Metacurity

Share this post
Police in India Planted False and Incriminating Files on Activists' Computers to Arrest Them
metacurity.substack.com

Police in India Planted False and Incriminating Files on Activists' Computers to Arrest Them

UK's home secretary approves Assange's extradition to U.S., Russian spy tried to infiltrate International Criminal Court, Interpol arrests 2,000 social engineering scammers, more

Cynthia Brumfield
Jun 17
1
Share this post
Police in India Planted False and Incriminating Files on Activists' Computers to Arrest Them
metacurity.substack.com

Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

people in yellow and red costume standing on gray asphalt road during daytime
Photo by Abhishek Koli on Unsplash

New clues discovered by SentinelOne researchers on a case in India connect law enforcement to a campaign that used identification and hacking tools to plant false, incriminating files on targets’ computers that they then used as grounds to arrest and jail them.

SentinelOne’s new findings link the Pune City Police to the long-running hacking campaign, which the company has called Modified Elephant, and center on two particular targets of the campaign: Rona Wilson and Varvara Rao. Both men are activists and human rights defenders who were jailed in 2018.

Juan Andres Guerrero-Saade, a security researcher at SentinelOne who, along with fellow researcher Tom Hegel, will present findings at the Black Hat security conference in August, said, “This is beyond ethically compromised. It is beyond callous. So we’re trying to put as much data forward as we can in the hopes of helping these victims.” (Andy Greenberg / Wired)

Related: Slashdot, MediaNama, Free Press Journal, National Herald, Gizmodo

Twitter avatar for @rohini_sghRohini Singh @rohini_sgh
Possibly the most chilling story you would read. The state can fix you if it wishes by planting evidence & incarcerating you for years. Will this @PuneCityPolice official be arrested @CMOMaharashtra? Will an inquiry be ordered? Will the courts continue to remain mute spectators?

Andy Greenberg @a_greenberg

A wild, appalling story: A group of hackers fabricated evidence on the PCs of Indian human rights activists who were then arrested for terrorism and jailed. Now researchers have found a direct link between those hackers and the police making the arrests. https://t.co/y6HrCn580v

June 17th 2022

238 Retweets581 Likes
Twitter avatar for @jsrailtonJohn Scott-Railton @jsrailton
OPSEC is only for people afraid of being caught. Wild story of evidence planted-via-hacking. By @a_greenberg, ft research by @AmnestyTech @ArsenalArmed @SentinelOne @juanandres_gs @0xZeshan @citizenlab & more.
wired.com/story/modified…
Image

June 16th 2022

19 Retweets46 Likes
Twitter avatar for @RidTThomas Rid @RidT
Absolutely wild story that has it all: hacking, an extraordinary integrity attack, with forged and planted evidence, (ethical) leaking to help expose (unethical) law enforcement active measures — and hugely creative, collaborative threat hunting
Police Linked to Hacking Campaign to Frame Indian ActivistsNew details connect police in India to a plot to plant evidence on victims’ computers that led to their arrest.wired.com

June 16th 2022

42 Retweets68 Likes
Twitter avatar for @SupriyaShrinateSupriya Shrinate @SupriyaShrinate
Outrageous. After reports of hackers planted evidence in computers of activists now comes the chilling shocker-it was done at the behest of the police. How low can the Modi ecosystem stoop-is the big question. Why is this not being debated? Why is not creating public outrage?

Andy Greenberg @a_greenberg

A wild, appalling story: A group of hackers fabricated evidence on the PCs of Indian human rights activists who were then arrested for terrorism and jailed. Now researchers have found a direct link between those hackers and the police making the arrests. https://t.co/y6HrCn580v

June 17th 2022

69 Retweets148 Likes

The UK Home Secretary Priti Patel approved the extradition of WikiLeaks co-founder Julian Assange to the U.S., a decision the organization immediately said it would appeal against in the high court.

The U.S. government has accused Assange of conspiracy to commit computer intrusion by helping Army intelligence analyst Chelsea Manning gain access to privileged information. Wikileaks’ appeal of Patel’s decision is likely to focus on the right to freedom of expression and whether the extradition request is politically motivated. (Jamie Grierson and Ben Quinn / The Guardian)

Related: Business Insider, The New Arab, The Sun, Euro Weekly News Spain, rthk.hk World News, Metro.co.uk, Mashable, City A.M.

The General Intelligence and Security Service of the Netherlands said that it foiled a sophisticated attempt by a Russian spy, Sergey Vladimirovich Cherkasov, using a false Brazilian identity to work as an intern at the International Criminal Court (ICC), which is investigating allegations of Russian war crimes in Ukraine.

“If the intelligence officer had succeeded in gaining access as an intern to the ICC, he would have been able to gather intelligence there and to look for (or recruit) sources, and arrange to have access to the ICC’s digital systems,” the Dutch agency said. In a statement about the failed bid to infiltrate the ICC, the Dutch intelligence agency said Cherkasov used “a well-constructed cover identity by which he concealed all his ties with Russia in general, and the GRU in particular.” The statement said he was an “illegal” agent “who received long and extensive training.” (Mike Corder / Associated Press)

Related: Bellingcat, AIVD, Forbes, Telegraph, Moscow Times, BBC News, Reuters, France 24, Bloomberg, CNN, Insider Paper

Twitter avatar for @christogrozevChristo Grozev @christogrozev
Check out what we know thus far on one of the wackiest spy stories of the year. The fake "Brazilian" GRU spy who in 2017 tweeted a @bellingcat article about how to identify fake identities of GRU spies. It literally cannot get more meta than that.

