<link rel="stylesheet" href="//fonts.googleapis.com/css?family=Open+Sans%3A400italic%2C700italic%2C400%2C700">Hacker groups Archives « Aam JanataSkip to content

1

So a few days ago,anonymous hackers calling themselves "Legion" hacked Rahul Gandhi's Twitter account and made profane tweets from it.

Anonymous legion hackers then compromised the official Congress handle and other accounts, all of them with official inc.in email IDs.

Yesterday, the anonymous hackers calling themselves "Legion" hacked Barkha Dutt's Twitter account

followed by Ravish Kumar's.

The group of hackers made a tweet claiming not to be affiliated with the BJP.

Which is all very excellent, except there are some very good reasons to believe that the hackers could indeed be affiliated with the BJP. And BJP has a long history of its fronts being "apolitical" or "not-affiliated", going right back to a notable event I attended in 2009 or 2010 (I forget), organized by "Friends of BJP" - which claimed to be an apolitical group. Countless Hindu Sena this that and the other variants have conveniently popped up to attack targets of BJP at opportune moments and vanished into obscurity.

India Against Corruption ran a nationwide protest against the previous government. An "apolitical" organization, that just happened to be amply funded by the RSS, included plenty of BJP affiliated public figures, AND had protests happening in front of every BJP office, was... apolitical.

For that matter, the RSS itself, whose members form a large part of the government and who gets foreign funds for rescue and social work, but managed to put LAKHS of its workers on the streets campaigning for BJP's Lok Sabha electoral campaign is.... (you guessed it by now) an apolitical, cultural organization. I hope you get my drift. If it walks like a BJP affiliate, acts like a BJP affiliate, quacks like a BJP affiliate AND it claims to be apolitical...

A heads up by the BJP insider handle

A handle calling itself "BJP insider" had tweeted in July that BJP's IT cell had recruited professional hackers to hack and suspend accounts causing problems to boss (Modi) on Twitter and Facebook. This handle has been around for a couple of years at least and consistently tweets what it claims is the scuttlebutt around BJP headquarters.

By itself, it may not mean much, as several months had passed. Or it could mean a lot. Who knows. It is hardly like BJP has never hired people to do their dirty work online.

Rumors of targeting of political opponents and critics being planned

After the second week of demonetistion, there were several rumors that BJP had plans to target political opponents in various ways. The manner in which they circulated and the variety of actions being suggested as possible don't suggest a single source.

Also some deliberate events happening to discredit conspicuous critics of the demonetisation gave credibility to the rumors. For example, the most popular one expected was Income Tax raids on people. However the "false alarm" with Mamata Banerjee as well as ex-Prime Minister Manmohan Singh under investigation for a scam within days of a powerful speech and article pointing out concerns about demonetisation certainly raise questions about the timing.

The targets of the hacks

All the identities targeted are top targets of BJP's online troll gangs. Both individuals and organizations. Incidentally, once this was raised, @Joydas was among the first to comment that a token BJP hack would happen. And it did. No undesirable tweets got posted and a large "dump" of their database was apparently put up that no one seems to have downloaded (because the hotshots basically DoSed their own server with it, looks like). What is in it could be anyone's guess. But given the complete lack of agitation in the bhakts normally frenzied about the slightest adverse development, it is difficult to believe this to be an adverse development.

Symptoms of BJP's photoshop industry at work

Screenshots posted of what appears to be a transaction notification email to Barkha Dutt from the Standard Chartered bank have two glaring issues.

 

Receipient? Seriously?

Should be recipient, yes? Strange to believe that either Standard Chartered or a mobile application coder good enough to get the interest of a "hacker" would make such a basic mistake. Leads one to question whether the screenshots are real. It wouldn't be the first time the BJP's photoshop department threw up an "original" document, only to reveal themselves with atrocious spelling mistakes (entire political science, anyone?)

