"Big Fish": Legion Hackers Claims Access to Govt Website Used by MPs
NEW DELHI: Hacker group Legion -- that has been in the news in the past week for attacks on Twitter accounts and emails of individual Indian journalists, businessmen and politicians -- has now said that it will be releasing data contained in emails hosted on the government-owned website Sansad.nic.in.
The target was revealed by the group in an interview with factorydaily.com. The interview was conducted over a secure chat, and the people or person representing legion said that the group does not have a purpose, “we just expose people that pop up… As potentially interesting.”
The information regarding the Sansad.nic.in data dump was revealed as a response to the question “what next?” “Next is a dump of sansad.nic.in emails… Which is – quite big... It includes a lot of _BIG FISH_” was Legion’s response.
The interviewer followed up the response with the question, “Whoa, do you think that could potentially damage innocents? Like collateral damage of sorts?”
“It might, it might not...But then again – only government affiliated people get e-mails @sansad.nic.in … So, it’d be interesting … If it does damage innocents – it’s their problem for using an insecure mail service,” Legion responded.
Sansad.nic.in is a government owned and run email service, that provides a @gov.in email address to government servants and employees (central and state). It is run by the National Informatics Centre.
Although Legion did not indicate its motive behind hacking Sansad.nic.in, the group did sound off against Prime Minister Narendra Modi’s #DigitialIndia campiagn, specifically pointing to the lack of safety.
“We ourselves have confidential data pertaining to NPCI/ IDRBT hub servers, and even have the encryption keys/ certificates used by some banks in India (Not disclosed)... So, theoretically, we could generate ‘fraudulent’ financial messages- Let’s say, VIA IMPS or NEFT!... Does that make #DigitalIndia safe?...Maybe Modi should think all of this through before launching it ” the group said.
As the interviewer interjected that the above sounded a bit like the hit TV show “Mr. Robot,” the group responded: “Well, let me point out something – it’s been done before… Hackers reverse engineered the protocol used by SWIFT and siphoned off over $400m in the past few months… And SWIFt is the ‘international standard’... What about the Indian banking system? It’s probably down to its knees already by other groups of the same skillset.”
Although little is known about the group, they have come to occupy headlines in the last week owing to targeted attacks on Twitter accounts and emails of prominent journalists, businessmen and politicians.
The selection of people previously targeted prompted rumours that the group were affiliated with the ruling party -- a claim that they rubbished in the interview.
“Is true that Modi/ BJP accounts have bulletproof security online? Is that one of the reasons for not having any of their major accounts?” asked the interviewer, to which Legion responded: “This is the internet… Anything can be made can be broken...Nothing is secure.”
“Why none of the BJP handles, accounts yet then?” the interviewer prodded.
Probably because we didn’t loot enough money from BJP to do the drugz.
“However, if BJP does not buy us a gram of tryptamine out there- payable in bitcoin- we will r00t and 0wn them too … Jokes apart… We will own them too, when the time is right.”
The interviewer also asked about the group’s claim that they had information involving former Tamil Nadu Chief Minister Jayalalithaa, who died earlier this month. “You claim to have not release Amma info because it’ll cause chaos. Doesn’t that contradict stated mission of putting as much classified information out in public as possible. As in, why be selective. Just send out a dump rather than worry about implications. Or are you being selective about it and if so, why and what guides that selection?” the interviewer asked.
“There are lots of rounds going about in the ‘amma info’ … We just don’t know the legitimacy of half the data acquired in it … When we scanned through the data we intercepted from various servers in south india, including AIADMK CDR stuff and other valuable information … We found a lot of info contradicting info.”
When asked whether they have any political affiliations, the group’s representative(s) said, “One word- anarchists.”
The group had denied political affiliations in an earlier interview with The Washington Post. In a screenshot posted of the conversation, the group rubbished the question.
The article in the WP notes, “Rather, he said Legion wasn't even interested in “political data” until a few weeks ago. He said that the group was in possession of several terabytes of raw data concerning all sorts of “interests” and that within that trove the hackers had identified gigabytes worth of information relating to Indian public figures. He said the data was choosing the targets for them, not the other way around. Whatever they were finding, they aimed to release.”