A report released by U.S. forensic investigation firm Arsenal Consultancy on Friday has revealed that activist Rona Wilson’s cell phone was attacked by the Pegasus spyware 49 different times and was successful in infecting his phone before his arrest on June 6, 2018, for alleged involvement in the Bhima Koregaon violence case.
Arsenal Consultancy, the Boston-based forensic investigation firm assisting in the case and Amnesty Tech Security Lab, have confirmed that Mr. Wilson’s iPhone was attacked multiple times by the spyware.
The report mentions “49 different instances of Pegasus attack and sometimes of successful infection on Mr Wilson’s iPhone between July 5, 2017 and April 10, 2018. Mr. Wilson’s computer had been hacked by the NetWire Remote Access Trojan (RAT) between June 13, 2016 and April 17, 2018 — covering the same period — to plant incriminating files on his computer. The same had been done to the computer of another accused Surendra Gadling. Arsenal also confirmed that neither Mr. Wilson nor Mr. Gadling had ever opened the incriminating files in question.”
Following the report, the People’s Union for Civil Liberties in a statement said: “Simple due diligence after these reports should have compelled the NIA (National Investigation Agency) to re-examine the devices of those it has accused of terrible crimes and publish its findings. Ordinary anti-virus software can detect NetWire malware, and Amnesty International Security Lab has documented how to identify Pegasus attacks and infections. If the NIA does not even care to investigate these aspects, how can it claim its actions are legitimate?"
On February 10, 2021, another report by Arsenal Consultancy had debunked the electronic evidence gathered by the NIA. The forensic team had examined the clone copy of the hard disc of Mr Wilson’s computer and found that a hacker controlled his computer for a period of 22 months to plant documents which led to an investigation that supposedly unravelled a Communist Party of India (Maoist) conspiracy to eliminate Prime Minister Narendra Modi “in another Rajiv Gandhi type incident”.
The report explains how a hacker exploited the IP addresses provided by one ‘Host Sailor’ and used proxy servers to plant a trojan horse NetWire. This initially subjected Mr Wilson to surveillance, and later, remotely through the malware, delivered various files, including the incriminating correspondence with other accused.
The same were stored in a folder which was set to a ‘hidden mode’, and over period of 22 months, from time-to-time various letters and material came to be planted on Mr Wilson’s system without his knowledge.