New Delhi | January 4 2026 | The investigation into the blast near Delhi’s Red Fort has opened a troubling window into how terror modules are adapting technology to stay hidden. Officials associated with the probe say suspects linked to a “white-collar” network — including educated professionals and even doctors — allegedly relied on ghost SIM cards, multiple handsets and encrypted messaging apps to evade routine electronic tracking.
According to investigators, each suspect maintained at least one phone legally registered in their own name for daily calls, banking OTPs and regular communication. A second device — often purchased anonymously — was used almost exclusively to communicate with handlers through WhatsApp, Telegram and Signal, keeping sensitive conversations separated from traceable digital trails.
Aadhaar Misuse: SIM Cards on Stolen or Fabricated Identity
The probe has also exposed worrying loopholes around identity misuse. Several SIM cards, officials say, were issued using the Aadhaar credentials of unsuspecting citizens, harvested through data theft, photocopies, or unscrupulous telecom agents.
In other instances, investigators believe forged Aadhaar documents were created outright — enabling activation of SIM connections without the knowledge of the real person whose identity was exploited.
This made attribution nearly impossible in the early stages, delaying leads and complicating surveillance.
Two to Three Phones — The New Normal
Patterns emerging from digital forensics show most accused individuals carried two to three mobile phones at all times. A similar practice was reportedly observed in the case of Dr. Umar-un-Nabi, who authorities allege was behind the wheel of the explosives-laden vehicle.
Officials warn that handlers are now deliberately recruiting educated professionals with clean social footprints, no criminal history and stable jobs — making background checks appear benign while masking radical intent.
Rules Tighten: Messaging Apps Must Link to Active SIM
In response to these findings, the Department of Telecommunications (DoT) has initiated tighter compliance norms.
Key requirements include:
- Messaging apps such as WhatsApp, Telegram and Signal must be linked to an active SIM present in the device
- Apps operating without a live SIM will trigger automatic logout
- Platforms are required to submit periodic compliance reports to the DoT
Investigators further revealed that the same ghost SIM ecosystem was used to search YouTube, watch tutorials on assembling improvised explosive devices (IEDs), communicate instructions, and expand recruitment across states — all while remaining largely anonymous.
Cross-Border Activity Raises Alarm
Perhaps the most disturbing discovery: several numbers remained active on messaging platforms from Pakistan-occupied Kashmir (PoK) and Pakistan, even though the individuals in whose names they were issued were physically present in India — and unaware.
This cross-border digital presence provided handlers a cushion of distance while retaining real-time access to operatives on the ground.
The Larger Warning
Experts see in the Red Fort case a preview of a broader threat:
a tactical mix of fake identity, encrypted communication and multi-device strategy that erodes the effectiveness of traditional policing tools.
Without stricter KYC enforcement, enhanced verification of digital platforms, and deeper technology-driven monitoring, investigators caution such covert networks will continue to evolve — and become harder to disrupt.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
