Exclusive: Interview with hacker group Legion

Jayadevan PK December 12, 2016 9 min

Around an hour ago, we finally received a reply from the folks at Legion, the hacker group which compromised the accounts of Vijay Mallya, Rahul Gandhi, Barkha Dutt and Ravish Kumar.

We’d lobbed in an interview request to an e-mail ID tweeted from Mallya’s account while it was compromised. We were asked to install an instant messenger which provides secure chat.

We added the Legion’s handle and started talking (earlier today, the Washington Post had interviewed them in a similar fashion).

Below, read the full transcript of our chat with the Legion’s handle, offered without comments or editing. We’ve *’d some expletives.

Our questions are in bold and the typos haven’t been corrected.

Highlights of the interview: 

1. The group claims it is not on Twitter. They disassociated themselves with all Twitter handles operating in their name.

2. They claim Indian banking systems can be easily hacked but say they won’t do it.

3. They said their next hack would be of sansad.nic.in, followed by a document dump.

4. They said they would support #DigitalIndia if it was based on cryptocurrency.


Yes hello.

We got the request!



After all, in the public domain- we are PR GROUPIES and attention seekers.

Gotta do what they claim we’re good at 😉

haha, and pot heads if I may

Question: What is your end game?

The pothead part isn’t too bad

I mean, we used to be pot heads

WE just don’t smoke as mucha nymore 😉

Question: What is your end game, if there is one?

End game?

Die from an overdose of LSD combined with DMT on the peaky ranges of the himalayas

After saying: Fuck this shit, we all gotta die sometime 😉

We don’t have a purpose

We just expose people that pop up

As potentially interesting

So more like Opportunistic hacking, than targeted.

This is about as targeted as it gets

What’s next?

Next is a dump of sansad.nic.in emails
Which is – quite big

It includes a lot of _BIG FISH_

Whoa, do you think that could potentially damage innocents? Like collateral damage of sorts?

It might, it might not.

But then again – only government affiliated people get e-mails @sansad.nic.in


So, it’d be interesting

If it does damage innocents – it’s their problem for using an insecure mail service 😉

Another theory doing the rounds is that you’re an italian form called the hacking team contracted by Mr Modi.


Hacking team was r00t3d and owned by ******** not too long ago

Their spools and e-mails released

Why would they want to hack twitter accounts?


They have more “IMPORTANT” things to do

Like write surveillance software for governments and agencies around the world

One of the stories we did said Net4, which hosted mallya and raga emails could be vulnerable.

They do not host mallya and raga e-mails

Mallya has over 30 e-mail accounts, scattered across various providers.

They do host the domain though

And we have root to them too

And you said 40k others


That is excluding anyone hosted at net4 which was rooted ages ago

Do you have any political affiliations?

One word- anarchists

Hmm..anyone you look up to?

T3kn10n of ac1db1tchz

Are you from India?

How big is the group?

Also, are you recruiting?

If you’re asking if I have an Indian passport- the answer is no.

Indian origin perhaps then

The group is in the higher single digits, but we’ve gotten submissions from a lot of kidz

The kidz don’t even know how to get XMPP working – how will they ever assist us?

What’s the extent of your strength, if you were to brag?

Well, with the amount of money and sk1ll that we have- we could own any corporation.

And we’ve been doing this for almost a decade now, wanted by multiple international agencies.

The question is, will they ever find us?

And if they do- will they prosecute us with enough evidence?

And if they do, will the world be a better place? Or will it miss the superior cyber criminals it just lapsed behind bars…..

Thanks for asking them questions, should have done it myself 🙂 And the answers?

The answer – the drugs will probably kill me before they catch me, and the others – the same probably goes for them too 😉

You claim to have not release Amma info because it’ll cause chaos. Doesn’t that contradict stated mission of putting as much classified information out in public as possible. As in, why be selective. Just send out a dump rather than worry about implications. Or are you being selective about it and if so, why and what guides that selection?

There are lots of rounds going about in the ‘amma info’

We just don’t know the legitimacy of half the data acquired in it 😉

When we scanned through the data we intercepted from various servers in south india, including AIADMK CDR stuff and other valuable information

We found a lot of info contradicting info


Noticed that Mallya’s passport had wrong dates, people saying the partial dump was fake

Also, issued in Delhi. I’m guessing it should be Bangalore.

Well, that’s the scans we acquired from his e-mails.


Also, I’m going to need a simple way to tell the world I know for sure that you guys are who you claim you are. Though I could just say it’s from the email you Tweeted out when you owned thevijaymallya.

Mallya was an influential person, he could’ve gotten his passport issued anywhere


Also Rajya Sabha MP

How old are you guys? Any other color/ info that you can share with us?

If you think the passport dump is fake- why don’t you contact the MEA and find out for yourself?

