Forensic analysis has pointed to the alleged planting of evidence on the computer of another accused in the Bhima-Koregaon Maoist-links case by the “same attacker” that had targeted human rights activist Rona Wilson.
The Washington Post on Tuesday published an article on the report of a US-based data forensics firm that found that Nagpur lawyer Surendra Gadling’s computer had been hacked with the NetWire malware in 2016 via email and a total of 14 documents had been planted between December 4, 2016, and October 22, 2017.
One of the documents — on Maoist funding — that had allegedly been planted on Gadling’s computer in 2017 was the same as the one planted on Wilson’s computer around the same time, it said.
The 14 documents deal with Maoist movements, attacks, funding through hawala channels and getting rebels released from jail.
Boston’s Arsenal Consulting, quoted by The Post, has been bringing out reports on the alleged plants. The report on human rights activist Wilson had been made public in February this year. Arsenal, a digital forensic consulting company, has been cited in court by the defence team of Wilson.
Arsenal’s third and latest report, on which The Post article is based, describes the evidence planting thus: “It should be noted that this is one of the most serious cases involving evidence tampering that Arsenal has ever encountered, based on various metrics which include the vast timespan between the delivery of the first and last incriminating documents on multiple defendants’ computers.”
Gadling and Wilson are in jail since 2018 in the Bhima-Koregaon case. Sixteen rights activists, including Father Stan Swamy who passed away in judicial custody on Monday, have been jailed in connection with the investigation into alleged Maoist links to an Ambedkarite event on December 31, 2017, at Maharashtra’s Bhima-Koregaon that was followed by caste clashes the next day that claimed one life.
Arsenal’s third report, accessed by The Telegraph, says in its summary: “Arsenal’s analysis in this case has revealed that Surendra Gadling’s computer was compromised for just over 20 months by the same attacker identified in Reports I and II. The attacker responsible for compromising Mr Gadling’s computer had extensive resources (including time) and it is obvious that their primary goals were surveillance and incriminating document delivery.
“Arsenal has effectively caught the attacker red handed, based on remnants of their activity left behind in file system transactions, application execution data, and otherwise. It is important to note that Arsenal has also recovered communications with the attacker’s command and control server from Mr Gadling’s computer.
“Arsenal has connected the same attacker to a significant malware infrastructure which was deployed over the course of approximately four years to not only attack and compromise Mr Gadling’s computer for 20 months, but to attack his co-defendants in the Bhima-Koregaon case and defendants in other high-profile Indian cases as well.”
The Post has verified the findings with independent experts.
In May, the National Investigation Agency had opposed Wilson’s plea to quash the case on the basis of Arsenal’s reports on a digital copy of electronic evidence seized from his home in Delhi.
In an affidavit to Bombay High Court, the NIA had said: “However, this report does not form part of the chargesheets which are filed by the NIA and the Pune police. It is a settled position of law that documents which are not part of the chargesheet cannot be relied upon by Mr Wilson and as such there is no question of looking into the report of Arsenal Consultancy and the entire petition deserves to be rejected.”
Gadling, a Dalit, was the counsel for paraplegic academic G.N. Saibaba, serving a life sentence for links to the banned CPI (Maoist), Dalit author Sudhir Dhawale and Kabir Kala Manch activists under trial in the Bhima-Koregaon case.
Relatives and friends of the 16 undertrials said in a statement on Monday night: “His (Fr Stan’s) claims that these documents had been surreptitiously planted was firmly upheld through the stunning disclosures of Arsenal Consulting…. We are outraged that Father Stan had to pay the price of this malicious fabrication of evidence with his life.”
The statement added: “Later, as his health continued to deteriorate in prison, his medical bail plea was mechanically turned down by the same blind, unfeeling and insensitive NIA court. Even his Covid disease was not diagnosed in jail, and could only be detected after he was moved to the hospital on orders of the (Bombay) High Court….
“While we grieve the passing away of Father Stan Swamy, we unequivocally hold the negligent jails, the indifferent courts and the malicious investigating agencies firmly responsible for his unfortunate death. We fear for the health and lives of our family members and colleagues who are facing the similar injustices in the same jails, under the same unaccountable system.”
Last year rights group Amnesty International and University of Toronto’s Internet watchdog Citizen Lab had revealed that in 2019, a coordinated spyware operation was used to target at least nine human rights defenders, eight of whom are campaigning for the release of the Bhima-Koregaon 16.
Also in 2019, Israeli spyware Pegasus — sold only to governments — was discovered to have been used to spy on human rights defenders by penetrating their mobile phones via WhatsApp.
Under constant grilling in the Rajya Sabha, that year, communications and IT minister Ravi Shankar Prasad had told the House: “To the best of my knowledge, no unauthorised interception has been done.”