Father Stan Swamy’s computer hard drive was allegedly planted with digital evidence that was used to arrest him in the Bhima-Koregaon case, according to the latest report by the internationally recognised digital forensic firm The Arsenal Consulting.
Fr. Stan Swamy was a Jharkhand-based Jesuit priest. He passed away while awaiting bail, and the 84-year-old priest and campaigner was an inmate in the Bhima-Koregaon case.
He was detained under the Unlawful Activities (Prevention) Act and accused of participating in a criminal conspiracy and sedition. On July 5, 2021, he passed away at the hospital from Parkinson’s disease and other aging-related conditions.
Many civil rights organisations charged the National Investigating Agency with being inhuman and politically driven in their approach after his death following the refusal of bail. However, a representative for the Ministry of External Affairs after his passing had claimed that Fr. Swamy’s detention was deemed to have been legal.
The UN, the US State Department, and the British Parliament all strongly criticised Father Stan Swamy’s death while in jail. Father Stan’s death while being held in detention “will forever remain a stain on India’s human rights record,” the UN Working Group on Arbitrary Detentions concurred. A resolution recognising Father Stan’s life and contributions was introduced in the US Congress in July 2022.
According to a recent report from the company, Arsenal Consulting, a Massachusetts-based digital forensics company, examined an electronic duplicate of his computer and came to the conclusion that a hacker had compromised it and planted evidence.
The defence team claims the analysis is additional evidence that Swamy and his co-defendants were set up in a case that is a prime example of the Indian government’s persecution of civil society and well-known adversaries.
This report comes after earlier ones that showed that co-defendants Rona Wilson and Surendra Gadling‘s devices had been infiltrated with digital evidence. The hackers who targeted Father Stan’s computer are the same ones who targeted Wilson and Gadling, according to forensic analysis.
There is evidence that connects the Indian state to this hacking of human rights advocates. SentinelOne, a cybersecurity firm, had looked into this attacker and came to the conclusion that their “activity aligns sharply with Indian state interests.”
According to the Arsenal report, “The attacker responsible for compromising Fr. Swamy’s computer had extensive resources (including time) and it is obvious that their primary goals
were surveillance and incriminating document delivery. Arsenal has effectively caught the attacker red-handed (yet again), based on remnants of their activity left behind in file system transactions, application execution data, and otherwise.”
SentinelOne reportedly discovered information in June 2022 that connected the Pune police to the hackers, according to WIRED magazine. Additionally, forensic evidence suggests that hackers were aware of the Father Stan raid before it happened. The report offers thorough proof of hacker attempts to remove records of their actions on the evening of June 11, 2019. The following day, on June 12, the Pune police took Father Stan’s computer into custody.
According to the report, on October 19, 2014, hackers launched their initial assault on Father Stan’s computer using the Remote Access Trojan (RAT) Netwire. RATs give an attacker the ability to send and receive files to and from a target’s computer while monitoring it remotely.
Every single keystroke Father Stan made was recorded using a technique known as “keylogging.” As he typed his passwords and other documents and emails, the study demonstrates how the hackers were able to see them. Additionally, the hacker looked through up to 24,000 files on Father Stan’s computer.
The reports mentioned that in addition to monitoring, two hacking efforts that started in July 2017 and ran through June 2019 put digital files on Father Stan’s hard drive. On Father Stan’s hard drive, more than 50 files were produced, some of which contained accusatory materials that invented connections between Father Stan and the Maoist insurgency.
On June 5, 2019, one week before Father Stan was raided, the last accusatory document was placed on Father Stan’s computer. Despite specialists voicing major concerns about the legitimacy of the documents, Father Stan was initially detained in the Bhima-Koregaon case on the basis of these documents, according to the report.
Arsenal Consulting, a US-based digital forensics company that has worked on significant digital forensics cases like the Turkish OdaTV case and the Boston Marathon Bombing case, analysed Father Stan’s PC.
Prior studies from Arsenal have been replicated by Amnesty Tech and the Citizen Lab at the University of Toronto, and it has been covered by the Washington Post and NDTV. Arsenal claims that any qualified digital forensics professional can duplicate its findings.
“The scale of what happened to Fr. Swamy and some of his co-defendants, in terms of the aggressive surveillance of their electronic devices which culminated in incriminating document deliveries over the course of years, is truly unprecedented,” said Mark Spencer, president of Arsenal Consulting.
Fr. Joseph Xavier, a close friend of Fr. Swamy and the convener of the Jesuits’ Fr. Stan Swamy Legacy Committee, thanked President Mark Spencer and his team at Arsenal Consulting for “bringing out the truth with evidence” and “all people of goodwill who continue to stand for truth, justice to the last and the least, and peace” in the wake of this most recent report.
