Red Fort Blast Investigation: How Accused Doctors Used Ghost SIMs and Encrypted Apps

Investigation into the White Terror Module Linked to Red Fort Blast

Overview of Findings

New Delhi: Investigations into the white terror module associated with the blast near Delhi’s Red Fort on November 10 last year have revealed that highly educated doctors utilized a complex network of “ghost” SIM cards and encrypted applications to communicate with handlers in Pakistan, officials reported on Sunday. A recent PTI report highlights that the findings from these investigations prompted the Department of Telecommunications (DoT) to issue a significant directive on November 28, mandating that app-based communication services such as WhatsApp, Telegram, and Signal remain linked to an active, physical SIM card within the device.

Usage of Dual-Phone Protocol

Officials indicated that the inquiry into the terror module and the blast uncovered the use of “ghost” SIM cards by the arrested doctors as part of a tactical “dual-phone” protocol designed to evade security agencies. Each accused, who was killed while operating an explosives-laden vehicle near the Red Fort, possessed two to three mobile devices. They maintained one “clean” phone registered under their names for daily personal and professional communications, while a second, designated as the “terror phone,” was exclusively utilized for communications via WhatsApp and Telegram with their Pakistani handlers, identified by codenames ‘Ukasa’, ‘Faizan’, and ‘Hashmi’.

Misuse of Civilian Identity

The SIM cards for these secondary devices were reportedly issued using the details of unsuspecting civilians, whose Aadhaar information was misappropriated. Further investigations by the Jammu and Kashmir Police uncovered a distinct racket involving the issuance of SIMs using fake Aadhaar cards. Security agencies have observed a troubling pattern where these compromised SIMs remained operational on messaging platforms in Pakistan or Pakistan-Occupied Kashmir (PoK).

Exploitation of Messaging App Features

By leveraging features that allow messaging applications to function without a physical SIM card in the device, handlers were able to instruct the module on IED assembly through YouTube and plan “hinterland” attacks. Initially, the recruits expressed interest in joining conflict zones in Syria or Afghanistan, according to reports from PTI.

New Regulations for Enhanced Security

To address these security vulnerabilities, the Centre has invoked the Telecommunications Act, 2023, along with the Telecom Cyber Security Rules, aimed at safeguarding the integrity of the telecom ecosystem. Key provisions in the directive require all Telecommunication Identifier User Entities (TIUEs) to ensure their apps operate solely with an active SIM installed in the device within 90 days. Additionally, telecom operators are directed to automatically log out users from applications like WhatsApp, Telegram, and Signal if an active SIM is absent. This compliance requirement extends to service providers including Snapchat, Sharechat, and Jiochat, who must submit compliance reports to the DoT.

Challenges and Compliance Measures

The ability to use apps without a SIM card poses a significant challenge to telecom cybersecurity, leading to misuse from outside the country for cyber fraud and terrorist activities. The DoT’s statement elaborated on the rationale behind the new measures, which are being expedited within the Jammu and Kashmir telecom circle. Although officials acknowledge that deactivating all expired or fraudulent SIMs will take time, the initiative is regarded as a crucial step in dismantling the digital infrastructure utilized by terror networks to radicalize and manage operatives. Non-compliance with these regulations will result in stringent penalties under the Telecom Cyber Security Rules and other relevant laws.

Background of the Terror Module

The white terror module began to be exposed during the night of October 18-19, 2025, when posters of the banned group Jaish-e-Muhammad (JeM) appeared near Srinagar, threatening attacks on police and security forces in the region. Taking this threat seriously, Senior Superintendent of Police, Srinagar, G V Sundeep Chakravarthy, established several teams for a thorough investigation.

Arrests and Seizures

As the investigation progressed, it led to Al Falah University in Faridabad, Haryana, where two doctors—one from Koil in Pulwama and another from Lucknow—were arrested. Authorities also seized a substantial quantity of arms and ammunition, including 2,900 kg of ammonium nitrate, potassium nitrate, and sulfur. The car explosion incident near the Red Fort resulted in 15 fatalities and is currently under investigation by the National Investigation Agency (NIA).

All Health Conditions

Cancer

Chronic Pain

Chronic Systemic Conditions

Healthcare

Mens Health

Women's Health

All Wellness Topics

Age Well

Eat Well

Live Well

Well Body

All Clinical Trials

In The Pipeline

Magazine Archive

Patient Information

Pre Clinical Research

Category 1

Category 2

Category 3

Category 4

Category A

Category B

Category C

Category X

Category Y

All Medicine

Allergology and Immunology

Cardiology

Complementary and Alternative Medicine

Dentistry

Environmental Health

Gastroenterology