Lalit Modi and sansad.nic.in: Next targets for hacker group Legion

After having claimed to have hacked into the official Twitter handles of controversial liquor baron Vijay Mallya, the Congress party, its vice-president Rahul Gandhi and journalists Barkha Dutt and Ravish Kumar, a group or individual named ‘Legion’ is now saying that its next target is sansad.nic.in, which provides email services to government employees.

In an encrypted chat interview with FactorDaily, Legion reportedly said: “Next is a dump of sansad-.nic.in emails. Which is — quite big. It includes a lot of _BIG FISH_".

In an interview with The Washington Post on Monday — through an encrypted instant-messaging software – Legion, which is now becoming a well-known name in the world of hackers, said it has access to servers like that of Apollo Hospitals. It said it was unsure about releasing data from those servers because it might cause “chaos” in India. It also warned that the next target would be former IPL Chairman Lalit Modi.

“As for upcoming targets, Legion indicated that it had its sights set on bigger things,” the report said.

“Legion wasn’t even interested in ‘political da

ta’ until a few weeks ago... the group was in possession of several terabytes of raw data concerning all sorts of ‘interests’ and that within that trove the hackers had identified gigabytes worth of information relating to Indian public figures,” the report quoted the user marked LC from ‘Legion Crew’ as saying.

“When I asked him how they came into possession of so much data, he was vague, and said they just ended up with access to over 40k+ servers in India, ‘and we decided — hey, why not write a tool to sift through them for interesting data’,” said Max Bearak, who writes about foreign affairs for The Washington Post.

“He said the data was choosing the targets for them, not the other way around. Whatever they were finding, they aimed to release. From Dutt’s Twitter account, they shared a link to a ‘partial’ data dump of approximately 1.2 gigabytes of her emails,” Bearak said

Legion sure seems confident about its ability to make way to others’ Twitter accounts. In a tweet, ‘Legion’, whose country of origin is yet to be known, asked people to support them "@sigaint.org".

Let us know what Sigaint is and how all this works.

According to the Sigaint website, it is a "darknet email service that allows you to send and receive emails without revealing your location or identity". Sigaint claims to provide email IDs which are secure on TOR browser.

"We provide this service to help journalists and activists combat the dragnet surveillance that exists on the internet today. Even if you aren't in conflict with the state or anyone in particular, you as a human being deserve privacy," it reads.

The website is hosted on "onion.to" but the service claims it does not host the Sigaint content.

"We are simply a conduit connecting internet users to content hosted inside the Tor network. onion.to does not provide any anonymity. You are strongly advised to download the Tor Browser Bundle and access this content over Tor," it says.

Famous among individuals and businesses that want to remain anonymous online, Tor is a free software and an open network helping users defend against traffic analysis – “a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security".

Sigaint also claims that emails created by the network can only be accessed by downloading TOR browser.

If we look at the name ‘Legion’, there was a famous US-based hacker group founded by Lex Luthor and called ‘Legion of Doom’ (LOD), which was active in the late 1990s and early 2000s. LOD is ranked as one of the most influential hacking groups in the history of technology.

We still do not know if ‘Legion’ is inspired by LOD but it looks well versed with the dark world of web and is using whatever it can to launch cyberattacks anywhere in the world, including in India.

With inputs from Agencies