Modi govt exposed on Bhima-Koregaon case. Key evidence against a group of Indian activists accused of plotting to overthrow the government was planted on a laptop seized by police, a new forensics report concludes, deepening doubts about a case viewed as a test of the rule of law under Prime Minister Narendra Modi. An attacker used malware to infiltrate a laptop belonging to one of the activists, Rona Wilson, before his arrest and deposited at least 10 incriminating letters on the computer, according to a report from Arsenal Consulting, a Massachusetts-based digital forensics firm that examined an electronic copy of the laptop at the request of Wilson’s lawyers. Many of the activists have been jailed for more than two years without trial under a stringent anti-terrorism law. Human rights groups and legal experts consider the case an attempt to suppress dissent in India, where government critics have faced intimation, harassment and arrest and during Modi’s tenure. For at least 22 months before the Pune Police raided Rona Wilson’s home in New Delhi and arrested him, a cyber attacker had allegedly gained access to his laptop and planted at least 10 incriminating letters on it.
A report from a Massachusetts-based digital forensics firm, Arsenal Consulting, has posed serious questions about the credibility of the letters that the investigating agencies have used to implicate Wilson and 15 other rights activists arrested in the ongoing Elgar Parishad case of 2018. The firm was approached by Wilson’s defence team to examine the electronic evidence on July 31 last year.
The case, initially investigated by the local Pune police, was handed over to the National Investigation Agency in January 2020, soon after the Bharatiya Janata Party government fell in Maharashtra and a tri-party alliance government – comprising the Shiv Sena, Nationalist Congress Party and Congress – took over.
One of the prime accused in the sensitive Bhima-Koregaon case, Rona J. Wilson has moved the Bombay High Court demanding a Special Investigation Team (SIT) to probe fake evidence planted into his computer and dismissal of the case against him, here on Wednesday.
The plea has been filed through his lawyer R. Sathyanarayanan and comes in the wake of a report by a US-based digital forensic firm Arsenal Consulting which has said that Wilson’s laptop was hacked and 10 letters planted in it prior to his arrest.
These letters were used by the Pune Police and later the National Investigation Agency as the basis of their evidence against Wilson and other activists arrested in the famous Bhima-Koregaon case.
Arsenal Consulting claimed that not only was Wilson’s computer ‘attacked and compromised’ from June 13, 2016 for over 22 months, but similar malware attacks were made on even other accused in other high-profile Indian cases.
The hacker, who has not been identified, had used the malware to create hidden folders where the 10 incriminating letters were sent using an advanced version of MS Word which was not available on Wilson’s laptop.
The US firm’s report further said that it found no evidence suggesting that Wilson ever interacted with the top 10 most important documents used to prosecute him, and said he had in fact never opened those documents.
While making the series of sensational arrests in nationwide raids during 2018, the Pune Police had contended that among other things, the accused were hatching a conspiracy to assassinate Prime Minister Narendra Modi and overthrow the legitimately elected government.
When questioned on this, Bharatiya Janata Party Leader of Opposition, Devendra Fadnavis – who was Chief Minister at the relevant time – guardedly denied knowledge on this, but said that there was clinching evidence available on the ‘Urban Naxals’ case.
He said that the Supreme Court has declined them bail owing to the strong evidence but preferred further comments as the matter is sub-judice.
Wilson was among over two dozen accused nabbed from all over India for their alleged links with Maoist elements, for inflammatory speeches during the Bhima-Koregaon battle’s 200th anniversary on Jan. 1, 2018, which resulted in caste riots the following day which claimed at least one life.
They were charged with ‘waging war against the nation’, spread the ideology of the banned CPI (Maoist) groups, inciting caste conflicts and hatred in society, etc.
In Jan. 2020, the Bhima-Koregaon and the related Elgar Parishad cases were handed over by the BJP at the Centre to the NIA despite strong opposition by the newly-elected Maha Vikas Aghadi (MVA) government of Shiv Sena-Nationalist Congress Party-Congress.
The report released by Arsenal Consulting gains significance as the investigation agency’s case is solely dependent on the “evidence” they claimed to have seized from arrested persons, including from Wilson’s computer.
“The attacker responsible for compromising Wilson’s laptop had extensive resources including time and it is obvious that their primary goals were surveillance and incriminating document delivery,” the report states.
In a statement issued on Twitter, The US-based digital forensics firm’s president Mark Spencer said that his team worked ‘relentlessly’ on the “massive volume of electronic data provided to us in the Bhima Koregaon case”. He said the team has set an “extremely high bar for the practice of digital forensics in the future”.
Arsenal has connected the same attacker to a significant malware infrastructure which has been deployed over the course of approximately four years, to not only attack and compromise Wilson’s computer for 22 months but to attack his co-defendants and in other high-profile Indian cases too.
The report says, “It should be noted that this is one of the most serious cases involving evidence tampering that Arsenal has ever encountered, based on various metrics which include the vast timespan between the delivery of the first and last incriminating documents.”
The case was built on the letters purportedly written by Wilson, and another arrested person Surendra Gadling, a celebrated criminal lawyer from Nagpur. In all, 13 letters were allegedly found on their computers which implicated other accused persons like advocate Sudha Bharadwaj, academic Anand Teltumbde, poet Varavara Rao and others.
According to Arsenal’s report, just a few hours before Wilson’s house was raided on April 17, 2018, his computer was tampered with. The report shows that the last changes were made to his computer at 4:50 pm on April 16, 2018 and the very next day at 6 am, a team of the local Pune police, including then investigating officer Shivaji Pawar, had visited Wilson’s house in Munirka, New Delhi to carry out a raid.
According to the findings submitted by Arsenal Consulting, which have now been used as a base to file a petition seeking a special investigation into the case, 80-year-old Varavara Rao’s email ID was used to compromise Wilson’s laptop. “Mr. Wilson’s computer was compromised on June 13, 2016 after a series of suspicious emails with someone using VaraVara Rao’s email account. Rao is one of Mr. Wilson’s co-defendants in the case,” the report reads.
A similar email was sent to at least one other person, Nihalsing Rathod, who is a defence lawyer in the case. Rathod has been the target of at least two other cyber attacks, which also singled-out lawyers, activists, journalists and rights defenders.
Rathod was targeted using the Pegasus spyware, which exploited the video call feature in WhatsApp to install malware on a person’s phone. There seemed to be a clear pattern of anti-caste activists being targeted, including those connected to the Elgar Parishad case.
In another instance, Rathod was among those who were the target of a digital attack through emails. These emails were tailor-made to suit the interests of the individual receiver and were sent out between September and October 2019. The emails contained malware, which when installed, gives the attacker “full visibility and control”.
The Elgar Parishad case has seen several turns and twists, with every new chargesheet making new claims. The case had first begun with allegations that a group of “Urban Naxals” were planning a “Rajiv Gandhi style assassination” of Prime Minister Narendra Modi. This explosive claim was made by the Pune police soon after five persons – Wilson, Gadling, academic Shoma Sen, activist Sudhir Dhawale and activist Mahesh Raut – were arrested on June 6, 2018.
While the police claimed that the information allegedly plotting Modi’s assassination was found on Wilson’s laptop (that was seized in a raid carried out on April 17), no arrests were made in the case until June 6. This discrepancy has been questioned by the defence several times in their arguments.