New Delhi, 4 Jan 

Investigations into the blast near the Red Fort last November have uncovered a sophisticated communication network in which highly educated recruits used multiple mobile phones, ghost SIM cards and encrypted messaging apps to stay in touch with handlers based in Pakistan, officials said.

Security agencies probing the so-called “white-collar” terror module found that the accused followed a strict dual-phone protocol to evade surveillance.

Each operative carried a “clean” handset registered in their own name for daily use, while a second device was reserved exclusively for encrypted communication through platforms such as WhatsApp and Telegram.

Officials said the SIM cards used in these secondary phones were obtained fraudulently, often by misusing Aadhaar details of unsuspecting civilians. In a parallel development, Jammu and Kashmir Police also detected a separate racket involving SIM cards issued using forged Aadhaar documents.

The investigation revealed that several of these compromised SIMs remained active on messaging platforms even while being operated from across the border in Pakistan or Pakistan-occupied Kashmir.

This allowed handlers, operating under codenames, to remotely guide the accused on tasks including online learning of IED assembly and planning attacks in India’s hinterland.

The findings from the Red Fort blast case prompted the Department of Telecommunications to issue a directive on November 28 last year, mandating that app-based communication services function only when linked to an active physical SIM card present in the device.

Invoking the Telecommunications Act, 2023, and Telecom Cyber Security Rules, the Centre directed service providers to ensure users are automatically logged out of messaging apps if an active SIM is removed. All platforms have been asked to submit compliance reports to the DoT within a stipulated timeframe.

Officials said the directive is being fast-tracked in the Jammu and Kashmir telecom circle, acknowledging that while deactivating all fraudulent or expired SIMs will take time, the move significantly disrupts digital infrastructure used by terror networks.

The terror module began to unravel in October last year after posters of the banned Jaish-e-Mohammad surfaced near Srinagar, threatening attacks on security forces. Subsequent investigations led police to a medical university in Haryana, resulting in multiple arrests and the seizure of large quantities of explosive material.

The blast near the Red Fort, which claimed 15 lives, is being investigated by the National Investigation Agency.