Tag Archive for: planted
Hackers planted false files implicating Indian Jesuit Father Swamy who died in prison
NEW DELHI (CNS)—Catholic activists and priests want the Indian government to “take full responsibility” for the custodial death of Jesuit Father Stan Swamy after findings by U.S.-based digital forensic experts that false evidence was planted on the priest’s computer.
In a recent report, Arsenal Consulting, a Massachusetts-based digital forensics firm, said the “digital evidence used to arrest senior human rights defender Father Swamy in the Bhima-Koregaon case was planted on his computer’s hard drive.”
The 84-year-old Jesuit, a rights activist based in eastern Jharkhand state, died in a hospital while imprisoned in Mumbai in July 2021 after being denied bail on medical grounds, despite suffering from multiple age-related ailments.
He was arrested Oct. 8, 2020, by India’s anti-terror National Investigation Agency and accused of being party to a conspiracy allegedly hatched by outlawed Maoist rebels to unleash mob violence at Bhima-Koregaon, in the western state of Maharashtra, Jan. 1, 2018.
Ucanews.com reported Arsenal said “the attacker responsible for compromising Father Swamy’s computer had extensive resources (including time), and it is obvious that the primary goals were surveillance and incriminating document delivery.”
Disclosing details of the findings, Jesuit Father Joseph Xavier said in a statement that the hackers “first attacked Father Swamy’s computer on Oct. 19, 2014, using a Remote Access Trojan (RAT) called Netwire.”
“The report (by Arsenal) shows examples of the hackers being able to read his passwords as he was typing them, as well as other documents and emails,” said Father Xavier, who is also a convener of the Father Stan Swamy Legacy Committee of the Jesuits.
The hacker also read as many as 24,000 files on Father Stan’s device and planted files between July 2017 and June 2019, Father Xavier said, quoting from the report.
“Over 50 files were created on Father Swamy’s hard drive, including incriminating documents that fabricated links between Father Stan and the Maoist insurgency. The final incriminating document was planted on Father Stan’s computer on June 5, 2019, a week…
Hackers Planted Files to Frame Indian Priest Who Died in Custody
According to Arsenal, Swamy never touched the files himself. After his devices were seized by Pune City Police, those files were among the digital evidence used to charge him and the other Bhima Koregaon 16 defendants with terrorism as well as inciting a riot in 2018 that led to two deaths.
All of Arsenal’s findings, the firm notes, match the earlier cases of evidence fabrication, seemingly carried out by the same hackers, that targeted the two defendants’ machines that Arsenal examined earlier. “Arsenal has effectively caught the attacker red-handed (yet again),” the report adds.
On Swamy’s computer, however, Arsenal also found something new: The hackers seem to have begun what Arsenal calls “antiforensics”—a clean-up operation–on June 11, 2019, deleting files that revealed its access to Swamy’s machine in an apparent attempt to cover their tracks, just a day before Pune Police seized Swamy’s computer on June 12 of that year. Arsenal describes that attempt at anti-forensics as “both unique and extremely suspicious given the computer’s imminent seizure.”
In other words, the hackers wanted to plant fake evidence that could be revealed to incriminate Swamy while also deleting actual evidence of their fabrications that might be discovered in legal proceedings, says Tom Hegel, a researcher for security firm Sentinel One. (Hegel and his colleague Juan Andres Guerrero‑Saade published their own findings on the Bhima Koregaon hacking cases this year.) Hegel argues the timing of that deletion, which he says displays a sloppy urgency, suggests the hackers somehow knew the seizure of Swamy’s devices was coming, and after five years of stealthy access to his computer, scrambled to erase their fingerprints. “The timing and the rushed cleanup effort is, in my opinion, clear evidence of collusion between the police unit and the attackers at that point,” Hegel says.
That cleanup is one of several signs that the hackers who targeted members of the Bhima Koregaon 16 may well have been working in league with the Pune City Police who arrested many of the defendants. Last June, Hegel and Guerrero‑Saade revealed to WIRED that an official in the Pune City Police appears to have added his own email…
Operation ShadowHammer: Hackers planted malware code in video games
Hackers infected Asian video game software houses by poisoning developer tools that left game players with trojanised code running on their computers. Read more in my article on the Tripwire State of Security blog.
Graham Cluley