Bhima Koregaon case: Was evidence planted to implicate activists?

US-based digital forensics firm finds malware was used to plant incriminating letters!

bhima koregaon

Arsenal Consulting, a Massachusetts-based digital forensics firm has analysed an electronic copy of activist Rona Wilson’s laptop and arrived at the conclusion that an attacker used malware to infiltrate the laptop and place incriminating evidence on it, reported The Washington Post.

Rona Wilson is the public relations secretary for the Committee for Release of Political Prisoners. He was at the forefront of the struggle to release SAR Geelani in the 2001 Parliament attack case. Pune Police had raided his home in April 2018, and he was arrested on June 6, 2018.

He had been accused of being part of a conspiracy to assassinate Prime Minister Narendra Modi. Wilson was accused of channeling funds towards Maoist groups for this purpose. He was charged under the Unlawful Activities (Prevention) Act (UAPA) and the charges were based on a letter he allegedly wrote to a Maoist leader discussing the need for guns and ammunition, urging the group to assassinate the Prime Minister.

The Washington Post report says, “Arsenal’s report on the Indian case does not identify the perpetrator of the cyberattack. The analysis, which has not been previously reported, was reviewed by The Washington Post. Three outside experts who reviewed the document at The Post’s request said the report’s conclusions were valid,” adding, “Arsenal Consulting found that the letter — along with at least nine others — had been planted in a hidden folder on Wilson’s computer by an unidentified attacker who used malware to control and spy on the laptop.”

The Arsenal report finds that evidence tampering took place over a “vast timespan” as the period between the time the laptop was first compromised and the time when the last piece of incriminating evidence was placed on it was two years! This startling revelation suggests a vast conspiracy against Rona Wilson and perhaps even others.

Arsenal’s report gives details of the chillingly detailed and systematic manner in which the evidence was planted on Wilson’s laptop. According to the Washington Post, “Arsenal’s report gives a detailed account of the cyberattack. One afternoon in June 2016, it said, Wilson received several emails that appeared to be from a fellow activist he knew well. The friend urged him to click on a link to download an innocuous statement from a civil liberties group. Instead, the report says, the link deployed NetWire, a commercially available form of malicious software that allowed a hacker to access Wilson’s device.”

The Washington Post report further says, “Arsenal discovered records of the malware logging Wilson’s keystrokes, passwords and browsing activity. It also recovered file system information showing the attacker creating the hidden folder to which at least 10 incriminating letters were delivered — and then attempting to conceal those steps. The letters were created using a newer version of Microsoft Word that did not exist on Wilson’s computer, the report said. Arsenal found no evidence that the documents or the hidden folder were ever opened.”

The recent revelations are even more significant in light of similar revelations by Amnesty last year that nine people seeking to help the activists accused in the Bhima Koregaon case were also targeted with emails containing malicious links that deployed the NetWire malware.

At present the chargesheet in the case runs into thousands of pages, while the 16 accused have been suffering in custody, being denied bail repeatedly, most notably the sick and the elderly among them such as poet Dr. Varavara Rao and Jesuit Priest and Adivasi rights activist Fr. Stan Swamy. 


Rona Wilson worked for release of political prisoners, now a prisoner himself

Still no respite for Varavara Rao, Bombay HC reserves order

Fr. Stan Swamy SJ already ‘One Hundred Days in Prison’

The many plots to assassinate Narendra Modi



Related Articles