Police forces around the world are increasingly using hacking instruments to identify and track protesters, reveal the “secrets of political dissidents” and to turn the computers and phones of activists into inevitable eavesdropping bugs. New clues in a case in India are now linking law enforcement to a hacking campaign that uses these tools to take a horrific step further: placing fake incriminating files on target computers, which the same police then used as grounds for arrest and imprisonment. .
More than a year ago, forensic scientists revealed that unidentified hackers fabricated evidence on the computers of at least two activists arrested in Pune, India, in 2018, both have been imprisoned and, along with 13 others, face terrorism charges. Researchers at security firm SentinelOne and nonprofits Citizen Lab and Amnesty International have since linked the fabrication of evidence to a wider hacking operation targeting hundreds of people for nearly a decade, using phishing emails to infect target computers with spyware. as well as sold hacking tools for smartphones. by Israeli hacker artist NSO Group. But it is only now that SentinelOne researchers have uncovered links between hackers and a government structure: none other than the same Indian police agency in the city of Pune, which has arrested many activists based on fabricated evidence.
“There is a proven link between the people who arrested these people and the people who laid the evidence,” said Juan Andres Guerrero-Saade, a security researcher at SentinelOne who, along with fellow researcher Tom Hegel, will present the findings to Black’s bodyguards. Hat conference in August. “This is beyond ethical compromising. This is beyond callousness. That’s why we try to provide as much data as possible in the hope of helping these victims. “
SentinelOne’s new findings, which link Pune police to a long-running hacking campaign the company called Modified Elephant, focus on two specific campaign goals: Rona Wilson and Varvara Rao. Both men are human rights activists and defenders who were imprisoned in 2018 as part of a group called Bhima Koregaon 16, named after the village where violence between Hindus and Dalits – the group once known as “untouchables” – erupted. earlier that year. (One of the 16 defendants, 84-year-old Jesuit priest Stan Swami, died in prison last year after contracting COVID-19. Rao, 81, in poor health, was released on bail, which expires next month. Of the remaining 14, only one is guaranteed.)
Early last year, Arsenal Consulting, a digital forensics firm working on behalf of the defendants, analyzed the contents of Wilson’s laptop, along with that of another defendant, human rights lawyer Surendra Gadling. Arsenal analysts found that the evidence was apparently fabricated for both machines. In Wilson’s case, malware known as NetWire has added 32 files to a folder on the computer’s hard drive, including a letter in which Wilson appears to have conspired with a banned Maoist group to assassinate Indian Prime Minister Narendra Modi. The letter was actually created with a version of Microsoft Word that Wilson never used and that was never even installed on his computer. Arsenal also found that Wilson’s computer was hacked to install the NetWire malware after he opened an attachment sent from Varvara Rao’s email account, which itself was compromised by the same hackers. “This is one of the most serious cases of falsification of evidence Arsenal has ever encountered,” Arsenal President Mark Spencer wrote in a report to an Indian court.