scorecardresearch
Wednesday, March 27, 2024
Support Our Journalism
HomeIndiaReport ‘links’ Pune Police to hacking campaign that ‘planted evidence’ on Bhima...

Report ‘links’ Pune Police to hacking campaign that ‘planted evidence’ on Bhima Koregaon suspects

Report by tech magazine Wired, quoting US cybersecurity researchers, alleges that email accounts of three accused — Rona Wilson, Varavara Rao and Hany Babu — were compromised.

Follow Us :
Text Size:

New Delhi: At least three people booked on terrorism charges in connection with the Bhima Koregaon case may have been framed by the Pune police, tech magazine Wired claimed in a report published Thursday, quoting researchers from an American cybersecurity firm.

Researchers at cybersecurity firm SentinelOne — who reportedly spoke to a security analyst at a “certain email provider” — determined that the email accounts of activist Rona Wilson, poet Varavara Rao and Delhi University professor Hany Babu were hacked.

The Wired report claims that “false incriminating files” were planted on the computers of the three accused “that the same police then used as grounds to arrest and jail them”. SentinelOne has named this “hacking campaign”, which allegedly targeted many individuals, ‘Modified Elephant’.

Moreover, the report in Wired alleges that the “addition of a new recovery email and phone number appears to have been intended to allow the hacker to easily regain control of the accounts if their passwords were changed”.

The account recovery email on all three accounts, according to the report, included the “full name of a police official in Pune who was closely involved in the Bhima Koregaon 16 case”. The report adds that the recovery phone number is listed with the official’s name on “multiple archived web directories for Indian police, including on the website of the Pune City Police”.

Two security researchers from SentinelOne will be presenting their findings at the Black Hat security conference in Las Vegas in August this year, Wired reported. “There’s a provable connection between the individuals who arrested these folks and the individuals who planted the evidence,” Juan Andres Guerrero-Saade, one of the researchers, told Wired.

The Wired report does not name the police official, and says it received no response from Pune Police or the official in question in response to the hacking allegations. 

The report comes on the heels of claims by Massachusetts-based digital forensics firm Arsenal Consulting, which made similar claims  in 2021 after examining the “contents of Wilson’s laptop, along with that of another defendant, human rights lawyer Surendra Gadling”.

Arsenal Consulting, working on behalf of the defendants in the Bhima Koregaon case, had claimed to have found evidence that Gadling’s and Wilson’s computers had been hacked using a malware called NetWire to plant incriminating documents, including “an explosive letter mentioning a plot to assassinate” Prime Minister Narendra Modi.


Also Read: ‘Give Gautam Navlakha speedy trial, bail,’ says rights body, wants NIA off Bhima Koregaon case


Bhima Koregaon case & ‘Modified Elephant’

A total of 16 individuals were arrested in connection with a case of allegedly instigating violence in the run-up to a January 2018 gathering of tribal people to commemorate the Battle of Bhima Koregaon in Maharashtra’s Pune district. Among the accused was 84-year-old Jesuit priest Stan Swamy, who passed away in custody in July last year.

Pune Police had been probing the Bhima Koregaon case for two years until 25 January 2020, when it was transferred to the National Investigation Agency (NIA) by the central government.

The report in Wired says researchers at SentinelOne and the non-profits Citizen Lab and Amnesty International have linked the “evidence fabrication” in this case “to a broader hacking operation that targeted hundreds of individuals over nearly a decade, using phishing emails to infect targeted computers with spyware” — an operation that the researchers have dubbed ‘Modified Elephant’.

Citing what a security analyst at a “certain email provider” told SentinelOne, the report goes on to add that the “hacked accounts were accessed from IP addresses that SentinelOne and Amnesty International had previously identified as those of Modified Elephant”.

The security analyst told the cybersecurity firm that a phishing email was sent to Rona Wilson’s account in April 2018; it was around this time that the account appears to have been compromised using the same IPs linked to ‘Modified Elephant’, the report says.

In addition, the report also cites findings by John Scott-Railton, a security researcher at the University of Toronto’s Citizen Lab, to “prove that the Pune City Police controlled the recovery contacts on the hacked accounts”.

Scott-Railton, who had alleged that military-grade spyware Pegasus — developed by Israeli firm NSO — was used to target the smartphones of some of the accused in the Bhima Koregaon case, reportedly went through publicly available databases to establish that the recovery number and email listed in the hacked account were linked to the “same Pune police official”.

The researcher with Citizen Lab also found that the profile picture of the WhatsApp account registered for the recovery phone number was a selfie of the same police official. He appears to be the same officer who appeared “at police press conferences and even in one news photograph taken at the arrest of Varvara [sic] Rao”.

Moreover, the report in Wired cites findings by another security researcher, Zeshan Aziz, who examined a leaked database of Truecaller — an app that helps identify the names of callers from unknown numbers — to claim that the recovery number and email listed in the hacked email accounts were the same as those listed under the Pune police official’s name in “multiple archived web directories for Indian police, including on the website of the Pune City Police”.

Wired also verified that at the time the accounts were compromised, the email provider would have sent a confirmation link or text message to any recovery contact information added to an email account, which suggests that the police did, in fact, control that email address and phone number,” the report asserts.

(Edited by Amrtansh Arora)


Also Read: ‘Left to die’: Families of Bhima Koregaon accused demand their release, say jail conditions poor


 

Subscribe to our channels on YouTube, Telegram & WhatsApp

Support Our Journalism

India needs fair, non-hyphenated and questioning journalism, packed with on-ground reporting. ThePrint – with exceptional reporters, columnists and editors – is doing just that.

Sustaining this needs support from wonderful readers like you.

Whether you live in India or overseas, you can take a paid subscription by clicking here.

Support Our Journalism

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular