Evidence used to charge an Indian with conspiring to assassinate the Indian prime minister and inciting violence during a protest in 2018 has been placed on his laptop, according to US digital forensics consultancy Arsenal Computing.
The man in question, Surendra Gadling, is a human rights activist and lawyer and a frequent critic of the Indian government. He was arrested in June 2018 after the commemoration of the Battle of Koregaon. The battle, which took place in 1818, saw British East India Company troops emerge victorious and greatly contributed to British rule of India. The battle involved fighters from many different nations, castes and religions, some of whom fought alongside the British. It remains controversial to the present day, with a tinge of traitor sometimes applied to those who fought with the British. The events of 2018 marking the bicentenary saw violence erupt and at least one person killed.
Gadling was subsequently charged with inciting violence during the 2018 event, belonging to Communist and / or Maoist groups, and even conspiring to assassinate the Indian prime minister.
Other activists have also been arrested and face similar charges, in what is now known as the Bhima Koregaon case.
Arsenal Computing has already published two reports on the case, and in both cases the malware targeted Rona Wilson, an activist who was also arrested and charged.
The attacker identified in Arsenal Reports I and II has targeted Rona Wilson (and others) with multiple campaigns involving various malware, and remains exist far beyond the personal computers involved in the Bhima Koregaon case. We have analyzed many emails from these campaigns. #DFIR
– Arsenal Consulting (@ArsenalArmed) April 21, 2021
Arsenal’s latest report [PDF] finds that Gadling’s laptop has been compromised by attackers aiming to “monitor and deliver incriminating documents”.
The report details the use of the NetWire malware, traces its installation in a specific email from February 2016, and offers evidence of extensive communication with a command and control server. It also identifies 14 documents that were delivered to a hidden folder by NetWire. This folder was then moved from a volume created by NetWire to the primary Windows volume on the laptop.
The documents are emails to and from Gadling, many of which detail planned operations, discuss funding for those operations, identify “easy targets” to target, and mention other activists who can assist in these efforts.
The Arsenal report states that none of the 14 documents “were ever legitimately used on Mr. Gadling’s computer, either at their original location on the tertiary volume or at their current location on the Windows volume “.
The company was also unable to find any evidence that the documents were ever opened!
Arsenal also dated the documents as having emerged on June 22, 2017 – on the same day documents were also handed over to a hidden folder on Rona Wilson’s computer.
The company offered no conclusions as to who used NetWire to target Gadling and Wilson, but noted that it had seen the same activity “in other high-profile Indian cases as well.”
Indian authorities have yet to respond to the report, but the document is explosive. The central Indian government transferred the case to its jurisdiction instead of leaving the state authorities to handle the case.
India’s central government is not sympathetic to its critics and has decided to shut down social media and telecommunications networks on the grounds that it prevents violence.
This attitude is evident in its continued struggle with Twitter over the microblogging service’s timid moves towards compliance with the Intermediary Guidelines and the Digital Media Code of Ethics – a new law that allows the Indian government to regain control. original poster of any material he finds. objectionable.
Twitter is facing several cases for its actions, and yesterday one of them revealed that the Indian government has officially ruled that the social network has lost its immunity from legal action over the charges that its users are posting content that infringes local laws.
This change opens Twitter to even more lawsuits. Â®