C KM Y

C KM Y

A decade ago we

we re a f ra id o f

aircrafts causing

d a m a g e t o the security of state or friendly relations with foreign states.infrastructure; today

Section 66 F: A. Whoever with intent to threaten the unity, we are afraid of integrity, security or sovereignty of India or to strike terror in s o f t w a r e a n d the people or any section of the people by technology that can

be used to cause i. Denying or cause the denial of access to any person damage. The World authorised to access computer resource; orof Technology is

ii. Attempts to penetrate(enter) or access a computer almost seven times resource without authorization or exceeding authorised faster than the real world. There is no doubt that access; ortechnology is a double edged sword. With good

comes evil and the realty is that technology can be iii. Introducing or causing to introduce any computer misused. The ease that technology provides makes contaminant, and by means of such conduct causes or is it the best tool to be used by everyone. This is a likely to cause death or injuries to persons or damage to or global issue and not only specific to India. destruction of property or disrupts or knowing that it is Borderless incidents and activities have become likely to cause damage or disruption of supplies or services difficult to regulate. essential to the life of the community or adversely affect the

critical information infrastructure specified under section According to the Anti-Terrorist Act - 1985 a terrorist 70, oris “a person who indulges in wanton killing of

persons or in violence or in the disruption of B. knowingly or intentionally penetrates(enters) or services or in damaging property or disrupting accesses a computer resource without authorisation or means of communication essential to the exceeding authorised access, and by means of such community with a view of putting the public in fear conduct obtains access to information, data or computer affecting adversely the harmony between religions database that is restricted for reasons for the security of the of different races, coercing or awing the State or foreign relations; or any restricted information, government established by law or endangering the data or computer database, with reasons to believe that sovereignty and integrity of India.” such information, data or computer database so obtained

may be used to cause or likely to cause injury to the According to Information Technology Act 2000 interests of the sovereignty and integrity of India, the (Amendments) 2008 Sub-section 66F there is security of the State, friendly relations with foreign states, punishment for cyber terrorism up to life public order, decency or morality, or in relation to imprisonment. Cyber terrorism is defined as contempt of Court, defamation or incitement to an causing denial of service, illegal access, offence, or to the advantage of any foreign nation, group introducing a virus in any of the critical information of individuals or otherwise, commits the offence of cyber infrastructure of the country defined u/s 70 with the terrorism.intent to threaten the unity, integrity, security or

sovereignty of India or strike terror in the people or There is an old truism - we cannot stop progress. The any section of the people; or gaining illegal access truism has been used to justify investments in technologies to data or database that is restricted for reasons of that could potentially not only harm people but wipe out

Technology

March - April 2010 66The Mumbai PROTECTOR

To use or not to use - that’s the Cyber Question!

Tech as Deadly Tool

- Vicky Shah

the entire planet. While we cannot stop the but GPS & networks

progress, we still should think carefully about Recent Past Incidents where technology was misused:

the consequences of the technologies that we • 26/11: Global Positioning Satellite systems, Blackberry, CDs invent.1with high resolution satellite images, Multiple cell phones with

“A computer keyboard can be a very useful switchable SIM cards, Satellite phones

tool for the progress of humanity, but it can • September 13, 2008: Indian Mujahideen militants used also become a dangerous weapon capable unsecured WiFi system of a company in Chembur. of producing enormous economic damages

to the infrastructure of a state or company, • August 2008: A stray terror e-mail was traced to the Khalsa and even against the integrity and the life of College, Matunga, Mumbai. human beings” - Secretary General Cesar

• July 2008: E-mails were sent before and after the Ahmedabad Gaviria, OAS, Us2blasts. One was traced to Navi Mumbai and the other to an IP

Technology Platforms that have been address in Vadodara. misused:

• May 2008: A terror e-mail was sent before the Jaipur blasts • Social Networking Sites • Blogs • Email from a cyber cafe in Ghaziabad. Services • SMS Services • VoIP • GPS and

• November 2007: Serial blasts in Lucknow, Varanasi, and GIS based Applications and Equipments Faizabad courts in UP. The terror e-mail was sent by Indian

Mujahideen (IM) from a cyber café in Laxmi Nagar, Delhi.

