EVIDENCE...
Arsenal Consulting, a Massachusetts-based digital forensics firm, surmised that Wilson’s computer was compromised by the same attacker for 22 months between 2016 and April 17, 2018, when electronic evidence was seized by the Pune Police on suspicion of his alleged links with the violence that erupted in Bhima Koregaon village in Maharashtra on January 1, 2018, during the bicentennial celebrations of a British-era war commemorated by Dalits.
The firm found that malware had been installed in Wilson’s computer on June 13, 2016, after someone using the email account of Varavara Rao — who is one of the accused in this case — sent a phishing mail to Wilson. A Netwire remote access trojan (RAT) was installed on Wilson’s Hewlett Packard Pavilion notebook once he clicked on what he thought was a mere Dropbox link. This allowed the attacker to conduct surveillance and plant incriminating documents, its report stated.
“The report of Arsenal Consulting is an attempt to tarnish the investigation and the evidence collected therein,” an official close to the investigation and who did not wish to be named said.
The forensics report suggested the attackers deployed a commonly used strategy known as spear phishing. The attackers send an email that appears to be from a trustworthy source, convincing the target to click on attachments that deliver what is known as the exploit, or the piece of code that opens a backdoor and ultimately allows for malware to be installed.
Analysing the forensic images obtained from the Toshiba hard drive inside Wilson’s computer as well as a Sandisk Cruzer Blade thumb drive that was attached to it, the report stated that the attacker copied documents into the thumb drive on March 14, 2018, and later created a warren of dummy folders containing dummy data “so that the victim would not stumble upon them”.
These incriminating documents were delivered to Wilson’s computer by Netwire and no other means, the report stated.
“The essential evidence in the case is electronic evidence. There is no mention of arms or ammunition. The Arsenal report examined 10 of the letters and found that they were planted. Wilson was not aware of these documents, nor did he open them. In our opinion, this punches a hole in the prosecution’s case,” said Mihir Desai, one of the lawyers in the Bhima Koregaon case.
“The report of Arsenal Consulting is sufficient grounds for quashing of the FIR and chargesheet against Wilson and his co-accused,” a senior counsel who represented Wilson said.
Other documents that Wilson reportedly authored were saved to a PDF format using either Microsoft Word 2010 or 2013, neither of which versions were installed in his computer, the report added. It also found that the same attacker had also launched a similar malware attack against other co-defendants of this case over a period of four years.
“Arsenal has connected the same attacker to a significant malware infrastructure which has been deployed over the course of approximately four years to not only attack and compromise Mr Wilson’s computer for 22 months, but to attack his co-defendants in the Bhima Koregaon case and defendants in other high profile Indian cases as well,” the report stated.
Wilson’s petition argued that in light of the Arsenal report, any prosecution against him or the other co-accused — there are 15 other prominent activists, academics and lawyers, among others — would be a “travesty of justice”.
“In view of this, any further prolonging of the case against the petitioner and the co-accused will be an absolute and continued travesty of justice, apart from sanctifying the abuse of process of law and will lead to further violation of the petitioners and co-accused fundamental rights,” the petition read.
Investigating officials said that videos were taken of all the evidence seized by the Pune Police from Wilson’s residence, which included hard disk, CDS, laptop, mobile phones, memory cards, etc. These were enumerated in a seizure memo following due procedure following which a strict “chain of custody” was maintained. The evidence was sent to Regional FSL Pune for further examination. The report did not indicate any instance of tampering with the digital devices.
Forensic images of digital devices along with final reports are provided to accused persons as mandated by the Code of Criminal Procedure.
Arsenal used tools to decrypt and parse Netwire logs and Quickheal database fragments. The report claimed that the firm was able to reconstruct the events of how Wilson’s computer was compromised, which also included synchronising files between Wilson’s computer and another server.
Netwire logs are files that contain keystrokes and other information such as browsing history, saved passwords, composed emails and editing documents.
The hack was technically not sophisticated and appears to be inspired by Soviet-era espionage, cyber security experts said.
