'Ghost' SIM, 'terror phone': How Pakistani handlers stayed in touch with Red Fort blast accused, probe reveals
Probe into a terror module linked to the Red Fort blast revealed doctors used ghost SIM cards and encrypted apps to communicate with handlers in Pakistan.
Elaborate network of "ghost" SIM cards and encrypted applications were used by highly educated doctors to stay in touch with Pakistan-based handlers, officials in the know of the Investigations into the "white-collar" terror module linked to the blast near Delhi's Red Fort on November 10 last year revealed on Sunday.

Findings from this probe formed the basis of a major directive issued by the Department of Telecommunications (DoT) on November 28, requiring app-based communication platforms such as WhatsApp, Telegram and Signal to remain continuously linked to an active physical SIM card in the device, news agency PTI reported on Sunday.
The blast occurred on the evening of November 10 when a Hyundai i20 car exploded near the Red Fort, leaving several dead. Investigators said the vehicle was being driven by Dr Umar un-Nabi, a resident of Pulwama who worked at Faridabad’s Al-Falah University.
What investigation uncovered
-Terror module members used ‘ghost’ SIM cards: Officials cited in the report said the investigation uncovered how members of the "white-collar" terror module, including arrested doctors Muzammil Ganaie, Adeel Rather and others, relied on a tactical "dual-phone" system using multiple "ghost" SIM cards to avoid detection by security agencies. Each accused, including Dr Umar-un-Nabi, who was killed while driving the explosives-laden vehicle near the Red Fort, allegedly carried two or three mobile phones.
-‘Clean’ phone and ‘terror’ phone: They said one handset was a "clean" phone registered in the accused's own name and used for routine personal or professional communication, while the second device functioned as a "terror phone" and was dedicated exclusively to WhatsApp and Telegram communication with handlers in Pakistan, identified by the codenames 'Ukasa', 'Faizan', and 'Hashmi'. The SIM cards used in these secondary phones were reportedly obtained by misusing Aadhaar details of unsuspecting civilians.
-Troubling pattern that security agencies observed: The Jammu and Kashmir Police also uncovered a separate racket involving SIM cards issued on the basis of fake Aadhaar cards, officials added. Security agencies observed a troubling pattern in which these compromised SIMs remained active on messaging platforms even when operated from across the border in Pakistan-occupied Kashmir (PoK) or Pakistan.
-Recruits initially wished to be in Syria, Afghanistan: By exploiting features that allow messaging applications to function without a physical SIM card, the handlers allegedly guided the module to learn IED assembly through YouTube and plan "hinterland" attacks, despite the recruits initially expressing a desire to join conflict zones in Syria or Afghanistan, the above-mentioned officials said. To address these vulnerabilities, the Centre invoked the Telecommunications Act, 2023, along with the Telecom Cyber Security Rules, to "safeguard the integrity of the telecom ecosystem".
-New telecom rules: Under the new rules, within 90 days, all Telecommunication Identifier User Entities (TIUEs) must ensure their applications operate only when an active SIM is installed in the device. The directive also instructs telecom operators to automatically log users out of apps such as WhatsApp, Telegram and Signal if no active SIM is detected. Officials said all service providers, including Snapchat, Sharechat and Jiochat, are required to submit compliance reports to the DoT.
-Crackdown on digital infra used by terror networks: The DoT had earlier stated that the ability to use apps without a SIM card poses a serious telecom cyber security challenge, as it is being exploited from outside the country for cyber fraud and terror-related activities. The directive is being fast-tracked in the Jammu and Kashmir telecom circle, and while officials acknowledged that deactivating all expired or fraudulent SIMs will take time, the move is being viewed as a significant blow to the digital infrastructure used by terror networks to radicalise and manage "white-collar" operatives, according to the news agency.
ABOUT THE AUTHORHT News DeskFollow the latest breaking news, major developments and agenda-setting stories from India and around the world with the newsdesk at Hindustan Times. Operating round the clock, the desk brings together experienced editors, reporters and correspondents to deliver fast, accurate and contextual reporting across subjects that influence public policy, governance, business, society and international affairs. The HT News Desk covers politics, elections, government policies, the economy, business and markets, science and technology, the environment, law and order, infrastructure, education, climate issues and geopolitics, while closely tracking developments across states, institutions and global capitals. The team also leads coverage of major breaking news events, policy announcements, court proceedings, natural disasters, public emergencies and significant international developments. Reports published by the newsdesk are based on information gathered from reporters on the ground, official statements, government agencies, court records, regulatory filings, recognised institutions and other authoritative sources. Stories undergo editorial scrutiny and verification processes to ensure accuracy, fairness and relevance, and are updated as events evolve and additional information becomes available. Whether covering a key political decision in New Delhi, an economic policy shift affecting millions, a landmark court ruling or a major global event, the HT News Desk aims to provide readers with reliable, fact-based journalism that delivers not only the latest developments but also the context and analysis needed to understand their wider implications.Read More

E-Paper


