Pune cop accused of fabricating evidence to frame Bhima-Koregaon accused

As soon as the MVA Government in Maharashtra ordered an investigation into the Bhima Koregaon case, the Union Home Ministry took away the case and entrusted the investigation to its own agency the NIA. What the NIA has investigated so far is not in the public domain.

But reports emanating from the US now suggest the involvement of the previous BJP Government in Maharashtra and the Pune Police in 2017-18 and appear to explain why the case was taken away by the Union Government.

The police officer widely believed to have been alluded to in the report by Andy Greenberg in Wired.Com is said to be a highly educated professional. His identity was uncovered because of a careless mistake. He had used his own phone number, email etc. for a ‘recovery mail’ which would have enabled him to hack into the computers even if they changed their passwords.

The investigators in the US, reports Wired, a journal devoted to science and technology, identified the police officer, his phone number and his photograph. They sought explanations from him and the Pune Police, they claim, but received no reply.

It is a sensational allegation that can potentially damage the then chief minister of the state Devendra Fadnavis and the BJP. If proved in an Indian court of law, the conspirators will be held guilty of fabricating evidence and be liable to serve prison terms. It will also open a can of worms and raise equally embarrassing questions about the role of the Union Government and central agencies.

It is worth recalling that the Bhima Koregaon accused included academics, lawyers and human rights activists among others. All 16 of them barring one continue to languish in prison and no headway has been made in their trial. They were accused of being Maoists and plotting the assassination of the Indian Prime Minister.

The following excerpts from Andy Greenberg’s report in Wired.Com throw more light on the Pune connection to the hacking by the state:

• SentinelOne learned that three of the victim email accounts compromised by the hackers in 2018 and 2019 had a recovery email address and phone number added as a backup mechanism. For those accounts, which belonged to Rona Wilson, Varavara Rao and an activist and professor at Delhi University named Hany Babu, the addition of a new recovery email and phone number appears to have been intended to allow the hacker to easily regain control of the accounts if their passwords were changed. To the researchers’ surprise, that recovery email on all three accounts included the full name of a police official in Pune who was closely involved in the Bhima Koregaon 16 case.

• “We generally don’t tell people who targeted them, but I’m kind of tired of watching shit burn,” the security analyst at the email provider told WIRED of their decision to reveal the identifying evidence from the hacked accounts. “These guys are not going after terrorists. They’re going after human rights defenders and journalists. And it’s not right.”

• To prove that the Pune City Police controlled the recovery contacts on the hacked accounts, Scott-Railton dug up entries in open-source databases of Indian mobile phone numbers and emails for the recovery phone number that linked it to an email address ending in pune@ic.in, a suffix for other email addresses used by police in Pune. Scott-Railton found that the number is also linked in the database to the recovery email address connected to the hacked accounts for the same Pune police official.”

• Separately, security researcher Zeshan Aziz found the recovery email address and phone number tied to the Pune police official’s name in the leaked database of TrueCaller, a caller ID and call-blocking app, and found the phone number linked to his name in the leaked database of iimjobs.com, an Indian job recruitment website. Finally, Aziz found the recovery phone number listed with the official’s name on multiple archived web directories for Indian police, including on the website of the Pune City Police.

• Scott-Railton further found that the WhatsApp profile photo for the recovery phone number added to the hacked accounts displays a selfie photo of the police official—a man who appears to be the same officer at police press conferences and even in one news photograph taken at the arrest of Varvara Rao.

• The conclusion that Pune police are tied to a hacking campaign that appears to have framed and jailed human rights activists presents a disturbing new example of the dangers of hacking tools in the hands of law enforcement—even in an ostensible democracy like India.

• SentinelOne’s Guerrero-Saade argues that it also raises questions about the validity of any evidence pulled from a computer that’s been hacked by a law enforcement surveillance operation.

• “This should invite a conversation about whether we can trust law enforcement with these sorts of malware operations at all,” says Guerrero-Saade. “What does it mean to have evidentiary integrity when you have a compromised device? What does it mean for somebody to hack a device for fact-finding in a law enforcement operation when they can also alter the contents of the device in question?”