“Going by Arsenal Consulting’s findings, the technical methods of compromise seem crude. However, the overall mechanism is strangely reminiscent of the methods used by unrelenting and aggressive Russian intelligence agencies. They are known to place kompromat (compromising material like child pornography) inside the computers of unwitting activists, dissenters and opponents,” said Pukhraj Singh, a cyber threat intelligence analyst. transported to the state from other states. This cascading effect of the economic crisis is expected to remain for at least first few months of the next financial year, which has made mobilisation of taxes more important,” said a minister after the meeting.
The Indian Army occupied a series of key heights to prevent the People’s Liberation Army (PLA) from grabbing territory on the southern bank of Pangong Tso in a stealthy midnight move on August 29, 2020. The Indian side’s control of ridgeline positions on the southern bank allows it to dominate the sector and keep an eye on Chinese military activity. These positions are scattered across Rezang and Reqin passes, Gurung Hill and Magar heights, while the PLA also holds some features on the southern bank.
This is the second attempt to disengage frontline troops to resolve the standoff that began last May. Disengagement in Galwan valley took place in early July, but it didn’t progress in other areas. India has consistently pushed for comprehensive disengagement at all friction points and restoration of the status quo ante of early April 2020. Former Northern Army commander, Lt Gen (retired) DS Hooda, said: “On the face of it, the disengagement is a positive step. I think we will have to wait for details of the process, whether it includes all military presence or only heavy equipment.” Vipin Narang, associate professor of political science at the Massachusetts Institute of Technology, said: “Let’s see what happens. Any movement toward disengagement is good, but it has to be real and sustained, and verified not just in Pangong but eventually elsewhere as well. It can’t be China pretending to disengage and India pretending to believe it.” Qian Feng, of the National Strategy Institute at Beijing’s Tsinghua University, described China’s announcement as a positive move. taken any action on accounts that consist of news media entities, journalists, activists, and politicians. To do so, we believe, would violate their fundamental right to free expression under Indian law.”
The statement, released on Wednesday morning, prompted an initial response from the ministry of electronics and information technology (Meity) — significantly, on Koo, a homemade social media website meant to rival Twitter — and appeared to signal an escalation of a confrontation brewing for over a week.
Throughout the day, several government officials expressed dismay with Twitter’s actions, echoing remarks from last week when the government said the company was not in a position to judge its directions and had to follow them.
Representatives from the ministry and Twitter’s global policy and safety teams met later, where the Meity “secretary expressed his deep disappointment” about Twitter’s response. “He took this opportunity to remind Twitter that in India, its Constitution and laws are supreme. It is expected that responsible entities not only reaffirm but remain committed to compliance to the law of land,” Meity said in a statement after the meeting in the evening.
A government official, who asked not to be named, said Twitter cannot pick and choose which accounts to block. A second official, who asked not to be named, however, was more reconciliatory, saying that the company appeared to have “taken down 95% of the accounts and posts” the government flagged.
HT reviewed Twitter’s disclosures to the Lumen database — a nonprofit repository meant to track online censorship — on the Indian government’s requests and found that the company had removed 702 URLS in all. These included posts as well as accounts.
The government is believed to have handed over a list of 1,300 URLS (for accounts as well as posts) in its two orders.
The first government official quoted above said: “We respect freedom of expression, but it comes with reasonable restrictions. Hesitatingly taking action or begrudgingly taking down accounts is unacceptable.” The government, this person said, was seeking legal options while exercising restraint.
On its part, Twitter too said that it was seeking legal option. “We will continue to advocate for the right of free expression on behalf of the people we serve. We are exploring options under Indian law — both for Twitter and for the accounts that have been impacted,” it said.
The confrontation between the two sides started in the aftermath of the January 26 violence in the Capital during the farmers’ protests.
Legal experts say that at the heart of this dispute could be the nature of section 69A, which is opaque. “Under section 69A, and particularly rule 16, a company is under obligation of confidentiality, so we don’t actually know what reasons were cited by the government in its orders. It is not untenable for a private company to refuse to comply with directions under this section if it believes the direction is not consistent with law,” said Amber Sinha, technology lawyer and executive director of Centre for Internet and Society. . The company said it took three steps to partially address the government’s directions: it reduced the visibility of certain hashtags “containing harmful content”, took enforcement action – “including permanent suspension” against over 500 accounts, and blocked from access in India several of the others identified by the government.