Standard Chartered seems particularly lazy about sending notifications

When is the last time you received bank notification of  transaction a day after it happened? And that too for what would apparently be a VIP account given the balances claimed. And no, there doesn't seem to be the possibility of a transaction done just before midnight and notified after midnight, given that this is the afternoon of the next day.

What email application is it anyway?

While I admit I didn't search very hard, I did employ the assistance of google search. The only match anywhere in applications seems to be one called "fake text messenger" - unless of course the hacker built their own email app or has something obscure. Or it may be some custom OS - who knows, maybe will help cops trace the phone.

What navigation is that anyway?

There doesn't seem to be any "menu" provided for this "email". Back arrow next to the icon one can understand - goes back to the archive. Where would an arrow pointing right go? Twitter? :p

No need to delete, archive, etc and reply is out of question of course, given the quality of spellings.

What's that url again?

We have here a banking notification that points to a mobile site at one place and regular site the other. No https (though the url will redirect). Who in the world points to mobile sites in notification emails in the age of autodetection? Probably "hackers" who hack using mobile phones. Either they are very very good or nowhere near the server, given how tricky mobiles can be.

Whoever has seen an email from a bank that ends like this?

No disclaimer text "this is an automated email blah blah blah" What to do if you've got a notification for a transaction you didn't do, etc. No support email... No sign off... really? With half the email being an overlap, unlikely they had to cut it off for space.

Though in all honesty, I don't have a Standard Chartered account, and they may have the casual approach to notifications. If you do have a Standard Chartered account, do me a favor and send me a screenshot of a notification (blurring as appropriate) on Twitter? My handle is @Vidyut

And well, finally... what the hacker chooses to see or ignore

Some emails supposedly "leaked" by the hacker are like total Kashmir Pakistan obsession. I mean seriously, a politically indifferent hacker gets into a big journo's account, and all he can find is emails on Kashmir? ok.

Really? REALLY?

This is probably the first when a hacker out to "expose" missed actionable information (or even to seek it, looks like, if this is the highlight of the hack). For that matter, it could be anyone's inbox.

Worldclass hackers, put up a 98MB download with piddly bandwidth, DoSed their own expose? Hilarious. I suppose by the time the traffic goes down, BJP will have it taken down as "action taken".

If you can download the files they have posted, I would highly recommend you not do so unless you know what you are doing and have secured your machine appropriately. If you have to ask how to, don't.

Maybe it is possible that Legion ain't BJP backed. I'll believe it when BJP arrests them. Surely an attack on a political party, account of an MP and journalists - who have protected sources who could be at risk - warrants investigation and arrests right? So let us see.

7

Anonymous has always fascinated me. It was with great interest that I heard of Operation India being "engaged". I liked it that they were picking up on censorship to protest. I thought that DDoS attacks were a lot of trouble for little result beyond the time of the attack and illegal as well. Sites being defaced were outright scary illegal. But I liked the reasons. I realized that most people had no idea of Anonymous in any factual sense. I decided to find out. Yesterday, I went on their IRC channel to interview whoever was there to get an idea of the thinking and actions of Anonymous for India.

 

The first message on entering is automated.

Lulzboat- [#opIndia] "The Department of Telecom has ordered all internet service providers to block all file sharing websites, it's time for you to stand up and show that the corrupt government cannot stop you!"

I introduced myself on the #OpIndia channel and was immediately asked to return with a fake ID. I explained that i was not there to participate, but as a real person, blogger with a real identity wanting to find out more about them. I was quickly directed to another channel called #AnonymousINDIA - #OpIndia was not for chatting. Presenting snapshot quotes and answers gathered for some questions I asked them.

