Accused of Bhima Koregaon, their lawyers write to SC Pegasus technical committee, alleging espionage


On January 3, the Technical Committee (TC) appointed by the Supreme Court to investigate allegations of espionage using Pegasus spyware had Posted a public notice urging citizens to contact him if they believe their mobile device has been infected. The public notice asked affected citizens to explain why they believe their devices may have been infected with the Pegasus malware and whether they would be able to allow the technical committee to review them. The committee had given until January 7, giving citizens the freedom to send their representation by email to [email protected]. The CT was appointed see order dated October 27 of last year in Writ Petition (Criminal) No. 314 of 2021.

The booklet learns that at least four accused in the Bhima Koregaon case, and their attorney, Nihalsing B. Rathod, wrote to the committee separately alleging that their mobile devices had been infected with the Pegasus malware.

Rathod, who is a practicing Nagpur-based lawyer who has handled human rights cases, alleged that before March 2019 he started receiving group video calls on his WhatsApp account. Trying to answer the same would keep the call disconnected. Irritated by the repeated instances, he preferred to block these numbers using the arrangements made in the WhatsApp application. However, repeated calls from different international numbers prompted him to officially file a complaint with WhatsApp.

Rathod alleged that his friend and colleague, lawyer Jagdish Meshram, also had a similar complaint. Rathod reported to the committee that he had heard similar grievances from Vira Sathidar (now deceased) and Minal Gadling, wife of lawyer Surendra Gadling. The latter is currently being held in Taloja prison in the Elgar Parishad / Bhima Koregaon case, after being arrested in June 2018.

In October 2019, Rathod revealed that he had received a communication from John Scot, principal researcher at the Citizen Lab at the University of Toronto, informing him that WhatsApp had engaged him with intimate victims of a spyware attack. and help these victims improve their device security and privacy. Rathod revealed that her friend and fellow activist, Rupali Jadhav from Pune, informed her of a similar communication she had with Citizen Lab. Minal Gadling, Meshram and the late Sathidar also confirmed that Citizen Lab contacted them. WhatsApp then confirmed to Rathod that his phone was compromised by the use of spyware.

Rathod had represented Surendra Gadling and activists Sudhir Dhawale, Rona Wilson, Mahesh Raut, Shoma Sen, Ramesh Gaichor and Sagar Gorkhe, all accused in the Bhima Koregaon case and currently in custody, in various courts. Rathod was also consulted on numerous occasions by academic and activist Anand Teltumbade and activist Fr. Stan Swamy before their arrest in this case.

Rathod believes his phone was intercepted for accessing privileged communications and legal strategies developed on behalf of his clients.

“In a client-advisory relationship, any targeting of my phone would not only constitute a serious violation of my own privacy, but also a serious violation of my professional privilege, compromising my ability to represent my clients and violating their rights. as well as my constitutionality. right to fair representation before the courts ”, Rathod told the committee.

Rathod expressed concern that apart from Pegasus spyware such as Netwire could also be used by Indian agencies for similar purposes. While Pegasus allows access to mobile devices, Netwire provides remote access to computing devices. “[T]The infection for netwire plantation is through emails, and such suspicious emails exist in my email account. I further say that a similar infection has been found in the computer devices of at least 9 activists in India ”, Rathod wrote in his complaint to the TC.

Rathod told CT he did not replace his infected mobile device, despite advising otherwise, because he did not have the funds to do so. However, he had given his phone for forensic examination to M / s Forensic Architecture, an overseas-based human rights organization. The examination, Rathod said, was inconclusive, despite being likely to recover the device.

Rathod revealed that he didn’t have much hope of profiting from the forensic examination of his device, as he learned from some stakeholders that Android-based equipment shows no trace of this spyware. particular. Yet his phone device contains records of the original calls / missed calls received from international numbers and a list of blocked numbers, showing the tactics taken to implant Pegasus. It also contains the original message sent by M / s WhatsApp informing and acknowledging the infection.

Rathod offered to submit his mobile device for review, should the TC see fit. He also requested the opportunity to appear before the TC and cross-examine any bodies he may call during the investigation. He asked that the committee’s deliberations be made public, with those willing to provide information being allowed to appear before the committee and cross-examine any witnesses from government agencies it may call.

In particular, Rathod called for an investigation to find out under whose authority and direction the spyware was used against lawyers, journalists, human rights activists and politicians. He also wanted to know which of his personal information, data and records were viewed by operators. He also asked the TC to determine which law allowed the use of spyware against him, and what is the record for authorizing the use of spyware against him and his colleagues.

Rona Wilson, in judicial custody in the Bhima Koregaon case since June 2018, wrote to the TC – through her lawyer, R. Sathyanarayanan – that afterwards Caravan broke the story on how his hard drive contained malware allowing remote access, his lawyers sent a copy of his hard drive, made available by the prosecution, for independent forensic analysis to the American Bar Association (ABA). On July 31, 2020, the ABA contacted Mark Spencer, President of Arsenal Consulting, an independent expert firm and leader in digital forensics to perform a forensic analysis of the cloned copy of the drive seized by Pune Police.

On February 8, Arsenal Consulting revealed that his computer was compromised for 22 months from June 13, 2016 using NetWire malware, and that the attacker’s primary objective was to monitor and deliver incriminating documents. He also showed, among other things, that the ten most incriminated documents used against Wilson and his co-defendants were never opened on his computer by Wilson.

In its subsequent report, Arsenal Consulting further revealed that there is no evidence of legitimate interaction with additional files of interest on Wilson’s computer, and that 22 of the 24 files were directly related to the attacker, identified in Report I.

In Report III, released on June 21 of last year, Arsenal Consulting declared that Surendra Gadling’s computer was compromised for just over 20 months by the same attacker identified in Reports I and II.

In Report IV, released on December 17 last year, Arsenal Consulting confirmed Wilson’s successful Pegasus infection of iPhone.

Wilson deposit a petition to the Bombay High Court (criminal petition No. 1769 of 2021) alleging the planting of documents, and for investigation by an independent expert.

Since Wilson’s electronics, including the hard drive and phone, are owned by the National Investigation Agency (NIA), he asked the TC to call in the NIA to provide the original electronics for review. He did, however, offer to submit his cloned copy of his hard drive on his computer to the TC for review.

Lawyer and activist Arun Ferreira, accused in the Bhima Koregaon case, currently in pre-trial detention in Taloja prison since August 2018, also wrote to the TC – through his lawyer, Neeraj Yadav – alleging the espionage by Pegasus. He claimed that as his cell phone was seized by the Pune police on August 28, 2018 and is currently in the custody of the NIA Mumbai, he was unable to present his phone in front of the TC.

Academic and activist Dr. Shoma Sen, another defendant in the Bhima Koregaon case and incarcerated since June 2018, in her representation to the TC – through her lawyer, Kritika Agarwal – claimed that her infected phone had seized by Pune police on June 6. , 2018, and is now in the custody of NIA, Mumbai. Therefore, she claimed that she was unable to submit her phone to the TC. She requested the TC for instruction from the NIA, Mumbai, and the NIA Special Court, Mumbai, to hand over her cell phone for investigation into the Pegasus espionage issue.

Vernon Gonsalves, accused in the Bhima Koregaon case and now housed in Taloja since August 2018 – through his wife and lawyer, Susan Abraham – also made a similar representation to the TC. His mobile phone was seized by Pune police on August 28, 2018 and is now in the custody of the NIA. He, too, like the other defendants in the case, asked the TC to order the Mumbai NIA to hand over his phone to him for investigation.


Comments are closed.