"Yes, I am a criminal. My crime is that of curiosity. I am a hacker and this is my manifesto… You may stop me, but you can't stop us all."
Are hacker collectives like Anonymous and Legion black hats or white hats, or do they lurk in the space between the two? Dhruv Munjal reports.
'This is our world now. The world of the electron and the switch, the beauty of the baud. We exist without nationality, skin color, or religious bias. You wage wars, murder, cheat, lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. I am a hacker and this is my manifesto. Huh, right, manifesto? You may stop me, but you can't stop us all.'
For many young, inquisitive geeks around the world, Loyd Blankenship is a cult hero -- these epochal words were penned by him in an essay titled Hacker Manifesto that was published in Phrack in 1986. If hackers at the time were only mildly convinced about the righteousness of the "unscrupulous" activities they chose to involve themselves in, then Blankenship's words arrived in the form of a thumping validation: keep doing what you're doing.
Ever since the essay was first published, this piece of Blankenship wisdom has found itself etched on numerous T-shirts and badges. Even as some still argue that the essay's significance was overemphasised at the time, it continues to remain an iconic piece of hacker culture even today.
It is difficult to say if Legion, the hacking group that managed to gain access to the Twitter accounts of Congress Vice-president Rahul Gandhi, NDTV journalists Barkha Dutt and Ravish Kumar, and absconding industrialist Vijay Mallya was inspired by Blankenship. But members of the group, believed to be operating from five countries -- the United States, Sweden, Canada, Thailand and Romania -- seem to agree with Blankenship on one thing: they are no criminals. Instead, they say that they are here to expose the corrupt, acting as crusaders against anyone who sullies society.
The internet found itself under a similar siege -- on a much grander scale, though -- almost a decade ago, when the hacking collective Anonymous launched scathing attacks on government, religious and corporate websites. While internet activists deemed the group as cyber criminals, some sympathisers likened its members to "freedom fighters" and "Robin Hoods". Anonymous' presence on the internet, however, has somewhat dwindled in the last few years.
Security analysts say that Anonymous posed a humongous safety challenge, but even in the case of Legion, the threat quotient is significantly real.
"In a way, they are trying to alert us. They are exposing the weaknesses that we have in our systems. They are trying to show us a mirror we must not ignore," says Trishneet Arora, the 23-year-old founder and CEO of TAC Security.
Legion communicates through email servers and browsers that are shielded from surveillance. Essentially, it does not use Google Chrome or Internet Explorer but a browser called The Onion Route, or TOR, which is extremely difficult to track.
Others don't necessarily call them black-hat craftsmen: hackers who don't make their activities public and only hack to highlight the security shortcomings that afflict a system. Instead, as explains Mukesh Jain, a Mumbai-based cyber consultant, they fall in a "grey area".
"Some black-hat hackers do such things because they want to gain a degree of respect among their community members. These guys, on the other hand, look like cyber criminals who are being backed by someone big," says Jain.
Jain's suspicion stems from understandable reason. Legion has been largely selective in its attacks, carefully choosing its targets.
"If you look at the people they've gone after, their public perception is really divided, so there can be a ploy at work," says Jain.
The group has threatened to make a huge amount of "dubious" data public -- nothing has come out of the documents it has leaked so far. It has repeatedly said that its next target would be former Indian Premier League boss Lalit Modi.
Saket Modi loves talking security, and maybe rightfully so. He spends most of his time helping major banks across the world secure their data. Modi is the co-founder and CEO at New Delhi-based Lucideus Tech, an IT risk assessment and digital security services provider.
Modi opines that such attacks aren't new, but warns that we must not take them lightly. "The threat is very real. We are vulnerable and must make sure that we plug the loopholes," he says. "Having said that, we must also understand that nothing is 100 per cent secure. We cannot eliminate the risk, but only reduce it. And, that's what we have to do."
Other ethical hackers concur with Modi, adding that whenever a new system is built, its vulnerability needs to be tested comprehensively.
"Fortune 500 companies have been publicly breached several times. That tells you something. We have to remain alert," says Modi.
Just recently, Yahoo! revealed that more than 1 billion of its user accounts were hacked -- the largest such breach ever -- in an incident that dates back to August 2013.
In 2014, JPMorgan Chase was stung by a cyber attack that compromised 83 million bank accounts, and hit more than 76 million American households -- almost two out of every three households in the country.
"Threat assessment is the only way out. Without that, groups like Legion are impossible to stop," says Jain.
Kevin Mitnick, perhaps the world's most famous hacker in the 1990s, once revealed that as a young boy in school he was taught that hacking was "cool". In a lot of ways, "cool" is what many hackers still thrive on.
While the motivation behind attacks such as the one launched by Legion is too difficult to dissect, some experts feel that the "thrill factor" may have been at work in this case.
"The motives are difficult to ascertain, almost impossible. There may be something frivolous or something really personal. But yes, getting a 'kick' out of such things hasn't completely gone out of fashion," says Modi.
Several studies in the past have revealed how geeks and IT administrators have more restrained feelings and emotions than others, and this "anger" often contributes to the quest for spiteful vengeance.
Others, however, refuse to take such emotional erraticism for a reason, saying that the motives may be solely monetary.
Sunny Vaghela, one of India's brightest young ethical hackers and founder of TechDefense Solutions, says -- borrowing a popular phrase from Heath Ledger's character, The Joker, in The Dark Knight -- that if people are good at something, then they never do that for free.
"No hacker will ever work for free. It's not an easy job, after all. So, my guess is that they are working for money, and someone is sponsoring them. Finding out who that is obviously very difficult," says Vaghela.
Among the myriad things that Legion has brought to public notice, it has also spoken about how India's banking system is "deeply flawed", adding that accounts can be comfortably compromised and details gathered rather easily. Vaghela says the banking threat should be treated as the paramount concern.
"All of us love talking about Digital India. But we ignore the threats around us all the time. Legion, or anyone else, can cause major damage, and we need to manage that risk."