Operation India was started by NetCak3 and Vlad. BitMentor is an experienced and active Anon,and consented to speak with me. Participating in it is strictly individual choice. Anons themselves as individuals under a collective identity and there is no leader deciding for everyone. More like whoever wants to lead starts walking and everyone finding it interesting walk along. I was interested in what made BitMentor start Operation India and other anons join in. Corruption, censorship, illegal silencing that powerful entities get away with and such seemed recurring themes. The block on websites which also were extensively used in legal ways. Examples included VIMEO being used for sharing videos that were owned by the uploader or "open licence" or softwares like OpenOffice having official torrents for distributing. "we would not have cared if they had found the unloaders and arrested them [on piracy, illegal content]"

They spoke of three kinds of blocks. The first was a block of sites that could potentially pirate content. The second was to block sites that can allow anonymous sharing of content - Pastebin, for example. The third was specific targets. A list of blocked sites they got off the Reliance servers had a lot of urls containing "Satish Seth", which they say they investigated because it seemed curious and found no court order for (it is possible that there may be one that is not online). Satish Seth was an employee of Reliance arrested in the course of the 2G scam investigations. Pages including those on major news sites like telegraphindia and moneycontrol were on the list. Blogs on blogspot, tumblr, profiles on twitter, linkedIn. These pages open without any problem for me from an MTNL connection, which would not have been the case if this was a ban from a court order or DOT.

At first sight, I thought the sites were spoofs or insulting in some way. Possibly some may have been, but others seemed to be fairly innocuous. For example, the page on moneycontrol.com is the fourth page of the search results for the term satish seth. This page would be changing with news being added. Also, why not the first, second or third? Very strange.

In #OpIndia, the blocking of 400+ sites is something that is cause for alarm about the state of free speech. It indicates presumption of guilt unless proved innocent. And they are fighting to force such blocks back. However, the question in my mind was "by what means?" What plans does Operation India have? Answers ranged from DDoS attacks and defacements to protests on the ground. There was a whole range of alternatives ranging from the fairly straightforward to the illegal.

I asked them what justified the breaking of laws as a method of protest. Some answers I got, I don't buy. Defacements being peaceful protests in the sense of them not harming the server beyond replacing the front page or that DDoS attacks were the equivalent of thousands of people walking into a restaurant with a capacity for only hundred. Still others asked "where is the proof that we did it?" or that they were fighting things that were illegal or oppressive to begin with. In my eyes, this doesn't wash. You take thousands into a restaurant with a capacity for a hundred people with the sole purpose of paralyzing it? Entering a privately owned server without authorization and through bypassing security or exploiting vulnerabilities? It would be the real life equivalent of a person breaking into a home or office saying he did no harm, only painted all doors and windows black.

They know the risks. Indeed, the top of the page makes it clear "Anonymous Is no game, You must be aware of the risks and yet be brave, because this is a revolution. Some may fall but oure cause wont." The confidence as well as the outrage is clear. "We create every technology they use, and they expect to use it to control us. That is an idea of fighting the creator with his creation."

There are blurred boundaries. "soon we will hack computer of all corrupt Indians" said one. Some thought he was over reaching. Yet, there was a question a reader wanted asked about if anonymous would hack and get details of corrupt politicians with money in Swiss banks. Inside Anonymous or outside, disillusioned, angry minds think similar. But there is always the question of actual ability as well as the difficulty balancing what is right and wrong. For example, not all politicians are necessarily corrupt.

Which brought me to the question of how they decided targets. By consensus/vote - as expected. By now, I understood a little of this band of virtual Merry Men. But what happens when some Anons go converse to the interests of others? An example being the #OpKashmir that ran a few days ago, targeting Indian sites. It claims to represent the people of Kashmir independently of either India or Pakistan, yet the Operation targets onlyIndian sites - specifically those of the J&K government and the Army. While OpKashmir seems to be announced from an Anonymous website, the operation itself is claimed by The Hackers Army and their earlier post makes no mention of Anonymous. They had also launched #OPfreePalestine in which they hacked thousands of Israeli websites.

Vidyut, you never know who is behind #opkashmir

Some people use name of Anonymous just for personal grudges

 We will not only not hit it [Army website] we will do what it takes to protect it if required

While, to put it in their own words, they cannot stop anyone from being Anonymous, people on the #OpIndia were one voice on this. They see this as a political agenda which is not really what Anonymous is about. They have developed guidelines. They never target infrastructure. Which is how the websites for irctc, banks, BSE and media may up as suggestions, but are quickly negated as targets. This last - media - was particularly surprising, considering that there is a lot of bitterness about paid media (more on this in a bit), but they see the flow of information to people as infrastructure. However, these nuances (or eccentricities) are not very clear. For example, today, all day the RBI website has been solidly down. Is that because the common man doesn't interact with the RBI website? I don't know. We don't interact with the Army website either.

"Are the people on #OpIndia Indians?" Anonymous claims no nationality. However to "Are Indians on this channel?" the answer was a resounding yes. Actually, it was an unnecessary question by then. It was also clear from the chatter on the channel. This was a surprise when I first entered, because from all my reading of Anonymous, it had never occured to me that Indians were active in Anonymous. It had always seemed a Western phenomenon. But they operate as Anonymous and beyond nationality too and vice versa. Anons from Venezula defaced goodgov.in in support of Operation India.  Still, "Many Indians are there on most Ops world wide." took me completely by surprise.

We also talked about security. The lack of reporting of the defacing of the Big Cinemas Website ("if people suffer from these attacks, and they can't see movie 1 weekend, they would understand") was something that raised anger on behalf of people. As proof, the "hacktivists" had copied ticket booking details. According to BitMentor, this is a serious security breach. This ought to have been reported. While he says that their team did not take any Credit Card information, the fact that the vulnerability is there makes it within the realm of possibility that someone else could [or already did]. "BlackHats who wanted the data would have found it years ago." I don't know how easy or possible it is to retrieve or hack such information or to use it once they get it. I am simply reporting the conversation.

Anonymous had been bringing down government sites for a week without a word from the government - either acknowledgment or admonishment. However, the day after the attack on the Reliance website, the accounts for Operation India on both Facebook and Twitter were deleted. This cannot be an action by the social media service providers themselves because hundreds of anonymous accounts exist on both without any problem unless they are reported for child pornography or such from a very small and specific list of reasons. Incidentally, this would do nothing to secure the sites that got hacked.

Another thing that came up was the quality of CERTand Cyber Cell:

This claim directly led to a flood of tweets with screenshots clearly showing that the CERT website was down and for a long time.

BitMentor: Then we have CERT - Computer Emergency Response Team and the Cyber Cell - both these in India are over glorified. The reason they could solve many crimes is because the criminals were not good at it. Not because they were Shelock and Watson.

Me: What exactly would you say is wrong with them?

BitMentor: The problem with this idea is that you are never safe. Nothing wrong with them, the truth is that no one can do better, but that better is useless.

Me: So what should they do? There are cyber crimes happening

BitMentor: Educate people, and make laws to control the companies and not the internet. Eg: if law exist that a company can't store Credit Card data, no one can take it easily.

Had Anonymous been able to change policy or governments before? "SOPA and PIPA have been dropped". The government in Egypt changed. What did they plan for India?  They want to get the blocks on sharing sites reversed to earlier method of blocking urls instead of entire sites used by millions of people - many of whom didn't even watch films of the type being protected from piracy. However, there were idealistic long term visions too. The resolve was firm that any eroding of human freedoms would be fought with all means at their disposal.

When I shared the supportive messages and appreciation for their fight for freedoms, their reply was simple. "Tell them they are our power, help us fight". I remarked that while many may be angry over the same things they were fighting, most people would hesitate to cross legal lines or lack technical knowledge. "All of us are not techies. Ask them to spread message, to organize protests." "Speak up." "Tell them to do it before protesting is banned too" "They need to wake up, No country or place was ever saved by the government while the people slept."

They have a date - 9th June - by which they expect the government to reverse the blocks, or they have protests planned on the ground. Beyond that? It is anybody's guess. What is clear is that the Anonymous are in India and they are here to stay.