Security Researchers: Indian Police Agencies Digitally Planted Evidence To Frame Activists
from the tip-of-the-law-enforcement-fuckery-iceberg dept
Law enforcement agencies have access to very powerful digital tools. Thanks to companies with eyes on market expansion but very little consideration of moral or ethical issues, cops have the power to completely compromise phones, turning them into unwitting informants… or worse.
This blockbuster report — written by Andy Greenberg for Wired and based on research performed by Citizen Lab and SentinelOne — shows cops can use powerful malware to create the probable cause they need to start arresting people. The fix is in.
More than a year ago, forensic analysts revealed that unidentified hackers fabricated evidence on the computers of at least two activists arrested in Pune, India, in 2018, both of whom have languished in jail and, along with 13 others, face terrorism charges. Researchers at security firm SentinelOne and nonprofits Citizen Lab and Amnesty International have since linked that evidence fabrication to a broader hacking operation that targeted hundreds of individuals over nearly a decade, using phishing emails to infect targeted computers with spyware, as well as smartphone hacking tools sold by the Israeli hacking contractor NSO Group. But only now have SentinelOne’s researchers revealed ties between the hackers and a government entity: none other than the very same Indian police agency in the city of Pune that arrested multiple activists based on the fabricated evidence.
I get it. Who doesn’t like an easy day at work? Planting evidence makes arrests easy. Cops do it all the time. The difference here is the cops don’t have to carry around contraband on their persons or in their vehicles and wait for a situation to present itself.
Using powerful malware, officers can plant evidence whenever it’s most convenient for them and follow up with an arrest and device seizure that allows them access to the evidence they planted. And it’s not just for phones. The report notes that one activist arrested as the apparent result of planted evidence had his laptop compromised by police malware, allowing the Pune police to add 32 incriminating files to his hard drive.
It took researchers several months to confirm attribution. The link to the police department came via a recovery email address and phone number attached to compromised email accounts. That information was traced back to a police official in Pune who somehow thought it was wise to include his full name in the bogus recovery accounts.
That malware deployment has turned from passive to offensive shouldn’t come as a surprise. Very few malware developers care how their products are used and tend to make changes only when prompted by sanctions or months of negative press.
And it definitely shouldn’t come as a surprise that an element of the Indian government is abusing malware to plant evidence to shut down dissent. That’s the Indian government’s main goal at this point: to force the nation’s 1.2 billion residents into subservience by any means necessary. Whether it’s a law that abuses the notion of national security to turn residents into billions of data points or the government openly targeting critics via social media services (and threatening those services with fines and imprisonment when they fail to play along), the Indian government continues to expand the size of its thumb and, with any luck, will have an entire nation under it in the near future.