Aditya MadanapalleDec 13, 2016 12:03:37 IST
The interview of an India based Legion member, in the Washington Post reveals a lot about how the hacking collective calling itself Legion operates. There is a display of juvenile bravado over their technical skills. Legion apparently have a trove of data, and that data is choosing the targets for them. Legion are not deliberately going after targets. They are not vigilantes, they do not have a purpose. Legion is hacking these accounts because they can. They can be called cyberdacoits, if you feel so inclined.
Examples of data breaches and campaigns that try to be altruistic include Julian Assange continuously releasing new material on Wikileaks and Edward Snowden who spied on the US spy agencies and found that they were spying on US citizens. Legion is not known to be associated with the loosely organised hacking collective known as Anonymous, but its name features in the tagline of Anonymous, "we are Legion." One of the reasons Anonymous hacks things is "because we can."
Groups associated with Anonymous have executed a few altruistic campaigns, with an operation against pedophiles and a sustained vendetta against ISIS. These efforts are known as hacktivism, where hacking is used to bring about social transformation. A hacktivist associated with anonymous was improving twitter profiles associated with extremism by compromising the accounts and spamming the feeds with gay porn. Legion aren't exactly hacktivists, but that doesn't mean we dismiss their efforts outright.
The work that Legion is doing is important, however random it might be. They are exposing serious security flaws in our system, and shortcomings in the steps that prominent people take to protect their accounts. Compromised data dumps might be languishing in the back alleys of the dark web, but by cherry picking prominent compromised personalities, Legion is bringing to the forefront the weakest links in the security chain.
Legion is merely pointing out the holes in the system that would allow threat actors and malicious agents to compromise the data of people. At least they are not serious cybercriminals. They are not compromising networks that have real world repercussions. Legion is not holding people for ransom. They are not executing a series of high profile hacks as promotions for peddling dubious security services, which is something that the hacking collective OurMine does.
Information security is important, and a series of high profile compromises by amateurs is just the right thing to make people take notice and secure themselves. If you want to protect your accounts from attacks by groups such as Legion, here is how to do it.