Bhima Koregaon Case: Activist Seeks Fresh Probe After Forensic Analysis Shows Evidence was Planted
Bhima Koregaon Case: Activist Seeks Fresh Probe After Forensic Analysis Shows Evidence was Planted
According to The Washington Post, an attacker used malware to infiltrate a laptop belonging to Rona Wilson before his arrest and deposited at least 10 incriminating letters on the computer.

Activist Rona Wilson, an accused in the Bhima Koregaon case, has filed a petition in the Bombay High Court seeking fresh SIT probe into the matter after an independent forensic analysis showed that the letters, crucial evidence in the case, were planted by a hacker on his laptop.

The Pune Police had cited these letters, purportedly written by Wilson, as primary evidence in the case. Among these, the most explosive of them all, was the one apparently written by Wilson to a Maoist militant in which he discussed the need for guns and ammunition and urged the banned group to assassinate Prime Minister Narendra Modi.

According to The Washington Post, an attacker used malware to infiltrate a laptop belonging to Wilson before his arrest and deposited at least 10 incriminating letters on the computer. The findings were part of a report by Arsenal Consulting, a Massachusetts-based digital forensics firm that examined an electronic copy of the laptop at the request of Wilson’s lawyers.

Several activists, all outspoken critics of the Modi regime, have been in jail for two years and are facing trial under the stringent anti-terrorism law.

Wilson’s lawyer Sudeep Pasbola said the report proved his client’s innocence and “destabilizes” the prosecution case against the activists.

Jaya Roy, a spokeswoman for the National Investigation Agency, told The Washington Post that the forensic analysis of Wilson’s laptop conducted by law enforcement did not show any evidence of malware on the device. She added that there was “substantial documentary and oral evidence” against the individuals charged in the case.

Apart from Wilson, other accused in the case include activists Surendra Gadling, Rona Wilson, Shoma Sen, Mahesh Raut and Sudhir Dhavale, who were arrested in June 2018, and absconding Maoist leaders Dipak alias Milind Teltumbade, Kishan Da alias Prashant Bose and Prakash alias Rituparn Goswami. Sudha Bharadwaj, Varavara Rao, Arun Ferriera, Vernon Gonsalves and fugitive general secretary of the banned CPI (Maoist) Ganapathy were named in the supplementary chargesheet filed by the police in February 2019.

The initial accusations against the activists rested heavily on incriminating letters recovered from electronic devices seized from them.

Arsenal Consulting found that the letter — along with at least nine others — had been planted in a hidden folder on Wilson’s computer by an unidentified attacker who used malware to control and spy on the laptop, according to the report.

“This is one of the most serious cases involving evidence tampering that Arsenal has ever encountered,” the report said, citing the “vast timespan” — nearly two years — between the time the laptop was first compromised and the moment the attacker delivered the last incriminating document.

The modus operandi

Arsenal’s report gives a detailed account of the cyberattack. In June 2016, Wilson apparently received several emails that appeared to be from a fellow activist who urged him to click on a link to download an innocuous statement from a civil liberties group. Instead, the report says, the link deployed NetWire, a commercially available form of malicious software that allowed a hacker to access Wilson’s device.

Arsenal discovered records of the malware logging Wilson’s keystrokes, passwords and browsing activity. It also recovered file system information showing the attacker creating the hidden folder to which at least 10 incriminating letters were delivered — and then attempting to conceal those steps. The letters were created using a newer version of Microsoft Word that did not exist on Wilson’s computer, the report said.

Arsenal found no evidence that the documents or the hidden folder were ever opened.

Although the did not identify the hacker, it noted that Wilson was not the only victim. The same attacker had deployed some of the same servers and IP addresses to target other accused in the case over a period of four years, the report said, based on a review of forensic images related to those individuals.

The Bhima Koregaon case pertains to incidents of January 1, 2018, the day of the bicentenary celebrations of the Bhima Koregaon battle. The celebration was marred by violence between Hindu nationalists and members of the Dalit community leading to the death of one person and injuries to several others.

The police alleged that the accused activists who have “Maoist links” funded the Elgar Parishad meeting on December 31, 2017, where inflammatory speeches were made which led to the violence.

Read all the Latest News, Breaking News and Coronavirus News here

What's your reaction?

Comments

https://tupko.com/assets/images/user-avatar-s.jpg

0 comment

Write the first comment for this!