The police in India hacked activists in order to frame them

Hacking tools are increasingly being used by police forces around the world to identify and monitor protesters, reveal political dissidents’ secrets, and turn activists’ computers and phones into wiretapping bugs.

Now, new evidence from an Indian case links law enforcement to a hacking campaign that has taken the use of these tools to a disturbing new level: placing fake incriminating files on the computers of specific targets, which the same police then used as evidence to arrest and imprison them.

Unidentified attackers inserted false evidence into the computers of at least two activists arrested in the Indian city of Pune in 2018 according to forensic analysts.

They are still in prison and must defend themselves against terrorism charges alongside 13 other people.

Researchers from SentinelOne have discovered ties between the attackers and an Indian government agency: the same Pune police force that arrested several activists on fabricated evidence.

“There is a demonstrable link between who arrested these people and who placed the evidence,” says Juan Andres Guerrero-Saade, a SentinelOne security researcher who will present the findings at the Black cybersecurity conference in August with his colleague Tom Hegel.

SentinelOne’s latest findings, which link Pune City Police to a long-running hacking campaign dubbed “Modified Elephant,” focus on two of the breaches’ victims: Rona Wilson and Varvara Rao. These are two activists and human rights defenders who were imprisoned in 2018 as members of the Bhima Koregaon 16 group, which was named after the village where Hindus and Dalits clashed earlier this year.

New evidence about links between the Pune police and the hacking campaign, according to Mihir Desai, a Mumbai lawyer representing members of Bhima Koregaon 16, should be independently corroborated.