Nishant Agarwal espionage case: Allegations of data leak, life term quashed

Who is Nishant Agarwal?

Nishant, an NIT Kurukshetra passout and a resident of Haridwar, Uttarakhand, had joined the organisation as an executive trainee on July 1, 2013. He worked in Hyderabad until December 2013 and completed his training on December 29, 2013.

Between December 30, 2013 and August 24, 2014, he worked in Hyderabad as a system engineer before being transferred to BrahMos Nagpur in August 2014. From August 25, 2014, to December 31, 2016, he served as a system engineer in Nagpur and was promoted to senior system engineer from January 1, 2017.

In 2017, a senior officer recommended Nishant’s name for a ‘Young Scientist Award’, which he received during 2017–2018.

What had happened, and what did the prosecution claim?

The case against Agarwal began in 2018 when investigators alleged that he had fallen prey to a honey-trap operation. A Facebook user named Sejal Kapoor befriended him online, claiming to be a recruiter offering him an IT job in Canada with a salary of USD 30,000 a month.

In June, it was discovered that a Pakistani spy going by the Facebook name ‘Sejal Kapoor’ had hacked into the computer systems of more than 98 personnel of various defence forces, including the Indian Army and the Indian Air Force, between 2015 and 2018. The username lured these personnel (mostly men) by using the oldest trick in the book, honey traps.

According to the trial court judgment, the alleged espionage took place between July 2013 and September 2018, covering most of Agarwal’s time at BrahMos.

Investigators said that in December 2017, three malware programs, namely Trust-X, Chat 2 Hire, and Q-Whisper, were downloaded on his laptop. They believed this malware later extracted sensitive BrahMos missile data.

In October 2018, the UP Anti-Terror Squad (ATS) claimed that they received secret information stating that BrahMos data had been leaked. An FIR was filed on October 4, 2018, leading to Nishant’s arrest on October 8, 2018. His house was searched. His devices were seized and sent to CERT-In in New Delhi for forensic examination. A chargesheet in the case was filed in March 2019.

Nishant had also named some DRDO officials and a former senior official from Hyderabad with whom he had shared information, leading the ATS to question several officials during the probe. Agarwal had been married only four months when Uttar Pradesh ATS arrested him, and he spent more than two years in solitary confinement after his arrest. The case was transferred to Nagpur a year after his arrest.

How did the alleged honey-trap happen?

Investigators said Agarwal had been targeted by a honey-trap, a fake online identity used to lure defence personnel.

A Facebook profile named ‘Sejal Kapoor’, claiming to be a Canadian recruiter, offered him a high-salary job abroad. Investigators later found that this account, along with profiles named ‘Neha Sharma’ and ‘Pooja Ranjan’, with whom he was in touch, operated from Pakistan.

The chats allegedly shifted from Facebook to LinkedIn. When Agarwal clicked a link sent by ‘Sejal’ to talk to her ‘senior’, malware is believed to have installed itself on his laptop. The ATS claimed this malware quietly pulled out confidential BrahMos files from his personal computer.

What kind of data was involved?

Investigators revealed during the trial that Agarwal possessed 19 classified BrahMos files on his personal laptop, in violation of strict defence security rules. These files contained technical details about the ‘BrahMos Supersonic Cruise Missile’, including training manuals, production information, restricted documents, and even material about the missile’s seeker technology, which India received from Russia.

According to investigators, the files numbered 1 to 17 were marked as ‘secret’ and files 18 and 19 were marked as ‘restricted’. Officials said in the court then that if such data were compromised, an enemy country could learn how to jam or target the missile, making the breach a serious national security issue.

Nishant spent more than two years in solitary confinement after his arrest.

How have the courts ruled in the case?

In June 2024, the Nagpur sessions court convicted Agarwal for Cyber terrorism under Section 66(F) of the IT Act and Multiple sections of the Official Secrets Act. He was sentenced to life imprisonment, plus a 14-year rigorous imprisonment term. His electronic devices were also ordered to be disposed of under the provisions of the IT Act. Nishant challenged the conviction in the Nagpur Bench in June 2024, following which the court issued notices to Maharashtra government authorities seeking their response.

The High Court re-examined the evidence and reached a different conclusion. A division bench of Justices Anil Kilor and Pravin Patil observed that there is no proof that data was sent to Pakistan. The HC said there was no technical evidence that any of the classified files were ever transmitted to Pakistan, either manually by Agarwal or automatically by malware.

The prosecution had argued two possibilities: that Nishant Agarwal himself shared the data, or the malware had automatically shared it. But the High Court held that neither theory was proved with evidence. Only a procedural violation was proven.

Government Pleader Sanjay Doifode told The Indian Express that the court found that Agarwal had indeed transferred classified documents from his official system to his personal laptop and kept 19 secret files without authorisation, but this was a breach of procedure, not proof of spying and hence only one offence stands.

The High Court upheld only one charge, Section 5(1)(d) of the Official Secrets Act — unauthorised possession of secret documents. The court sentenced him to three years for this offence. Since Agarwal has already spent more than six years in custody, the sentence is considered complete.

What does this judgment mean for Agarwal now?

With the main charges of cyber terrorism and spying struck down, Agarwal is now cleared of espionage. His remaining three-year sentence has already been served. He is now set to be released.

This brings to an end one of India’s biggest defence-related espionage cases, one that raised questions about online honey-traps, digital vulnerabilities, and security practices within sensitive defence institutions.

What happens next?

The prosecution may appeal the High Court ruling. But for now, the court has ruled that there is no proof Agarwal leaked missile data to Pakistan, and his actions amounted only to unauthorised possession of secret files, and he is set to be released soon once the formalities are completed.