A chilling investigation into a terror blast near Delhi's historic Red Fort has forced the government to tighten digital security, unveiling a sophisticated network that exploited 'ghost' SIM cards and encrypted apps. The probe, which followed the explosion on November 10 last year, revealed how a highly educated, 'white-collar' terror module maintained covert contact with handlers in Pakistan, leading to a sweeping new mandate from the Department of Telecommunications (DoT).
The Ghost SIM Network and Dual-Phone Tactic
Security officials detailed that the accused, which included several highly educated doctors, relied on mobile connections that were illegally issued or activated without being linked to the real user. These 'ghost' SIM cards were typically obtained by misusing Aadhaar details of unsuspecting citizens or through bulk activations that bypassed verification, creating a significant hurdle for surveillance agencies.
The module followed a meticulous 'dual-phone' protocol. Each member carried multiple devices. A primary 'clean' phone, registered in their own name, was used for normal personal and professional communication to avoid raising red flags. A separate 'terror phone' was reserved exclusively for encrypted chats with Pakistani handlers on platforms like WhatsApp and Telegram, using the ghost SIMs issued in others' names.
Government Clamps Down with New Telecom Rules
In response to these vulnerabilities, the Centre invoked the Telecommunications Act, 2023, and Telecom Cyber Security Rules. On November 28, the DoT issued a directive requiring app-based communication services to function only when linked to an active physical SIM card inside the device. Telecommunication Identifier User Entities (TIUEs) have been given 90 days to comply.
The order mandates telecom operators to automatically log users out of platforms such as WhatsApp, Telegram, and Signal if no active SIM is detected. Popular apps including Snapchat, Sharechat, and Jiochat must submit compliance reports. The directive is being fast-tracked in the Jammu and Kashmir telecom circle, with failure to comply attracting stringent legal action.
Unraveling the White-Collar Terror Module
The module began to unravel after posters of the banned Jaish-e-Mohammad (JeM) appeared in Srinagar on the night of October 18-19, 2025. A subsequent probe led by Srinagar SSP GV Sundeep Chakravarthy uncovered the network. Arrests included Muzammil Ganaie and Adeel Rather. Another key accused, Dr Umar-un-Nabi, was killed while driving an explosives-laden vehicle near the Red Fort. Pakistani handlers used codenames like 'Ukasa', 'Faizan', and 'Hashmi'.
Investigators found that the operatives were directed to learn IED assembly online and plan 'hinterland' attacks. A massive cache of materials, including 2,900 kg of ammonium nitrate, potassium nitrate, and sulphur, was seized from links to Al Falah University in Faridabad. The tragic car explosion near the Red Fort, which claimed 15 lives, is under investigation by the National Investigation Agency (NIA).
This new DoT rule aims to deliver a critical blow to the digital infrastructure that allows terror networks to radicalize and manage operatives remotely, marking a significant shift in India's telecom cybersecurity landscape.
