Some police officers are masters at fabricating false computer evidence

Some police officers are masters at fabricating false computer evidence

In India, human rights activists have been imprisoned on the basis of false documents submitted by hackers. The technical clues collected by SentinelOne security researchers point… to the Pune city police.

With digital services now ubiquitous, computer evidence is logically becoming more and more important in legal proceedings. And it is not for nothing that the international convention on cybercrime (known as Budapest Convention) has recently been supplemented by an additional protocol which will henceforth facilitate cross-border access to this specific data.

But this trend is also accompanied by an increasingly visible abusive behavior: the fabrication of false computer evidence. Security researchers Tom Hegel and Juan Andres Guerrero-Saade of the company Sentinel One took advantage of the Black Hat USA 2022 conference to present the actions of a cyber malicious actor called ” ModifiedElephant “.

Accused of fomenting a coup

This group has been active for about ten years in India, where it carries out espionage operations… but not only. It also attempts to trick certain targets by downloading compromising documents onto their computers. So compromising that the targets could go to prison for several years.

And that is what happened in 2018. Two human rights activists, Surendra Gadling and Rona Wilson, were accused of plotting a coup and were imprisoned. The indictment was based on documents that police found on their computers. But forensic experts from the company Arsenal Consulting, were able to show that these documents were fabricated and deposited by hackers using a backdoor that they had previously installed on the computers of their victims. This transfer was carried out quickly, the connection sessions having lasted only 15 to 20 min.

Fortunately, this forger’s work was far from perfect. “Arsenal Consulting experts have proven that these documents were never opened by anyone and that they were written with an editor that the two defendants never had”, explained Mr. Guerrero-Saade. The latter thinks that there are undoubtedly other victims of this kind, given the longevity of the group. ModifiedElephant. Fourteen other activists were imprisoned on similar charges during the same period. This group of people is called ” Bhima Koregaon 16 (BK16).

An interconnected nebula

who hides behind ModifiedElephant ? The fact that the forged documents were filed just days before the police search immediately suggests a conspiracy. The analyzes of Sentinel One have also shown that the operations of ModifiedElephant were partly linked with those of SideWinder and D’Operation Hangover. Two cyber espionage groups probably of state origin. It is therefore possible that their activities are coordinated by the same governmental organization.

But it was ultimately an e-mail provider that shed much more light on this matter. He revealed to the two researchers that the hackers of ModifiedElephant had used a certain email address and phone number as fallback credentials for three compromised email accounts in 2018 and 2019. And it turns out that this contact data belongs to… a police officer from the city ​​of Pune (state of Maharashtra, western India). “This person also used the same phone number to create a WhatsApp account where we see his photo”, underlined Mr. Guerrero-Saade. A rookie mistake.

Sentinel One
Sentinel One
Sentinel One
Sentinel One
Sentinel One
Sentinel One

These revelations suggest that this false evidence was created or commissioned by the police themselves! It will now be interesting to see how justice unravels this bag of knots. Anyway, this is probably not the last time we will see cases of false computer evidence. In 2011, Turkish journalists were already arrested for terrorism on the basis of false documents found on their computers. The forensic analyzes carried out by the sleuths of Arsenal Consulting – already them – had shown that it was a hack.

Source :

Black Hat USA 2022

Leave a Reply

Your email address will not be published.