Activist Rona Wilson (Image: YouTube/ Dalit Camera)
Key evidence against Rona Wilson and 15 other rights activists and intellectuals accused in the Bhima Koregaon case was planted using a malware on his laptop, The Washington Post has reported.
A new forensics report by Arsenal Consulting, a US digital forensics firm has revealed that an attacker had used a malware to infiltrate the laptop belonging to Wilson before he was arrested. The hacker had deposited as many as 10 incriminating letters on the system.
The Pune Police used these letters as its primary evidence against the accused.
One of the letters retrieved from Wilson’s laptop was addressed to a Maoist militant requesting them to assassinate Prime Minister Narendra Modi. In the letter, Wilson reportedly also discussed the supply of guns and other ammunition.
The Arsenal Consulting report said these letters were planted on Wilson’s computer and the attacker also controlled and spied on his device with the help of a malware.
Notably, Arsenal has not identified the perpetrator of the cyberattack on Wilson’s laptop yet.
Arsenal claimed that “this is one of the most serious cases involving evidence tampering” they have ever seen. Their report said the cyber attacker compromised the contents of the laptop over almost two years.
It started back in June 2016, when Rona Wilson received a couple of emails from a person who appeared to be a fellow activist acquainted to him. The other activist had reportedly urged him to click on a link to download a statement from a civil liberties group. However, upon being clicked, the link deployed NetWire, which gave the hacker the access to Wilson’s device.
The hacker used the malware to create a hidden folder where the 10 incriminating letters were deposited. The letters, as per Arsenal, were drafted using an advanced version of Microsoft Word that did not even exist on Wilson’s laptop.
The digital forensics firm also found zero evidence of the documents or the hidden folder ever being opened by Wilson.
The Arsenal report noted that Wilson was not the hackers only victim. Amnesty International had revealed in 2020 that nine people who tried to help the activists accused in the Bhima Koregaon case were also targeted with emails containing similar malicious links that deployed NetWire.
Interestingly, in both Amnesty and Arsenal’s reports, the same domain names and IP addresses have appeared.
The accused were arrested and charged with “waging war against the nation” and spreading the ideology of the CPI (Maoist), besides creating caste conflicts and hatred in the society after one person died, and several others sustained injuries following violent clashes in Maharashtra’s Pune on January 1, 2018.
The incident took place when people had gathered in the Koregaon area to celebrate the 200th anniversary of the Battle of Koregaon – in which a British battalion comprising of Dalit soldiers had defeated the Peshwas. The Dalits celebrate this as their day of victory over the “oppressive” upper caste rulers.
The activists, including Gautam Navlakha, Sudha Bhardwaj, and Varavara Rao, police alleged, funded the Elgar Parishad meeting held on December 31, 2017, where inflammatory speeches were made, which eventually led to the violence.
The case was transferred to the National Investigation Agency (NIA) in January 2020 after the Bharatiya Janata Party government in Maharashtra lost the elections to the Shiv Sena-Congress-NCP alliance.