Stan Swamy’s PC hacked, documents planted in Bhima Koregaon case: New analysis
Stan Swamy is now the third Bhima Koregaon suspect whose devices appear to have been compromised, according to experts. The others, of among 16 suspects, are Rona Wilson and Surendra Gadling.
One of the accused in the Bhima Koregaon case, tribal rights activist Stan Swamy, was the target of an alleged cyberattack, and the people behind it planted documents and attempted to clear their tracks a day before a police raid, a new report said on Tuesday.
Swamy died in custody last year at the age of 84.
American digital forensics company Arsenal Consulting, in a report submitted to the National Investigation Agency (NIA) court last week, claimed it found digital footprints of Swamy’s computer first being hacked with a spyware before several files were planted and a clean-up eventually being carried out. The analysis was first reported by Washington Post on Tuesday.
“The attacker responsible for compromising Swamy’s computer had extensive resources (including time) and it is obvious that their primary goals were surveillance and incriminating document delivery,” said the analysis.
Also read | Stan Swamy death: US Congressman asks India to set up independent investigation
Swamy is now the third Bhima Koregaon suspect whose devices appear to have been compromised, according to experts. The others, of among 16 suspects, are Rona Wilson and Surendra Gadling.
According to the analysis, Swamy’s computer was compromised by the same attacker involved in the other two hacks.
But, it noted, new clues to the attacker’s ways of working were found. “Arsenal has significant insight into the attacker’s activities on June 11, 2019, the day before Swamy’s computer was seized by Pune police… The attacker was using NetWire to perform an extensive cleanup of their malicious activities (including crude antiforensic activity) on this day, which Arsenal has found both unique and extremely suspicious given the computer’s imminent seizure.”
NetWire is the name of the malware that the hackers allegedly used to break into Swamy’s computer.
Swamy, the report said, was first hacked on July 20, 2017 and documents were delivered to his computer in two campaigns between then and June 5, 2019. The Jesuit priest, who was a tribal rights activist, was arrested in October 2020 when he became the oldest person to be detained under terror charges.
The Bhima Koregaon case, which relates to the violence that took place on the outskirts of Pune on December 31, 2017, eventually led to a larger trial that has now been taken over by the National Investigation Agency, with allegations that the accused were linked to the banned Maoist rebels.
NIA spokespersons did not respond to requests for a comment on the new report.
Frazer Mascarenhas, who was a close friend of Swamy and was appointed by the Jamshedpur Jesuit Providence as the late activist’s next of kin, said the courts will have to take cognisance of the report.
“We take for granted that it (computer) was hacked because there is no question of him being involved in any of what he was accused. From my month-long conversation with him, it was absolutely clear that it was a concocted case because he was successful in the courts of Jharkhand appealing on behalf of the tribals,” said Mascarenhas.
Swamy died on July 5, 2021 at the Holy Family hospital after suffering from multiple health problems.
