Forensic company finds planted documents on jailed Indian activists' computers.

Byline: Kris Olson

When he first got the call from a lawyer representing a member of a group of Indian activists accused of plotting to overthrow the government of Prime Minister Narendra Modi, Mark Spencer says he was highly skeptical.

About 95 percent of the time, a claim that incriminating digital evidence was forged, planted or otherwise inauthentic proves to be baseless, according to the president of Arsenal Consulting, which performs digital forensics investigations for law firms, corporations and government agencies.

The story coming from the lawyers in India sounded similarly absurd.

Then Spencer and his small team got their hands on a disk image from the laptop that police in India seized from activist Rona Wilson.

Within a week, the Massachusetts-based Arsenal Consulting found evidence that an attacker had used a commercially available form of malware to infiltrate Wilson's computer and slip into a hidden folder 10 incriminating letters now being used in his prosecution.

Further investigation revealed that similar attacks had targeted the devices of several of Wilson's alleged accomplices, including Stan Swamy. A Jesuit priest with Parkinson's disease, 84-year-old Swamy had died at a hospital in July 2021 after being jailed for more than eight months.

Wilson, Swamy and the others are accused of working with the banned Communist Party of India (Maoist), which has waged a decades-long armed insurgency against the government.

Spencer can only shake his head that the Indian government continues to dispute Arsenal's findings. The detailed reports Arsenal created now public contain an ample number of screenshots that walk the viewer through how the deed was done. In the aggregate, it is the equivalent of security camera footage capturing a gas station robbery, Spencer says.

"You cannot mistake the fact that these computers were compromised by this particular attacker," he says.

While reporting a series of stories on the case, the Washington Post had multiple outside experts double check Arsenal's work, and they determined the company's conclusions were valid.

The High Technology Crime Investigation Association recently bestowed its "Case of the Year" award on Arsenal for its efforts.

It was not Arsenal's first foray into deploying its digital forensic skills amidst overseas political turmoil. A decade earlier, Arsenal had been involved in two high-profile political trials in Turkey, one known as "Sledgehammer" and the other as...