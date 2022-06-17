Researchers have revealed links between hacking attempts on human rights activists and an Indian police department.

A report by WIRED magazine explained how researchers at security firm SentinelOne and nonprofits Citizen Lab and Amnesty International had connected fabricated evidence to a broader hacking operation that targeted scores of individuals over a decade using phishing emails and smartphone hacking tools sold by the Israeli contractor NSO Group.

A year ago, forensic firm Arsenal Consulting concluded that two activists, Rona Wilson and Surendra Gadling, who were jailed in 2018 for allegedly plotting an insurgency against the Indian government, were both victims of a hacker who planted "evidence" on their computers.

Arsenal’s analysis strongly suggested that Gadling and Wilson were not the only victims.

Now, SentinelOne’s researchers unearthed ties between those hackers and a police agency in the city of Pune, the same agency that arrested activists based on fabricated evidence.

“There’s a provable connection between the individuals who arrested these folks and the individuals who planted the evidence,” Juan Andres Guerrero-Saade, a security researcher at SentinelOne, told WIRED.

“This is beyond ethically compromised. It is beyond callous. So we’re trying to put as much data forward as we can in hopes of helping these victims.”

Sentinel claims evidence links the Pune police to the hacking of email accounts of activists Wilson, Varavara Rao, and Delhi University professor Hany Babu. This is the first time that the state’s involvement has been directly established in the case.

Sentinel’s findings specifically link Pune police to a long-running hacking campaign they call ‘Modified Elephant’. The revelations come from working with an unnamed email service provider that passed on crucial data that allowed them to forge a link to Indian law enforcement.

The research organisation points out that three of the victim email accounts (Wilson, Rao and Babu) compromised by hackers in 2018 and 2019 had a recovery email address and phone number added as a backup (to allow hackers to easily regain control of the accounts if the passwords were changed).

According to WIRED, the email address “included the full name of a police official in Pune who was closely involved in the Bhima Koregaon 16 case”.

Wilson’s email account was then used to send out other phishing emails to targets in the Bhima Koregaon case for at least two months before Wilson was arrested in June 2018.