Report ‘links’ Pune Police to hacking campaign that ‘planted evidence’ on Bhima Koregaon suspects

New Delhi: At least three people charged with terrorism in Bhima Koregaon case may have been framed by Pune police, tech magazine says Wired claims in a report released Thursday, citing researchers from a US cybersecurity firm.

Researchers from cybersecurity firm SentinelOne – who reportedly spoke to a security analyst at a “certain email provider” – have determined that the email accounts of activist Rona Wilson, poet Varavara Rao and professor of University of Delhi Hany Babu had been hacked.

The Wired report claims that “false incriminating files” were planted on the computers of the three defendants “which the same police then used as grounds to arrest and imprison them”. SentinelOne named this “hacking campaign”, which allegedly targeted many individuals, “Modified Elephant”.

Additionally, the report of Wired alleges that “the addition of a new recovery email and phone number appears to have been intended to allow the hacker to easily regain control of the accounts if their passwords were changed”.

The account recovery email on all three accounts, according to the report, included the “full name of a Pune police officer who was closely involved in the Bhima Koregaon 16 case.” The report adds that the recovery phone number is listed along with the official’s name on “several web directories archived for the Indian Police, including the Pune City Police website.”

Two SentinelOne security researchers will present their findings at the Black Hat Security Conference in Las Vegas in August this year, Wired reported. “There is a provable link between the individuals who arrested these people and the individuals who filed the evidence,” said Juan Andres Guerrero-Saade, one of the researchers. Wired.

The Wired The report does not name the police official and says it received no response from Pune Police or the official in question in response to the hacking allegations.

The report follows claims by Massachusetts-based digital forensics firm Arsenal Consulting, which made similar claims in 2021 after reviewing the “contents of Wilson’s laptop, as well as that of another accused , human rights lawyer Surendra Gadling”.

Arsenal Consulting, working on behalf of the defendants in the Bhima Koregaon case, had claimed finding evidence that Gadling and Wilson’s computers had been hacked using malware called NetWire to plant incriminating documents, including “an explosive letter mentioning a conspiracy assassinate” Prime Minister Narendra Modi.

Read also : ‘Give Gautam Navlakha a speedy trial, bail,’ says advocacy body, wants NIA out of Bhima Koregaon case

Bhima Koregaon and ‘Modified Elephant’ Case

A total of 16 people were arrested in connection with a case of incitement to violence ahead of a gathering of tribal people in January 2018 to commemorate the battle of Bhima Koregaon in Pune district, Maharashtra. Among the defendants was an 84-year-old Jesuit priest Stan Swamydied in custody in July last year.

Pune Police had been investigating the Bhima Koregaon case for two years until January 25, 2020, when he was transferred to the National Investigation Agency (NIA) by the central government.

The report in Wired claims that researchers from SentinelOne and nonprofits Citizen Lab and Amnesty International have linked the “fabrication of evidence” in this case “to a larger hacking operation that targeted hundreds of individuals for nearly a year. decade, using phishing emails to infect targeted computers with spyware”. — an operation the researchers dubbed “Modified Elephant.”

Citing what a security analyst from a “certain email provider” told SentinelOne, the report adds that “hacked accounts were accessed from IP addresses that SentinelOne and Amnesty International had previously identified as being those of Modified Elephant”.

The security analyst told the cybersecurity firm that a phishing email was sent to Rona Wilson’s account in April 2018; it was around this time that the account appears to have been compromised using the same IP addresses linked to “Modified Elephant”, the report states.

In addition, the report also cites the findings of John Scott-Railton, a security researcher at Citizen Lab at the University of Toronto, to “prove that Pune City Police were monitoring recovery contacts on hacked accounts.”

Scott-Railton, who alleged that military-grade spyware Pegasus – developed by Israeli firm NSO – was used to target the smartphones of some of the defendants in the Bhima Koregaon case, reportedly consulted publicly available databases to establish that the recovery number and emails listed in the hacked account were linked to the “same Pune Police official”.

The Citizen Lab researcher also discovered that the profile picture of the WhatsApp account saved for the recovery phone number was a selfie of the same police officer. He appears to be the same officer who appeared “at police press conferences and even in a news photo taken during Varvara’s arrest. [sic] Rao”.

Additionally, the report of Wired cites the findings of another security researcher, Zeshan Aziz, who reviewed a leaked database of Truecaller – an application that identifies caller names from unknown numbers – to claim that the recovery number and the email listed in the hacked email accounts were the same as those listed under the name of the Pune Police Officer in “several web directories archived for the Indian Police, including on the Indian Police website city ​​of Pune”.

Wired also verified that at the time the accounts were compromised, the email provider would have sent a confirmation link or text message to any recovery contact information added to an email account, suggesting that the police were in fact monitoring this e-mail address and telephone number. number,” the report says.

(Editing by Amrtansh Arora)

Read also : ‘Left for dead’: Families of Bhima Koregaon defendants call for release, say conditions are poor

Comments are closed.