Rona Wilson’s iPhone hacked by Pegasus: forensic report

Device attacked 49 times, content planted before his arrest in 2018

December 17, 2021 08:46 pm | Updated 08:53 pm IST - Mumbai

Rona Wilson. File

Rona Wilson. File

A report released by U.S. forensic investigation firm Arsenal Consultancy on Friday has revealed that activist Rona Wilson’s cell phone was attacked by the Pegasus spyware 49 different times and was successful in infecting his phone before his arrest on June 6, 2018, for alleged involvement in the Bhima Koregaon violence case.

Also read | Supreme Court stays proceedings of West Bengal’s Lokur panel probing Pegasus snooping allegations

Arsenal Consultancy, the Boston-based forensic investigation firm assisting in the case and Amnesty Tech Security Lab, have confirmed that Mr. Wilson’s iPhone was attacked multiple times by the spyware.

The report mentions “49 different instances of Pegasus attack and sometimes of successful infection on Mr Wilson’s iPhone between July 5, 2017 and April 10, 2018. Mr. Wilson’s computer had been hacked by the NetWire Remote Access Trojan (RAT) between June 13, 2016 and April 17, 2018 — covering the same period — to plant incriminating files on his computer. The same had been done to the computer of another accused Surendra Gadling. Arsenal also confirmed that neither Mr. Wilson nor Mr. Gadling had ever opened the incriminating files in question.”

Following the report, the People’s Union for Civil Liberties in a statement said: “Simple due diligence after these reports should have compelled the NIA (National Investigation Agency) to re-examine the devices of those it has accused of terrible crimes and publish its findings. Ordinary anti-virus software can detect NetWire malware, and Amnesty International Security Lab has documented how to identify Pegasus attacks and infections. If the NIA does not even care to investigate these aspects, how can it claim its actions are legitimate?"

On February 10, 2021, another report by Arsenal Consultancy had debunked the electronic evidence gathered by the NIA. The forensic team had examined the clone copy of the hard disc of Mr Wilson’s computer and found that a hacker controlled his computer for a period of 22 months to plant documents which led to an investigation that supposedly unravelled a Communist Party of India (Maoist) conspiracy to eliminate Prime Minister Narendra Modi “in another Rajiv Gandhi type incident”.

The report explains how a hacker exploited the IP addresses provided by one ‘Host Sailor’ and used proxy servers to plant a trojan horse NetWire. This initially subjected Mr Wilson to surveillance, and later, remotely through the malware, delivered various files, including the incriminating correspondence with other accused.

The same were stored in a folder which was set to a ‘hidden mode’, and over period of 22 months, from time-to-time various letters and material came to be planted on Mr Wilson’s system without his knowledge.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.