INTRODUCTION:

In the 21st century, imagining our life without the internet is mission impossible. The Internet has become an essential part of human life. With the increase in internet use, the fight for power in cyberspaces has also risen, which led to the emergence of cyber warfare. In simple words, cyber warfare means the process of using a computer network to steal or manipulate sensitive data in order to cripple the financial and operational structures of a state or an organization by sabotaging their networks, websites, and services. The objectives behind such attacks are to cause damage to a nation with which a country is at war; or to interrupt and destroy vital computer technology of rival nations. In the modern era, apart from individuals launching attacks on the internet for financial gain, many countries are launching attacks on each other or at least planning to attack for political gain or to gain strategic leverage over one another. In several countries' national strategies, gaining offensive power on the cyber battlefield figures has prominently and specifically been stated in the doctrines of many of them, including China, Russia, and the United States. It is widely recognized that hacking networks of enemies and their allies will pave the foundations for future cyber conflicts.

TYPES OF ATTACKS:

There is a range of techniques to attack a device or computer network. The approach depends on the purpose of the attack, i.e., what the attacker wants from the target. Attacking tactics are categorized based on intent. They are:

Espionage and Breaches in National Security: Espionage is the process of obtaining the secrets, confidential or classified information through unauthorized means of manipulation through the internet, applications, and computer networks of the opposing parties, nations, regimes, or governments for military, political and economic advantages. Simply put, it is a practice of spying on specific nations and their institutions in order to collect data and intelligence about the enemy.

Malware: Malware is malicious software or application that can cause harm to a device or a computer system. There are many types of malware that include viruses, spyware, worms, trojan horse, etc., These software’s are designed to execute a variety of malicious tasks such as intercepting, encrypting, stealing, deleting, or modifying confidential data or sabotaging essential computing resources and spying on the users’ behavior, all without any consent.

Denial of Service Attacks (DoS): A Denial of Service or Distributed Denial of Service (DDoS) attack is a malicious effort to overwhelm a web server with traffic to shut down a server or a website or a computer, rendering it unavailable to its intended users. These attacks will deprive genuine consumers of obtaining expected services and resources. A DoS attack is carried out by either inundating the intended host or server with abnormal traffic or by transmitting data that could cause a crash. Web servers of prominent organizations like government organizations, banking, media firms, and trade associations are typically the victims of these attacks.

LEGAL FRAMEWORK:

With the advancement in technology and a rise in the number of crimes in cyberspace, there was an immediate need for stringent statutory regulations to control the illegal activity in cyberspace and to safeguard the technological development framework. Illegal operations are not readily detected in the virtual world known as cyberspace and need specialized knowledge. Along with the law enforcement authorities' specific skill set, it is essential to have an up-to-date law to comply with cybercrime cases.

INDIA:

Though there are no adequate provisions in India to curtail cybercrimes overlook cyber warfare and decide the jurisdictions, India's government, in the year 2000, had passed the Information Technology Act, 2000. The IT Act 2000 was later amended in 2008, and the amended act is now called the Information Technology Amendment Act 2008, also known as the Cyber Law of India. The amended act had a separate chapter for “Offences”. This chapter consisted of various cyber crimes that are classified into penal offenses and their respective punishments. Furthermore, a few violations under this chapter are related to cyber warfare. Those offenses are:

HACKING:

Hacking is the process of breaching through the firewalls of a system to take over the control of a private network or system data or computer network security system for certain illicit motives. Simply put, it is the method of gaining unauthorized access to any computer system or technology. In general, hacking is done to compromise devices like computers, mobiles, tablets, and networks on the internet. But not necessarily every hacker needs an illicit purpose to hack. Sometimes hacking is done for financial gain, spying on an individual, and for fun as a challenge.

Under the IT (Amendment) Act 2008, Hacking also refers to Computer Hacking and may as well include activities like:

  • An undertaking within the Subculture of Computer Programmer.
  • An effort made to obtain access, lawfully or otherwise, to computer networks.
  • A computer offense.

Under section 43(a) read along with section 66 of the IT (Amendment) Act 2008, Hacking is a punishable offense with up to three years of imprisonment or fine, which may extend up to two lakh rupees, or with both. However, section 379 and section 406 of the Indian Penal Code can also be read in compliance with the IT Act for punishing an offender guilty of hacking.

SPREAD OF VIRUS / WORMS:

Viruses or Worms are a type of cyber tool which can do whatever amount of harm the designer wants them to do. These will transfer private or confidential information to a third party and afterward erase the data from the machine. Without a re-installation of the operating system, it may even ruin the system and make it unusable. Typically, viruses load files on the device and then adjust the system such that any time the system starts to run, the virus software is triggered. By transmitting itself to other future victims, it would then try to reproduce itself.

Sections 43 (c) & 43 (e) read along with section 66 of the IT (Amendment) Act 2008, and section 268 of the Indian Penal Code are applied in the offenses of spreading viruses and worms. However, these offenses are cognizable and bail able offenses.

In Indian cyberspace, a unique and dangerous version of the computer virus called 'Beebone' was discovered on July 23rd, 2013.'Beebone' is part of the infamous Trojan malware family that achieves "privileged access” into the victim’s computer by falsifying its identification and employing intelligent and corrupt strategies to attack the most vulnerable systems in a network.

EMAIL SPOOFING:

Email spoofing is the act of electronically disguising one device as another to obtain a wrongful advantage over the victim’s machine. In email spoofing, the mail address of the sender (the cyber-criminal) and the mail body (containing a phishing link) appear similar to that of the mail sent by the original sender earlier. In a spoofed email, the email seems to have originated from a single source, but in reality, the email was sent with malicious intent from a different source. The phishing links in the email are used to download and install malware. These malware are then transmitted to other devices connected to the same network without the knowledge of the user.

Email spoofing is a bail able and cognizable offense. Section 66-D of the IT (Amendment) Act and sections 417, 419, and 465 of the Indian Penal Code are applicable in the cases of Email Spoofing.

CONCLUSION:

With the advent of the world’s utilization of technology, there is an immediate requirement to create stringent provisions to defend a nation from cyber warfare. From what is available in India, the statutes and provisions are outdated, and the emergence of novel cybercrime techniques is now not being monitored. This might increase the probability of cyber warfare in the country and act as a potential threat in cyberspace. The major problem with cyber-attacks is that, though the threat can be detected, it has become a challenge to identify the individual behind such an attack and hence wouldn’t be able to circumvent further damage to the computer technology. No one can avoid a cyber-attack altogether, but the loss can be minimized with appropriate and efficient technology. Most of the population in a country uses the internet for essential services and amenities. In certain situations, cyber-attacks may ultimately bring down a structure or a government, leading to substantial financial and physical damages. So, it needs robust regulations and qualified professionals to deal with crimes in cyberspace. Further, there is an immediate need for the up-gradation of cyber-attack defense networks and improved counterintelligence.

Online Sources: