How Hackers Framed a Priest for Terrorism | Hacking Documentary

RealCyberCrime

4 Feb 202308:21

Summary

TLDRIn Jharkhand, India, Catholic priest and human rights activist Stan Swamy was arrested in 2020 under anti-terror laws, accused of links to Maoist insurgents based on incriminating files on his computer. Despite his denials and poor health, he was denied bail and died in custody in 2021. Later, Arsenal Consulting revealed that hackers had framed Swamy, planting evidence and erasing their tracks in a conspiracy aligned with state interests. The report highlighted a sophisticated surveillance operation, with Swamy's computer infected by malware, including NetWire and Dark Comet, allowing remote control and file transfers. The planted files led to his terrorism charges. The case is part of a larger pattern of evidence tampering and surveillance targeting activists, journalists, and academics, with potential links to Pune City Police.

Takeaways

📅 Stan Swamy, a Catholic priest and human rights activist, was arrested on October 8, 2020, under India's anti-terror law based on incriminating files allegedly found on his computer.
🔗 The files linked Swamy to the Maoist insurgency, which aimed to establish communist rule in India through violent means, but he denied the allegations and claimed innocence.
🚫 Despite his old age and poor health, Swamy was denied bail and died in confinement on July 5, 2021, before his innocence could be proven.
🕵️‍♂️ Arsenal Consulting, an American digital forensics firm, discovered in late December 2022 that hackers had compromised Swamy's computer as part of a larger conspiracy.
💻 The hackers planted evidence on Swamy's computer to incriminate him and deleted files that would reveal their unauthorized access, making it one of the most serious cases of evidence tampering.
👨‍💻 Swamy was a long-time advocate for the rights of the Dalits, the lowest caste in India, and other marginalized groups, suggesting his arrest was related to his activism and dissent against government policies.
🐟 The hackers used a spear phishing attack to infect Swamy's computer with malware, granting them full remote control and access to his files.
🔍 Arsenal's investigation found that the planted files were never accessed by Swamy, and the hackers engaged in 'anti-forensics' to cover their tracks.
📱 Pegasus spyware, a tool sold exclusively to governments, was also found on Swamy's cell phone, capable of extensive surveillance without the user's knowledge.
🔎 Security researchers uncovered a potential link between the hacking campaign and the Pune City Police, with evidence suggesting police involvement in framing Swamy.
🌐 The case is part of a broader pattern of targeting activists, journalists, and academics in India, raising questions about the integrity of legal proceedings and the protection of human rights.

Q & A

Who was Stan Swamy and what was his role in India?
-Stan Swamy was a prominent Catholic priest and human rights activist in India, advocating for the rights of the Dalits, previously known as the untouchables, who were the lowest in the caste system. He also worked to protect the rights of other marginalized groups in India.
What charges were brought against Stan Swamy under India's anti-terror law?
-Stan Swamy was charged with terrorism and inciting a riot in 2018 under India's anti-terror law, based on incriminating documents allegedly found on his computer that linked him to the Maoist insurgency.
What was the significance of the files found on Swamy's computer?
-The files found on Swamy's computer were used as evidence to link him to the Maoist insurgency and were crucial in his arrest. However, it was later discovered that these files were planted by hackers as part of a larger conspiracy.
How did the hackers gain control of Stan Swamy's computer?
-The hackers gained control of Swamy's computer through a spear phishing attack, where they sent an email posing as part of the same activist group, with a PDF file attached that contained malware, infecting Swamy's computer when he downloaded it.
What was the role of the malware 'NetWire' and 'Dark Comet' in the case?
-NetWire and Dark Comet were remote access trojans (RATs) hidden in the PDF file, which allowed the hackers to gain full admin privileges and remote control of Swamy's computer, enabling them to plant false evidence.
What is 'anti-forensics' as mentioned in the script?
-Anti-forensics refers to the hackers' actions of deleting files that revealed their access to Swamy's machine, an attempt to cover their tracks and make it difficult to trace the planted evidence back to them.
What was the role of the Pegasus spyware found on Swamy's cell phone?
-Pegasus spyware, found on Swamy's cell phone, is a powerful tool that can be secretly installed on most operating systems and is capable of reading texts, tracking calls, collecting passwords, location tracking, and accessing a phone's microphone and camera, indicating extensive surveillance.
What did Arsenal Consulting's report reveal about the case?
-Arsenal Consulting's report revealed that hackers had gained control of Swamy's computer, planted evidence, and engaged in anti-forensics to cover their tracks, proving Swamy's innocence in a case that involved serious evidence tampering.
How were the hackers potentially linked to state interests?
-The timeline of activity, extensive resources, and infrastructure dedicated to Swamy's surveillance, as well as the alignment of the hackers' actions with state interests, suggest a possible link to state actors.
What was the connection found between the Puna City Police and the hacking campaign?
-Security researchers found that a recovery email and phone number linked to a police official in Puna, who was closely involved in the Bhima Koregaon riot, were used as backup for the compromised email accounts, suggesting a connection between the police and the hacking campaign.
What broader implications does this case have for human rights activists in India?
-The case suggests a pattern of unlawful targeted surveillance and falsified evidence against human rights activists, journalists, and academics, raising concerns about the safety and rights of those who dissent against government policies in India.