Red Fort blast: Accused used ‘ghost’ SIMs to communicate with Pak handlers

Srinagar/New Delhi: Investigations into the “white-collar” terror module linked to the blast near Delhi’s Red Fort on November 10 last year show that highly educated doctors used a sophisticated web of “ghost” SIM cards and encrypted apps to coordinate with Pakistani handlers, officials claimed on Sunday.

The outcome of the investigations essentially formed the basis for the Department of Telecommunications (DoT) to issue a sweeping directive on November 28 last year, mandating that app-based communication services like WhatsApp, Telegram and Signal must be continuously linked to an active, physical SIM card within the device.

The officials said the probe into the “white-collar” terror module and the blast led to a web of “ghost” SIM cards being used by the arrested doctors, including Muzammil Ganaie, Adeel Rather and others, as part of a tactical “dual-phone” protocol to evade security agencies.

Each accused, including Dr Umar-un-Nabi, who was killed while driving the explosives-laden vehicle near the Red Fort, carried two to three mobile handsets, they said.

The accused carried one “clean” phone registered in their own names for routine personal and professional use to avoid suspicion and one was the “terror phone” used exclusively for WhatsApp and Telegram communication with their handlers in Pakistan (identified by codenames ‘Ukasa’, ‘Faizan’, and ‘Hashmi’).

The SIM cards for these secondary devices were issued in the names of unsuspecting civilians whose Aadhaar details were misused, the officials said.

Jammu and Kashmir Police further unearthed a separate racket where SIMs were issued using fake Aadhaar cards, they added.

According to the officials, the security agencies noted a disturbing trend where these compromised SIMs remained active on messaging platforms across the border in Pakistan-occupied Kashmir (PoK) or Pakistan.

By exploiting features that allow messaging apps to run without a physical SIM in the device, the handlers were able to direct the module to learn IED assembly via YouTube and plot “hinterland” attacks, despite the recruits initially wanting to join conflict zones in Syria or Afghanistan.

To plug these security gaps, the Centre has invoked the Telecommunications Act, 2023, and Telecom Cyber Security Rules to “safeguard the integrity of the telecom ecosystem”, which includes a rule that within 90 days, all Telecommunication Identifier User Entities (TIUEs) must ensure their apps function only if an active SIM is installed in the device.

The order further directs the telecom operators to automatically log out users from apps like WhatsApp, Telegram and Signal in case of the absence of an active SIM, the officials said, adding that all service providers, including Snapchat, Sharechat and Jiochat, must submit compliance reports to the DoT.

This feature of using apps without a SIM is posing a challenge to telecom cyber security as it is being misused from outside the country to commit cyber frauds and terror activities, the DoT statement had said while explaining the reasoning behind the move.

The directive is being fast-tracked in the Jammu and Kashmir telecom circle. While officials admit it will take time to deactivate all expired or fraudulent SIMs, the move is seen as a critical blow to the digital infrastructure used by terror networks to radicalise and manage “white-collar” operatives.