I don’t think it’s fake.

Just repeating a question that came in my story earlier.

Can we meet sometime?

Your terms

Come down to eastern europe and give us a ring

We can definitely meet 😉

Haha, give us your address 😛

Meh- the address is universal

More like nomads

That’s the perks of having multiple passports

Welcome to a world where you can buy a passport with WITH THE “citizenship by investment” SCHEME

Is true that Modi/ BJP accounts have bulletproof security online? Is that one of the reasons for not having any of their major accounts?

This is the internet

Anything can be made can be broken

Nothing is secure.

Why bone of the BJP handles, accounts yet then?

* none

Probably because we didn’t loot enough money from BJP to do the drugz.

However, if BJP does not buy us a gram of tryptamine out there- payable in bitcoin- we will r00t and 0wn them too 😉

Jokes apart

We will own them too, when the time is right


Thoughts on Barkha and Ravish?

Dunno bout ravish, we just needed a twitter for PR so we jacked his- was the easiest one – 30 seconds

But barkha is a *********

Also, possible to hold off on other interviews for a couple of hours till I get time to out this together?

She deserves everything that will be headed towards her

WE didn’t even leak 10% of the e-mails

Wait till the cat is out of the bag 😉

Why do you say she deserves though?

***** is using her publicity for politically motivated campaigns in India – In a way, attempting to brainwash the masses?


Look at the *****- she looks like a ***** ****** ***** who would do anything for money?

You can see the devil in her eyez

Possible to hold off on other interviews for a couple of hours till i get time to out this together?

I’m sure you have a lot of requests

We get too many interview requests

It’s ridiculous

We don’t understand why

We should probably hire a media groupie chick

I hate being the posterboy for the whole group


Probably not the best use of your time

The drugs are the most valuable use of my time

Psychonauts influenced by the great Terence mckenna!

Just being honest hereI don’t think you actually do drugs. Probably part of the image you are trying to create.

Why is hat?

Hackers love drugs – Mind expanding drugs.

In the business of hacking, misdirection is classic no?

That is true – but we would never lie about drugs!

A big joint of OG mixed with hash in it- On a trip of 250ug of LSD. Who doesn’t love that?

Haha, how do I establish you are the legion? For my readers

You don’t – We haven’t even released our PGP key yet. Plausible deniability is always best! There are a lot of fake twitter accounts doing rounds, just know that we’re not affiliated with any of them 😉

Also, people keep e-mailing us asking us about our opinion on #DigitalIndia

We don’t support any centralized form of banking

Haha! BTC I’m guessing

Do you have a twitter handle that we should follow?

We don’t use twitter


(not our own account, at least)

What if the NPCI hub servers or the IDRBT servers were hacked – and hackers figured out the protocols of say – IMPS, NEFT/ RTGS (lot of private firms like atom tech have this info already)

We support #DigitalIndia, only with cryptocurrency! What’s better than holding your own money?

Hmm, that sounds a bit like Mr Robot.

Well, let me point out something – it’s been done before.

Hackers reverse engineered the protocol used by SWIFT and siphoned off over $400m in the past few months

And SWIFt is the ‘international standard’

What about the Indian banking system? It’s probably down to its knees already by other groups of the same skillset.


Banks don’t disclose breaches

That’s bad for consumers

We ourselves have confidential data pertaining to NPCI/ IDRBT hub servers, and even have the encryption keys/ certificates used by some banks in India (Not disclosed)

So, theoretically, we could generate ‘fraudulent’ financial messages- Let’s say, VIA IMPS or NEFT!

Does that make #DigitalIndia safe?

Maybe Modi should think all of this through before launching it 😉

Hmm, but you won’t?

Oh, we get plenty of money just by selling weaponized exploits.

We wouldn’t need that money

What would we do with it? Buy fancy carz?

Nah, the drugs and the flight tickets and the hotels are all we need money for 😉

Alright. Give me some time before you give out other interviews? Just about enough to put the out.


You might be able to interview someone else

From a different timezone

So as to not get d0x3d

The handle is active 24/7, otherwise it’s bad opsec

Got it!

Be back in a few minutes, let me write this out. Appreciate it.

Other stories in our #Legion coverage

Net4 India chief denies hack

What we know of the NDTV hacks so far

How the Legion could have hacked Vijay Mallya and Rahul Gandhi

Now Legion hacks Journalist Barkha Dutt, Ravish Kumar

It’s not just Twitter. Rahul Gandhi’s email server has been hacked


Disclosure: FactorDaily is owned by SourceCode Media, which counts Accel Partners, Blume Ventures and Vijay Shekhar Sharma among its investors. Accel Partners is an early investor in Flipkart. Vijay Shekhar Sharma is the founder of Paytm. None of FactorDaily’s investors have any influence on its reporting about India’s technology and startup ecosystem.