The Arsenal Consulting, an internationally renowned digital forensic firm in its recent report states that digital evidence used to arrest senior human rights defender Father Stan Swamy in the Bhima-Koregaon case was planted on his computer’s hard drive.
This report follows previous reports which documented digital evidence planting on the devices of co-defendants Rona Wilson and Surendra Gadling. Forensic analysis has shown that the hackers who attacked Father Stan’s computer are the same as those who attacked Wilson and Gadling.
Multiple findings link the Indian state to this hacking of human rights defenders. Cybersecurity firm SentinelOne has previously investigated this attacker, and concluded that their “activity aligns sharply with Indian state interests.”
The Arsenal report states:
“The attacker responsible for compromising Fr Swamy’s computer had extensive resources (including time) and it is obvious that their primary goals were surveillance and incriminating document delivery. Arsenal has effectively caught the attacker red handed (yet again), based on remnants of their activity left behind in file system transactions, application execution data, and otherwise.”
In June 2022, “Wired” magazine reported that SentinelOne had found evidence linking the Pune police to the hackers. Forensic findings also indicate that hackers had advance knowledge of the raid on Father Stan conducted by the Pune police. The report provides detailed evidence of hackers attempting to erase evidence of their activities on the night of June 11, 2019. The Pune police seized Father Stan’s computer the very next day, on June 12.
Hackers first attacked Father Stan’s computer on October 19, 2014 using a Remote Access Trojan (RAT) called Netwire. RATs allow an attacker to both remotely surveil someone’s computer, and to transfer files from and to the computer.
In Father Stan’s case, every single thing he typed was recorded using a process called “keylogging.” The report shows examples of the hackers being able to read his passwords as he was typing them, as well as other documents and emails. The hacker also surveilled as many as 24,000 files on Father Stan’s device.
In addition to surveillance, digital files were planted on Father Stan’s hard drive across two hacking campaigns starting in July 2017 and continuing till June 2019. Over 50 files were created on Father Stan’s hard drive, including incriminating documents that fabricated links between Father Stan and the Maoist insurgency.
The final incriminating document was planted on Father Stan’s computer on June 5, 2019, a week before the raid on Father Stan. It was on the basis of these documents that Father Stan was first arrested in the Bhima Koregaon case, in spite of experts raising serious doubts about the authenticity of the documents.
In June 2022, “Wired” magazine reported that SentinelOne had found evidence linking the Pune police to the hackers. Forensic findings also indicate that hackers had advance knowledge of the raid on Father Stan conducted by the Pune police. The report provides detailed evidence of hackers attempting to erase evidence of their activities on the night of June 11, 2019. The Pune police seized Father Stan’s computer the very next day, on June 12.
Hackers first attacked Father Stan’s computer on October 19, 2014 using a Remote Access Trojan (RAT) called Netwire. RATs allow an attacker to both remotely surveil someone’s computer, and to transfer files from and to the computer.
In Father Stan’s case, every single thing he typed was recorded using a process called “keylogging.” The report shows examples of the hackers being able to read his passwords as he was typing them, as well as other documents and emails. The hacker also surveilled as many as 24,000 files on Father Stan’s device.
In addition to surveillance, digital files were planted on Father Stan’s hard drive across two hacking campaigns starting in July 2017 and continuing till June 2019. Over 50 files were created on Father Stan’s hard drive, including incriminating documents that fabricated links between Father Stan and the Maoist insurgency.
The final incriminating document was planted on Father Stan’s computer on June 5, 2019, a week before the raid on Father Stan. It was on the basis of these documents that Father Stan was first arrested in the Bhima Koregaon case, in spite of experts raising serious doubts about the authenticity of the documents.
50 files were created on Father Stan’s hard drive, including incriminating documents, to fabricate links between Father Stan and Maoists
Analysis of Father Stan’s computer was carried out by Arsenal Consulting, a US-based digital forensics firm that has worked on landmark digital forensics cases including the Turkish OdaTV case and the Boston Marathon Bombing case. Arsenal’s previous findings have been replicated by Amnesty Tech and the University of Toronto’s Citizen Lab, and have been reported on by the Washington Post and NDTV.
Arsenal states that its findings can be replicated by any competent digital forensics expert. Arsenal Consulting’s President, Mark Spencer, said:
“The scale of what happened to Fr. Swamy and some of his co-defendants, in terms of the aggressive surveillance of their electronic devices which culminated in incriminating document deliveries over the course of years, is truly unprecedented.”
Father Stan Swamy’s death in custody was roundly condemned worldwide, including in the British Parliament, by the US State Department, and the UN. The UN Working Group on Arbitrary Detentions agreed that Father Stan’s death in custody “will forever remain a stain on the human rights record of India.” In July 2022, a resolution honoring Father Stan’s life and work was introduced in the US Congress.
Father Stan Swamy, renowned human rights defender, died in July 2021 when still under arrest in the Bhima Koregaon case. Eleven co-defendants in the Bhima Koregaon Case are still in prison and Gautam Navlaka is under house arrest.
I am grateful to Arsenal Consulting’s President Mark Spencer and his team for bringing out the truth with evidence and all people of goodwill who continue to stand for truth, justice to the last and the least, and peace.
The Jesuits of India continue to stand in solidarity with those who are languishing in various jails for defending the rights of the poor, especially those falsely implicated in BK16 case and reaffirm our commitment to the poor and the marginalized and walk with them in their quest for dignity, liberty, and freedom.
Father Stan Swamy’s death in custody was roundly condemned worldwide, including in the British Parliament, by the US State Department, and the UN. The UN Working Group on Arbitrary Detentions agreed that Father Stan’s death in custody “will forever remain a stain on the human rights record of India.” In July 2022, a resolution honoring Father Stan’s life and work was introduced in the US Congress.
Father Stan Swamy, renowned human rights defender, died in July 2021 when still under arrest in the Bhima Koregaon case. Eleven co-defendants in the Bhima Koregaon Case are still in prison and Gautam Navlaka is under house arrest.
I am grateful to Arsenal Consulting’s President Mark Spencer and his team for bringing out the truth with evidence and all people of goodwill who continue to stand for truth, justice to the last and the least, and peace.
The Jesuits of India continue to stand in solidarity with those who are languishing in various jails for defending the rights of the poor, especially those falsely implicated in BK16 case and reaffirm our commitment to the poor and the marginalized and walk with them in their quest for dignity, liberty, and freedom.
---
*Convenor, Fr Stan Swamy Legacy Committee of the Jesuits
*Convenor, Fr Stan Swamy Legacy Committee of the Jesuits
Comments