Elgar Parishad accused moves HC to quash case, cites US firm’s forensic report of computer being ‘compromised’ for 22 months | India News – Times of India
MUMBAI: A private digital forensics consultant in the US has come out with a report dated February 8 that says the computer of one of the accused in Pune’s Elgar Parishad case was “compromised for just over 22 months” in what was “one of the most serious cases involving evidence tampering” that it has encountered.
Accused Rona Wilson, 42, lodged in Taloja jail, filed a petition before Bombay high court on Wednesday to quash the criminal case against him, citing the US forensic report as “independent and unimpeachable expert analysis.” He is also seeking orders to special investigating team to “probe to ascertain person/s behind such planting of fabricated documents in his electronic devices, to implicate him in the sensational case” and then prosecute them. He also now seeks “monetary compensation” for his “mental agony and harassment, violation of fundamental rights, loss to reputation” and stay all proceedings in the case and release him on bail, as an interim relief till his petition is decided.
The trial is yet to begin and there are over 200 witnesses he said.
Wilson, ‘an independent researcher’ and human rights activist with an M.Phil from JNU who was in the process of pursuing a PhD from University of Leicester or Surrey, England in 2018 is in custody since his arrest in June 2018. He had sent cloned copies of ‘digital evidence’ “recovered’’ by police against him and other alleged Maoists, for forensic analysis to the Massachusetts based consulting company last July. Police citing “letters’’ found embedded in computers of some of the accused, including Wilson’s as evidence to prosecute them under the stringent Unlawful Activity (prevention) Act (UAPA) meant to tackle terror.
His petition says the 22,000-page chargesheet shows that the prosecution against the 16 accused is “based entirely on electronic evidence.”
The National Investigation Agency (NIA) was handed the probe, originally with Pune police and then Anti Terror Squad (ATS), last January. On Wednesday additional solicitor general Anil Singh who appeared for NIA against the bail pleas of several accused, said he has not seen the US forensic report but questioned its value at this juncture, saying “it can be tested or gone into during the trial.”
The police had given Wilson cloned copies of the data it had seized during the probe. The US company said it received “a hard drive on July 31, 2020 which contained forensic images and police work product related to Wilson and other defendants accused of instigating violence at an event on January 1, 2018 to commemorate the battle of Koregaon Bhima.”
The 16-page report said, “the attacker responsible for compromising Mr Wilson’s computer had extensive resources (including time) and it is obvious that their primary goals were surveillance and incriminating document delivery.’’
The forensic consultant said it “has connected the same attacker to a significant malware infrastructure which has been deployed over the course of approximately four years to not only attack and compromise Wilson’s computer for 22 months but also to to attack his co-defendants (co-accused in the case)’’ adding “and other defendants in other high profile Indian cases as well.’’
The reports said there was “vast timespan’’ between “delivery of the first and last incriminating documents.’’
It said Wilson’s computer was first compromised on June 13, 2016 after a series of suspicious emails with someone using Varavara Rao’s email account”. Rao is one of the co-accused in the Elgar case and is presently admitted at Nanavati superspeciality private hospital while the Bombay high court has reserved his plea for bail on health grounds for orders.
“During the course of the email conversation the person using Varavara Rao’s email account made multiple attempts to get Mr Wilson to open a particular document—‘another victory.rar’ ’’which he did. It “was a part of chain of events which led to installation of NetWire remote access trojan (RAT) on Wilson’s computer,’’ said the report. It details the steps taken to conduct the forensics and the findings and what the “attacker used’’ as a “staging area’’ “for file syncronisation’’
Under a sub heading called ‘Document delivery’ the report says it found no evidence, despite “searching aggressively’’ to suggest that MS word 2010 or later versions ever existed on Wilson’s computer. “Nor are we aware’’ of him having another computer. The version installed on his computer was 2007. “This is relevant because some of the most incriminating documents on Mr Wilson’s computer, which he allegedly authored, were saved to PDFs by Word 2010 or word 2013.
The report by Mark Stevens, says when the company contacts other organisations “whose services were abused by Wilson’s attackers to build and maintain their malware infrastructure’’ many “understood the gravity’’ and were helpful while others adopted a “duck and cover’’ strategy impacting its ability to reveal the full extent of the malware infrastructure.
In its reply to oppose Rao’s bail plea last year, the NIA said, “evidence on record clearly established that Rao, Rona Wilson and other accused including absconding accused… hatched a conspiracy and procured arms and ammunition to carry out unlawful activities as per objectives of CPI (maoist), a banned organization.’’
NIA said “Rao was in contact with a senior leader of Maoist organization in Nepal who was assisting in purchase of arms and ammunitions.’’
In August 2019, while arguing for bail for co-accused Sudha Bharadwaj, a law professor, which was denied by an order of the Bombay HC on October 15, 2019 her counsel Yug Chaudhary had questioned the admissibility of the ‘letters’ .
Chaudhary said she was arrested “only on, typed, unsigned and unverified letters’’ recovered allegedly from computers of a co-accused. He had submitted, “the belief is if they (police) chant the mantra of national security loudly enough and frequently enough the court will close their minds and rubber stamp the evidence.”
“Not a single document in the compilation of documents is admissible in law,’’ Chaudhary had said. “They do not have a single original document. They are all printouts, not originals,’’ he had stressed.