What We Know and Don’t Know About the Congress, Mallya and NDTV Hacks

What do the hackers behind the Rahul Gandhi, Mallya and NDTV account breaches want? Are they all part of the same group? How did this happen? Why did this happen? The Wire breaks it down.


New Delhi:  Over the course of the last three weeks, a group or multiple groups of individuals have managed to gain unauthorised access to the e-mail and Twitter accounts of the Indian National Congress (INC),  Congress Party leader Rahul Gandhi, industrialist Vijay Mallya and media organisation NDTV.

This unauthorised access was made clear when the individuals who had gained the access started using the victim’s Twitter accounts to crack inappropriate jokes (in the case of the INC, Gandhi) or to claim credit and announce their intentions (in the case of NDTV journalist Barkha Dutt).

Security and data breaches have been a common theme both domestically and globally in 2016. While the Obama administration is currently probing whether Russian hackers may have played a role in influencing the US presidential elections, India saw perhaps one of its biggest financial data breaches when the data of 3.2 million debit card users was exposed.

What do the hackers behind the Gandhi, Mallya and NDTV account breaches want? Are they all part of the same group? How did this happen? Why did this happen? The Wire breaks it down.

Was Twitter itself hacked? Were its servers breached?

There’s no evidence that this has happened. If anything, evidence points more towards the Twitter accounts of Gandhi and NDTV journalists Dutt and Ravish Kumar being accessed legitimately – after their e-mail accounts were compromised. Twitter India sources say the same, with Twitter India official Raheel Khursheed pointing out that the “Twitter accounts were legitimately logged into after gaining credentials via email”.

This makes more sense for two reasons. First, if Twitter itself was hacked, there would be a lot more public and famous Twitter accounts acting up. Secondly, the e-mail servers and operations of large organisations such as the Congress or NDTV are run by Indian organisations whose security could more easily be breached.

Some security researchers have pointed out that Mallya and Gandhi shared a common network service provider –  namely Net4; whose security defences have been doubted by a number of parties, according to people with direct knowledge of the matter.

The company, however, has denied that their servers were hacked and have pointed out that they don’t provide e-mail services to Mallya and Gandhi. It is important to note that while NDTV is a customer of Net4, it hosts its own e-mail servers.

Are we going to see information leaks because of these hacks?

So far, what’s happened through the hacked Twitter accounts has been quite minimal. Offensive and insulting tweets have been posted through the INC and Gandhi’s accounts. In the case of Mallya and Dutt, some personal information (which could not be verified by The Wire) in the form of email account passwords and physical addresses was shared.

Bigger information dumps, however, have been hinted at. If we are to assume that the e-mail accounts of all the victims have been breached, then it’s possible that an information dump à la Wikileaks is possible.

The hacked Barka Dutt Twitter account did tweet out links to a possible information dump late last night: These tweets have since been deleted, but the link, which leads to an information sharing service still remains. While several social media users pointed out that they did access this, when The Wire tried, the link said it had exceeded its daily traffic limit, as shown below.


Nevertheless, the very existence of such a link does not prove that an NDTV information dump has been put out or that it is authentic.

The hacker group, or groups, behind these security breaches, however, have promised that a release of documents is incoming. The Congress party e-mails, the group tweeted through the INC account, would be released on New Year’s day.

Who is behind these breaches? Is it one group or multiple groups? Do they have a motive or agenda?

Here’s where it gets slightly complicated. Media publications have attributed these breaches to an anonymous hacker group called ‘Legion’. Is it safe to say that this ‘Legion’ is behind all these breaches? In hijacked tweets of all the victims so far, this Legion appears to have claimed credit.

And yet, tags like Anonymous or Legion have been used by hacker groups across the world for different and various data breaches. Indeed, the point of such tags is that anybody can pick them and use them for their own personal motivations. The targets of these hacks in question show that this particular group has to be Indian, of Indian-origin or somebody with some interest in Indian affairs. Beyond that, it’s difficult to say anything about this hacker group or groups.

It’s also difficult to say that whichever individual or group of individuals that breached Gandhi’s e-mail server is the same group that gained unauthorised access to the e-mail accounts of senior NDTV journalists. Media publications that report on this group’s activities need to be clear about this.

In some of the tweets that they’ve posted from Mallya’s account, the hackers have made reference to launching a fight “against corrupt people”. Future information dumps could tell us more about this.

How politically motivated are the hacks? Are they being used to distract, to deceive?

Maybe. Maybe not. Really impossible to say without proof. If you believed in slightly paranoid conspiracies, one could say (as several have noted) that the Congress party e-mail accounts and Gandhi’s Twitter accounts were hacked around December 1, 2016 – which was the first payday after the Modi government’s demonetisation move; when people line up at ATMs to pay their rent, bills and other dues.  

Distraction and deception are the bread-and-butter of Indian and global politics. Parties with vested interest try to change what the mainstream news cycle is talking about; individuals who could threaten a political establishment find that some of their more embarrassing secrets are made public. This stretches as far back as the horrifying attempts made by the Federal Bureau of Investigation to muzzle Martin Luther King Jr.

This doesn’t mean that the recent wave of security and data breaches are an attempt to shift focus away from demonetisation – it’s impossible and would be egregious to say so without proof.

However, the value of any future information dumps that ‘Legion’ gives the mainstream media or the Indian public should also not be underestimated just because it could possibly be an attempt at shifting the attention of middle-class citizens. If these hackers do put out e-mail dumps, they would need to be treated with due circumspection, say media ethicists. It is generally understood that unauthorised disclosures of information belonging to individuals or organisations represent a breach of privacy and should be accessed by news organisations and used if and only if they point to wrongdoing and there is compelling public interest involved.