Ever since high-profile names such as Rahul Gandhi, Vijay Mallya and Barkha Dutt fell prey to the group (or a single person) called Legion, the whole country has been talking about the hacker(s). The furore increased after a few interviews to several media platforms — in which they even revealed their future targets — the group spoke about how even our banking system can be easily hacked.
Apart from this, Legion, who have denied ‘political motives’ so far, called out to people to support their ‘cause’. Also, a few people online are even supporting Legion’s activities — so much that they have almost become a cult phenomenon now! (Mr. Robot fans, much?) Amidst all this, we can’t help but wonder how susceptible our accounts are in the cyberspace and if we, in general, show lethargy or lack of emphasis towards our security online. We speak to experts who shed light on the ‘dark web’, with tips on how to keep our accounts secured.
Explaining how Legion is able to hack, and at the same time remain hard to trace, Karthik Kumar Viswanathan, a prominent cyber security consultant and entrepreneur, says, “We use the Internet with a system of known servers, which we resolve through the domain name servers. But there is an Internet beyond it, known as the dark web.” He adds, “A lot of servers exist informally without their addresses being known, or work on compromised boxes running insecure software. Theoretically, one could put valuable information through paste-it websites as well, in the open. Sigiant, one such anonymous message service on the dark web, is used by Legion. And these are practically untraceable to law enforcement agencies. I haven’t used it, but such a service is quite easy to create and host on the dark web.”
Speaking about how flawed many corporate and banking companies are, with regards to cyber security, he says, “Many big companies use flawed practices. They do not audit their infrastructure — and implementing specific features requires a lot of time for them, thereby increasing the window of vulnerabilities for them. This, in fact, is true even of companies we respect today, like Google, Facebook or Twitter. When one service goes bad, for instance Gmail, everything tied to it can go bad, like your Facebook account.”
Rahul Mohanraj, a college student, who is a bug-bounty hunter and an ethical hacker, shares his point of view — “Legion hackers are, of late, getting a lot of attention. What they do is definitely illegal, but it points out how much security is important. People like us (whitehats) are happy with various security programs, so we aren’t influenced enough to change our path.”
Rahul, who once found a bug on Facebook, which enabled him to chat with Mark Zuckerberg directly, shares a few tips to keep our accounts secured — “One thing I realised from this, as well as from other hacks, is that we should take security as a serious issue and follow certain basic steps to protect ourselves, like not using the same password for all websites, using strong passwords and two factor authentication.”
Karthik, meanwhile, lists the steps one has to take if their account is hacked. “People have to change their password on a regular basis. For password lengths, an ideal number is close to 18 characters, for sensitive data. But, even if your account is hacked despite all this, then, resort to law enforcement agencies which work with the likes of the big services such as Twitter and Facebook and try to get as much information, such as IP, Time and ISP. They’d use them to track down people. And, in order to prevent governments from snooping on you, use a neutral OS like Linux and keep it updated regularly!”
On the other hand, Prashanth, a tech expert, who runs the YouTube channel Techshan, places the blame partially on people. “It is all about getting the basics right. You have got no one else to blame if you have used easily guessable passwords (like your birthday, spouse name, etc). You don’t need to be a tech expert to know all this. I personally do not access my accounts on multiple devices — it’s either my laptop or my smartphone. When I travel, I carry my own internet and refrain from using open wifi spots.”
