'White-Coat' Terror Module Used Unsent Emails to Evade Agencies

New Delhi: The probe into the 10/11 Red Fort blast now hinges on deciphering the covert codes used by a sophisticated terror module of “white coats,” who relied on unsent email drafts as their primary mode of communication to evade security agencies. With indications of a larger multi-city terror plot, investigators have launched a full-scale digital sweep across online platforms, including activity from social media sympathisers, to trace any digital footprints left behind by the “white-collar” network.

Sources said multiple specialised teams are monitoring public posts, videos, comments and online discussions round the clock to track anything from radicalisation patterns to misinformation or suspicious activity linked to the blast.

“Any unusual online behaviour is flagged and relayed immediately to field units,” an officer familiar with the investigation said. Inputs from social media cells are being forwarded directly to probe teams for instant verification.

Simultaneously, district police units have been instructed to continuously review CCTV footage across markets, border points, transit routes and sensitive installations. Station-level officers have been told to report any unusual movement to the control room without delay.

“CCTV checks and social media tracking are being carried out in parallel to ensure no clue is missed,” the officer added, noting that patrols and pickets across the city have been strengthened.

As surveillance intensifies, agencies are examining whether the accused had planned simultaneous strikes in four Indian cities. Police say the group consisted of medical professionals who combined encrypted online tools with low-tech stealth strategies to stay off the radar.

Investigators have found that the suspects, including Dr Umar Nabi, who drove the explosive-laden car; Dr Muzammil Ganaie; and Dr Shaheen Shahid, relied on unsent email drafts to communicate.

All members accessed a single email account. Instead of sending messages, they saved instructions as drafts. The intended recipient would log in, read the message and delete it. “Because no message was ever transmitted over a network, it left no traceable trail,” a source explained.

In addition, the accused used Threema, a Switzerland-based encrypted messaging app that does not require a phone number or email ID. Officials suspect the group even set up a private Threema server, enabling them to exchange sensitive documents, maps, layouts and coded instructions securely.

Police believe the combined use of draft emails, encrypted private servers and cash-based operations points to a highly cautious and technically adept terror network prepared to execute coordinated attacks.