin digital currency.

• The “Arm Us” campaign by which funds were declared to be directed to “Jihad for Allah”,
arm mujahidin with weapons and munition, manufacturing weapons and missiles and
bombs, physical training, promoting sharia and dawah (proselytisation), establishing
jihadi propaganda, as well as developing and providing security and community activity
d) Data Mining, Recruitment and Training

• Terrorists are using the Internet for data mining to collect information of particular places and
individuals as potential targets for attacks as well as recruitment. Already in the case of the
attacks of 11 September 2001, the al-Qaeda operatives used the Internet to collect information
such as flight times and to share information and coordinate their attacks.

• DAESH and many other organizations are utilizing social media platforms to select individuals for
radicalizing or recruitment purposes. Recruiters identify potential targets by monitoring Facebook
profiles and conversation threads and assess whether they are genuine sympathizers. They
conduct further examination by adding them as friends and only engage in private
communication only after they are certain of the individuals’ faithfulness.
ECONOMIC ATTACKS
Cyber attacks cause economic damage:
• Lost files and records
• Destroyed data
• Stolen credit cards
• Money stolen from accounts
• Time the IT staff spends cleaning up
Any organization wanting to do harm could set up a group with
• Computer security experts
• Programming experts
• Networking experts
How Economic attacks could be carried out
Team 1 sets up fake e-commerce sites for a few days:
• Harvest credit card numbers, bank account numbers, and so forth
• All numbers posted to the Web anonymously on a predetermined date
Team 2 creates a Trojan
• Showing business tips or slogans, popular download with business people
• Deletes key system files on a certain date.
Team 3 creates a virus.
• A DDoS on key financial Web sites, all to take place on the same
predetermined date.
Teams 4 and 5 footprint major bank systems.
Team 6 prepares to flood the Internet with false stock tips.
International Laws in governing terrorism.
United Kingdom
Terrorism Act 2006
• to tackle the growing threat of radicalisation and terrorism to the
British people
• Part 1 of the Act sets out offences concerning the encouragement of
terrorism, the preparation of terrorist acts and training, as well as,
crimes related to radioactive devices, materials, nuclear facilities and
sites.
• provide prosecutors with new offences to charge radicalised
individuals and groups
• he offences under this act are intending to recruit or encourage others to join
said extremist groups, preparing for acts of terrorism or training and the
making or possession of radioactive devices and materials with the intent of
terrorism
• The act establishes increased penalties for judges in England and Wales to
hand down heavy custodial sentences in order deter extremism, punish
radicals and protecting the public.
United States of America
Patriot Act, Title VIII
• Title VIII: Strengthening the criminal laws against terrorism is the eighth of ten titles
which comprise the USA PATRIOT Act, an anti-terrorism bill passed in the United States
one month after the September 11, 2001 attacks. Title VIII contains 17 sections and
creates definitions of terrorism, and establishes or re-defines rules with which to deal
with it.
• Several aspects of cyberterrorism are dealt with in title VIII. Under section 814 of the
Patriot Act, it is clarified that punishments apply to those who either damage or gain
unauthorized access to a protected computer and thus cause a person an aggregate loss
greater than $5,000; adversely affects someone's medical examination, diagnosis or
treatment; causes a person to be injured; causes a threat to public health or safety; or
causes damage to a governmental computer that is used as a tool to administer justice,
national defense, or national security.
• Section 814 also prohibits any extortion via a protected computer, and not
just extortion against a "firm, association, educational institution, financial
institution, government entity, or other legal entity".
• Punishments were expanded to include attempted illegal use or access of
protected computers. The punishment for attempting to damage protected
computers through the use of viruses or other software mechanism is now
imprisonment for not more than 10 years, while the punishment for
unauthorized access and subsequent damage to a protected computer is
now more than five years imprisonment. Should the offense occur a
second time, the penalty increases to no more than 20 years
imprisonment.
India
Information Technology Act, 2000
● The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act)
is an Act of the Indian Parliament (No 21 of 2000) notified on 17 October 2000.
● It is the primary law in India dealing with cybercrime and electronic
commerce.
● It is based on the UNCITRAL Model Law on International Commercial
Arbitration recommended by the General Assembly of United Nations by a
resolution dated 30 January 1997. Section 66F of ITA-2000
● It is an offence of an act of cyber terrorism.
● If a person denies access to an authorised personnel to a computer resource,
accesses a protected system or introduces contaminant into a system, with the
intention of threatening the unity, integrity, sovereignty or security of India, then
he commits cyberterrorism.
● The penalty would be imprisonment up to life.
Section 66F of ITA-2000 states that It is an offence of an act of cyber
terrorism.
• ● If a person denies access to an authorised personnel to a computer
resource, accesses a protected system or introduces contaminant into a
system, with the intention of threatening the unity, integrity, sovereignty or
security of India, then he commits cyberterrorism.
• ● The penalty would be imprisonment up to life.
The Budapest Convention
The Convention provides:

1- the criminalisation of a list of attacks against and by means of

computers
2- procedural law tools to make the investigation of cybercrime and the
securing of electronic evidence in relation to any crime more effective
and subject to rule of law safeguards
3- international police and judicial cooperation on cybercrime and e-
evidence.
Laws against Cyber terrorism in Malaysia
1. Penal Code
• Under the Penal Code, a new Part VIA (offences relating to terrorism) had been added,
containing Sections 130C to 130M (suppression of terrorist act and support for terrorist
act), and Section 130N to 130TA (suppression of financing to terrorist acts).
• The focus will be on Section 130B(2)(a), 130J(2)(k) and 130N in which these provision are
more focusing on the terrorism in the cyber environment.
• Section 130B(2)(a) read together with section 130B(3)(h)describe terrorist act in the
context of cyber environment as :
“an act or threat of action designed or intended to disrupt or seriously interfere with, any computer
systems or the provision of any services directly related to communications infrastructure, banking or
financial services, utilities, transportation or other essential infrastructure”
• Section 130J(2)(k) extends support to terrorist group to the act of using the
social media or any other means to advocate or promote a terrorist group,
support for a terrorist group or the commission of a terrorist act.

• Section 130J(1) provide punishment for such act with imprisonment for life or
imprisonment for a term not exceeding 30 years or fine and shall also be liable
for forfeiture of any property used in connection with commission of offence.
• Section 130N provides that whoever, by any means, directly or indirectly,
provides or collects or makes available any property intending, knowing or
having reasonable grounds to believe that the property will be used, in
whole or in part, to commit a terrorist act shall be punished—
• (a) if the act results in death, with death; and
• (b) in any other case, with imprisonment for a term of not less than seven
years but not exceeding thirty years, and shall also be liable to fine,
• and shall also be liable to forfeiture of any property so provided or
collected or made available.
2. Criminal procedure code
• The Criminal Procedure Code was also amended to include section
106A and 106C which are provisions used to intercept, detain and
open postal articles and messages transmitted via
telecommunications where all intercepted communications can be
used as evidence for trial in terrorism.
3. SECURITY OFFENCES (SPECIAL MEASURES)
ACT 2012
• The Security Offences (Special Measures) Act 2012 is a law to provide for
special measures relating to security offences for the purpose of maintaining
public order and security and for connected matters. The Act is to replace the
1960 Internal Security Act (Malaysia). The Act was introduced by Malaysian
Prime Minister Najib Razak
• The focus of the law is to protect national security. SOSMA allows the arrest
without warrant of people who the police officer has reason to believe to be
involved in “security offences”.
• Section 4(5) - Police officer of or above the rank of Superintendent of Police may extend
the period of detention for a period of not more than twenty-eight days, for the purpose
of investigation

• SOSMA 2012 limits the detention period for up to 28 days after which the Attorney-
General can decide to prosecute on specific charges. There is provision for bail as
provided under Section 13(1) SOSMA 2012, indicating a backward movement as SOSMA
2012 was supposedly enacted to remove the negative application of law under the ISA,
which did not have any provision for bail
4. PREVENTION OF CRIME ACT (POCA)
• Poca enacted to deal with crime prevention and for the control of criminals, members of secret
societies, terrorists and other undesirable persons.

• Section 3(1) gives the PDRM power to arrest a person without a warrant if the police officer doing
the arrest believes there is a reason to hold an inquiry against said person.

• Section 7(b) - arrested individual can also be detained up to 60 days with the approval of senior
police officers.

• Section 19A - After the 60-day detention, detainees have to be brought before the Prevention of
Crime Board. The Board will then either discharge the detainee, subject him to house arrest and
electronic monitoring (otherwise known as tagging), or serve a two-year detention that can be
renewed indefinitely by the Board.
5.PREVENTION OF TERRORISM ACT 2015
(POTA)
• Section 3(1) allows for arrest without warrant if a police officer has reason to believe that
grounds exist that would justify holding an inquiry under this Act. In such a situation, the suspect
can be retained for not more than seven days, after which he has to be referred to the Public
Prosecutor for direction.

