advertisement
(All information is based on media interviews that the hacker group has given. None of this has been corroborated independently by The Quint.)
A quick Google search of the word shows up a Wikipedia definition: ‘Legion’ is a group of demons referred to in the New Testament, in an incident during which Jesus performs an exorcism.
Biblical references aside, Legion is the latest hacker group to take centre-stage in India’s cyber-security landscape. In the last couple of weeks, Legion has hacked four high profile Twitter accounts and dumped a couple of gigabytes of sensitive personal information on the internet.
Everything you read about Legion is what they are projecting to the world. Nobody has met them, no one knows where they live or work out of, and hence it is extremely difficult for law enforcement agencies to pin them down and interrogate them. Their media interviews have all taken place on a secure chat app called Signal. Messages sent through Signal are end-to-end encrypted and the user cannot be tracked based on geo-data or IP.
Legion is quite media-savvy and their choice to hack Twitter accounts is a clear indication of that. Vijay Mallya, Barkha Dutt and Ravish Kumar are all extremely popular online personalities and have garnered immense chatter among relevant circles. Legion wants to establish their existence in people’s consciousness and in that endeavour they seem to have had some success.
They may also be aligned with the establishment or seem inclined towards it as there have been no direct hacks on the government or the BJP yet.
However, it seems Legion’s eyes are now set on releasing a big data dump of mails from sansad.nic.in. Nic.in is the official mail server used for all bureaucratic purposes and breaching this will give anyone easy access to official mail exchanges between some “Big Fishes” from the government.
Does the Indian establishment have adequate and intelligent online defence systems in place to avert a large-scale cyberattack? Technology expert Prasanto K Roy doesn’t think so.
Prasanto also points out that ministers, bureaucrats and other government officials have an extremely lackadaisical mindset towards online security.
India has one of the most comprehensive cybercrime laws, but all that falls apart when it comes to enforcement. While high profile attacks by hackers such as Legion may not affect the average person on the street, even a small attack on digital financial services will put millions at risk. The government and private stakeholders need to ensure airtight security for financial tech if they really want to make good on the promise of Digital India.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)