Hackers Planted Files to Frame Indian Priest Who Died in Custody

/in


According to Arsenal, Swamy never touched the files himself. After his devices were seized by Pune City Police, those files were among the digital evidence used to charge him and the other Bhima Koregaon 16 defendants with terrorism as well as inciting a riot in 2018 that led to two deaths.

All of Arsenal’s findings, the firm notes, match the earlier cases of evidence fabrication, seemingly carried out by the same hackers, that targeted the two defendants’ machines that Arsenal examined earlier. “Arsenal has effectively caught the attacker red-handed (yet again),” the report adds.

On Swamy’s computer, however, Arsenal also found something new: The hackers seem to have begun what Arsenal calls “antiforensics”—a clean-up operation–on June 11, 2019, deleting files that revealed its access to Swamy’s machine in an apparent attempt to cover their tracks, just a day before Pune Police seized Swamy’s computer on June 12 of that year. Arsenal describes that attempt at anti-forensics as “both unique and extremely suspicious given the computer’s imminent seizure.”

In other words, the hackers wanted to plant fake evidence that could be revealed to incriminate Swamy while also deleting actual evidence of their fabrications that might be discovered in legal proceedings, says Tom Hegel, a researcher for security firm Sentinel One. (Hegel and his colleague Juan Andres Guerrero‑Saade published their own findings on the Bhima Koregaon hacking cases this year.) Hegel argues the timing of that deletion, which he says displays a sloppy urgency, suggests the hackers somehow knew the seizure of Swamy’s devices was coming, and after five years of stealthy access to his computer, scrambled to erase their fingerprints. “The timing and the rushed cleanup effort is, in my opinion, clear evidence of collusion between the police unit and the attackers at that point,” Hegel says.

That cleanup is one of several signs that the hackers who targeted members of the Bhima Koregaon 16 may well have been working in league with the Pune City Police who arrested many of the defendants. Last June, Hegel and Guerrero‑Saade revealed to WIRED that an official in the Pune City Police appears to have added his own email…

Source…