Provable connection between police and people who planted false evidence against Bhima-Koregaon accused: SentinelOne

Wired reports that Sentinel One has unearthed a connection between cops who arrested the accused and Modified Elephant, a hacking campaign that allegedly planted evidence on the devices of activists

bhima koregaon

In more shocking revelations in the Bhima Koregaon case, new information has emerged in connection with an alleged state-sponsored conspiracy against the human rights activists accused of masterminding the violence. Wired has now quoted researchers from security firm SentinelOne as saying that there is a link between the police and hackers.

“There’s a provable connection between the individuals who arrested these folks and the individuals who planted the evidence,” Juan Andres Guerrero-Saade, a security researcher at SentinelOne told Wired. “This is beyond ethically compromised. It is beyond callous. So, we’re trying to put as much data forward as we can in the hopes of helping these victims,” added Guerrero-Saade, who will present these findings at a Black Hat security conference in August, along with fellow researcher Tom Hegel.

Wired reports that “SentinelOne’s researchers revealed ties between the hackers and a government entity: none other than the very same Indian police agency in the city of Pune that arrested multiple activists based on the fabricated evidence.” It further reports, “SentinelOne’s new findings that link the Pune City Police to the long-running hacking campaign, which the company has called ModifiedElephant, center on two particular targets of the campaign: Rona Wilson and Varvara Rao.”

ModifiedElephant: A sinister hacking campaign

In February 2022, SabrangIndia had reported how Sentinel Labs, another US-based cybersecurity firm (after Arsenal) had discovered more evidence of Rona Wilson’s devices being targeted. According to Sentinel Labs, there were two separate sets of hackers who targeted Wilson’s devices. They were employed, possibly by the same entity that has “interests aligned with the Indian State”.

One of the groups of hackers who targeted Wilson’s devices is an entity Sentinel Labs called ModifiedElephant. A report by Sentinel Labs said, “ModifiedElephant is responsible for targeted attacks on human rights activists, human rights defenders, academics, and lawyers across India with the objective of planting incriminating digital evidence.” They also found that “ModifiedElephant has been operating since at least 2012, and has repeatedly targeted specific individuals,” and that “ModifiedElephant operates through the use of commercially available remote access trojans (RATs) and has potential ties to the commercial surveillance industry.”

According to Sentinel Labs, “The objective of ModifiedElephant is long-term surveillance that at times concludes with the delivery of ‘evidence’—files that incriminate the target in specific crimes—prior to conveniently coordinated arrests.” The report further said, “After careful review of the attackers’ campaigns over the last decade, we have identified hundreds of groups and individuals targeted by ModifiedElephant phishing campaigns. Activists, human rights defenders, journalists, academics, and law professionals in India are those most highly targeted. Notable targets include individuals associated with the Bhima Koregaon case.”

The report added on a chilling note, “We observe that ModifiedElephant activity aligns sharply with Indian state interests and that there is an observable correlation between ModifiedElephant attacks and the arrests of individuals in controversial, politically-charged cases.”

Activists implicated in Bhima Koregaon case targeted using malware and spyware

After it was discovered that Rona Wilson’s phone had been infected with the Pegasus spyware that was revealed to have been purchased by the Government of India as part of a 2-billion-dollar defence deal with Israel in 2017, there have been significant developments in the case.

In February 2022, the National Investigation Agency (NIA) sought the special court’s permission to hand over the devices of seven activists including Wilson to a special Committee constituted by the Indian Supreme Court to probe allegations related to the Pegasus scandal. The seven activists whose phones the NIA wanted examined are: Anand Teltumbde, Hany Babu, Rona Wilson, Shoma Sen, Sudha Bharadwaj and Vernon Gonsalves. Of these, only Bharadwaj is out on bail. Together these seven people have 26 devices that were seized, first by the Pune Police and then by the NIA.

An electronic copy of Rona Wilson’s laptop was first examined by US-based digital forensics firm Arsenal. In February 2021 it was revealed that an attacker used malware to infiltrate the laptop and place incriminating evidence on it. According to Arsenal’s report, “Rona Wilson’s computer was compromised for just over 22 months.” They also found, “The attacker responsible for compromising Mr. Wilson’s computer had extensive resources (including time) and it is obvious that their primary goals were surveillance and incriminating document delivery.”

Then in December 2021 it came to light that an analysis by the Amnesty International’s Security Lab revealed that two backups of an iPhone 6 belonging to Wilson had “digital traces showing infection by the Pegasus surveillance tool”, something that by Pegasus’s own admission was licenced only to vetted governments. The phone backups were shared with the Amnesty team by Arsenal.

Finally, a New York Times expose shed light on how the Government of India had purchased the Pegasus software as part of a package included in a $2 billion defence deal with Israel in 2017, thus bringing the entire controversy full circle.

Related:

Rona Wilson’s devices hacked by two groups of hackers employed by same entity: Sentinel Labs

Bhima Koregaon: NIA seeks permission to hand over phones of 7 accused to Pegasus Committee

Pegasus scandal: Did GoI engage in an elaborate cover-up?

Pegasus scandal: SC stays Justice Lokur Commission probe

Defence Ministry has had no transaction with Pegasus developer NSO Group: Centre in RS

Centre refuses to disclose use of Pegasus in affidavit, pleads national security

Pegasus Project: 5 targeted journalists move SC, say have been subject to intrusive hacking

Pegasus Snoopgate: RS MP, Journalists move SC for court monitored probe   

Trending

IN FOCUS

Related Articles

ALL STORIES

ALL STORIES