surrounding police forces The world is increasingly using hacking tools to identify and track protesters, reveal the secrets of dissidents and turn activists’ computers and phones into inevitable eavesdropping loopholes. Now, new leads in a case in India link law enforcement to a hacking campaign that uses the tools to go a step further: planting fake conviction documents on a target’s computer, then arresting and jailing them on that grounds by the same police.
A little over a year ago, the forensic analyst Revealing fabricated evidence by unidentified hackers The computers of at least two activists arrested in Pune, India, in 2018, both of whom are languishing in prison and facing terrorism charges along with 13 others. Researchers at security firm SentinelOne and nonprofits Citizen Lab and Amnesty International have since linked evidence forgery to a broader hacking campaign targeting hundreds of people over nearly a decade, using phishing emails to infect targeted computers with spyware, and The smartphone hacking tools for sale are provided by Israeli hacking contractor NSO Group. But only now have SentinelOne researchers uncovered a link between the hackers and government entities: It was the same Indian police agency in the city of Pune that arrested multiple activists based on fabricated evidence.
“There is a provable link between whoever arrested these individuals and whoever provided the evidence,” said Juan Andres Guerrero-Saade, a security researcher at SentinelOne, who will present the findings at a Black Hat security conference with researcher Tom Hegel. Aug. s meeting. “It goes beyond moral compromise. It goes beyond callousness. So we are trying to provide as much data as possible in the hope of helping these victims.”
SentinelOne’s new findings link the Pune City Police to a long-standing hacking campaign, which the company calls Modified Elephant, focused on two specific targets of the campaign: Rona Wilson and Varvara Rao. Both activists and human rights defenders were jailed in 2018 as part of a group called Bhima Koregaon 16, named after the village where violence between Hindus and Dalits erupted earlier that year . The group was once known as the “untouchables”. (One of the 16 accused, Jesuit priest Stan Swamy, 84, died in prison last year after contracting Covid-19. Rao, 81, in poor health, has been released on bail, Bail expires the next month. Of the other 14, only 1 was granted bail.)
Early last year, Arsenal Consulting, a digital forensics firm working on behalf of the defendants, analyzed the contents of Wilson’s laptop, as well as that of another defendant, human rights lawyer Surendra Gardlin. Arsenal analysts found evidence was apparently fabricated on two machines. In Wilson’s case, a piece of malware called NetWire had added 32 files to folders on the computer’s hard drive, including what Wilson appeared to be conspiring with the banned Maoist group to assassinate Indian Prime Minister Narendra Mohammad. A letter from Dee. In fact, the letter was created in a version of Microsoft Word that Wilson never used, or even installed on his computer. Arsenal also discovered that Wilson’s computer was hacked to install NetWire malware after opening an attachment sent by Varvara Rao’s email account, which itself had been hacked by the same hacker. “This is one of the worst cases of evidence tampering that Arsenal has ever encountered,” Arsenal president Mark Spencer wrote in a report to the Indian court.
In February, SentinelOne released Modified Elephant Detailed Report, analyzed the malware and server infrastructure used in the hacking campaign to show that two cases of evidence forgery analyzed by Arsenal were part of a larger pattern: Hackers targeted hundreds of activists, journalists, academics via phishing emails and lawyers, malware appeared back in 2012. But in the report, SentinelOne did not identify any individual or organization behind the modified elephant hack, only writing that “the activity is highly aligned with India’s national interests.”