Bhima Koregaon Case: Govt Can Find Out Who Planted Documents, Says Cyber Expert

An attack of this nature requires intelligence, time and money, said Sandeep Shukla.

Poonam Agarwal
India
Updated:
<div class="paragraphs"><p>A cyber attack of this nature requires a lot of ground intelligence, time and money, says cyber expert Sandeep Shukla.</p></div>
i

A cyber attack of this nature requires a lot of ground intelligence, time and money, says cyber expert Sandeep Shukla.

(Image: Kamran Akhter/The Quint

advertisement

"It should be noted that this is one of the most serious cases involving evidence tampering that Arsenal has ever encountered..."
Excerpts from Arsenal Consulting forensic report

That's what President Mark Spencer of Arsenal Consulting, the US-based forensic agency, said about the agency's latest report that reveals that incriminating evidence was planted in the computer of Surendra Gadling, who was arrested under UAPA (Unlawful Activities (Prevention) Act) for alleged links with banned CPI (Maoist) group in the Bhima Koregaon case.

The explosive forensic report was filed before the National Investigation Agency (NIA) Special Court in Mumbai on 21 June.

Stan Swamy, who passed away on 5 July, was also named as an accused in the Bhima Koregaon case. His lawyers had argued in his multiple bail hearings that the evidence presented against Swamy were fabricated.

The Arsenal report suggests that the one/s who hacked Gadling's computer may have hacked Swamy's computer as well.

Prior to this report, Arsenal Consulting had filed two more forensic reports in the NIA Special Court that revealed that cyber attackers had planted evidence in Rona Jacob Wilson's computer, another accused in the Bhima Koregaon case. Her computer was compromised for 22 months.

The Arsenal report has concluded that the same attacker/s who planted documents/PDF files in Wilson's computer had also compromised Gadling's computer for 20 months.

The question is:

Who is the cyber attacker, who in a planned manner attacked both Gadling's and Wilson's computers for years?

The attacker responsible for compromising Mr Gadling’s computer had extensive resources (including time) and it is obvious that their primary goals were surveillance and incriminating document delivery.
Excerpt from Arsenal Consulting forensic report

Which means that the attacker is someone who is a thorough professional and had a lot of resources at his/her disposal.

To find out more details about the cyber attacker and the Arsenal Consulting report, The Quint spoke to Sandeep Shukla, professor of Computer Science and Engineering at IIT Kanpur, who has extensively read Arsenal Consulting's three reports on Wilson's and Gadling's computers.

Can the Indian Government find out who attacked Wilson's and Gadling's computers?

It would be difficult, but maybe not for the Indian government. The government can easily track the owner of the IP address which was used to plant malware in Wilson and Gadling's computers. The IP address is already mentioned in the Arsenal report. The government should at least question the owner of the IP address.

Is it possible that the attacker hacked into someone else's IP address for this job?

Yes, this is possible.

But can someone hack into an IP address for years and the owner would still not be aware of it?

It is unlikely, but again there are people who are not mindful of technology and are vulnerable to such hacking. And if the attacker actually hacked into someone else's IP address for this job then it would be very difficult to track down the attacker. But again, the government can still find out about the attacker under such a scenario.

Do you think that it was a planned cyber attack on Wilson and Gadling?

If all that is present in the Arsenal Consulting report is true then it is certain that Wilson and Gadling were targeted by the attacker. So far, only computer hard disks of only two people have been sent to Arsenal for forensics examination. I am sure the result will be the same if computers of other people named in Bhima-Koregaon case are also sent for a forensic test.

Do you think it is the work of an individual or a group of people?

The attacker is someone who had a lot of ground intelligence and information about the people who were targeted like whom they were interacting with, what kind of computers Wilson and Gadling had in their possession. Secondly, please note that the emails through which malware was delivered on computers was through the email IDs of the people known to Wilson and Gadling. And the subject of the email ID was such that was related to their ongoing discussion or program, which made them click on it. This kind of sophisticated malware requires not just a lot of time but also a lot of money because this skill is not cheap to hire.

ADVERTISEMENT
ADVERTISEMENT

Do you think Arsenal Consulting reports are strong evidence in support of Wilson and Gadling?

If I was the judge of the case, then I would conclude based on the report that at least the incriminating documents/files allegedly found in Wilson and Gadling's computer were planted and were not even opened by either of them. Both of them probably didn't even know that those files exist on their computers. At least the files investigated by Arsenal Consulting's report do not stand against Wilson and Gadling. If the agency has any other evidence against them, then that can be a matter of investigation.

Have you ever come across any such cyber attack in India or globally?

I have never come across any such evidence implant attack both nationally and internationally. This kind of attack is unique because generally malware attack is done for financial gain like stealing bank account password or intellectual property. But this cyber attack was to carry out surveillance and evidence implantation. This was a customised attack on individuals which requires a lot of thought and intelligence.

The Arsenal report specifically speaks about the 14 important documents, presented as incriminating evidence against Gadling by the investigating agency. The report says that "there is no evidence which would suggest any of the fourteen important documents, or the hidden 'Material' folder they were contained in, were ever opened" by Gadling.

Gadling was arrested on 6 June 2018 by the Pune Police. He is currently lodged at Taloja Central Jail.

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)

Published: 09 Jul 2021,08:02 AM IST

ADVERTISEMENT
SCROLL FOR NEXT