Nine Indian human rights activists were the targets of a “spyware attack” in 2019, a report by Amnesty International in collaboration with the Citizen Lab, based in the University of Toronto, said. Eight of the nine activists had been working to release those in prisons in connection with the Bhima Koregaon violence case when they were targeted.

“Between January and October 2019, the HRDs [human rights defenders] were targeted with emails containing malicious links,” the report said. “If these links were clicked, a form of commercially-manufactured Windows spyware would have been deployed, compromising the target’s Windows computers, in order to monitor their actions and communications. This is a violation of their rights to freedom of expression and privacy.”

The organisation noted that since a few of the individuals were targeted several times, it showed a “disturbing pattern of spyware attacks against HRDs involved in the Bhima Koregaon case”. “The targeted HRDs have been openly speaking out about human rights violations in the country,” the report added. “Recently, eight called for the release of 11 prominent activists arrested two years ago in relation to the protests and violence at Bhima Koregaon in Maharashtra.... One of the targets is not directly linked to this case, but has been vocal in calling for the release of GN Saibaba, a disabled academic jailed in Maharashtra.”

The report highlighted that those behind the investigation were able to identify “12 spearphishing emails” that were sent between January and October 2019 to the activists. This is an attempt to install a malicious software on the target’s computer or phone by sending personalised emails, often impersonating someone known to them. Through a spearphishing attack, confidential and private conversations can be accessed.

“The spearphishing emails and spyware suggest that this is not a cyber-crime attack, but a spyware campaign trying to compromise devices of HRDs,” the report further said. “Our investigation was not able to conclusively attribute the attack to a particular group with high confidence.”

Three of the activists were targeted last year with NSO Group’s Pegasus spyware, the report noted. During a two-week period in May 2019, at least 121 Indians were the target of an attempted security breach using the Pegasus WhatsApp spyware. According to the government, the personal data of at least 20 WhatsApp users was accessed by unidentified hackers. The spyware was developed by an Israeli company that claims that the software was sold to only government agencies. The government, however, has denied its role in the illegal surveillance of the devices.

Also read:

Israeli spyware used to spy on Indian journalists and activists, confirms WhatsApp

Bhima Koregaon case

Violence broke out between Dalits and Marathas in the village of Bhima Koregaon near Pune on January 1, 2018. This came a day after an event in Pune, called the Elgar Parishad, was organised to commemorate the Battle of Bhima Koregaon in 1818 in which the Dalit soldiers fighting for the British Army defeated the Brahmin Peshwa rulers of the Maratha empire. One person died in violence during a bandh called by Dalit outfits on January 2.

The Pune police conducted raids on several activists in April 2018, followed by two rounds of arrests that targeted 10 activists. On June 6, 2018, they arrested Surendra Gadling, Shoma Sen and Mahesh Raut from Nagpur, Sudhir Dhawale from Mumbai, and Rona Wilson from Delhi. On August 28, 2018, the police arrested five more activists – Sudha Bharadwaj, Arun Ferreira, Vernon Gonsalves, Varavara Rao and Gautam Navlakha.

By this time, the accusations against the activists had grown from inciting the violence in Bhima Koregaon to alleged involvement in a nationwide “Maoist conspiracy to destabilise democracy”, overthrow the government by setting up an “anti-fascist front” and plotting to assassinate Narendra Modi. All of the activists were labelled as “urban Naxals” and accused of being members of the banned Communist Party of India (Maoist).