The Washington Post published a report confirming the cyber attack on Rona Wilson’s laptop to plant evidence against a group of Indian activists. Rona Wilson was arrested for allegedly plotting to overthrow the government. The report also notes that the rule of law under Prime Minister Narendra Modi is in crisis. A 2019 story in Caravan magazine revealed that the hard disk of human rights lawyer Rona Wilson, part of the evidence supposedly incriminating him, was tampered with.
According to a new report from Arsenal Consulting, a Massachusetts-based digital forensics company that analyzed an electronic copy of the laptop at the behest of Wilson’s lawyers, an intruder used ransomware to hack a laptop belonging to one of the activists, Rona Wilson, before his arrest and stored at least 10 incriminating letters on the computer.
Arsenal was founded in 2009 and, in several high-profile cases, including the Boston Marathon bombing, has done digital forensic research.
Many of the activists have been jailed under a draconian anti-terrorism law for more than two years without charge. government opponents have faced threats, abuse and detention during Modi’s term, human rights organizations and legal analysts consider the case as an effort to silence opposition, Washington Post reported.
The study by Arsenal on the Indian case does not name the cyber attack suspect. The research was checked by The Washington Post, which was not previously published. Three outside experts who analyzed the document at the behest of The Post said the findings of the study were valid.
A lawyer defending Wilson, Sudeep Pasbola, told The Washington Post that the Arsenal report proved the innocence of his client and “destabilized” the activists’ prosecution case. Wilson’s lawyers included the report on Wednesday in a petition lodged in Bombay’s High Court asking judges to drop the lawsuit against their client.
There were more than a dozen activists named in the probe. They include Wilson, an activist based in Delhi, as well as a labour lawyer, a prominent scholar, a poet, and a priest. All are champions of the interests of the most underprivileged groups in India, including indigenous peoples and Dalits, previously referred to as “untouchables.”
They’re vocal critics of the government of Modi. The allegations accusing them of collaborating with an outlawed Maoist rebel group to launch an uprising against the Indian state have been denied.
The initial charges against the activists were heavily focused on incriminating letters, especially from Wilson’s laptop, retrieved from electronic devices.
A letter that police said Wilson had written to a Maoist militant was the most explosive accusation, in which Wilson addressed the need for arms and ammunition and encouraged the banned organization to assassinate Modi. Arsenal Consulting discovered that an anonymous intruder who used malware to monitor and spy on the laptop planted the letter, along with at least nine others, in a secret folder on Wilson’s computer.
“This is one of the most serious cases involving evidence tampering that has ever been encountered by Arsenal,” the study said, citing the “vast period” between the time the laptop was first hacked and the time the intruder delivered the last incriminating text, almost two years.
The report by Arsenal provides a thorough account of the cyber attack. Wilson sent multiple emails that seemed to be from a fellow activist he knew well one afternoon in June 2016, it added. The friend encouraged him to click on a link to download a statement from a civil liberties group which was harmless. Instead, the report says, the link deployed NetWire, a type of malicious software that was commercially accessible that allowed a hacker to access Wilson’s computer.
Arsenal uncovered evidence of Wilson’s keystrokes, passwords and browsing activity being logged by the malware. It also retrieved information from the file system showing the intruder building the secret folder to which at least 10 letters of incrimination were sent and then trying to mask those moves. The letters were generated using a newer Microsoft Word version that did not exist on the computer of Wilson, the study said. No proof was found by Arsenal that the papers or the secret folder had ever been accessed.
The attack was called “very organized” and “extremely dark” in nature by Spencer, Arsenal’s chief. Arsenal spent over 300 hours studying the contents of the laptop, he said.