Just days after unearthing the role of an Indian company in global hack-for-hire operations, Citizen Lab has partnered with Amnesty International in a blog post on the alleged targeting of activists, including nine who were fighting for the release of the 11 people who were arrested in connection with the 2018 Bhima Koregaon protests.
“Amnesty International and the Citizen Lab have uncovered a coordinated spyware campaign targeting at least nine human rights defenders (HRDs) in India. Eight of the nine HRDs have been calling for the release of other prominent activists, popularly known as the Bhima Koregaon 11, most of whom have been imprisoned in Maharashtra, India since 2018,” the post says.
The report alleges that between January and October 2019, these ‘HRDs’ were targeted with emails containing malicious links which, if clicked, deployed commercial Windows spyware compromising their computers and allowing their actions and communications to be monitored.
It adds that at least three of them were also targeted with the NSO Group’s Pegasus spyware in 2019.
New: @amnesty and @citizenlab have uncovered a coordinated spyware campaign targeting at least nine human rights defenders (HRDs) in India. More details here: https://t.co/cSzJtYeZQa
— profdeibert (@RonDeibert) June 15, 2020
The Bhima Koregaon incidents of violence began after activists organised an event in Pune on December 31, 2017, commemorating the battle of Bhima Koregaon in 1818, when a force of Mahar soldiers of the East India Company defeated the 28,000-strong forces of Peshwa Baji Rao II. The battle is seen as a Dalit victory against upper-caste oppression.
The event was marred by incidents of violence, after stone-pelting took place at the location, allegedly by right-wing groups, which led to state-wide protests the next few days as Dalit protesters called for a bandh in Maharashtra.
In the resulting clashes, at least one person was left dead and several dozens injured. Subsequent Bhima Koregaon events have been marked by heavy security.
During the probe into the violence, police arrested human rights activists Sudhir Dhawale, Rona Wilson, Surendra Gadling, Mahesh Raut, Shoma Sen, Arun Ferreira, Vernon Gonsalves, Sudha Bharadwaj and Varavara Rao for alleged Maoist links. Activists Dr Anand Teltumbde and Gautam Navlakha were also later arrested—and were sent to jail on April 14 on the 129th birth anniversary of Dr B.R. Ambedkar. The activists were charged under the Unlawful Activities (Prevention) Act (UAPA).
Amnesty International has since mounted a campaign calling for the release of the Bhim Koregaon 11 or BK11.
According to the post by Amnesty International and Citizen Lab, spyware was used to target many activists calling for the release of the BK11.
The cyber attacks utilised ‘spearfishing’—a technique where a known person is impersonated in an email in a bid to get the victim to install spyware onto their computers.
“The spyware campaign revealed in this blog targeted lawyers and activists Nihalsing B Rathod, Degree Prasad Chouhan, Yug Mohit Choudhary, and Ragini Ahuja; academics Partho Sarothi Ray and PK Vijayan, a journalist who prefers to stay anonymous, and a human rights collective – Jagdalpur Legal Aid Group (JAGLAG),” the post says.
A spearfishing email was sent to JAGLAG by a person pretending to work for IBC24, linking to files hosted on Firefox Send. The attacks used “commercial, off-the-shelf spyware” like Netwire—which has been used by the surveillance industry to steal credentials.
The post adds that the investigation “was not able to conclusively attribute the attack to a particular group with high confidence.” However, it highlights the past use of Pegasus spyware to target activists critical of the Indian government. It calls on the government to conduct an independent investigation into the “unlawful targeted surveillance” of the nine “human rights defenders”.