English
English
English
Investigations into the Red Fort blast reveal a sophisticated terror module using ghost SIM cards and encrypted messaging apps to communicate with handlers in Pakistan. The move prompted new telecom rules requiring apps to operate only with active SIM cards.
Dual-phone system employed to evade detection by authorities.
New Delhi: Investigations into the terror module linked to the November 10 Red Fort blast revealed that the accused doctors relied on an elaborate network of ghost SIM cards and encrypted applications to coordinate with handlers in Pakistan. Authorities identified a dual-phone system where each operative carried a regular phone for routine use and a separate “terror phone” for messaging via WhatsApp, Telegram, and other encrypted platforms. The SIM cards for these secondary devices were often issued in the names of unsuspecting civilians through misused Aadhaar details, allowing the module to operate under the radar.
Officials said the accused, including Muzammil Ganaie, Adeel Rather, and others, followed a tactical approach to avoid detection. Each carried two to three mobile devices, ensuring that one phone remained “clean” for personal or professional use, while the second phone communicated directly with Pakistan-based handlers identified by codenames such as Ukasa, Faizan, and Hashmi. Investigations further revealed a separate racket issuing SIMs through fake Aadhaar documents, which allowed these ghost SIMs to remain active in Pakistan-occupied Kashmir and Pakistan.
By exploiting the ability of messaging apps to run without a physical SIM, handlers guided operatives in assembling improvised explosive devices and planning attacks within India, even though the recruits initially sought to join conflict zones in Syria or Afghanistan.
Delhi Blast: CCTV reveals chaos inside Red Fort Metro during car explosion
In response to these revelations, the Department of Telecommunications issued a directive on November 28 mandating that all app-based communication services such as WhatsApp, Telegram, and Signal must be linked to an active physical SIM card. The move, under the Telecommunications Act 2023 and Telecom Cyber Security Rules, requires telecommunication operators to log out users automatically if no active SIM is present and to submit compliance reports to authorities. This initiative aims to safeguard India’s telecom ecosystem from exploitation by external actors for terror and cyber fraud activities.
Officials noted that while full deactivation of fraudulent and expired SIMs will take time, the measure is a crucial step in disrupting the digital infrastructure used by terror networks for radicalisation and coordination of white-collar operatives.
Delhi Blast: Jaish-trained doctors used household machines to make bombs
The terror module began to surface after posters from a banned organisation appeared in Srinagar in October 2025, warning of attacks on police and security forces. Senior police teams conducted extensive investigations, which led to the arrest of doctors from Al Falah University, including Muzammil Ganaie from Pulwama and Shaheen Sayeed from Lucknow. Authorities seized a large quantity of arms and explosives, including 2,900 kilograms of ammonium nitrate, potassium nitrate, and sulphur. The Red Fort car explosion claimed 15 lives and continues to be investigated by the National Investigation Agency.
