Digital Evidence Planted on Stan Swamy’s Laptop- US Forensic Firm
Father Stan Lourduswamy S.J., 82, was an Indian Roman Catholic priest and a tribals rights activist for several decades.
Father Stan Swamy was arrested by the National Investigation Agency (NIA) on 8th October 2020 from his Ranchi based home, for his alleged involvement in the 2018 Bhima-Koregaon caste violence. He was charged under the Unlawful Activities (Prevention) Act, 1967.
He was a patient of Parkinson’s disease and serving in the Mumbai’s Taloja prison. He died on 5th July 2021 at a private hospital while being treated for COVID-19.
Fr. Swamy’s defence team engaged a Chelsea-based company Arsenal Consulting (a US forensic firm) for analysing the electronic evidence seized from his home by the Pune Police on 12th June 2019.
The forensic firm released a report on 11th December 2022, which states that Swamy’s laptop was hacked from October 2014 to the time it was seized by the NIA. It has been mentioned in the report that the digital evidence found in the seized laptop were ‘planted’ by the hacker.
It was on the basis of these digital evidence that he was first arrested in the Bhima Koregaon case, despite experts raising doubts about the authenticity of the digital evidence.
The report clearly says that, “The attacker responsible for compromising Fr. Swamy’s computer had extensive resources (including time) and it is obvious that their primary goals were surveillance and incriminating document delivery” .
It has been claimed that Fr. Swamy’s laptop was compromised by the same hacker who attacked the computers of Rona Wilson and Surendra Gadling, co-accused in the Bhima-Koregaon case.
The report says that over 50 files were created on Swamy’s hard drive, including incriminating documents that fabricated links between him and the Maoist insurgency (conspiracy to eliminate Prime Minister Narendra Modi in another Rajiv Gandhi type incident).
The report disclosed that Father Swamy’s computer was first compromised by the attacker on 19th October, 2014 when he opened a document weaponized with “NetWire“.
NetWire is a multi platform Remote Access Trojan (RAT) system, which involves the activities like uploading and downloading files, remote shells, keylogging, proxy chaining (making the identification of attackers more difficult), stealth screenshots, and password recovery.
The report elaborates that the hacker used a C2 server to send and receive data to and from the compromised digital devices. The server was also used to control malware NetWire to receive files for surveillance purposes, and to host incriminating files for deployment to victims.
Arsenal located the incriminating digital evidence on Father’s computer, as they were delivered using the same 14 methodologies used by the attacker to deliver incriminating documents to Mr. Wilson and Mr. Gadling’s computers.
However, the Arsenal did not found any evidence which would suggest that the documents were ever interacted with in any legitimate way on Father Swamy’s computer.
In fact, there is no evidence which would suggest any of the (planted) documents, or the hidden 22 folders that were contained in, were ever opened by Father Swamy.
After the demise of Swamy, a spokesperson for the Ministry of External Affairs had said that his detention followed due process of law. His bail applications were rejected by the courts because of the specific nature of charges against him.