The hackers group that goes by the name 'Legion' has created quite a flutter in the Indian Twitter community over the past two weeks.

The group has claimed responsibility for the compromised Twitter accounts of Congress vice-president Rahul Gandhi and the party, business tycoon Vijay Mallya, and NDTV journalists Barkha Dutt and Ravish Kumar.

Here's what damage the group has caused, apart from sending shock-waves across Twitter-verse:

  • While Rahul's hack comprised abusive tweets, Mallya's account was used to leak personal information such as information about the cars he owned and passwords for his online accounts. His emails were ‘dumped’ on a particular website and the link made public on Twitter
  • Barkha's Twitter account gave away personal IDs, passwords and an email dump
Abusive content was posted on Congress' official Twitter handle on December 1

Which raises the burning questions: Who is this group, are they politically backed and what's their aim?

Going by the name, it seems 'Legion' is inspired by 'Legion of Doom', a famous US-based hacker group founded by 'Lex Luthor' and was active in late 1990s and early 2000.

In the recent hacks, the only clue that Legion left about their identity was a tweet, asking people to support them at "@sigaint.org".

Washington Post got in touch with a group member through email and had a chat through an encrypted instant-messaging software. Here's what we learnt about 'Legion' from the chat that took place on Saturday, hours before NDTV journos' accounts were hacked:

  • They are a bunch of hackers numbering in the “higher single digits” and based around the world
  • They are in possession of several terabytes of raw data concerning all sorts of “interests”
  • This raw data includes gigabytes worth of information relating to Indian public figures
  • They aim to release whatever they find and are "a bunch of computer geeks addicted to crime and drugs"
  • Their answer to those who think they have a political link: "We kindly request them to gas themselves with a balloon filled with zyclon B"
For representation / Reuters

  • They simply "ended up with access to over 40k+ servers in India" that gave them access to all this data
  • The member said they "might release" emails from an entire email provider that has "over 50,000 corporate clients in India". Or maybe slightly less.
  • The group claims to have access to servers of India's biggest private hospital chain Apollo but isn't sure about releasing data from it.