• Exponential growth of Internet and Mobile (Source: Internet and Newspapers)Phone use

The Wi-Fi misuse could have easily prevented had the • 3G technology to be started very soon users/or their network administrators would have been • Interconnected business and government alert and careful in securing the connections. It only takes • E-governance growth has implications for following steps to secure a Wi-Fi Connection:Information Security, Privacy and Cyber

Security • Change Default User names & Passwords• Income Tax, Excise, Customs, Sales tax • Use Strong Passwordsnetworks connected • Enable Wireless Security (WPA2)• Smart cards, UID being issued • Change your SSID• Land records computerized • Do not show Broadcast SSID• Police networks • Use MAC filtration• Defense is no longer arms & ammunition • Use Static IP Address

• Use firewalls

• Use Latest Antivirus Pack

An interesting article has been written by Bruce Schiner about

“Terrorists May Use Google Earth, But Fear Is No Reason to Ban

It” he talks about how surprising it is to the people that their own

infrastructure can be used against them. And in the wake of

terrorist attacks or plots, there are fear-induced calls to ban,

disrupt or control that infrastructure. This isn't the only way our

information technology helps terrorists. We already know they

use websites to spread their message and possibly even to

recruit.3

Let's all stop and take a deep breath. By its very nature,

communications infrastructure is general. It can be used to plan

both legal and illegal activities, and it's generally impossible to

tell which is which. When we send and receive email, it looks

exactly the same as a terrorist doing the same thing. To the

mobile phone network, a call from one terrorist to another looks

exactly the same as a mobile phone call from one victim to

another. Any attempt to ban or limit infrastructure affects

Growing Challenges faced by India:

C KM Y

C KM Y

Technology

March - April 2010 67The Mumbai PROTECTOR

C KM Y

C KM Y

everybody. Clearly the technologies that are being developed and

that would be developed in future can be used in a bad Terrorist attacks are very rare, and it is almost always a

way by the "evil doers". But this is really nothing new, bad trade-off to deny society the benefits of a

and as I said in the beginning of this article - communications technology just because the bad guys

technological progress is unstoppable. So why do we might use it too. Communications infrastructure is

need to think about these things? Simply because it is especially valuable during a terrorist attack. Twitter was

always better to pause and think about the the best way for people to get real-time information

implications, than blindly rush through things. Just about the attacks in Mumbai. If twitter was banned

because something is cool does not mean that it is not would it have been helpful for people to know about

dangerous. And beyond cool, we can be just a bit more the updates? Information lessens fear and makes

careful. These are debatable and should be debated at people safer.

the right level with right channel.None of this is new. Criminals have used telephones

The Way Ahead:and mobile phones since they were invented. Drug

smugglers, Bank robbers, terrorists, etc... everyone. • Government's positive and critical role in Proactive,

Society survives all of this because the good uses of Active and Reactive strategies.

infrastructure far outweigh the bad uses, even though • Protecting, Preventing, Mitigating and Investigating

the good uses are - by and large - small and pedestrian against all forms of incidents

and the bad uses are rare and spectacular. And while • Citizens alertness and cooperation to Law Protectors,

terrorism turns society's very infrastructure against Law Enforcement Agency, etc…

itself, we only harm ourselves by dismantling that • A statewide and overall national approach to

infrastructure in response - just as we would if we technology security is required for protecting citizens

banned technology because anti social elements used from the menace of Technology Abuse.

them too. • Government lacks expertises which are available

with Private Sector Direct capitalization of talent "Where in the rule book does it say that terrorists are

available in the industry.not allowed to use technology that is readily available

• Government playing instrumental role in raising to almost anyone?" said Ajay Sahni, executive director

awareness about existing risks, creating state of New Delhi's Institute for Conflict Management. "The

infrastructure to address technology security issues, only people out of the loop seem to be the Indian

and create confidence for the citizens.security forces. They are a generation behind in

• Government helping in preventing economy losses understanding the technology that the terrorists

faced by community.used."4

• Cert-In to play an important role in critical Lastly, this is terrorism in the digital age. "Technology is infrastructure as they are appointed as nodal agency advancing every day. We try to keep pace with it." as per the Information Technology Act 2000 Hasan Gafoor, IPS Mumbai CP during the 26/11 press Amendment 2008.conference.

Credits, Reference and Acknowledgements:

1)Technology and Terrorism: Are we being too naive? -

Written by Alex Iskold / June 2, 2007

2)http://goliath.ecnext.com/coms2/gi_0199-

3159573/Confronting-cyber-crime.html

3) http://www.schneier.com/essay-258.html

4)http://www.washingtonpost.com/wpdyn/content/ar

ticle/2008/12/02/AR2008120203519.html

Disclaimer:

This article is for non-profit, knowledge sharing, awareness and

educational purpose. Please feel free to write your view, criticism,

comments to the author at vicky@cybercrimes.in. Information

available in this article is not enforceable by law; however these are

my personal views about the topic which i feel should be shared. Any

errors, omissions, misstatements, and misunderstandings set forth in

the article are sincerely apologized. Relying on the contents will be

sole responsibility of the users. +

Technology

March - April 2010 68The Mumbai PROTECTOR