Five days after a report by Arsenal Consulting, a digital forensic analyst firm from Chelsea in the U.S., debunked the electronic evidence gathered by the National Investigation Agency (NIA) against all accused in the Bhima-Koregaon violence case, experts said on Tuesday that the NIA’s ‘no malware found’ response to the new forensic report points to its ineptitude.
The report is part of the writ petition filed by Rona Wilson before the Bombay High Court which explains how a hacker exploited the IP addresses provided by one ‘Host Sailor’ and used proxy servers to plant a trojan horse NetWire. This initially subjected Mr. Wilson to surveillance, and later on, remotely through the malware, delivered various files, including the incriminating correspondence with other accused.
Addressing the press virtually, Jedadiah Crandall of Arizona State University, who is one of the technical experts that reviewed the Arsenal report, said, “The Arsenal report conclusively establishes that NetWire was the malware used for incriminating document delivery. There is no room for interpretation or doubt about this.”
He said, “For an administration that admits to not even finding the instances of malware that are detectable by an ordinary virus scan software, leave alone the more sophisticated and custom installations of NetWire, to call the forensic report a distortion is unfortunate,” he said. Mr. Crandall said that the methods used by the attackers were known tactics, but the exception was the time frame of the attack.
Prof Sandeep Shukla of IIT Kanpur said, “The forensic report not only establishes the date and time stamp of when every single one of the top 10 files was placed but is also able to further point to the fact that Mr. Wilson never interacted in any way with these files and that these files were created using versions of software that were not present on Mr. Wilson’s computer.”
He said, “What this means is that the evidence has been looked at from several different angles to prove that these files were fabricated and planted on Mr. Wilson’s computer.”
Mr. Shukla further said that while phishing is common, in most cases the Bhima-Koregaon accused are not targeted. “However, the current case seems to suggest targeted phishing where the attackers know the social circles of the victims and use it to conduct phishing,” he said.
Mr. Shukla also said that he had not seen a case where documents were planted as most hackers were more interested in surveillance, but it was possible since such capability existed.