A new digital forensics report has found that multiple incriminating documents were planted on the laptop of activist Stan Swamy, who was named an accused in the Elgar Parishad case and who passed away last year in prison.
A new report by Massachusetts-based digital forensics firm, Arsenal Consulting, said that “Swamy was the target of an extensive malware campaign for nearly five years, the longest known for any defendant, right up until his device was seized by police in June 2019,” the Washington Post reported.
“During that period, the hacker gained full access and had complete control over his computer, dropping dozens of files into a hidden folder without his knowledge,” the Post said, citing the Arsenal report.
The National Investigation Agency (NIA) had arrested him on October 8, 2020. He was the 16th person to be arrested in connection with the case and charged since June 2018.
According to the report, these documents, including the so-called ‘letters to Maoists’, are cited by the police as evidence against Swamy and others.
The NIA didn’t respond to the newspaper’s request for comments.
The new findings were released after Arsenal examined an electronic copy of Swamy’s computer, at the request of his lawyers, it added.
Arsenal’s report said Swamy’s laptop was infected beginning in October 2014 with NetWire, a malware focused on password stealing and keylogging, and also includes remote control capabilities.
The hacker copied more than 24,000 files and folders from Swamy’s computer onto his own server, the report said.
“On the night of June 11, 2019, hours before Swamy’s computer was seized by the police, the hacker performed an extensive ‘cleanup’ of their activities, including getting rid of malware and surveillance data and creating distractions by copying a large number of files into folders used maliciously before the cleanup,” the report said.
Interestingly, it also said that the same hacker had targeted activist Rona Wilson and lawyer Surendra Gadling—both accused in the Elgar-Parishad case. The hacker, as per the report, used the same command, control servers and NetWire configurations, including the hacker’s passwords.
In December last year, Arsenal Consulting had confirmed that Wilson was a victim of both surveillance and incriminating document delivery for close to a year before his arrest on June 6, 2018.
In June, tech magazine Wired had claimed, citing researchers from SentinelOne, an American cybersecurity firm, that the hacking of e-mail accounts of activists Wilson, Varavara Rao and Delhi University professor Hany Babu were linked to the Pune police.