New Delhi : The investigation into the blast that took place near Delhi’s historic Red Fort on November 10 last year has revealed shocking details. Security agencies have found that the terrorist module involved in the attack was in direct contact with handlers based in Pakistan through the use of so-called ‘ghost SIM’ cards and encrypted messaging applications.
According to officials, these SIM cards were not registered in the names of the actual users. Instead, they were illegally issued or fraudulently activated using fake or misused identity documents, making it extremely difficult for law-enforcement agencies to trace the communication.
Highly Educated Terror Module
Investigators said the module consisted of well-educated individuals, including professionals such as doctors, who lived seemingly normal lives while secretly coordinating terrorist activities. To conceal their identities, they relied on illegally procured SIM cards and multiple mobile phones.
What Is a ‘Ghost SIM’?
Security officials define a ‘ghost SIM’ as a mobile connection obtained through illegal means or fraudulent verification processes. These SIM cards are often activated using fake documents or misused Aadhaar details of unsuspecting citizens. Since they are not directly linked to the real user, such SIMs allow terrorists and criminals to communicate freely without easy detection, posing a serious challenge to telecom surveillance and law-enforcement agencies.
The ‘Two-Phone’ Strategy
The probe also exposed a specific operational tactic known as the ‘two-phone method’. Each terrorist carried two or sometimes three mobile phones. One phone was registered in their own name and used for regular personal and professional communication to avoid suspicion. The second phone, referred to by investigators as the “terror phone,” was used exclusively to communicate with Pakistan-based handlers via encrypted platforms like WhatsApp and Telegram using ghost SIM cards.
Officials revealed that the SIM cards used in these terror phones were issued in the names of ordinary citizens whose Aadhaar data had been misused.
DoT Issues Strict Order
Based on the findings of this investigation, the Department of Telecommunications (DoT) issued a major order on November 28. As per the directive, app-based communication services such as WhatsApp, Telegram and Signal must remain linked to an active physical SIM card installed in the device, a move aimed at curbing the misuse of ghost SIMs.
Pakistan Links and Arrests
The handlers based in Pakistan were identified by code names such as ‘Ukasa’, ‘Faizan’ and ‘Hashmi’. In a related development, Jammu and Kashmir Police uncovered a separate racket involved in issuing SIM cards using fake Aadhaar cards. Accused individuals, including Muzammil Ganai and Adeel Rathar, were arrested. The main accused, Dr Umar-un-Nabi, was killed while driving an explosives-laden vehicle near the Red Fort.
Security agencies have stated that the growing use of ghost SIM cards and encrypted communication platforms has emerged as a major threat to national security. Authorities are now strengthening monitoring mechanisms to prevent such misuse and dismantle terror networks more effectively.