‘Ghost’ SIM cards, ‘clean’ phone: Probe reveals how Pakistani handlers stayed in touch with Red Fort blast accused

Elaborate network of "ghost" SIM cards and encrypted applications were used by highly educated doctors to stay in touch with Pakistan-based handlers, officials in the know of the Investigations into the "white-collar" terror module linked to the blast near Delhi's Red Fort on November 10 last year revealed on Sunday.

Findings from this probe formed the basis of a major directive issued by the Department of Telecommunications (DoT) on November 28, requiring app-based communication platforms such as WhatsApp, Telegram and Signal to remain continuously linked to an active physical SIM card in the device, news agency PTI reported on Sunday.

The blast occurred on the evening of November 10 when a Hyundai i20 car exploded near the Red Fort, leaving several dead. Investigators said the vehicle was being driven by Dr Umar un-Nabi, a resident of Pulwama who worked at Faridabad’s Al-Falah University.

-‘Clean’ phone and ‘terror’ phone: They said one handset was a "clean" phone registered in the accused's own name and used for routine personal or professional communication, while the second device functioned as a "terror phone" and was dedicated exclusively to WhatsApp and Telegram communication with handlers in Pakistan, identified by the codenames 'Ukasa', 'Faizan', and 'Hashmi'. The SIM cards used in these secondary phones were reportedly obtained by misusing Aadhaar details of unsuspecting civilians.

-Troubling pattern that security agencies observed: The Jammu and Kashmir Police also uncovered a separate racket involving SIM cards issued on the basis of fake Aadhaar cards, officials added. Security agencies observed a troubling pattern in which these compromised SIMs remained active on messaging platforms even when operated from across the border in Pakistan-occupied Kashmir (PoK) or Pakistan.

-Recruits initially wished to be in Syria, Afghanistan: By exploiting features that allow messaging applications to function without a physical SIM card, the handlers allegedly guided the module to learn IED assembly through YouTube and plan "hinterland" attacks, despite the recruits initially expressing a desire to join conflict zones in Syria or Afghanistan, the above-mentioned officials said. To address these vulnerabilities, the Centre invoked the Telecommunications Act, 2023, along with the Telecom Cyber Security Rules, to "safeguard the integrity of the telecom ecosystem".

-New telecom rules: Under the new rules, within 90 days, all Telecommunication Identifier User Entities (TIUEs) must ensure their applications operate only when an active SIM is installed in the device. The directive also instructs telecom operators to automatically log users out of apps such as WhatsApp, Telegram and Signal if no active SIM is detected. Officials said all service providers, including Snapchat, Sharechat and Jiochat, are required to submit compliance reports to the DoT.

-Crackdown on digital infra used by terror networks: The DoT had earlier stated that the ability to use apps without a SIM card poses a serious telecom cyber security challenge, as it is being exploited from outside the country for cyber fraud and terror-related activities. The directive is being fast-tracked in the Jammu and Kashmir telecom circle, and while officials acknowledged that deactivating all expired or fraudulent SIMs will take time, the move is being viewed as a significant blow to the digital infrastructure used by terror networks to radicalise and manage "white-collar" operatives, according to the news agency.