Bhima-Koregaon case: experts explain how evidence was planted in Rona Wilson’s computer

February 17, 2021 12:10 am | Updated 10:52 am IST - Mumbai

The Bhima Koregaon Ranstambh (victory pillar). | File

The Bhima Koregaon Ranstambh (victory pillar). | File

Five days after a report by Arsenal Consulting, a digital forensic analyst firm from Chelsea in the U.S., debunked the electronic evidence gathered by the National Investigation Agency (NIA) against all accused in the Bhima-Koregaon violence case, experts said on Tuesday that the NIA’s ‘no malware found’ response to the new forensic report points to its ineptitude.

The report is part of the writ petition filed by Rona Wilson before the Bombay High Court which explains how a hacker exploited the IP addresses provided by one ‘Host Sailor’ and used proxy servers to plant a trojan horse NetWire. This initially subjected Mr. Wilson to surveillance, and later on, remotely through the malware, delivered various files, including the incriminating correspondence with other accused.

Addressing the press virtually, Jedadiah Crandall of Arizona State University, who is one of the technical experts that reviewed the Arsenal report, said, “The Arsenal report conclusively establishes that NetWire was the malware used for incriminating document delivery. There is no room for interpretation or doubt about this.”

He said, “For an administration that admits to not even finding the instances of malware that are detectable by an ordinary virus scan software, leave alone the more sophisticated and custom installations of NetWire, to call the forensic report a distortion is unfortunate,” he said. Mr. Crandall said that the methods used by the attackers were known tactics, but the exception was the time frame of the attack.

Prof Sandeep Shukla of IIT Kanpur said, “The forensic report not only establishes the date and time stamp of when every single one of the top 10 files was placed but is also able to further point to the fact that Mr. Wilson never interacted in any way with these files and that these files were created using versions of software that were not present on Mr. Wilson’s computer.”

He said, “What this means is that the evidence has been looked at from several different angles to prove that these files were fabricated and planted on Mr. Wilson’s computer.”

Mr. Shukla further said that while phishing is common, in most cases the Bhima-Koregaon accused are not targeted. “However, the current case seems to suggest targeted phishing where the attackers know the social circles of the victims and use it to conduct phishing,” he said.

Mr. Shukla also said that he had not seen a case where documents were planted as most hackers were more interested in surveillance, but it was possible since such capability existed.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.