OPEN APP
Home >News >India >Evidence was ‘planted’ in Bhima Koregaon case, US firm finds

Activist Rona Wilson, accused of fomenting violence in Bhima Koregaon in 2018, moved Bombay High Court on Wednesday seeking the quashing of criminal proceedings against him. The plea came in the wake of an American digital forensics consulting firm’s conclusion that fabricated evidence was planted in the gadgets, including a laptop and pen drive, which were seized from his house in April 2018 and on the basis of which he was arrested two months later.

Denying the claims of the report, National Investigation Agency (NIA) spokesperson Jaya Roy said: “The digital extracts which we have submitted in court along with the chargesheet were examined at RFSL (Regional Fore-nsic Science Laboratory, Pune), which shows no evidence of any malware in any laptop/device."

The petition, filed by Wilson’s lawyer Sudeep Pasbola, attached a copy of a digital forensic report from Arsenal Consulting, whose contents were first reported by The Washington Post. It also sought the constitution of a special investigation team to analyse the electronic evidence and compensation for wrongful detention.

Arsenal Consulting, a Massachusetts-based digital forensics firm, surmised that Wilson’s computer was compromised by the same attacker for 22 months between 2016 and 17 April 2018, when electronic evidence was seized by the Pune Police on suspicion of his alleged links with the violence that erupted in Bhima Koregaon village in Maharashtra on 1 January 2018, during the bicentennial celebrations of a British-era war commemorated by Dalits.

The firm found that malware had been installed in Wilson’s computer on 13 June 2016, after someone using the email account of Varavara Rao, one of the accused in this case, sent a phishing mail to Wilson. A NetWire remote access trojan (RAT) was installed on Wilson’s laptop once he clicked on what he thought was a mere Dropbox link, the firm said. This allowed the attacker to conduct surveillance and plant incriminating documents, it stated.

“The report of Arsenal Consulting is an attempt to tarnish the investigation and the evidence collected therein," said an official close to the probe who did not wish to be named.

The forensics report suggested the attackers deployed a commonly used strategy known as spear phishing. The attackers send an email that appears to be from a trustworthy source, convincing the target to click on attachments that deliver what is known as the exploit, or the piece of code that opens a backdoor and ultimately allows for malware to be installed.

Analysing the forensic images obtained from the hard drive inside Wilson’s computer, as well as a thumb drive that was attached to it, the report stated that the attacker copied documents into the thumb drive on 14 March 2018, and later created a warren of dummy folders containing dummy data “so that the victim would not stumble upon them".

These incriminating documents were delivered to Wilson’s computer by NetWire and no other means, the report stated.

“The essential evidence in the case is electronic evidence. There is no mention of arms or ammunition. The Arsenal report examined 10 of the letters and found that they were planted," said Mihir Desai, one of the case lawyers.

“The report of Arsenal Consulting is sufficient grounds for quashing of the FIR and chargesheet against Wilson and his co-accused," a senior counsel who represented Wilson said.

Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.

Never miss a story! Stay connected and informed with Mint. Download our App Now!!

Close
×
Edit Profile
My ReadsRedeem a Gift CardLogout