Anti-Encryption Laws Are Deadly & Real-world Examples Threaten Journalism

(made with #FOSS #Kdenlive)

#News #chatcontrol #encryption #e2ee #journalism #ethics #backdoors #StanSwami #ModifiedElephant #RestrictAct #EarnItBill #EarnItAct #freespeech #freeExpression #HumanRights #privacy #peertube #tilvids #infosec #cybersecurity

https://tilvids.com/w/1eBFN8q7HvhqAUsbGCPJ1T

The first anchored narrative of 2023 has just been released! This time it is quite an explosive one of an in-depth malware forensic follow-up on the famous Bhima Koregaon case, where a nation-state threat actor named #ModifiedElephant planted evidence on the computers of several activists in India and; as a result, have been put in jail. In this anchored narrative, the latest report V from Arsenal Consulting will be covered as well as their #MemoryForensics techniques they applied to reconstruct the uploading of incriminating documents to the computer of an 84-year-old Jesuit Priest, Father Stan Swamy. I was interviewed to review that case by award-winning journalist Niha Masih from The Washington Post. From her, I received court documents detailing the forensics of Mr. Rona Wilson. In those documents, I found an unreported and unidentified piece of malware by the Regional Forensic Science Laboratory in Pune dating back to 2017. This is a horrifying case of poor digital forensics performed by the government and a red flag for our forensic community.

In short, a must-read!

https://anchorednarratives.substack.com/p/the-trojan-solved-the-bhima-koregaon

#DFIR #MemoryForensics #APT #Malware #investigations #Humanrights #innocenceproject #bhimakoregaon @hegel @SentinelLabs @nihamasih @agreenberg @citizenlab @washingtonpost

Quick post to summarize happenings in the world of 'APTs fabricating evidence to throw people in jail':

This week a new report was released by Arsenal Consulting related to pro bono forensic work they’ve done for defendants in the Bhima Koregaon (aka BK16) case in India. In this report, we’ve learned that a second defendant in the case was framed. The digital evidence of their crimes (domestic terrorism) were documents planted by #malware – specifically a variety of NetWire RAT samples. This framed individual (Stan Swamy) died while incarcerated – he was an 84 year old priest.

@agreenberg at Wired wrote about this news here (definitely read!): https://www.wired.com/story/modified-elephant-stan-swamy-hacked-evidence-frame-bhima-koregaon-16/

Now this confirmation of evidence planting is simply not that surprising to us. Another defendant in the case (Rona Wilson) was confirmed to have evidence planted as well – and we’ve had confidence the same is done to many others. In addition to these two individuals, we know this same threat actor targeted many more individuals – including those not involved in this case at all. This threat actor is working in collusion with the Indian government, plain and simple.

We named this threat actor #ModifiedElephant after profiling an extensive cluster of infrastructure and malware. The IOCs we released are tied to the decade+ life of the group so far.

PDF Report: https://s1.ai/mod-elephant

@jags and I did a BlackHat talk on this actor - a good overview on how they operate: https://youtu.be/zGorOeQS5C8

So, what’s next? The threat actor remains a focus of mine, and new research is ongoing. I hope to have more to share publicly soon. #StayTuned #BestJobIEverHad