India: Cyber Terrorism And The Fifth Domain – Analysis


By Sanchita Bhattacharya

Expressing grave concern about the growing threat of cyber terrorism in his opening statement at the meeting of Chief Ministers on National Counter Terrorism Centre (NCTC) held on May 5, 2012, Union Home Minister P. Chidambaram stated:

…there are terrorist threats in the cyber space, which is the fifth domain after land, sea, air and space. Much of our critical infrastructure lies in cyber space. Cyber crimes such as hacking, financial fraud, data theft, espionage etc. would, in certain circumstances, amount to terrorist acts. Our counter terrorism (CT) capacity must be able to meet the threats in cyber space. Since there are no boundaries in cyber space, how will the Central Government and the State Governments share the responsibility to face the threats in cyber space?

Chidambaram was, of course, using the cyber threat to buttress his arguments in favour of the NCTC, a pet project that has met with tremendous resistance from the States. Nevertheless, the threat of cyber terrorism is real and growing, as global and national systems become increasingly interlinked and interdependent. Indeed, speculation about the potential threat of cyber attacks has been rife since the 1980s, and Government systems across the world have been targeted from time to time, principally in marginally disruptive and vandalizing actions, variously, by politically motivated, mischievous and state backed groupings. Definitional disputes abound, and it is not clear how many of these can be described as cyber terrorist ‘attacks’. Nevertheless, cyber technology has become a crucial tool in the terrorist arsenal, and its use to directly engineer widespread, and potentially life threatening, disruptions cannot be overestimated. The US Government’s Stuxnet attack against Iran’s principal uranium enrichment facilities, which experts believe may stall Iran’s nuclear program by as much as five years, recently demonstrated the potential capability of cyber war interventions.

Cyber technology has played a role – albeit principally as a covert communication, propaganda or psychological warfare tool – in terrorist activities in India, for some time now. This includes prominent attacks in cities including Ahmedabad, Jaipur, Delhi, Mumbai and Varanasi, among others, over the past years. Significantly, the perpetrators of the November 26, 2008, Mumbai terrorist attacks (26/11), which claimed 166 lives, made substantial use of cyber technology in preparing and mounting the operation. US Marine Corps Lieutenant General George J. Flynn, on May 15, 2012, observed, “All the (26/11) mission planning was done via Google Earth… The terrorists used cellular phone networks as command and control and social media to track and thwart the efforts of Indian commandos.” He noted, further, “Space and cyber will continue to play an increased role in events, with each becoming increasingly contested domains – so it’s a new domain that we’re going to have to contest.”

A December 2008 report had earlier noted that the Pakistan-backed Lashkar-e-Toiba (LeT) had used Voice-over Internet Protocol (VoIP) software to communicate with the 26/11 attackers on the ground and direct the large scale operation on a real-time basis. Citing Indian intelligence sources, the report claimed that the attackers’ handlers “were apparently watching the attacks unfold live on television [and] were able to inform the attackers of the movement of security forces from news accounts and provide the gunmen with instructions and encouragement”. The distinguishing feature of VoIP-based communications, which form the technical basis of popular communications software such as Skype and Vonage, is that audio signals are converted to data and travel through most of the Internet infrastructure in binary, rather than audio, format, making them near impossible to detect and proactively intercept.

After the terrorist attack on Delhi High Court on September 7, 2011, in which 15 persons were killed and another 87 were injured, investigative assistance was sought from the US and some south-east Asian countries, including Myanmar, Thailand, Malaysia and Indonesia, to trace back cyber linkages connected with the incident. Terrorists had hacked into unsecured wi-fi internet connections to send e-mails after the attack.

The Indian Mujahedeen (IM) has carried out over a dozen high profile attacks, including the May 13, 2008, Jaipur (Rajasthan) bombings; the July 25, 2008, Bangalore (Karnataka) serial blasts; the July 26, 2008, Ahmedabad (Gujarat) serial blasts; the September 13, 2008, Delhi serial blasts; the Pune German Bakery blasts of February 13, 2010; and the Mumbai serial blasts of July 13, 2011. Before almost all of these attacks, IM activists sent out e-mails to various media organisations.

Police traced e-mails sent by IM from Navin Computer in Sahibabad area of Ghaziabad District in Uttar Pradesh (UP) soon after the May 13, 2008, Jaipur (Rajasthan) blast, which claimed 80 lives. Three video clips attached to one of the e-mails showed two explosive-fitted bicycles moments before they were detonated. The e-mails were sent from two accounts – [email protected] and [email protected].

IM activists had hacked into the unsecured wi-fi internet connection of an American national, Kenneth Haywood, residing in the Sanpada area of Navi Mumbai, minutes before the July 26, 2008, Ahmedabad terror attack, which killed 53 people. An e-mail claiming the attack was sent prior to the blasts from his Internet Protocol (IP) address.

After the September 19, 2010, Jama Masjid (Delhi) attack, Delhi Police confirmed, a day later, that the IM had sent a threat e-mail from the IP address of a computer in Mumbai.

Investigations into the Varanasi (UP) blast of December 7, 2010, highlighted the need for ‘wardriving’ to detect threat mails posted by IM, allegedly from Mumbai. ‘Wardriving’ is used to search for wi-fi wireless networks with the help of a laptop from a moving vehicle, in order to detect unsecured wi-fi internet points that may be exploited.

