NEW DELHI: Officials investigating the Red Fort car blast case have found that the terror module behind the attack operated with clinical precision, using layers of digital anonymity, while staying constantly connected to handlers across the border.
The accused, many of them qualified doctors, exploited telecom vulnerabilities and encrypted communication platforms to plan and execute the blast, while maintaining the appearance of ordinary professional lives.
At the heart of the planning operation was a strict multi-phone system. Each operative carried a “safe” handset registered in their own name for routine use, alongside separate devices dedicated solely to encrypted communication. These phones were powered by SIM cards issued in the names of unrelated civilians or generated using forged documents.
Investigators said this allowed the module to operate in plain sight. The compromised SIM cards enabled accounts on messaging platforms to stay active even when the physical cards were removed or the devices were operated from Pakistan or Pakistan-occupied Kashmir.
This loophole, officials said, gave handlers uninterrupted access to operatives on Indian soil.
Cross-border handling for Delhi blast prompted govt order on physical SIMs
The Red Fort blast accused were allegedly in direct contact with handlers using coded identities, receiving instructions, targets, and guidance through encrypted chats. Security agencies found that the module was coached remotely to assemble improvised explosive devices using publicly available online videos, with handlers monitoring progress and correcting mistakes in real time.
Though some members initially aspired to join foreign conflict zones, investigators said they were redirected to plan attacks within India, signalling a strategic shift towards domestically executed strikes by educated recruits.
The scale of digital manipulation uncovered during the probe prompted swift intervention from the Centre. On November 28, the Department of Telecommunications issued a far-reaching directive aimed at closing the very loopholes exploited by the terror cell. Citing threats to national security, the government invoked the Telecommunications Act, 2023, and the Telecom Cyber Security Rules to tighten controls over app-based services.
Messaging platforms must now function only when a live, physical SIM is installed in the device. Telecom operators have been directed to automatically log users out of apps if no active SIM is detected. All Telecommunication Identifier User Entities have been given 90 days to implement the changes, while platforms including Snapchat, ShareChat and JioChat have been asked to submit compliance reports to the DoT.
Officials acknowledged that purging expired, fake and misused SIM cards will not happen overnight, particularly in sensitive regions such as Jammu and Kashmir. However, they described the move as a decisive strike against the digital backbone used by terror networks to recruit, train and control “white-collar” operatives from afar.
The case itself began to unravel in October last year after posters of the banned Jaish-e-Mohammad surfaced near Srinagar, openly threatening police and security forces. Srinagar police launched a multi-team investigation that eventually led them to Al Falah University in Faridabad, where two doctors were arrested and large quantities of explosive materials, including ammonium nitrate, potassium nitrate and sulphur, were seized.
The Red Fort blast case is now being probed by the National Investigation Agency, which is examining how educated professionals, digital anonymity and regulatory gaps converged to create a lethal terror ecosystem.