When is Cyber Crime Not an Act of Terror

Cyberterrorism?

I found a news article from Inc42 by Thathoo (2023), from February 2023, which discusses a significant number of cybersecurity incidents in India in 2022. The article mentions that India witnessed 13.91 lakh cybersecurity incidents in 2022, and it specifically refers to a major cyberattack on the All India Institute of Medical Sciences (AIIMS) in Delhi. This attack involved the encryption of 1.3 terabytes of data by unknown threat actors, and led to operational disruptions.

The article states that a case of extortion and cyberterrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) wing of Delhi Police in relation to this incident. However, based on the information provided, it seems that the term "cyberterrorism" might have been used incorrectly in this context.

Cyberterrorism is generally defined as the use of cyber attacks against a nation, causing significant harm or fear, with the intent to achieve political or ideological gains. While the AIIMS cyberattack was certainly significant and disruptive, there is no indication in the article that it was politically or ideologically motivated, which is a key characteristic of cyberterrorism. Instead, the incident appears to be more aligned with cybercrime, possibly motivated by financial gain (as suggested by the mention of extortion).

Therefore, labeling this incident as cyberterrorism might be misleading, as it seems to lack the political or ideological motive typically associated with acts of terrorism. It seems to be more of a case of cyber crime—not terror. In referring to regular cyber crimes as terror, we risk turning every crime into a form of terrorism, which really perverts the system of justice that is supposed to be used to address wrongdoing. Extortion is not the same thing as terrorism.