• Sections 4(1) and (2) adds to the period of detention possible under this Act. Terrorist suspects
may be detained by the police for an initial investigation period of 21 days, which may be
extended by an additional 38 days. Detainees are denied the right to counsel except during the
formal recording of statement by the investigation officer

• Section 13(1)(b) enables the Malaysian authorities to detain terror suspects without trial for two
years, and it does not allow any judicial review on the detention.
International Cases on Cyber Terrorism
Ferizi’s Case
● A 20-year-old Kosovar hacker pleaded guilty in U.S. federal court on June 15 to
providing material support to the Islamic State terrorist group by hacking into a U.S.
company's networks and releasing names, address and financial information on
hundreds of government employees and active military personnel.
● Ardit Ferizi — who goes by the handle Th3Dir3ctorY online — admitted to providing
the stolen information to the terrorist organization with the understanding it would be
used to harm federal employees and servicemembers, in both the virtual and physical
realms.
● According to the Department of Justice, Ferizi offered ISIS the hacked data "with the
understanding that ISIL would use the [personally identifiable information] to 'hit them
hard.'“
• ● Ferizi provided this information to members of ISIS in August, who
then posted the information online with a call for members to take
action against those people, including perpetrating fraud using their
personal information, as well as physical attacks.
• ● He faces a maximum of 20 years for providing support to a terrorist
group and an additional five years for accessing a protected computer
Mehdi Masroor Biswas Vs. The State of
Karnataka
• ● Mehdi Masroor Biswas was arrested at Bangalore for using the Twitter handle for
the purposes of forwarding and disseminating the messages and philosophy of a
terrorist organization.
• ● This was also for the first time that a case under Section 66F of the Information
Technology Act, 2000 was registered under the offence of cyber terrorism.
• ● The said case was also a wake up call as it shows that with the passage of time and
with the advancement of technology, cyber terrorists and cyber criminals have used
various loopholes in the law to limit their legal exposure.
• ● This case has once again show that Section 66F though has defined the offence of
cyber terrorism, has still defined the same in narrow terms and there is a need for
India to revise and beef up its law on cyber terrorism
• . ● The Bangalore case demonstrated the inefficacy and inadequacy
of Section 66F for India to deal with the cyber terrorism as a
phenomenon.
• ● In fact, the lessons from the Bangalore case are that the fight
against cyber terrorism cannot be fought with the help of a single
provision.
R v Yusuf
• ● It can be seen that a person commits an offence if, with the
intention of
1. Committing the acts of terrorism, or
2. Assisting another to commit such acts
• ● In this case, Yusuf engages in any conduct in preparation for giving
effect to his intention
Efforts against Cyber Terrorism
1. Strengthening Technical Capabilities.

• In catering to the wave of ICT advancements, CyberSecurity Malaysia introduced

Cyber999 Help Centre, a one-stop-centre that receives and channels all reports lodged by
the public to the relevant agencies. This service was officially launched on 7 July 2009 by
the Minister of Science, Technology and Innovation of Malaysia. With the existence of
the Cyber999 Help Centre, the public has an avenue to seek advice and technical support
on matters related to cyber security incidents.

• The Centre for Information and Media Warfare Studies (CMIWS) in UiTM is an inter-
disciplinary research centres, having been established in 2005 to cater to the needs of
assimilating information warfare, psychological operations, international policies &
comparative studies with that of technology, media and intelligence. The centre's activity
involves academic and non-academic programs to specifically uphold Malaysia's national
interests and security.
2. Strengthening International Inter-Agency
Cooperation
• In acknowledging the cross border activities of cyber terrorism,
CyberSecurity Malaysia has established strategic partnerships with many
countries in the world through international collaborations.

• Includes:
• APCERT (Asia Pacific Computer Emergency Response Team), which is a
collaboration of 22 computer emergency response teams (CERTs) from 16
economies in the Asia Pacific region
• OIC-CERT (Organisation of Islamic Conference - Computer Emergency
Response Team), which is a collaboration of 20 incident response teams
from 18 OIC countries.
3.National Cyber Security Policy (NCSP)
• The NCSP is focused particularly on the protection of Critical National Information
Infrastructure (CNII) against cyber threats.
• Alongside clear and effective governance, the NCSP provides mechanisms for
improving the trust and cooperation among the public and private sectors.
• NCSP also focuses on enhancing skills and capacity building as well as enhancing
research and development initiatives owards self-reliance. It also maps out
emergency readiness initiatives and dictates a programme of compliance and
assurance across the whole of the CNII.
• The NCSP also reaches out to Malaysia’s international partners and allies. The policy
describes methods that Malaysia can share knowledge with the region and the world
on cyber security related matters. Malaysia developed NCSP as a proactive step in
protecting critical sectors against cyber threats
• The NCSP also reaches out to Malaysia’s international partners and
allies. The policy describes methods that Malaysia can share
knowledge with the region and the world on cyber security related
matters.
• Malaysia developed NCSP as a proactive step in protecting critical
sectors against cyber threats.
4.Layered approach for defense mechanisms
• By having combination of email filtering, installation of anti-virus
software, pro-active malware protection, security policies and
keeping protection software up to date along with the operating
system and applications can help to tackle security related issues such
as spam, malware attacks
5. Promoting Cyber Security Awareness.

• Promoting cyber security awareness is one of the major activities

conducted by CyberSecurity Malaysia.
• Part of the efforts is to educate and increase awareness of the public,
specifically on cyber threats; among others the use of internet by
terrorist groups for networking, information sharing,
communications, propagandas, recruitment, fundraising, etc.