Red Fort Blast: Accused Used ‘Ghost’ SIMs To Coordinate With Pakistani Handlers

Srinagar/New Delhi, Jan 4: Investigations into the blast near Delhi’s Red Fort on November 10 last year have revealed that a “white-collar” terror module comprising highly educated doctors used a sophisticated network of “ghost” SIM cards and encrypted messaging applications to communicate with Pakistani handlers, officials said on Sunday.

Officials said the findings of the probe prompted the Department of Telecommunications (DoT) to issue a directive on November 28, mandating that app-based communication services such as WhatsApp, Telegram and Signal must remain continuously linked to an active physical SIM card installed in the device.

According to investigators, the arrested doctors—including Muzammil Ganaie, Adeel Rather and others—followed a tactical “dual-phone” protocol to evade detection. Each accused carried two to three mobile phones, including Dr Umar-un-Nabi, who was killed while driving the explosives-laden vehicle near the Red Fort.

One handset was a “clean” phone registered in the accused’s own name for routine personal and professional use, while the second, referred to as a “terror phone,” was used exclusively for WhatsApp and Telegram communication with Pakistani handlers identified by codenames ‘Ukasa’, ‘Faizan’ and ‘Hashmi’.

Officials said the SIM cards used in these secondary devices were issued in the names of unsuspecting civilians by misusing their Aadhaar details. Jammu and Kashmir Police also uncovered a parallel racket in which SIM cards were issued using fake Aadhaar credentials.

Security agencies observed that several of these compromised SIMs remained active on messaging platforms across the border in Pakistan or Pakistan-occupied Kashmir (PoK). By exploiting features that allow messaging apps to function without a physical SIM in the device, handlers were able to guide the module, including instructing recruits to learn IED assembly through online platforms and plan attacks in India’s hinterland.

To plug these gaps, the Centre invoked the Telecommunications Act, 2023, along with Telecom Cyber Security Rules, requiring that within 90 days all Telecommunication Identifier User Entities ensure their apps function only when an active SIM is installed. The order also directs telecom operators to automatically log out users from messaging apps in the absence of an active SIM.

Officials said service providers, including WhatsApp, Telegram, Signal, Snapchat, Sharechat and Jiochat, have been directed to submit compliance reports to the DoT. The directive is being fast-tracked in the Jammu and Kashmir telecom circle.

The DoT noted that the use of apps without SIM cards poses serious cyber security challenges, as the feature is being exploited for terror activities and cyber fraud from outside the country. Non-compliance will invite stringent action under telecom security rules, officials warned.

The “white-collar” terror module came to light after Jaish-e-Mohammad posters surfaced on walls outside Srinagar city on the night of October 18–19, 2025, threatening attacks on security forces. Srinagar SSP G V Sundeep Chakravarthy formed multiple teams to investigate the case.

The probe eventually led police to Al Falah University in Faridabad, Haryana, where two doctors—Muzammil Ganaie of Pulwama and Shaheen Sayeed of Lucknow—were arrested. A large cache of arms and ammunition, including 2,900 kg of ammonium nitrate, potassium nitrate and sulphur, was seized.

The Red Fort car explosion, which claimed 15 lives, is being investigated by the National Investigation Agency. (Agencies)