The LeT has attained a significant degree of ‘cyber efficiency’, and has been making increasing use of VoIP for communications. LeT’s 26/11 ‘master-mind’, Zaki-ur Rehman Lakhvi, who is presently in a Rawalpindi (Pakistan) jail, is known to have been networking with LeT cadres from jail, using a private VoIP on his smart phone. “Lakhvi’s compound serves as Lashkar’s alternative headquarters,” an unnamed top intelligence source disclosed. Pakistan-based LeT, which is headed by Hafiz Mohammad Saeed, started using VoIP as soon as the technology became common in the early 2000s. Highlighting the problems this creates, an unnamed intelligence source explained, “Earlier, we could intercept conversations on phone or locate Lashkar cadres based on their IP addresses through their emails. But now we’re finding it tough to gather intelligence because Lashkar men hold audio or video conferences using private VoIP”.

According to an article written by Ravi Visvesvaraya Prasad, published in The Hindustan Times on December 19, 2000, a number of Pakistani hacker groups, including ‘Death to India’, ‘Kill India’, and ‘G-Force Pakistan’, have openly circulated instructions for attacking Indian computers. Websites run by Nicholas Culshaw of Karachi, and another run by Arshad Qureshi of Long Beach, California, circulated malicious anti-Indian propaganda along with step-by-step instructions for hacking into thousands of Indian websites. Anti-Indian terrorist instructions were also hosted by,, and All these sites appear to be disabled now, but their architects quickly recreate new platforms.

On December 3, 2010, in a breach of security was detected on the Central Bureau of Investigation (CBI) website, which had been hacked by the ‘Pakistan Cyber Army’. The CBI home page carried a message from the ‘Pakistani Cyber Army’ warning India not to attempt to attack their websites. It further claimed to have defaced another 270 Indian websites.

Interestingly, according to the report of the Security and Defence Agenda (SDA), a leading defence and security think-tank in Brussels (Belgium) and McAfee, India has been ranked fifth in the worldwide ranking of countries affected by Cyber Crime.

Explaining the severity of Cyber Crime in India, Minister of State for Communications and Information Technology, Sachin Pilot, on March 26, 2012, informed the Rajya Sabha (Upper House of Parliament) that cyber crimes were on the rise in the country. He also palced data maintained by the National Crime Records Bureau (NCRB) before Parliament, documenting the number of cyber crime cases and related arrests under the Information Technology Act, 2000:

Cyber Crime Cases

Further, the number of cases registered under Cyber Crime related sections of Indian Penal Code (IPC), along with the number of arrests, were given as:

Cyber Crime Cases

Earlier, explaining the threat faced by Government websites due to Cyber Crime in the Lok Sabha (Lower House of Parliament), the Minister had stated, on November 30, 2011, that a total of 90, 119, 252 and 219 Government websites, as reported and tracked by the Indian Computer Emergency Response Team (CERT-In), had been defaced by various hacker groups in the year 2008, 2009, 2010 and January–October 2011, respectively.

As far Government initiative is concerned, following the 26/11 attacks, the Information Technology Act, 2000, has been amended by Information Technology (Amendment) Act, 2008 with effect from October 27, 2009. The amended Act is a comprehensive Act and provides legal framework to fight all prevalent cyber crimes. Stringent punishment ranging from imprisonment of three years to life imprisonment and fine has been provided for various acts of cyber crime.

On March 27, 2012, explaining Government initiatives to contain Cyber Crime, Pilot informed the Rajya Sabha that a major programme had been initiated on the development of cyber forensics, setting up of infrastructure for investigation and training of users, including Police and judicial officers, and training for the collection and analysis of digital evidence. He disclosed that the Data Security Council of India (DSCI) had organized 112 training programmes on Cyber Crime Investigation and awareness, and a total of 3,680 Police and judicial officers, as well as public prosecutors, had been trained.

On May 16, 2012, National Security Advisor Shiv Shankar Menon disclosed that the Government was in the ‘final stages’ of preparing the ‘national cyber security architecture’ and would hold consultations on the subject with the National Association of Software and Services Companies (NASSCOM), the apex body of the software and services companies in India, in June.

Cyber crimes and the use of cyber space and technologies by terrorists are, currently, at worst, powerful facilitators for terrorist groups. In the main, they remain marginal irritants to the system. Nevertheless, the potential threat they constitute is grave, and this has been noticed by the Indian state. A decision has been taken to establish a National Cyber Coordination Centre, a full-fledged agency to counter this menace. However, current deficits in trained manpower and state of art equipment and infrastructure may hobble effective operationalization for some time. A race is currently on, with terrorists, on the one hand, pushing the frontiers of cyber space to harness the most disruptive of tools possible, and state agencies, on the other, seeking to interdict them in this enterprise. It remains to be seen which side in the conflict has the greater coherence and more sustained motivation.

Sanchita Bhattacharya
Research Assistant, Institute for Conflict Management


SATP, or the South Asia Terrorism Portal (SATP) publishes the South Asia Intelligence Review, and is a product of The Institute for Conflict Management, a non-Profit Society set up in 1997 in New Delhi, and which is committed to the continuous evaluation and resolution of problems of internal security in South Asia. The Institute was set up on the initiative of, and is presently headed by, its President, Mr. K.P.S. Gill, IPS (Retd).

Leave a Reply

Your email address will not be published. Required fields are marked *