New Delhi: Investigations into the blast near Delhi’s Red Fort last November have revealed that the accused operated through a highly organised digital network involving ghost SIM cards, multiple mobile devices and encrypted messaging platforms. Security agencies found that members of the so-called white-collar terror module relied on advanced communication tactics to coordinate with handlers based in Pakistan and Pakistan-occupied Kashmir.
All those involved in the case, including Umar Nabi who died in the explosion, were found to be carrying two to three mobile phones each. One handset was used openly for personal and professional communication and was registered in their own names. The other devices were reserved exclusively for covert activities and were linked to messaging applications such as WhatsApp and Telegram. These secondary phones were connected through SIM cards issued in the names of unsuspecting individuals whose identity documents had been misused.
Investigators also uncovered a separate racket in Jammu and Kashmir where SIM cards were issued using fake Aadhaar credentials. These compromised connections remained active on encrypted platforms even when operated remotely from across the border, allowing handlers to stay in constant touch with operatives on the ground.
This communication loophole enabled handlers to guide recruits in assembling improvised explosive devices using online tutorials and to plan attacks deep inside the country. The findings prompted the Centre to invoke provisions under the Telecommunications Act, 2023, along with updated telecom cyber security rules aimed at closing these gaps.
Under the new directives, app-based communication services are required to remain continuously linked to an active physical SIM card within the device. Telecom operators have been instructed to automatically log users out of messaging platforms if no valid SIM is detected. All service providers must submit compliance reports, failing which strict action will follow.
The directive is being prioritised in sensitive regions, particularly Jammu and Kashmir. While officials acknowledge that deactivating all fraudulent and expired SIMs will take time, the move is being viewed as a major setback for terror networks that rely on digital anonymity.
The wider investigation began after extremist posters surfaced near Srinagar in October 2025, warning of attacks on security forces. Subsequent arrests, including that of two doctors linked to an educational institution in Haryana, led to the recovery of a large cache of explosives and materials. The Red Fort blast, which claimed 15 lives, continues to be probed as agencies work to dismantle the digital and logistical backbone of the module.
Sorry, there was a YouTube error.
