New clues revealed by American magazine WIRED connect Pune police to a long-running hacking campaign involving a coordinated attack on digital devices used by the accused and enabling the hackers to plant false incriminating files on targets’ computers that police then used as grounds to arrest and jail them.
Basil Islam | TwoCircles.net
NEW DELHI — In a pan-India operation starting in 2018, around 16 individuals, including activists, human rights defenders, lawyers, and academics, were arrested by Pune police in the Bhima Koregaon case, for alleged links to banned Maoist groups and for being involved in a conspiracy to assassinate Prime Minister Narendra Modi. Telugu poet P. Varavara Rao, activist Rona Wilson, and university professor Hany Babu are some of the 16 accused languishing in jail, charged under the stringent Unlawful Activities (Prevention) Act (UAPA). Another accused, Father Stan Swamy, an 84-year-old Jesuit priest, died in prison last year due to Covid-19. The arrests of these individuals have frequently been condemned by civil society members in India. The case was highlighted for being part of the Indian government’s systematic and organized targeting of people who dissent and organize against injustice.
New clues in the Bhima Koregaon case connect Pune police to a long-running hacking campaign called Modified Elephant. This coordinated attack on digital devices used by the accused has enabled the hackers to plant false incriminating files on targets’ computers that police then used as grounds to arrest and jail them. This was revealed by an investigative report in the American magazine WIRED.
These revelations by WIRED come up amidst the Amnesty International and Citizen Lab findings that prove hacker activity in the evidence collected by the police from the accused, including laptops, hard drives, and emails.
Working with the security analyst at a particular email provider, researchers at security firm SentinelOne have found that the three victim email accounts compromised by the hackers in 2018 and 2019 had a recovery email address and phone number added as a backup mechanism. The recovery email for all three accounts, which belonged to Rona Wilson, Varavara Rao, and Hany Babu, included the full name of a police official in Pune who was closely involved in the Bhima Koregaon case. WhatsApp profile photo for the recovery phone number added to the hacked accounts displays a selfie photo of the same Pune police officer who appears in one news photograph taken at the arrest of Varavara Rao. Researchers have also found that the recovery email address and phone number tied to the same officer’s name in the leaked database of TrueCaller, a caller ID and call-blocking app.
“The conclusion that Pune police are tied to a hacking campaign that appears to have framed and jailed human rights activists presents a disturbing new example of the dangers of hacking tools in the hands of law enforcement—even in an ostensible democracy like India,” the WIRED report said.
Indian news magazine The Caravan had earlier written about conscious discrepancies by the Pune police while collecting the digital evidence. The police did not provide any hash value of the seized devices. A hash value is a numeric value that uniquely identifies data, and if the device tampers with post-seizure, the hash value of the device will change and will not match with the one provided to the accused. Similarly, records of communications between the accused that the police collected are in .docx and .pdf formats – documents that are prone to manipulation and planting on an insecure digital device.
In 2021, forensic analysts revealed that unidentified hackers fabricated incriminating evidence on the computers of at least two accused in the case. Several forensic studies on the copies of evidence provided by the Pune police have shown the presence of malware like Win32:Trojan-Gen and NetWire, allowing hackers to control the devices remotely.
Mihir Desai, a defence attorney representing several of the BK16, responded to WIRED that he is hopeful that these findings could help his clients, who have been accused of terrorist connections based in part on an apparently fabricated document found on Rona Wilson’s computer. “By showing the police did this, it would mean there was a conspiracy to arrest these people. It would show the police have acted in a vicious and deliberate manner, knowing fully well this was false evidence,” says Desai.
Speaking to Maktoob, Janney Rowena, wife of the jailed professor and human rights defender Hany Babu, said that this shows the extent to which our police will go in framing innocent people and how laws like UAPA work to support this. “Everyone must take these revelations seriously and those involved should be punished, or this will be repeated with impunity, most importantly, the activists, intellectuals, and academicians like my husband, Hany Babu, who have been languishing in jail without even the charges being framed, should be immediately released,” she said.
Basil Islam is an independent journalist and researcher based in South India. He tweets at @baasiie