Incriminating document found in Fr. Stan Swamy’s computer ‘planted’; similar tampering found in other Bhima Koregaon accused: Reports American forensic firm

Previously, similar evidence of planting have also been found by the same firm, Arsenal, in the computer of mobile devices of Rona Wilson and Surendra Gadling, two other accused in the Bhima Koregaon case. 


ON December 11, Arsenal Consulting, a United States-based digital forensic analysis firm, revealed that tribal rights activist and one of the accused in the Elgar Parishad-Bhima Koregaon case, the late Fr. Stan Swamy’s computer was compromised over the course of three distinct campaigns, beginning on October 19, 2014, and ending with the seizure of his computer by the Pune police department on June 12, 2019.

Arsenal was retained by Fr. Swamy’s lawyers to analyse electronic evidence seized from his house by the Pune police department before the case was taken over by the National Investigation Agency (‘NIA’).

Fr. Swamy was imprisoned on October 8, 2020, for his alleged links with the banned Communist Party of India (Maoist) group. He passed away due to COVID that he contracted while incarcerated on July 5, 2021, while awaiting bail on medical grounds. He suffered from various ailments and was already in the advanced stage of Parkinson’s disease. Along with him, 15 others, including researcher and activist Rona Wilson, and activist and advocate Surendra Gadling, were arrested between 2018 and 2020 under the anti-terror legislation, the Unlawful Activities (Prevention) Act, 1967, and are awaiting trial.

The same attacker is known to have hacked the devices of Wilson and Gadling.

One of the most serious case involving evidence tampering

According to Arsenal’s report, the attacker had extensive resources, and it is obvious that their primary goals were surveillance and incriminating document delivery. It has effectively caught the attacker red-handed based on remnants of their activity left behind in file system transactions, application execution data, and otherwise.

The attacker had created a hidden document ‘mydata’ on Fr. Swamy’s computer on July 20, 2017 and delivered documents to it over the course of two campaigns between that day and June 5, 2019.

According to the report, there is no evidence which would suggest any of the “mydata” documents or the hidden folder were ever opened. It noted that this is one of the most serious cases involving evidence tampering that Arsenal has ever encountered, based on various metrics, which include the vast timespan between the delivery of the first and last incriminating documents on multiple defendants’ computers.

Fr. Swamy had expressed the ‘unethical insertion of documents’ into his computer to one of his colleagues, Father Solomon. Father Soloman is the director of Bagaicha, an organisation founded by Fr. Swamy that works with tribals in Jharkhand.

Similar pattern found in other cases

Last year, Wilson had approached the Bombay High Court through a petition challenging his prosecution based on the findings of multiple reports by Arsenal that he was subjected to surveillance and evidence planting. The report mentioned 49 different instances of spyware attack and sometimes of successful infection on his iPhone.

It had reported that all incriminating documents, including a letter mentioning a plot to assassinate the Prime Minister of India, Narendra Modi, in another “Rajiv Gandhi type of incident,” were planted in his computer through a malware named ‘NetWire Remote Access Trojan’. Arsenal had confirmed that Wilson did not open any of these documents.

A day after Fr. Swamy’s death, Arsenal reported that Gadling’s computer has been compromised for over two years, before he was arrested, through emails that he received, and on which others like Fr. Swamy were copied. This raised the possibility that Fr. Swamy’s computer too may have been hacked.

The Leaflet