5 things that tell you “Legion” hackers are yet another BJP front

0
13

So a few days ago,anonymous hackers calling themselves “Legion” hacked Rahul Gandhi’s Twitter account and made profane tweets from it.

Anonymous legion hackers then compromised the official Congress handle and other accounts, all of them with official inc.in email IDs.

Yesterday, the anonymous hackers calling themselves “Legion” hacked Barkha Dutt’s Twitter account

followed by Ravish Kumar’s.

The group of hackers made a tweet claiming not to be affiliated with the BJP.

Which is all very excellent, except there are some very good reasons to believe that the hackers could indeed be affiliated with the BJP. And BJP has a long history of its fronts being “apolitical” or “not-affiliated”, going right back to a notable event I attended in 2009 or 2010 (I forget), organized by “Friends of BJP” – which claimed to be an apolitical group. Countless Hindu Sena this that and the other variants have conveniently popped up to attack targets of BJP at opportune moments and vanished into obscurity.

India Against Corruption ran a nationwide protest against the previous government. An “apolitical” organization, that just happened to be amply funded by the RSS, included plenty of BJP affiliated public figures, AND had protests happening in front of every BJP office, was… apolitical.

For that matter, the RSS itself, whose members form a large part of the government and who gets foreign funds for rescue and social work, but managed to put LAKHS of its workers on the streets campaigning for BJP’s Lok Sabha electoral campaign is…. (you guessed it by now) an apolitical, cultural organization. I hope you get my drift. If it walks like a BJP affiliate, acts like a BJP affiliate, quacks like a BJP affiliate AND it claims to be apolitical…

A heads up by the BJP insider handle

A handle calling itself “BJP insider” had tweeted in July that BJP’s IT cell had recruited professional hackers to hack and suspend accounts causing problems to boss (Modi) on Twitter and Facebook. This handle has been around for a couple of years at least and consistently tweets what it claims is the scuttlebutt around BJP headquarters.

By itself, it may not mean much, as several months had passed. Or it could mean a lot. Who knows. It is hardly like BJP has never hired people to do their dirty work online.

Rumors of targeting of political opponents and critics being planned

After the second week of demonetistion, there were several rumors that BJP had plans to target political opponents in various ways. The manner in which they circulated and the variety of actions being suggested as possible don’t suggest a single source.

Also some deliberate events happening to discredit conspicuous critics of the demonetisation gave credibility to the rumors. For example, the most popular one expected was Income Tax raids on people. However the “false alarm” with Mamata Banerjee as well as ex-Prime Minister Manmohan Singh under investigation for a scam within days of a powerful speech and article pointing out concerns about demonetisation certainly raise questions about the timing.

The targets of the hacks

All the identities targeted are top targets of BJP’s online troll gangs. Both individuals and organizations. Incidentally, once this was raised, @Joydas was among the first to comment that a token BJP hack would happen. And it did. No undesirable tweets got posted and a large “dump” of their database was apparently put up that no one seems to have downloaded (because the hotshots basically DoSed their own server with it, looks like). What is in it could be anyone’s guess. But given the complete lack of agitation in the bhakts normally frenzied about the slightest adverse development, it is difficult to believe this to be an adverse development.

Symptoms of BJP’s photoshop industry at work

Screenshots posted of what appears to be a transaction notification email to Barkha Dutt from the Standard Chartered bank have two glaring issues.

Recipient? Seriously?

Should be recipient, yes? Strange to believe that either Standard Chartered or a mobile application coder good enough to get the interest of a “hacker” would make such a basic mistake. Leads one to question whether the screenshots are real. It wouldn’t be the first time the BJP’s photoshop department threw up an “original” document, only to reveal themselves with atrocious spelling mistakes (entire political science, anyone?)

Standard Chartered seems particularly lazy about sending notifications

When is the last time you received bank notification of transaction a day after it happened? And that too for what would apparently be a VIP account given the balances claimed. And no, there doesn’t seem to be the possibility of a transaction done just before midnight and notified after midnight, given that this is the afternoon of the next day.

What email application is it anyway?

While I admit I didn’t search very hard, I did employ the assistance of google search. The only match anywhere in applications seems to be one called “fake text messenger” – unless of course the hacker built their own email app or has something obscure. Or it may be some custom OS – who knows, maybe will help cops trace the phone.

What navigation is that anyway?

There doesn’t seem to be any “menu” provided for this “email”. Back arrow next to the icon one can understand – goes back to the archive. Where would an arrow pointing right go? Twitter? :p

No need to delete, archive, etc and reply is out of question of course, given the quality of spellings.

What’s that url again?

We have here a banking notification that points to a mobile site at one place and regular site the other. No https (though the url will redirect). Who in the world points to mobile sites in notification emails in the age of autodetection? Probably “hackers” who hack using mobile phones. Either they are very very good or nowhere near the server, given how tricky mobiles can be.

Whoever has seen an email from a bank that ends like this?

No disclaimer text “this is an automated email blah blah blah” What to do if you’ve got a notification for a transaction you didn’t do, etc. No support email… No sign off… really? With half the email being an overlap, unlikely they had to cut it off for space.

Though in all honesty, I don’t have a Standard Chartered account, and they may have the casual approach to notifications. If you do have a Standard Chartered account, do me a favor and send me a screenshot of a notification (blurring as appropriate) on Twitter? My handle is @Vidyut

And well, finally… what the hacker chooses to see or ignore

Some emails supposedly “leaked” by the hacker are like total Kashmir Pakistan obsession. I mean seriously, a politically indifferent hacker gets into a big journo’s account, and all he can find is emails on Kashmir? ok.

Really? REALLY?

This is probably the first when a hacker out to “expose” missed actionable information (or even to seek it, looks like, if this is the highlight of the hack). For that matter, it could be anyone’s inbox.

Worldclass hackers, put up a 98MB download with piddly bandwidth, DoSed their own expose? Hilarious. I suppose by the time the traffic goes down, BJP will have it taken down as “action taken”.

If you can download the files they have posted, I would highly recommend you not do so unless you know what you are doing and have secured your machine appropriately. If you have to ask how to, don’t.

Maybe it is possible that Legion ain’t BJP backed. I’ll believe it when BJP arrests them. Surely an attack on a political party, account of an MP and journalists – who have protected sources who could be at risk – warrants investigation and arrests right? So let us see.

Original Article

LEAVE A REPLY