Last week, when schools were to reopen after a three-day break following Republic Day celebrations, panic gripped the city as at least 30 schools received bomb threat emails, forcing parents to pick up their wards just minutes after dropping them off for the day. Officials say even when the threats turn out to be false, it causes a strain on police resources and leads to panic among the public. (HT)

Though school authorities responded to the best of their abilities – alerting the police and informing the parents to take necessary steps – the whole exercise proved to be a chaotic affair as thousands of parents clogged key arteries even as emergency vehicles, including bomb squads, raced against time to get to the spot.

In some cases, students continued to remain on campus either due to a delay on the parents’ part, or as schools decided to let only the junior students leave and have the senior students stay back for their scheduled practical exams.

Elsewhere, senior cops were at their wits end as they were flooded with calls from multiple schools within their jurisdiction, and they had to prioritise which school to attend to.

Had the threat not been a hoax, such a haphazard response would have put students as well as the school staff at risk.

To ensure that the authorities are not caught on the wrong foot again, the Chandigarh Police are drafting standard operating procedures (SOPs) for dealing with such situations.

This includes designating a single-point of contact, putting in place step-by-step procedures for evacuation, sensitising the authorities against spreading panic or misinformation, training them to secure email evidence and coordinating with police teams during searches.

A flurry of threat mails

Just a day after the threat to schools, three buildings in Chandigarh, including the Punjab and Haryana secretariat in Sector 1, the UT mini secretariat in Sector 9, and the Punjab Municipal Bhawan in Sector 35, had to be evacuated after similar hoax mails.

Across the border, Panchkula police also reviewed threat-response procedures after schools in Ambala, Karnal and Gurugram districts also received threats on the day UT schools received the emails. Earlier in January, the Mohali judicial courts complex too had to be evacuated after a hoax email.

How investigations are unfolding

In the Chandigarh schools’ case, police registered an FIR and the cybercrime unit is examining the digital trail of emails to determine the origin points, which were traced to the United States and Bangladesh. The cyber unit of Chandigarh has flagged the threat to the Ministry of home affairs. Police, however, say that in many cases, investigations hit a wall due to the digital obfuscation techniques used by senders. In the past, including the case where a threat was sent to the HC, preliminary checks linked the suspicious emails to IP addresses based overseas, including the United States and Europe. “Such tracing can identify where an email was last routed, but not necessarily the sender’s true location or identity, especially when VPNs, proxy servers or anonymising tools are involved,” said a police officer. Threat actors increasingly use disposable email services and encrypted communication platforms, many hosted outside India, making direct tracing and cooperation difficult.

International cooperation, MLATs & their limits

To pursue information from service providers or foreign law enforcement, Indian agencies often rely on Mutual Legal Assistance Treaties (MLATs) and global policing networks like Interpol. Such requests can take months or years to process depending on the country and cooperation level, leaving local investigations without actionable leads in the short term. Some threat emails traced abroad have not yielded usable data even after formal requests.

For instance, last year, when UT police busted a transnational cybercrime syndicate operating a highly sophisticated “digital arrest” scam, and arrested 10 individuals with links to a Cambodian network, the absence of an MLAT between the two countries posed a hurdle. In the absence of an MLAT, Indian police and cyber units could not legally compel Cambodian authorities or service providers to share crucial data such as IP logs, subscriber details, device information or account ownership records. In such cases, requests for information have to be routed through informal or diplomatic channels, which are slow and often yield no results. As a result, despite being traced, many cases reach a dead end, explained a police officer.

