Legion hacker group: Here's what we can learn from their hacking campaign

The interview of an India based Legion member, in the Washington Post reveals a lot about how the hacking collective calling itself Legion operates. There is a display of juvenile bravado over their technical skills. Legion apparently have a trove of data, and that data is choosing the targets for them. Legion are not deliberately going after targets. They are not vigilantes, they do not have a purpose. Legion is hacking these accounts because they can. They can be called  cyberdacoits , if you feel so inclined. [caption id=“attachment_339458” align=“aligncenter” width=“640”]  Assange has released material on WikiLeaks with global implications. Image Credit: WikiLeaks.org[/caption] Examples of data breaches and campaigns that try to be altruistic include Julian Assange continuously releasing new material on Wikileaks  and Edward Snowden who spied on the US spy agencies and found that they were spying on US citizens .  Legion is not known to be associated with the loosely organised hacking collective known as Anonymous, but its name features in the tagline of Anonymous, “we are Legion.” One of the reasons Anonymous hacks things is “because we can.” [caption id=“attachment_216285” align=“aligncenter” width=“640”]  Former CIA employee, Edward Snowden, revealed numerous surveillance programs by the NSA.[/caption] Groups associated with Anonymous have executed a few altruistic campaigns, with an operation against pedophiles and a sustained vendetta against ISIS . These efforts are known as hacktivism, where hacking is used to bring about social transformation. A hacktivist associated with anonymous was improving twitter profiles associated with extremism by compromising the accounts and spamming the feeds with gay porn. Legion aren’t exactly hacktivists, but that doesn’t mean we dismiss their efforts outright. https://twitter.com/WauchulaGhost/status/743236586058489856 The work that Legion is doing is important, however random it might be. They are exposing serious security flaws in our system, and shortcomings in the steps that prominent people take to protect their accounts. Compromised data dumps might be languishing in the back alleys of the dark web, but by cherry picking prominent compromised personalities, Legion is bringing to the forefront the weakest links in the security chain. [caption id=“attachment_352543” align=“aligncenter” width=“640”]  Anonymous is legion. Legion is anonymous. Confused?  [/caption] Legion is merely pointing out the holes in the system that would allow threat actors and malicious agents to compromise the data of people. At least they are not serious cybercriminals. They are not compromising networks that have real world repercussions. Legion is not holding people for ransom. They are not executing a series of high profile hacks as promotions for peddling dubious security services, which is something that the hacking collective OurMine does. [caption id=“attachment_325570” align=“aligncenter” width=“640”]  OurMine is a hacking collective that also peddles security services[/caption] Information security is important, and a series of high profile compromises by amateurs is just the right thing to make people take notice and secure themselves. If you want to protect your accounts from attacks by groups such as Legion, here is how to do it .