Bellingcat @bellingcat

A GRU spy who sought to gain access to the International Criminal Court as an intern left a long and detailed trail on social media. https://t.co/1mqy5zZhPj

June 16th 2022

364 Retweets1,730 Likes

A sweeping operation by Interpol and police agencies worldwide called First Light 2022 led to the seizure of $50 million in illicit funds and the arrests of 2,000 alleged social engineering scammers from many different countries.

Police say they identified 3,000 different suspects, froze 4,000 bank accounts, and arrested “some 2,000 operators, fraudsters and money launderers” while conducting raids at 1,770 locations worldwide. Among the captured was a Chinese national who was wanted in connection to an enormous Ponzi scheme that police say involved some 24,000 victims and the theft of 34 million euros. (Lucas Ropek / Gizmodo)

Related: Malwarebytes Labs, The State of Security, Security Week, Interpol

Security researchers at Proofpoint are warning that threat actors could hijack Office 365 accounts to encrypt for a ransom the files stored in SharePoint and OneDrive services that companies use for cloud-based collaboration, document management, and storage.

The attack's success relies on abusing the “AutoSave” feature that creates cloud backups of older file versions when users make edits. The trick to finishing the file locking stage quicker and making a recovery more difficult is to reduce the version numbering limit and encrypt all files more than that limit. Proofpoint informed Microsoft of the potential for abuse of the version numbering setting, but the tech giant maintains that this configuration ability is the intended functionality. (Bill Toulas / Bleeping Computer)

Related: The Hacker News, Proofpoint, Security Week, Dark Reading, SC Magazine, Infosecurity Magazine, Security on TechRepublic

Microsoft Defender is now generally available for all personal devices, not just Windows PCs and businesses, extending Windows' anti-malware safeguards to Android, iOS, and macOS.

Defender for individuals is included with Microsoft 365 Personal and Family plans in most countries. Prices start at $70 per year for a Personal account in the US. (Jon Fingas / Engadget)

Related: OnMSFT.com, The Verge, Digital Trends, Microsoft Security Blog, ZDNet Security, Bleeping Computer, xda-developers, PCWorld, 9to5Mac, Softpedia News

Approximately 1.29 million Texas Tech University Health Sciences Center patients have been added to the ongoing fallout from cloud-based, ophthalmology-specific electronic health record (EHR) and practice management vendor Eye Care Leaders’ (ECL) ransomware attack and data theft in December 2021.

The ECL incident compromised a range of patient data, including names, driver’s licenses, emails, genders, dates of birth, medical record numbers, health insurance details, appointment information, Social Security numbers, and medical data tied to services received at the TTUHSC ophthalmology center. (Jessica Davis / SC Media)

Related: Threatpost

Recorded Future’s Inst Group says that some Latin American countries may present as easy targets for ransomware attackers due to a general deficit of cyber resources, specifically education, hygiene, and overall infrastructure.

Anecdotal observations by Recorded Future reflect a “minor” but “sustained increase” in references to initial access sales and database leaks related to Latin American governments starting around March 2022. Between January and May 2022, ransomware attacks have been recorded in Costa Rica, Peru, Mexico, Ecuador, Brazil, and Argentina. (AJ Vicens / Cyberscoop)

Related: Recorded Future

Researchers at Volexity say that Chinese threat actors and various threat actors exploited a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to bypass authentication and run arbitrary code remotely on multiple organizations.

Volexity detailed an attack from a Chinese advanced persistent threat group they track as DriftingCloud, which exploited CVE-2022-1040 since early March, a little over three weeks before Sophos released a patch. The adversary used the zero-day exploit to compromise the firewall to install webshell backdoors and malware that would enable compromising external systems outside the network protected by Sophos Firewall. Sophos identified hotfixes and mitigations that help organizations using its firewall protect against exploiting the vulnerability. (Ionut Ilascu / Bleeping Computer)

Related: Volexity, Security Week, Help Net Security, The Hacker News

According to research from GlobalData, UK small businesses are increasingly being priced out of cyber insurance policies due to high premiums and the cost-of-living crunch.

Almost a third (29%) of companies with fewer than 250 staff canceled their cyber insurance policies last year to cut costs. An additional 17.3% of small and medium enterprises (SMEs) never had cyber insurance policies in the first place, with smaller businesses most likely to be uncovered. (Louis Goss / City A.M.)

Related: Global Data, Insurance Day, Reinsurance News

Share this post
Police in India Planted False and Incriminating Files on Activists' Computers to Arrest Them
metacurity.substack.com
Comments

Create your profile

0 subscriptions will be displayed on your profile (edit)

Skip for now

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.

TopNew

No posts

Ready for more?

© 2022 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing