The hacking business that target celebs

Unless you were still one of those few who’s not into social media or the Internet, you would have come across The Legion, a group that had given the Twitter-verse fodder that lasted for days. 

The group came into the cyber limelight by hacking the Indian National Congress’ (INC) and Rahul Gandhi’s account where they posted a series of offensive tweets.  Liquor baron Vijay Mallya was the next target wherein his passwords and emails were ‘dumped’ on a website. This was followed by the journalist Barkha Dutt issue, whose personal IDs, passwords and email dumps were given away in a tweet. Another journalist Ravish Kumar’s Twitter account met with the same fate. 

Amidst all this, it was reported that Legion had access to the server of Apollo Hospitals and they were not releasing the information regarding the health details of late Chief Minister J Jayalalithaa as it would have  created a ‘chaos’. Though there is no substantial evidence to this claim, one cannot just ignore this group. 

Hackers, as the popular conception goes, are those nerdy college kids with their laptops in the grungy room. “There are four kinds of hackers: White Hat hackers, Black Hat hackers, Gray Hat hackers and Script kiddies. White Hats are basically those who know the ins and outs of the technology and get into a person’s system and the client is aware of it. They find a bug and notify the person or the company. Black Hats are the ones who are involved in cyber crime and cyber terrorism and they just do it for the money,” says Rahul Tyagi, VP of Lucideus, an IT Risk Assessment and Digital Security Services provider, adding, “Both black  and white hackers have over 10 years of experience and they leave no trails behind. On the other hand, the Gray-hatters do both. It’s like they are legal during the day and move to the darker side in the night. They involve in both. However, they leave a mark behind when they hack into a system. These are the youngsters who deface the sites. The most notorious ones are the Script kiddies who work on all the already existing codes and hack for the fun of it or for a personal vendetta.” 

There are several cases in the city, including that of celebrities, whose social media accounts were hacked. Most of the time it was the work of Script kiddies who just happened to have access to the accounts.  “The reason why we do what they do is create a name for themselves among the hackers community,” says a hacker, on condition of anonymity. There is this platform called Bug Bounty where developers or individuals would offer money to people who recognise a fault in their system. “These days most of them don’t pay saying that the issue has been already fixed. This is the reason why many hackers go to the darker side. They end up selling data for money.” He further explains, “The two popular ways of making money is through hacking, phishing and hacking. “In phishing, the hacker sends links that exactly look like a reputed brand. It manipulates the target to giving away personal information. Or send unsuspecting links, when clicked, gives away all data. The second one is Ransomware. When infected, it encrypts all the data and the user is unable to access his /her own files. People will have to pay the hacker in bitcoins (a payment network and a currency used to transact online) to retrieve their own data. Also, hackers collect a lot of data, like email addresses and go on to sell these details based on the demands of the client.” 

The first step for any hacker is information gathering about the person. One has to just go through the target’s social profiles. Also, there is something called ‘Insider Threat’, wherein someone associated with the target gives out details that gives hackers information about the operating system. 

“After we have all the information, we launch a Brute force, which is a trial and error method used to decode passwords. Most people keep simple passwords that includes names and dates associated with them or their family members. Decoding their passwords becomes easier for these users. Also, zero-day attacks are commonly used by hackers. This refers to a hole in software that is exploited by hackers before it is fixed,” says a college student who hacked into the Madras University system. “I just did it for the fun of it. I just wanted to check the number of students who had written the exam with me. I ended up having access to the entire data base. Now, if I want to I can change anybody’s marks online and even remove someone’s name from the record but since all these details are also available on paper, I may get caught.  In fact, I even wrote to the college authorities about the loopholes but no action was taken. Likewise, several government sites have loopholes and there have been instances where their websites were defaced,” he says. 

However, there are ethical hackers, who help law-making agencies to deal with the issue.