wordpress blog stats
Connect with us

Hi, what are you looking for?

Jailed activist Rona Wilson’s phone was compromised with Pegasus spyware: Report

This is the fourth report by a US forensics firm detailing the extent to which Wilson’s electronic devices were compromised.

“Arsenal found Pegasus (spyware) indicators on the Windows volume of Mr. Rona Wilson’s computer in two iTunes backups from an iPhone 6s” which belongs to Rona Wilson, revealed computer forensics firm Arsenal Consulting in a report. These indicators carried timestamps from July 5, 2017 to April 10, 2018, the report added.

Arsenal’s report also found that Wilson’s computer was targeted with NetWire RAT (Remote Access Trojan) for purposes of both surveillance and incriminating document delivery at the same time as the Pegasus attacks on his phone. The Massachusetts-based firm used the methodology laid out by Amnesty in order to analyse and corroborate its findings.

“The indicators found by Arsenal reflect not only Pegasus attacks, but successful Pegasus infection of Mr. Wilson’s iPhone 6s.” — Arsenal Consulting report.

Wilson has been behind bars since June 6, 2018, and was one of the first to be arrested in the Elgar Parishad case which saw several other human rights activists and lawyers being accused of instigating violence at a 2018 event held to commemorate the Battle of Bhima Koregaon.

The report’s findings are likely to cast serious aspersions on the National Investigation Agency’s case and its electronic evidence against Rona Wilson. It also raises concerns about the state of surveillance and privacy in India.

‘Rona Wilson’s computer compromised two years before arrest’

Arsenal Consulting was hired by Rona Wilson’s defence to investigate and analyse electronic evidence seized from Wilson’s home by the Pune police department in 2018. The firm has released a total of four reports to date detailing the extent to which Wilson’s electronic devices was targeted by the attackers:

Advertisement. Scroll to continue reading.
  • The first report released by Arsenal in February this year said that malware (NetWire RAT) was installed on Rona Wilson’s computer two years before he was arrested by Pune Police.
  • The investigating authorities claimed to have found 10 incriminating letters revealing an alleged plot to assassinate the Prime Minister and overthrow the government.
  • The agencies arrested several activists and academics based on the evidence recovered from Wilson’s computers.
  • The forensic investigation discovered that the computer had been compromised for 22 months, which meant that the attacker had “extensive resources (including time) and it is obvious that their primary goals were surveillance and incriminating document delivery.

“It should be noted that this is one of the most serious cases involving evidence tampering that Arsenal has ever encountered, based on various metrics which include the vast timespan between the delivery of the first and the last incriminating documents” — Arsenal Consulting report

In the wake of the firms’ findings, Wilson moved the Bombay High Court to quash the charges against him. He sought the court’s direction to appoint a Special Investigation Team (SIT), consisting of experts in digital forensic analysis to independently verify Arsenals’ findings and probe the alleged planting of documents on his computer by using malware.

Source: Arsenal Consulting

‘Wilson did not consciously interact with the hidden files’

The second report revealed that an attacker had planted an additional set of files on Wilson’s computer. The firm said that there was no evidence that Wilson interacted with these files and documents, which are cited by the National Investigative Agency (NIA) in its charge-sheet against Wilson and others in the Elgar Parishad case. The firm did not name the attacker.

Some of the findings of this report are:

  • The forensics firm identified the source of 24 additional files found on Wilson’s Computer.
  • Arsenal analysed if Wilson consciously interacted with these 24 files while using this computer or if these files were just dumped and hidden from Wilson’s view or knowledge.
  • 22 of the 24 files were delivered by the attacker to a hidden folder on Wilson’s computer through a NetWire trojan and not by any other means.
  • Between December 2017 and March 2018, the attacker used the NetWire trojan to dump files with names like: accounts, comrades, mohila meeting, letter, ltr from prakash, letter to GN, letter to G etc.
  • The attacker also renamed files and even made a mistake in one case, and went on to correct it.
  • The attacker remotely changed, added, or deleted content and viewed Wilson’s computer activity.

NSO Group’s response

“Without addressing specific countries and customers, the allegations raised in this inquiry are not clear. Once a democratic country lawfully, following due process, uses tools to investigate a person suspected in an attempt to overthrow a (democratically-elected) government, this would not be considered a misuse of such tools by any means,” a spokesperson from the NSO Group told The Wire.

Purported use of Pegasus in India

An investigation conducted by a consortium of 17 news organisations revealed that more than 50,000 phone numbers were either targets or potential targets of Pegasus spyware developed by an Israeli company— NSO Group. These numbers belonged to journalists, politicians, activists, bureaucrats, heads of state, among many others. The group, however, responded that the spyware is sold only to vetted governments and its agencies to neutralize terrorists and criminals.

According to The Wire, at least nine phone numbers belonging to eight accused in the Elgar Parishad case, were listed in the database:

  • Professor Hany Babu
  • Activist Vernon Gonsalves
  • Academic and civil liberties activist Anand Teltumbde
  • (Retd.) Prof Shoma Sen
  • Journalist and rights activist Gautam Navlakha
  • Lawyer Arun Ferreira
  • Academic and activist Sudha Bharadwaj

Get our white paper on the Data Protection Bill 2021 in your inbox

We may also reach out occasionally with our coverage of the Data Protection Bill and more.
By filling out this form, you agree to receive a copy of MediaNama's white paper and further information about MediaNama's work and services.

Also read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

Advertisement. Scroll to continue reading.
Written By

I cover several beats such as crypto, telecom, and OTT at MediaNama. I will be loitering at my local theatre and consuming movies by the dozen when I am off work.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