Legion hacker group set eyes on sansad.nic.in; seem to be cyberdacoits, bring them down

By R Swaminathan /  13 Dec 2016 , 10:54

The Indian State has been threatened. Make no mistake. Banks, hospitals and Parliament are our institutions and a fitting response has to be given.

Attacker: Legion
Targets: Rahul Gandhi. Vijay Mallya. Barkha Dutt. Ravish Kumar.
Next Target-Wannabe: Lalit Modi.
New Targets: Banks, Hospitals & sansad.nic.in aka BIG FISH

One can be tempted to bracket the hacking done by Legion as a sign of the dystopian times that we live in. There are enough straws to indicate that: a group of renegades dabbling in weed, smoke and mirrors, security codes and a naïve sense of superiority.

One can also be equally tempted to decipher deep meanings from the hacking about the nature of hidden angst and its manifestations. Again, there are enough crumbs leading that trail: a group of Robin Hood style do-gooders disillusioned with the ways of world boldly taking the battle to the rich and the powerful.

Powder puff and romanticism aside, the reality is as cold as steel. Legion is a group of people with uncommon hacking skills that’s not the plain vanilla variety that India has encountered till now. In short, Legion is bringing into India, for the first, international standard hacking. Ask security experts. It’s not easy to hack into Google and Twitter servers. Nor is it a walk in the park to design a tool to sift through terabytes of data.

Let’s not kid ourselves. Legion is clear and presents danger. Forget their ‘g33ky’ lingo and snigger-worth references to “balloons filled with Zykon B” (which, by the way, is cyanide-based pesticide). Forget them being fanboys (and fangirls) of ‘progressive house music, Brian Eno, Aphex Twins and Global Communications’. Wipe out that Rastafarian story of languid pace and peaceful contentment that you are building about them in your head.

Legion is a wake-up call for a transforming (read digital) India. The alarm bells are ringing loud and clear in three domains.  The first bell is clearly meant for our law enforcement institutions. This is not the first time that our cops and sleuths have been caught deer-like. The sorry figure cut by intelligence agencies on the @shamiwitness aka Mehdi Biswas case was filled with lessons. They should have been learnt. Yet, we are again seeing the same story.

On paper, India by now is supposed to have a National Cyber Coordination Centre and a National Critical Information Infrastructure Protection Centre. At least that’s what the National Cyber Security Policy of 2013 recommends. Yes, the policy also promises “to create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions… and create a workforce of 5,00,000 professionals skilled in next five years through capacity building skill development and training”. Good words, nicely written. What now?

The second bell is meant for organisations and institutions using digital payment gateways.  The focus has always been on either using the digital medium for greater reach, efficiency and effectiveness or for creating new product and service lines that can be sold directly to the consumer. Of course, the logic of the business model demands that the transactions take place in the simplest possible manner: from Point A to Point B. But lost in this logic of making everything simple is the question of security of personal and financial information. The government institutions have a greater responsibility, at least a couple of notches above any private organisation and institution.  After all, in a democratic India, the government with all its warts and pimples is still representative of our collective will.

Like it or not, cybersecurity of critical institutions and organisation is a matter of national security. And, there are solutions. Every single piece of data, every bit and byte, passing Indian internet and telecommunication pipes can be intercepted, stored, analysed and workable intelligence generated out of it. Germany, France and United States of America are quite good at it. India has had similar ambitions in the form of developing and deploying a central monitoring system (CMS). Maybe, it’s time?

The third bell is for us: as a collective and as an emerging community of digital natives. It gives us vicarious pleasure to see other people’s accounts hacked and their personal information coming out into the public domain. It could happen to you too. Of course, some of the injustices are stark and cannot ever be ignored: how can Vijay Mallya live it up when he hasn’t paid the salaries of Kingfisher employees? Sure, good question, but a different debate. Classic, contemporary and post-modernist arguments of freedom, privacy, democracy, rights and entitlements aside, isn’t it time for us to start pointing out the elephants and unicorns of all shades in the room? Where does freedom begin and privacy end?

The hackers of Legion are not Julian Assange or Wikileaks. They are also not old style investigative journalists who brought down tobacco companies and mining barons. They are cyberdacoits. They need to be brought down.

