After a brief period of silence, Legion, the entity claiming responsibility for the recent hacking of high profile Indian public figures including Rahul Gandhi, Vijay Mallya, Barkha Dutt and Ravish Kumar, has resurfaced. It claims to have hit a jackpot of incriminating data and which it will release around New Year’s Day.

The group says that it has managed to obtain the login credentials to the accounts of over 60,000 Indian accountants on the online file storage platform Dropbox, according to an interview published here. According to the interlocutor, the group ran its Dropbox dumper against a list of financial niches with a hit rate of about 7% when the data was obtained. The group also claims to have acquired more than 7,000 files related to the financial audits of various people and companies. While The Wire has seen a copy of the login data, it cannot verify whether the credentials work or whether they were used to access private financial data.

Legion had described itself in an interview with the Washington Post as being a group of computer geeks addicted to drugs and crime. It has claimed in earlier interviews that it has access to over 40,000 servers in India, including the sansad.nic.in server that hosts the Parliament’s website as well as the email accounts of all MPs.

Warning that ”chaos” shall ensue should it release the data, the group indicated that it would be inactive until the data was publicly accessible and that it would cease to exist after.

In a conversation replete with profanity, references to hard drugs and disregard for law enforcement that has come to characterise the group’s public interactions, the Legion member persisted with a studious evasion of the motive behind its actions, stating that they were “in it for the lulz”.

While the group distanced itself from a recent telephonic interview with The Quint, which portrayed it as being supportive of Prime Minister Narendra Modi and his ‘Digital India’ initiative, it also conceded on more than one occasion that deliberate misdirection was part of its strategy. The statement is borne out by the many contradictions that have emerged between various public statements made by the group – especially those pertaining the claimed location of its members. That has varied from one interview to another.

What appears to be beyond question, however, is Legion’s ability to penetrate digital defences. The group recently hacked into servers belonging to Mallya, the Congress party and NDTV, in addition to compromising their Twitter handles. It publicly released a number of Mallya’s financial and personal documents as well as a 1.2-gigabyte chunk of Barkha Dutt’s email inbox.

Legion also discussed other potential targets in the interview, including the Unique Identification Authority of India (UIDAI) database that holds the Aadhaar data of over a billion Indians. It estimated that the data could be accessed in 72 hours or less. However, it asserted that the average citizen need not fear them, insisting that releasing Aadhaar data would help them in the long run [because] nothing was safe on the internet.

In the wake of the Legion attacks, IT minister Ravi Shankar Prasad had ordered an audit of government information security policies. The Delhi Police’s cyber cell, which has been investigating the matter, has run into a dead-end, having traced the Twitter attacks back to five different locations across three continents. Meanwhile, the group appeared to be confident in its ability to evade the reach of the authorities, saying that the authorities should think of themselves first and guard their servers instead.

Subscribe to The Wire‘s weekly science newsletter, Infinite in All Directions, where our science editor curates interesting science news, blogs and analyses from around the web.