There are links between a Pune police official and a hacking campaign that targeted suspects in the Bhima Koregaon case, a report by news website Wired said on Thursday, citing information from an unnamed whistleblower from a company that provided email services to the targets.
The report is the latest in a series of clues that bring into question the provenance of the evidence used in the Bhima Koregaon case, in which several activists have been accused of terrorism through their alleged links to the extremist Maoist rebellion.
The new report, citing the email company employee, said that the email address with the suffix firstname.lastname@example.org and a phone number were added to the accounts of Rona Wilson, Varavara Rao and Hany Babu as recovery contact details. This created an ostensible second backdoor into the email accounts.
“There’s a provable connection between the individuals who arrested these folks and the individuals who planted the evidence,” the Wired report quoted Juan Andres Guerrero-Saade as saying.
The case was being investigated by then assistant commissioner of police Shivaji Pawar, who led the team that arrested 10 of the activists from different parts of the country. On Thursday, the officer refused to comment on the new report, saying he was no longer involved in the case that is now under the National Investigation Agency (NIA). “Please ask them about it,” he said.
Officials in the state police did not respond to requests for a comment.
The Bhima Koregaon case was transferred from the Pune police to the NIA in January, 2020, weeks after Nationalist Congress Party leader Sharad Pawar (unrelated to the police official) questioned the Bhima Koregaon case shortly after his party in alliance with the Shiv Sena and Congress came to power.
The experts, including Guerrero-Saade who is part of SentinelOne, will present the evidence at the Black Hat security conference in US in August, the report added.
SentinelOne first obtained the email address and phone number purportedly linked to the Pune police official from the email company employee.
Technical clues of the activists being purportedly hacked and evidence being planted first came in February, 2021 when cyber forensics company, Arsenal Consulting, concluded its analysis of Wilson’s computer. It found that Wilson’s computer was purportedly targeted with a malware that came from Rao’s email address, that was then used to plant 30 documents – some of these documents are among the key evidence of the prosecution.
A year later, on February, 2022, SentinelOne said it found more technical evidence, going back to 2012, of the same family of malware and methods being used by a hacking group it called ModifiedElephant. This group successfully targeted Wilson, it said.
Experts said the report signals an urgent need for surveillance reform in India. “Hacking of computer resources is a criminal offence under the IT Act, 2000. India needs surveillance reform to protect citizens against the use of such technologies by government authorities which harm our privacy and democratic ideals. We are committed towards advancing surveillance reform and prohibitions on the use of malware,” the Internet Freedom Foundation said in a statement.