Legion cracks Twitter accounts of Rahul Gandhi, Mallya, others

13 Dec 2016

Somewhere in India, a young man is parked in front of his computer, smoking copious amounts of marijuana and causing great embarrassment to some of the country's biggest movers and shakers, reports The Washington Post.

He and a group of others - who he claims number in the ''higher single digits'' and are based around the world - go by the name Legion. Over the past two weeks, their first target was Rahul Gandhi, the heir to the Congress party, which has held power in India for much of its post-colonial history. Next was Vijay Mallya, the embattled former chairman of India's biggest liquor company, who fled to Britain in March amid allegations of financial fraud and money laundering.

Others hacked include Ravish Kumar and Barkha Dutt, news show hosts for NDTV. The group says Lalit Modi of Indian Premier League fame and also wanted by Indian authorities, is their next target and they also claim to have access to sansad.nic.in, which is the email server used by nearly all government employees in India.

In a Washington Post report on Monday, a member of the group divulged that he was not interested in any 'political data' until a few weeks ago. He said that the group, which he claims number in the 'higher single digits''', was in possession of terabytes of raw data and they had filtered gigabytes worth of data from it.

In another interview to a tech website, FactorDaily, the group said they plan to ''dump'' ''sansad-.nic.in emails,'' and that this includes ''a lot of big fish''.

When asked about whether they had a political agenda behind the leaks, the hacker told the newspaper that people who thought so should ''gas themselves with a balloon filled with Zyklon B''. That's the gas used by the Nazis during the Holocaust against the Jews.

Legion's first target was Rahul Gandhi, whose Twitter account was hacked and the group also said they will put out a massive email data dump from Congress' emails. The group had indicated they had managed to hack the server of Indian National Congress website. One day after Rahul Gandhi's Twitter was hacked, the Congress Twitter handle was also compromised.

This was followed by the hacking of Vijay Mallya's Twitter account and his personal data, including details of assets, were put online.

On Saturday, Legion followed it up by hacking Barkha Dutt and Ravish Kumar's Twitter accounts and gained access to their emails. Legion had managed to hack NDTV's entire email server, and then posted a link to 1.2GB worth of Barkha's emails on her hacked Twitter account.

In conversation with the Post journalist, the member of Legion, who presumably operates from somewhere in India, said that they were just a ''group of computer geeks who were addicted to crime and drugs''. Washington Post has put out snippets of the encrypted conversation that has taken place between the reporter and the Legion hacker. Interestingly in the FactorDaily report, the hacker claims to be based in India but says he doesn't have an Indian passport.

Interestingly the hacker says their aim is to put out classified information on the Internet, and claims have ''access to over 40k+ servers in India''. For enterprises in India, this can't come as good news, and this doesn't just apply to media houses.

The hacker also claimed they might release an email dump of an entire email provider, which has over 50,000 corporate clients in India, but then admitted the number is ''an exaggeration.''  The group also has access to Apollo Hospital's data server, and again this doesn't bode well if one considers doctor-patient confidentiality and privacy. The hacker also mentioned that they were unsure of releasing the data from some servers as it might end up causing 'chaos'.

The episode once again raises the question of internet security. The hacker told the Post he found a lot of Mallya's personal data quite easily and most of it was un-encrypted.