Legion hacker group set eyes on sansad.nic.in; seem to be cyberdacoits, bring them down

By R Swaminathan /  13 Dec 2016 , 10:54

The Indian State has been threatened. Make no mistake. Banks, hospitals and Parliament are our institutions and a fitting response has to be given.

Attacker: Legion
Targets: Rahul Gandhi. Vijay Mallya. Barkha Dutt. Ravish Kumar.
Next Target-Wannabe: Lalit Modi.
New Targets: Banks, Hospitals & sansad.nic.in aka BIG FISH

One can be tempted to bracket the hacking done by Legion as a sign of the dystopian times that we live in. There are enough straws to indicate that: a group of renegades dabbling in weed, smoke and mirrors, security codes and a naïve sense of superiority.

One can also be equally tempted to decipher deep meanings from the hacking about the nature of hidden angst and its manifestations. Again, there are enough crumbs leading that trail: a group of Robin Hood style do-gooders disillusioned with the ways of world boldly taking the battle to the rich and the powerful.

Powder puff and romanticism aside, the reality is as cold as steel. Legion is a group of people with uncommon hacking skills that’s not the plain vanilla variety that India has encountered till now. In short, Legion is bringing into India, for the first, international standard hacking. Ask security experts. It’s not easy to hack into Google and Twitter servers. Nor is it a walk in the park to design a tool to sift through terabytes of data.

Let’s not kid ourselves. Legion is clear and presents danger. Forget their ‘g33ky’ lingo and snigger-worth references to “balloons filled with Zykon B” (which, by the way, is cyanide-based pesticide). Forget them being fanboys (and fangirls) of ‘progressive house music, Brian Eno, Aphex Twins and Global Communications’. Wipe out that Rastafarian story of languid pace and peaceful contentment that you are building about them in your head.

Legion is a wake-up call for a transforming (read digital) India. The alarm bells are ringing loud and clear in three domains.  The first bell is clearly meant for our law enforcement institutions. This is not the first time that our cops and sleuths have been caught deer-like. The sorry figure cut by intelligence agencies on the @shamiwitness aka Mehdi Biswas case was filled with lessons. They should have been learnt. Yet, we are again seeing the same story.

On paper, India by now is supposed to have a National Cyber Coordination Centre and a National Critical Information Infrastructure Protection Centre. At least that’s what the National Cyber Security Policy of 2013 recommends. Yes, the policy also promises “to create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions… and create a workforce of 5,00,000 professionals skilled in next five years through capacity building skill development and training”. Good words, nicely written. What now?

The second bell is meant for organisations and institutions using digital payment gateways.  The focus has always been on either using the digital medium for greater reach, efficiency and effectiveness or for creating new product and service lines that can be sold directly to the consumer. Of course, the logic of the business model demands that the transactions take place in the simplest possible manner: from Point A to Point B. But lost in this logic of making everything simple is the question of security of personal and financial information. The government institutions have a greater responsibility, at least a couple of notches above any private organisation and institution.  After all, in a democratic India, the government with all its warts and pimples is still representative of our collective will.

Like it or not, cybersecurity of critical institutions and organisation is a matter of national security. And, there are solutions. Every single piece of data, every bit and byte, passing Indian internet and telecommunication pipes can be intercepted, stored, analysed and workable intelligence generated out of it. Germany, France and United States of America are quite good at it. India has had similar ambitions in the form of developing and deploying a central monitoring system (CMS). Maybe, it’s time?

The third bell is for us: as a collective and as an emerging community of digital natives. It gives us vicarious pleasure to see other people’s accounts hacked and their personal information coming out into the public domain. It could happen to you too. Of course, some of the injustices are stark and cannot ever be ignored: how can Vijay Mallya live it up when he hasn’t paid the salaries of Kingfisher employees? Sure, good question, but a different debate. Classic, contemporary and post-modernist arguments of freedom, privacy, democracy, rights and entitlements aside, isn’t it time for us to start pointing out the elephants and unicorns of all shades in the room? Where does freedom begin and privacy end?

The hackers of Legion are not Julian Assange or Wikileaks. They are also not old style investigative journalists who brought down tobacco companies and mining barons. They are cyberdacoits. They need to be brought down.

Attacker: India
Target: Legion Hacker
Wannabe Target: Copycat Hackers
New Targets: Loading…

Legion: Here’s how to keep your online accounts safe from malicious attacks by hacker groups

Representational Image

By Aditya Madanapalle /  13 Dec 2016 , 10:25

The hacking group Legion seems to be going after high level targets, in a campaign similar to the one executed by OurMine. The Legion group does not seem to be as sophisticated as OurMine, because they are choosing targets from an already compromised data, instead of deliberately finding ways to take down marks of interest. There are some elementary safety precautions that you can take to secure yourself against attacks by groups such as Legion.

One of the OurMine takedowns of Mark Zuckerberg’s social media accounts compromised Twitter and Pinterest at one go. Zuckerberg apparently used a “dadada” as the password, even though Zuckerberg is safe enough to physically put a tape over the webcam of his laptop. Being paranoid is a good idea when it comes to information security, and every additional security measure helps, even if it is a bit of tape. The main takeaway from the attack is to use different passwords for different accounts.

Paranoia is a security feature

The leaked passwords used by Vijay Mallya in the hack showed that he had taken this precaution to a certain extent. A number of base text strings were used, with variations added on top. Now someone who has access to these base strings and variations can attempt to guess passwords for new accounts. It is important to constantly cycle passwords for critical accounts, and not share the same passwords across services. Variations might be simple to remember, but it is more secure to have completely different alphanumeric strings.

Lastpass is a password manager that works across platforms.

Keeping track of multiple usernames and passwords can be daunting, a secure password manager such as LastPass is better than saving your passwords in a notepad file in your email inbox. The mobile application available on iOS and Android allows users to store their passwords behind the biometric security offered by a fingerprint scanner. One common mistake is to write down your passwords on a sheet of paper, it is worse to list all your usernames and passwords on a single sheet of paper.

Constantly cycling passwords protects users from compromised dumps. If a service offers two factor authentication, it is better to activate it to prevent hostile takeovers to accounts. Most popular email, social networking and content distribution platforms support two factor authentication. Another vector of attack is through the secret questions set at time of account creation. Do not key in the actual answers to the questions, as someone who knows users personally can guess the answers. Instead use obscure questions, as well as hard to guess answers, even if a known person attempts to takeover your account. Guessing the answers to the secret questions is one of the most common ways accounts are compromised.

Haveibeenpwnd shows which data breaches contain your data.

It is a good idea to check if any of your accounts have already been compromised. Haveibeenpwned is such a service that allows users to check if their email addresses or usernames are compromised in any of the large well known data dumps. These are large dumps of login credentials farmed from compromised third party sites.

The site will let you know in which dump your credentials appear, and you can take steps to safeguard that account. There is also a mention of what details were compromised in the particular hack. Users can sign up to be alerted when their accounts are compromised in future hacks. Checking the site periodically is a good idea to keep your accounts safe.