A new forensic analysis has revealed the extent of malicious software used to plant “incriminating” evidence in the laptop of incarcerated activist Rona Wilson, with an unknown hacker planting 30 documents in his laptop, as reported by The Washington Post. Wilson is among a group 15 activists, lawyers and academics who have been arrested on alleged charges of ‘Maoist’ links in relation to the Bhima Koregaon violence case.
The latest revelations have been brought forward by the Massachusetts-based digital forensics firm, Arsenal Consulting, which had earlier in February 2021 reported that 10 letters had been planted in Wilson’s laptop. The letter discussing an alleged plot to assassinate Prime Minister Narendra Modi was among those planted by the said attacker. The 22 new documents have also been traced to the same source, according to the report.
The Pune Police, then investigators in the Bhima Koregaon case, had cited the same documents, now totalling 32, as evidence against the 15 arrested activists in the charge-sheet filed in the case.
The earlier report by Arsenal Consulting was submitted by Wilson’s lawyers to a court in Mumbai, urging the judges to dismiss the case. However, the court hasn’t held a hearing on the petition so far. According to the president of Arsenal, Mark Spencer, they were approached by Wilson’s defence team to the examine the electronic evidence on July 31, 2020.
With the new report, concerns about “the controversial prosecution of a group of government critics under Prime Minister Narendra Modi” are set to increase, The Washington Post report added. It also highlighted the fact that the Modi government has drawn flak from human rights groups and legal experts over the “increasing clampdown on critics” and the “diminishing space for dissent” in the country.
Meanwhile, a spokesperson of the National Investigation Agency – now the principal investigator after it took over the case from Pune Police in January last year – was reported saying that “an analysis by a government forensic laboratory did not indicate that the laptop had been compromised by malware”. However, she did not provide details on “how the laboratory reached that conclusion” the Washington Post added.
It should be noted that the NIA falls directly under the Ministry of Home Affairs, headed by Amit Shah. The timing of the transfer of the case is also to be noted, as the NIA took over the case in January, after the Bharatiya Janata Party (BJP), in power at the Centre, lost the elections in Maharashtra.
Further, The Washington Post reported that it verified the Arsenal Consulting’s report with four malware and digital forensics experts in North America, all of whom confirmed the veracity of the reports.
According to the latest report, the data recovered by Arsenal from the laptop shows “the attacker typing commands to deliver documents to a hidden folder”. This, said Mark Spencer, is the equivalent of a “videotape of someone committing the crime”.
The report added that the attacker used “NetWire, a commercially available form of malware, to compromise Wilson’s laptop for nearly two years starting in 2016”.
Arsenal has also alleged that the “compromising of Wilson’s computer was just one element of a larger malware campaign. The same attacker also targeted his co-defendants.” Not only that, eight other people who were seeking to help the arrested activists also received emails with malicious links that deployed NetWire, as reported by Amnesty International.
Among the activists arrested, jailed and denied bail are lawyer Sudha Bharadwaj, poet-activist Varavara Rao, Sudhir Dhawale, Rona Wilson, Surendra Gadling, Shoma Sen, Mahesh Raut, Arun Ferreira, Vernon Gonsalves, Hany Babu, Anand Teltumbde, and Gautam Navlakha.
Further, it has been highlighted that the Internet protocol addresses and the domain names which were used to target the activists and their associates were also the same. “Most of the IP addresses are assigned to HostSailor, a web-hosting and virtual private server company whose website indicates it is based in the United Arab Emirates. HostSailor declined to respond to requests for comment on whether it was aware of the reports or had taken any action in response to them,” the Post added.
The consulting agency’s president told The Washington Post that the work conducted by the agency so far has been on a pro bono basis. It has reportedly provided expert testimony in cases such as the Boston Marathon bombing.