Red Fort Blast: Accused Used Ghost SIMs to Contact Pak Handlers

Ghost SIM cards, officials explained, are illegally procured using fake identities and are commonly used by criminals and terror groups for fraud, scams and anti-national activities.

According to investigators, the probe into the white-collar terror module uncovered the use of multiple ghost SIM cards by the arrested doctors, including Muzammil Ganaie and Adeel Rather. The accused followed a tactical "dual-phone" protocol to evade surveillance by security agencies.

Investigators said each accused, including Dr Umar-un-Nabi, who was killed while driving the explosives-laden vehicle near the Red Fort, carried two to three mobile phones. One was a "clean" handset registered in their own names and used for routine personal and professional communication, while the other was a "terror phone" used exclusively for WhatsApp and Telegram contact with Pakistan-based handlers operating under codenames such as 'Ukasa', 'Faizan' and 'Hashmi'.

The SIM cards used in these secondary devices were allegedly issued in the names of unsuspecting civilians after misusing their Aadhaar details. The Jammu and Kashmir Police also unearthed a separate racket involving the issuance of SIM cards using fake Aadhaar documents.

Security agencies noted a disturbing trend in which these compromised SIMs remained active on messaging platforms even when operated from Pakistan or Pakistan-occupied Kashmir. By exploiting features that allow messaging applications to function without a physical SIM card in the device, handlers were able to guide recruits in assembling IEDs through online platforms such as YouTube and plan attacks in the hinterland, despite the recruits initially intending to join conflict zones in Syria or Afghanistan.

Officials said the findings of the probe formed the basis for a sweeping directive issued by the Department of Telecommunications on November 28 last year. The directive mandates that app-based communication services such as WhatsApp, Telegram and Signal must remain continuously linked to an active physical SIM card installed in the device.

To address the security gaps, the Centre has invoked the Telecommunications Act, 2023, along with the Telecom Cyber Security Rules, requiring that within 90 days all Telecommunication Identifier User Entities ensure their applications function only when an active SIM is present. The order also directs telecom operators to automatically log users out of messaging apps if no active SIM is detected and requires service providers, including Snapchat, ShareChat and JioChat, to submit compliance reports to the DoT.

The DoT said the misuse of SIM-less app features posed a serious challenge to telecom cyber security, as they were being exploited from outside the country for cyber fraud and terror activities. The directive is being fast-tracked in the Jammu and Kashmir telecom circle, and non-compliance will invite stringent action under applicable laws, officials added.