Explanium

Red Fort Blast Probe: How ‘Ghost’ SIM Cards Enabled Cross-Border Terror Communication

by

Explanium Desk
in

What Happened

Investigations into the blast near Delhi’s Red Fort on November 10, 2025, have revealed that the accused used “ghost” SIM cards and encrypted messaging applications to communicate with handlers based in Pakistan. Security agencies say this communication method played a key role in planning and executing the attack.

Context: Why This Method Was Used

Terror networks increasingly rely on digital communication to avoid detection by security agencies. In this case, investigators found that the accused were part of a “white-collar” terror module comprising highly educated individuals, including doctors. Instead of traditional communication channels, they used advanced digital tactics to stay anonymous and operate across borders.

Messaging applications such as WhatsApp, Telegram, and Signal allow users to continue accessing accounts even when the physical SIM card is removed from the device. This feature, meant for user convenience, was exploited to maintain cross-border communication without active telecom links in India. As a result, handlers based outside the country could guide activities while reducing the risk of interception.

The case exposed gaps in telecom oversight, particularly the misuse of SIM cards issued using stolen or fake identity documents. It also highlighted how digital tools are being adapted for terror coordination beyond conventional conflict zones.

Key Findings From the Investigation

Use of “Ghost” SIM Cards

Investigators found that the accused used SIM cards issued in the names of unsuspecting civilians. In several cases, Aadhaar details were misused or fake identity documents were used to obtain these SIMs. Such cards are commonly referred to as “ghost” SIM cards because they cannot be easily traced to the actual user.

Dual-Phone Strategy

Each accused reportedly carried two or more mobile phones.

  • One phone was registered in their own name and used for routine personal or professional communication.
  • The second phone was used exclusively for encrypted messaging with handlers based in Pakistan and Pakistan-occupied Kashmir.

This separation helped them avoid suspicion while maintaining secure contact with terror coordinators.

Encrypted App Communication

The handlers communicated through encrypted platforms and directed recruits to learn activities such as IED assembly using online sources. Even after SIM cards became inactive in India, the messaging apps continued to function abroad, allowing uninterrupted coordination.

Government Response and Regulatory Changes

To address these security gaps, the government has invoked provisions under the Telecommunications Act, 2023, and related Telecom Cyber Security Rules.

Under new directives issued by the Department of Telecommunications:

  • App-based communication services must remain continuously linked to an active physical SIM card installed in the device.
  • If a SIM becomes inactive or is removed, users will be automatically logged out of messaging apps.
  • Telecom operators and app service providers must submit compliance reports to the government.
  • Non-compliance will attract action under existing telecom and cybersecurity laws.

The directive is being fast-tracked in sensitive regions such as Jammu and Kashmir, where misuse of telecom infrastructure has posed repeated security challenges.

Why This Matters

For citizens, the misuse of SIM cards raises concerns about identity theft and personal data security.
For governance, the case exposes vulnerabilities in telecom verification systems and digital oversight.
For policy, it underscores the need to balance privacy, convenience, and national security.
For the future, tighter regulation of digital communication tools may reshape how messaging platforms operate in India.

What Readers Should Understand

The Red Fort blast investigation shows how modern terror networks exploit digital loopholes rather than relying solely on physical networks. “Ghost” SIM cards and app-based communication allowed handlers outside India to coordinate attacks while reducing traceability.

The government’s response signals a shift toward stronger telecom cybersecurity measures. How effectively these rules are implemented will determine whether such digital misuse can be prevented without disrupting legitimate communication.