ADVERTISEMENTREMOVE AD

Drugs, Hacks and Internet Anarchy: Who is Legion? 

Everything you read about Legion is what they are projecting. The era of frequent cyberattacks is upon us.

Updated
story-hero-img
i
Aa
Aa
Small
Aa
Medium
Aa
Large
Snapshot

Who is Legion?

(All information is based on media interviews that the hacker group has given. None of this has been corroborated independently by The Quint.)

  • Legion is a group of hackers based in multiple parts of the world.
  • They’re connected to India, though some of them may not have an Indian passport.
  • They’re behind at least four high profile Indian Twitter account breaches and two data dumps.
  • They’re difficult to trace as they use secure servers and apps for communication and hacking.
  • They’re addicted to crime and drugs, or so they claim.
Everything you read about Legion is what they are projecting. The era of frequent cyberattacks is upon us.
Legion’s modus operandi so far has been breaching high profile Twitter accounts to deface them and warn about future attacks. (Photo: The Quint)

A quick Google search of the word shows up a Wikipedia definition: ‘Legion’ is a group of demons referred to in the New Testament, in an incident during which Jesus performs an exorcism.

Biblical references aside, Legion is the latest hacker group to take centre-stage in India’s cyber-security landscape. In the last couple of weeks, Legion has hacked four high profile Twitter accounts and dumped a couple of gigabytes of sensitive personal information on the internet.

ADVERTISEMENTREMOVE AD

Everything you read about Legion is what they are projecting to the world. Nobody has met them, no one knows where they live or work out of, and hence it is extremely difficult for law enforcement agencies to pin them down and interrogate them. Their media interviews have all taken place on a secure chat app called Signal. Messages sent through Signal are end-to-end encrypted and the user cannot be tracked based on geo-data or IP.

The whole persona building with typical vocabulary of 4Chan and other online forums and overemphasis on drugs seems pretty forced. Perhaps this is done to allude to pop culture imagery of hackers portrayed online and in shows like ‘Mr. Robot’. 
Everything you read about Legion is what they are projecting. The era of frequent cyberattacks is upon us.
‘Mr. Robot’ is the most popular and accurate depiction of the hacker culture in mainstream entertainment so far. (GIF courtesy: GIPHY)

Legion is quite media-savvy and their choice to hack Twitter accounts is a clear indication of that. Vijay Mallya, Barkha Dutt and Ravish Kumar are all extremely popular online personalities and have garnered immense chatter among relevant circles. Legion wants to establish their existence in people’s consciousness and in that endeavour they seem to have had some success.

They may also be aligned with the establishment or seem inclined towards it as there have been no direct hacks on the government or the BJP yet.

However, it seems Legion’s eyes are now set on releasing a big data dump of mails from sansad.nic.in. Nic.in is the official mail server used for all bureaucratic purposes and breaching this will give anyone easy access to official mail exchanges between some “Big Fishes” from the government.

Can the Indian Establishment Prevent Hacks?

Everything you read about Legion is what they are projecting. The era of frequent cyberattacks is upon us.
Indian online defence systems are not equipped to handle a large-scale cyberattack. (GIF courtesy: GIPHY)

Does the Indian establishment have adequate and intelligent online defence systems in place to avert a large-scale cyberattack? Technology expert Prasanto K Roy doesn’t think so.

“While CERT works to secure critical assets of national importance such as the PMO office like a fortress, the general approach towards any other cyberattack seems to be a rather unscientific ‘Shut Down the Internet’.”

Prasanto also points out that ministers, bureaucrats and other government officials have an extremely lackadaisical mindset towards online security.

Most babus have an ‘armchair mail’ on the sarkari nic.in mail service but choose to use private mail services such as Gmail, Yahoo or Hotmail, even for official work. Some aren’t aware of Phishing and, hence, keep falling prey to these attacks. Till a couple of years ago, Gmail IDs were flashed on the IT ministry website as the official way to contact them. Fortunately, most departments have now switched to secure government IDs.
Prasanto K Roy, Technology Expert

India has one of the most comprehensive cybercrime laws, but all that falls apart when it comes to enforcement. While high profile attacks by hackers such as Legion may not affect the average person on the street, even a small attack on digital financial services will put millions at risk. The government and private stakeholders need to ensure airtight security for financial tech if they really want to make good on the promise of Digital India.

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)

Published: 
Speaking truth to power requires allies like you.
Become a Member
Read More
×
×