Cyber terrorists to face death penalty in Pakistan

Summary:According to a recently signed "Prevention of Electronic Crimes Ordinance 2008" in Pakistan, any person who commits cyberterrorism causing the death...

Internet Users Pakistan
According to a recently signed "Prevention of Electronic Crimes Ordinance 2008" in Pakistan, any person who commits cyberterrorism causing the death of other people will face death penalty or life imprisonment :

"Whoever commits the offence of cyber terrorism and causes death of any person shall be punishable with death or imprisonment for life, and with fine and in any other case he shall be punishable with imprisonment of either description for a term which may extend to ten years, or with fine not less than ten million rupees, or with both."

With cyber terrorism remaining an open topic term that could be greatly abused or wrongly interpreted, it's interesting to see how a country with 3.5M Internet users reported in 2007 defines the term cyberterrorist, and is general cybecrime treated appropriately.

"For the purposes of this section the expression"terroristic act" includes, but is not limited to,- (a) altering by addition, deletion, or change or attempting to alter information. that may result in the imminent injury, sickness, or death to any segment of the population; (b) transmission or attempted transmission of a harmful program with the purpose of substantially disrupting or disabling any computer network operated by the Government or any public entity; (c) aiding the commission of or attempting to aid the commission of an act of violence against the sovereignty of Pakistan, whether or not the commission of such act of violence is actually completed; (d) stealing or copying, or attempting to steal or copy, or secure classified information or data necessary to manufacture any form of chemical, biological or nuclear weapon, or any other weapon of mass destruction."

Pakistan Government Defacements 2008
Guess what - each of these points excluding (a) and (d) can be abused and wrongly interpreted as a act of cyber terrorism. Under (b) fall all the script kiddies that have been defacing web sites of the Pakistan Government throughout 2008, which according to Zone-h.org there have been a total of 201 attacks of which 132 single ip and 69 mass defacements. The harmful program in this case would be the DIY SQL injectors, the web site defacement tools, and web web shells uploaded in order for the defacers to start hosting malicious content at the compromised sites. Moreover, "any public entity" can be interpreted in a way that can easily put the ASProx botnet campaigners on a death row. In regard to (c) aiding the conspiring process against the Government can be forwarded to people who have absolutely no idea that their Internet connectivity is abused in such a way.

The ordinance is also covering other cybercriminal activities in detail, with cyber stalkers getting the maximum possible sentence, and spammers the minimum one :

  • Misuse of encryption in order to prevent local enforcement from gathering evidence - five years in jail, fine, or both
  • Malware coding - five years in jail, fine or both
  • Cyber stalking - seven years in jail, fine or both
  • Spamming - fines and up to three months in jail
  • Spoofing or impersonation - three years in jail, fines or both

Naturally, local organizations such as the The National Commission for Justice and Peace (NCJP) of the Catholic Church and the Human Rights Commission of Pakistan (HRCP) are criticizing the signed order :

"The secretary of the NCJP, Peter Jacob (in the photo), tells AsiaNews: "We are surprised and shocked that the government has added death penalty in cyber crimes ordinance. This is not the right way to stop the crimes. Severe punishments can not correct or mend our society. So, NCJP demands that death penalty should be immediately excluded from the list of punishments." "We are unable to understand the mentality and strategy of the government that what it wants to do. First they condemn death penalty and sign UN human rights instruments and then they impose death penalty without consulting the parliament." For the secretary of the NCJP, the imposition of the ordinance without discussion in the assembly is "illogical" and contradicts "the statements of the government about the supremacy of parliament."

The bottom line - given the open topic definition of what constitutes an act of cyberterrorism, especially when the suspect is facing a death penalty, the ordinance seems to be more of a self-regulation awareness campaign courtesy of the Government of Pakistan.

Topics: Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.