A report by a United States-based digital forensics firm has said that a hacker planted evidence on a device owned by tribal rights activist Stan Swamy, who was accused of involvement in the Bhima Koregaon violence case, The Washington Post reported on Tuesday.

The analysis was released by Massachusetts-based digital forensics firm Arsenal Consulting, which had previously made similar revelations about other accused persons Surendra Gadling and Rona Wilson.

Swamy died in custody at a Mumbai hospital on July 5 last year, nearly nine months after he was arrested under the Unlawful Activities (Prevention) Act. The 84-year-old had suffered from multiple ailments, including Parkinson’s disease and had contracted the coronavirus infection at the Taloja prison at Navi Mumbai.

Arsenal Consulting said that Swamy had been targeted by an extensive malware campaign for nearly five years till his device was seized by the police in June 2019. In that duration, the hacker had complete control over the activist’s computer and placed dozens of files in a hidden folder without his knowledge, according to The Washington Post.

According to the digital forensics firm, the hacker used WinSCP – a free file transfer tool for Windows – to copy over 24,000 files and folders from Swamy’s computer onto the hacker’s own server. Arsenal Consulting said that the hacker planted documents on the Jesuit priest’s computer for the first time in July 2017 and continued to do so for two years.

In October 2014, Swamy’s device was infected with NetWire, a malware that can upload and download documents from a target’s computer and also access emails as well as passwords.

Arsenal Consulting said that the unidentified hacker appeared to be the same person who had targeted Wilson and Gadling, in view of the usage of the same command and control servers, and the same NetWire configurations.

On June 11, 2019, hours before the police seized Swamy’s laptop, the hacker carried out a wide-ranging “clean-up” operation, which included getting rid of malware and surveillance data, The Washington Post reported.

Arsenal Consulting’s president Mark Spencer said that the activity was “extremely suspicious” considering that the computer was about to be seized.

In February 2021, the digital forensics firm found that Rona Wilson’s computer was hacked using malicious software to plant 10 letters, which the Pune Police and the National Investigation Agency used as primary evidence in the chargesheet they filed in the Bhima Koregaon case. A follow-up report in April 2021 revealed further evidence that 22 incriminating letters were planted in his laptop.

The Bhima Koregaon case

On January 1, 2018, violent clashes broke out between Maratha and Dalit groups near the village of Bhima Koregaon in Maharashtra. Sixteen people were arrested for allegedly plotting the violence.

While Dalit groups and individuals have accused Hindutva leaders Milind Ekbote and Sambhaji Bhide of instigating the violence through hate speeches before the incident, the focus of the National Investigation Agency has been on the Elgar Parishad event being part of a larger Maoist conspiracy to stoke caste violence, destabilise the Central government and assassinate the prime minister.