Investigators have uncovered a sophisticated "white-collar" terror module behind the blast near Delhi's Red Fort on 10 November 2025. Highly educated doctors allegedly employed "ghost" SIM cards and encrypted messaging apps to liaise with Pakistani handlers.

This revelation prompted the Department of Telecommunications (DoT) to issue a directive on 28 November 2025, requiring app-based services like WhatsApp, Telegram, and Signal to remain linked to an active physical SIM card.

The probe revealed a tactical "dual-phone" protocol adopted by the accused. Each suspect, including the late Dr Umar-un-Nabi who drove the explosives-laden vehicle, carried two to three mobile handsets. One "clean" phone, registered in their own names, handled routine personal and professional communications to deflect suspicion.

The secondary "terror phone" served exclusively for encrypted chats via WhatsApp and Telegram with handlers in Pakistan, using codenames such as 'Ukasa', 'Faizan', and 'Hashmi'. These SIMs were procured fraudulently in the names of unwitting civilians, with Aadhaar details misused. Jammu and Kashmir police also exposed a racket issuing SIMs via fake Aadhaar cards.

A concerning pattern emerged: these compromised SIMs stayed active on messaging platforms from Pakistan-occupied Kashmir (PoK) or mainland Pakistan. Handlers exploited apps' ability to function without a physical SIM, guiding recruits in IED assembly through YouTube tutorials and orchestrating "hinterland" attacks. Initially, some recruits aspired to join conflicts in Syria or Afghanistan.

To counter this vulnerability, the government invoked the Telecommunications Act, 2023, and Telecom Cyber Security Rules. Within 90 days, Telecommunication Identifier User Entities (TIUEs) must ensure their apps operate only with an active SIM installed. Telecom operators will log out users from WhatsApp, Telegram, Signal, Snapchat, Sharechat, and Jiochat if no valid SIM is detected.

Compliance reports must be submitted to the DoT, with the directive accelerating in Jammu and Kashmir's telecom circle. Officials acknowledge challenges in deactivating all expired or fraudulent SIMs, yet view it as a vital strike against terror networks' digital lifelines for radicalisation and "white-collar" operations. Non-compliance invites severe penalties under the rules.

The module's unravelling began on the night of 18-19 October 2025, when posters from the banned Jaish-e-Mohammad (JeM) appeared on walls near Srinagar. These threatened attacks on police and security forces in the valley. Senior Superintendent of Police, Srinagar, G V Sundeep Chakravarthy, promptly assembled teams for a thorough inquiry.

Interrogations of the arrested suspects traced leads to Al Falah University in Faridabad, Haryana. There, police apprehended two doctors: Muzammil Ganaie from Pulwama's Koil in south Kashmir, and Shaheen Sayeed from Lucknow. Raids yielded a massive haul of arms, ammunition, and 2,900 kg of explosives precursors including ammonium nitrate, potassium nitrate, and sulphur.

Other named accused include Adeel Rather. The Red Fort blast, which killed 15 people, falls under the National Investigation Agency's scrutiny. This incident underscores evolving threats from educated radicals leveraging technology, prompting robust telecom safeguards.

The DoT highlighted how SIM-less app usage facilitates cross-border cyber frauds and terrorism. By mandating physical SIM linkage, India aims to fortify its telecom ecosystem against such exploits.

Agencies