by Jayson Hawkins
Modern society puts tremendous value on innovations that make our jobs easier, and computers have certainly aided in that pursuit. Cops in India, however, have taken the idea of using computers to minimize effort to a new extreme by planting evidence on people’s computers and then arresting them. In 2019, police in Pune, India, arrested members of a group they dubbed the Bhima Koregaon 16 after a village where sectarian violence had flared the previous year between Hindus and Dalits. The suspects were charged with a variety of crimes under the nation’s broad anti-terrorism statutes, including plotting to assassinate the prime minister. Many of these prisoners seem, at first glance, to be poor terrorism suspects, such as an 84-year-old Jesuit priest and an 81-year-old lawyer, but in the four years since their arrests, none have been tried — and only two were granted bail.
The center of the police effort seemed to focus on Rona Wilson and Varvara Rao, social activists and human rights advocates who have had run-ins with local police before. The perception that the charges were fabricated made little difference, and like so many prisoners around the globe held for political reasons, there was little reason for the Bhima Koregaon 16 to hope.
Then forensic analysts at the security firm SentinelOne, along with researchers at Citizen Lab and Amnesty International, revealed that the evidence on the prisoners’ computers that police had used to arrest them was fabricated. More than that, the analysis revealed a provable connection between the hack that planted the evidence and the Pune police who made the arrests.
Juan Andres Guerrero-Saade, a researcher at SentinelOne, plans to present his findings at a Black Hat security conference. “This is beyond ethically compromised,” he said. “It is beyond callous.”
SentinelOne has gathered evidence of a long-running hacking operation they call “Modified Elephant.” The malware and server infrastructure found on Wilson and Rao’s computers were linked to a much larger campaign targeting journalists, activists, academics, and lawyers as far back as 2012. The hacks could, in the Bhima Koregaon 16 case, be tied through a recovery email to a police official who was directly involved in the case.
The technique in Modified Elephant was simple. Police used a phishing email, a message purportedly coming from a service provider inviting the user to log-in, thus revealing the target’s password. Fabricated documents were then planted on the device.
It is unusual for analysts to publicize findings of this nature, but a researcher who wished to remain anonymous had a simple explanation for why they had taken the exceptional step. “We generally don’t tell people who targeted them, but I’m kind of tired of watching shit burn,” he told WIRED magazine. “These guys are not going after terrorists. They’re going after human rights defenders and journalists. And it’s not right.”
The Pune city police were contacted about these revelations and declined to comment, but the Mumbai-based attorney representing some of the Bhima Koregaon 16, Mihir Desai, hopes to independently confirm the findings of SentinelOne. “We’ve known things have been planted. … By showing the police did this, it would mean there was a conspiracy to arrest these people. It would show the police have acted in a vicious and deliberate manner knowing fully well this was false evidence.”
Moreover, the whole scenario raises doubts about any investigation that relies on evidence pulled from computers. “What does it mean to have evidentiary integrity when you have a compromised device?” asked Guerrero-Saade. “What does it mean for somebody to hack a device for fact-finding in a law enforcement operation when they can also alter the contents of the device in question?”
To date, the Bhima Koregaon 16 remain jailed despite the proof of planted evidence, and across the globe, people are arrested daily on evidence that these revelations call into question. “The real concern here is the folks languishing in prison,” said Guerrero-Saade. “We’re hoping this leads to some form of justice.”
Sources: WIRED, techdirt.com
As a digital subscriber to Criminal Legal News, you can access full text and downloads for this and other premium content.
Already a subscriber? Login