Foreign Handlers Used Encrypted Apps to Share Bomb-Making Instructions
Security agencies investigating the Red Fort blast terror module have uncovered that one of three alleged foreign handlers sent 42 detailed bomb-making videos to an arrested doctor using encrypted messaging applications. The videos were shared with Dr. Muzammil Ahmad Ganai, a 35-year-old medical professional from Faridabad's Al Falah Medical College, who has been identified as a key accused in the case.
Investigators revealed that the foreign handler using the pseudonym "Hanzullah" transmitted the instructional videos to Dr. Ganai, who allegedly arranged storage for explosives used by the terror module. The communication occurred through encrypted platforms that have become increasingly popular among terror operatives for their perceived security.
Multiple Handlers Under Scanner for Cross-Country Terror Links
The investigation has identified three primary handlers in the Delhi case - "Hanzullah", "Nisar", and "Ukasa" - all believed to be pseudonyms rather than real identities. Security agencies are now examining whether these handlers played roles in similar do-it-yourself (DIY) bombing incidents across India in recent years.
According to sources familiar with the probe in Karnataka, the roles and identities of these foreign-based handlers are being scrutinized for potential overlaps with other terror incidents involving similar operational methods. The handlers are believed to have not only helped the module construct explosives but also encouraged them toward suicide attack missions.
Dr. Ganai was arrested ten days before the actual blast occurred, and security forces recovered over 2,500 kg of explosive material from his premises, including 350 kg of ammonium nitrate. This massive haul has raised serious concerns about the scale of the planned attack.
Emerging Pattern of Remote Radicalization and Bomb-Making
The investigation has revealed a disturbing pattern of remote radicalization and bomb-making instruction through digital platforms. Among the persons of interest that has emerged is Mohammed Shahid Faisal, a foreign handler who uses multiple aliases including "Colonel," "Laptop Bhai," and "Bhai."
Faisal, believed to be an engineering graduate from Bengaluru who went missing in 2012, is suspected of coordinating with terror modules in Karnataka and Tamil Nadu to execute bombings since 2020. Investigators have linked him to several significant incidents:
- Coimbatore car suicide bomb blast on October 23, 2022
- Mangaluru autorickshaw "accidental" blast of November 20, 2022
- Bengaluru Rameshwaram Cafe blast of March 1, 2024
Security agencies believe Faisal initially fled to Pakistan after being identified in a Lashkar-e-Taiba-linked terror plot in Bengaluru and has more recently moved to the Syria-Turkey border region. His identity was formally established during the NIA probe into the Rameshwaram Cafe blast, where he has been named as an absconding accused.
Striking Similarities with Southern India Terror Incidents
The Red Fort blast investigation has uncovered remarkable similarities with previous terror incidents in South India, particularly the Coimbatore suicide car bomb blast of October 23, 2022. In that case, 28-year-old Jamesha Mubin, a mechanical engineering graduate, died in an early morning car explosion outside a temple.
Investigations revealed that Mubin had been radicalized by remote handlers and left behind three self-confession videos explaining his motives. Searches of properties linked to him led to the seizure of bomb-making materials including potassium nitrate, red phosphorus, PETN powder, and batteries.
The NIA probe into the Coimbatore case revealed that Mubin and his associates procured fertilizers like urea to derive explosives such as ammonium nitrate - mirroring the methods seen in the Delhi case. Both incidents involved the use of second-hand vehicles specifically purchased for bombing purposes.
Security sources in Karnataka familiar with both the Delhi probe and multiple terror investigations in South India noted: "There is a possibility of the Delhi incident being linked to recent incidents in Karnataka and Tamil Nadu through the remote handler. There are similarities in the operations at the handler level."
Common Digital Infrastructure for Terror Modules
The investigation has exposed a sophisticated digital infrastructure used by handlers to coordinate multiple terror modules across different states. The communication patterns show consistent use of encrypted messaging platforms like Signal, Session, and Telegram for both coordination and dissemination of bomb-making instructions.
According to sources familiar with probes in multiple states, "There were modules of youths created in Karnataka and Tamil Nadu using the front of the Islamic State during this period. There were also very similar modules operating in Delhi, Padgah and Pune. All these modules were acting in a similar way - trying to build IEDs on their own using everyday materials after online radicalization."
The pattern suggests that while these modules operated independently without direct contact with each other, they likely received guidance from common handlers, creating a decentralized but coordinated terror network.
Since the Delhi blast on November 10, security agencies have been questioning key suspects from Islamic State-linked modules associated with handler Faisal, who are currently lodged in prisons in Karnataka and Tamil Nadu. The objective is to ascertain the identities of the handlers involved in the Red Fort blast and potentially prevent future attacks using similar methodologies.
The case highlights the evolving nature of terror threats in India, where foreign-based handlers can radicalize and guide local modules through digital means, creating significant challenges for law enforcement and security agencies working to prevent such attacks.