Attacker: India
Target: Legion Hacker
Wannabe Target: Copycat Hackers
New Targets: Loading…

Congress Party and Rahul Gandhi’s Twitter account hack come as no surprise for cyber experts

Rahul Gandhi

01 Dec 2016 , 17:02


As the news of Congress Party and its Vice President Rahul Gandhi’s Twitter accounts being hacked spread like wildfire on Thursday, cyber experts were not surprised as the phenomenon is quite common across the globe where hackers are always a step ahead when it comes to data breach — be it a social media platform or your financial information. When it comes to celebrities, Facebook CEO Mark Zuckerberg, Twitter CEO Jack Dorsey, Google CEO Sundar Pichai, Twitter co-founder and former CEO Evan Williams, US actor-singer Jack Black — even the deceased Beatle George Harrison — have seen their social media accounts being hacked in recent times.

Even social networking websites with two-step verification procedures are not secure any more as hackers have evolved various strategies to steal personal information from computers, laptops or smartphones. “There may be a possibility that Rahul Gandhi’s Twitter account was logged into from an unsecured computer or a device that did not have next-generation firewall, an updated anti-virus software or from a compromised IP address. This situation is a boon for hackers who are constantly searching for security flaws and hack into the social media accounts of celebrities and political leaders,” Anoop Mishra, one of the nation’s leading social media experts, told IANS.

According to Saket Modi, Co-founder and CEO of IT risk assessment and digital security services provider Lucideus, the social media hack of both Congress Party and its Vice President’s Twitter accounts can be a result of any one of two possibilities. “It can either be a potential backdoor (malware) being present on a computer system on which both the accounts might have been simultaneously accessed, or this can be a long, persistent and targeted attack (spear phishing in most cases) on the political party. In either case, I am certain there is more data in the hands of the hackers than just account access that might be released in due course of time,” Modi told IANS.

“The only two parties responsible for the security of a social media account are the social media provider (in this case Twitter) and the owner of the account. As these are just two accounts that have been compromised and misused, it is safe to assume that the exploited vulnerability was not present on the side of Twitter,” Modi added. There are several infamous groups busy working day and night to hack into social media accounts — be it Legion, that claimed to have hacked into Rahul Gandhi’s Twitter account, or OurMine, that compromised the Twitter accounts of Zuckerberg, Dorsey, Pichai and others.

The most popular website among hackers is LeakedSource.com which compiles the databases for publicly available hacks of usernames, passwords and email addresses from every major website security breach over the last few years, say media reports. For a country like India that is transitioning to a digital era, experts feel there is a need for stronger cyber laws to minimise such cyber-bullying risks.

“India still does not have a dedicated legislation on cyber security or bullying when it comes to social media platforms. The country, given its vision of becoming an IT super-power, needs to have a dedicated cyber security law on this at the earliest,” Pavan Duggal, one of the nation’s top cyber law experts and a senior Supreme Court advocate, told IANS. The Information Technology Act, 2000, was amended in 2008. By virtue of the 2008 amendments, certain cosmetic changes concerning cyber security were made to the Information Technology Act, 2000.

“These amendments are not sufficient and adequate in today’s scenario. Further, the cyber security breach ecosystem ground realities are distinctly different in 2016 as compared to 2008. As such, there is a distinct need for India to beef up its legal frameworks on cyber security and cyber bullying,” Duggal added. People need to adopt various cyber hygiene methodologies in order to avoid online data stealing.

“Having in place an updated anti-virus software on your computer system is a critical component. There are several encrypted data services available which can be used abroad. Company executives should only access HTTPs sites — being secure sites,” Duggal suggested. “If you’re accessing something sensitive on public Wi-Fi, try to do it on an SSL (Secure Socket Layer) encrypted websites. The HTTPs browser extension can reduce the risk by redirecting you to an encrypted page when available,” Mishra explained.

Turn off file/computer/network sharing and avoid using specific websites where there’s a chance that cyber criminals could capture your identity, passwords or personal information. “Make all new PIN and account passwords different and difficult to guess. Include upper and lower case letters, numbers and symbols to make passwords harder to crack online,” suggested Sunil Sharma, Vice President-Sales and Operations (India & SAARC), Sophos, a global leader in network and endpoint security.

IANS