The Indian State has been threatened. Make no mistake. Banks, hospitals and Parliament are our institutions and a fitting response has to be given.
Targets: Rahul Gandhi. Vijay Mallya. Barkha Dutt. Ravish Kumar.
Next Target-Wannabe: Lalit Modi.
New Targets: Banks, Hospitals & sansad.nic.in aka BIG FISH
One can be tempted to bracket the hacking done by Legion as a sign of the dystopian times that we live in. There are enough straws to indicate that: a group of renegades dabbling in weed, smoke and mirrors, security codes and a naïve sense of superiority.
One can also be equally tempted to decipher deep meanings from the hacking about the nature of hidden angst and its manifestations. Again, there are enough crumbs leading that trail: a group of Robin Hood style do-gooders disillusioned with the ways of world boldly taking the battle to the rich and the powerful.
Powder puff and romanticism aside, the reality is as cold as steel. Legion is a group of people with uncommon hacking skills that’s not the plain vanilla variety that India has encountered till now. In short, Legion is bringing into India, for the first, international standard hacking. Ask security experts. It’s not easy to hack into Google and Twitter servers. Nor is it a walk in the park to design a tool to sift through terabytes of data.
Let’s not kid ourselves. Legion is clear and presents danger. Forget their ‘g33ky’ lingo and snigger-worth references to “balloons filled with Zykon B” (which, by the way, is cyanide-based pesticide). Forget them being fanboys (and fangirls) of ‘progressive house music, Brian Eno, Aphex Twins and Global Communications’. Wipe out that Rastafarian story of languid pace and peaceful contentment that you are building about them in your head.
Legion is a wake-up call for a transforming (read digital) India. The alarm bells are ringing loud and clear in three domains. The first bell is clearly meant for our law enforcement institutions. This is not the first time that our cops and sleuths have been caught deer-like. The sorry figure cut by intelligence agencies on the @shamiwitness aka Mehdi Biswas case was filled with lessons. They should have been learnt. Yet, we are again seeing the same story.
On paper, India by now is supposed to have a National Cyber Coordination Centre and a National Critical Information Infrastructure Protection Centre. At least that’s what the National Cyber Security Policy of 2013 recommends. Yes, the policy also promises “to create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions… and create a workforce of 5,00,000 professionals skilled in next five years through capacity building skill development and training”. Good words, nicely written. What now?
The second bell is meant for organisations and institutions using digital payment gateways. The focus has always been on either using the digital medium for greater reach, efficiency and effectiveness or for creating new product and service lines that can be sold directly to the consumer. Of course, the logic of the business model demands that the transactions take place in the simplest possible manner: from Point A to Point B. But lost in this logic of making everything simple is the question of security of personal and financial information. The government institutions have a greater responsibility, at least a couple of notches above any private organisation and institution. After all, in a democratic India, the government with all its warts and pimples is still representative of our collective will.
Like it or not, cybersecurity of critical institutions and organisation is a matter of national security. And, there are solutions. Every single piece of data, every bit and byte, passing Indian internet and telecommunication pipes can be intercepted, stored, analysed and workable intelligence generated out of it. Germany, France and United States of America are quite good at it. India has had similar ambitions in the form of developing and deploying a central monitoring system (CMS). Maybe, it’s time?
The third bell is for us: as a collective and as an emerging community of digital natives. It gives us vicarious pleasure to see other people’s accounts hacked and their personal information coming out into the public domain. It could happen to you too. Of course, some of the injustices are stark and cannot ever be ignored: how can Vijay Mallya live it up when he hasn’t paid the salaries of Kingfisher employees? Sure, good question, but a different debate. Classic, contemporary and post-modernist arguments of freedom, privacy, democracy, rights and entitlements aside, isn’t it time for us to start pointing out the elephants and unicorns of all shades in the room? Where does freedom begin and privacy end?
The hackers of Legion are not Julian Assange or Wikileaks. They are also not old style investigative journalists who brought down tobacco companies and mining barons. They are cyberdacoits. They need to be brought down.