Skip to content

Bhima Koregaon: Another evidence tampering case comes to light

  • by
  • 3 min read

Photo by Novikov Aleksey /

Forensics firm Arsenal has uncovered evidence proving that hackers planted incriminating evidence on Stan Swami’s laptop. Further examination also revealed that hackers attempted to clear up their tracks just a day before the laptop was seized by the Pune Police, suggesting that the two parties might be colluding. 

Additionally, Arsenal also confirmed that the hackers that planted evidence on Swami’s laptop are the same ones that planted evidence on Rona Wilson and Surendra Gadling’s computers — two of the 16 defendants in the case. These hackers have been linked with ModifiedElephant, a state-sponsored hacking group whose interests seem to be aligned with the Indian state.

All of the firm’s latest findings match the earlier cases of evidence tampering with the report going on to state that “Arsenal has effectively caught the attacker red-handed (yet again)”. 

Threat actors accessed his computer at least three times between 2014 to 2019, installing different versions of the malware NetWire. The report states that the malware placed a number of files in a hidden folder on Swami’s computer including files listing weapons used by a militant rebel group and one suggesting kidnapping members of the ruling Indian party — BJP, based on

The firm also confirmed that Swami never touched the files himself. 

The cleanup operation, otherwise called antiforensics, carried out on Swami’s computer, however, was new. The attackers tried clearing their traces on June 11 2019, just one day before the Pune Police seized the machine. Given the computer’s immediate seizure, Arsenal found this both “rather unique and extremely suspicious”. 

This throws more doubt over Pune Police, which has already been linked with framing activists in the case earlier this June when an investigation by Wired revealed that the email accounts of three defendants — Wilson, Rao and Hany Babu had their backup credentials changed to another account including the full name of a Pune police official closely involved in the case.

The case has grown to become rather notorious worldwide, with the injustice faced by the human rights activists involved seemingly becoming bigger as more things come to light. Out of the 16 defendants involved, 11 are still in jail with only three being out on bail, one is confined to house arrest. Swami is the only one to die in detention in 2021, having contracted COVID in jail. 

In the News: Uber faces data breach following attack on third-party vendor Teqtivity

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: