Red Fort Blast: Accused doctors used Ghost SIMs and encrypted apps

The officials said the probe into the terror module and the blast led to a web of “ghost” SIM cards being used by the arrested doctors as part of a tactical “dual-phone” protocol to evade security agencies.

Also Read:Delhi blast: Court sends 3 doctors, preacher arrested in Red Fort explosion case 12 days of judicial custody

Each accused, who was killed while driving the explosives-laden vehicle near the Red Fort, carried two to three mobile handsets, they said.

The accused carried one “clean” phone registered in their own names for routine personal and professional use to avoid suspicion, and a second one was the “terror phone” used exclusively for WhatsApp and Telegram communication with their handlers in Pakistan (identified by codenames ‘Ukasa’, ‘Faizan’, and ‘Hashmi’).

The SIM cards for these secondary devices were issued in the names of unsuspecting civilians whose Aadhaar details were misused, the officials said.

Jammu and Kashmir Police further unearthed a separate racket where SIMs were issued using fake Aadhaar cards, they said.

According to the officials, the security agencies noted a disturbing trend where these compromised SIMs remained active on messaging platforms across the border in PoK or Pakistan.

By exploiting features that allow messaging apps to run without a physical SIM in the device, the handlers were able to direct the module to learn IED assembly via YouTube and plot “hinterland” attacks, despite the recruits initially wanting to join conflict zones in Syria or Afghanistan, reports PTI.

To plug these security gaps, the Centre has invoked the Telecommunications Act, 2023, and Telecom Cyber Security Rules to “safeguard the integrity of the telecom ecosystem”, which includes a rule that, within 90 days, all Telecommunication Identifier User Entities (TIUEs) must ensure their apps function only if an active SIM is installed in the device.

The order further directs the telecom operators to automatically log out users from apps like WhatsApp, Telegram, and Signal in case of the absence of an active SIM, the officials said, adding that all service providers, including Snapchat, Sharechat, and Jiochat, must submit compliance reports to the DoT.

This feature of using apps without a SIM is posing a challenge to telecom cyber security as it is being misused from outside the country to commit cyber frauds and terror activities, the DoT statement had said while explaining the reasoning behind the move.

The directive is being fast-tracked in the J&K telecom circle.

While officials admit it will take time to deactivate all expired or fraudulent SIMs, the move is seen as a critical blow to the digital infrastructure used by terror networks to radicalise and manage operatives.

Failure to comply with these norms will attract stringent action under the Telecom Cyber Security Rules and other applicable laws, the officials said.

The white terror module began to unravel on the intervening night of October 18-19, 2025, when posters of the banned Jaish-e-Muhammad (JeM) appeared on walls just outside Srinagar city.

The posters warned of attacks on the Police and security forces in the Valley.

Treating it as a serious matter, Senior Superintendent of Police, Srinagar, G V Sundeep Chakravarthy formed several teams to conduct an in-depth investigation into the case.

After piecing together the statements of the arrested accused, the probe led the Srinagar police to Al Falah University in Haryana’s Faridabad, where two doctors, a resident of Koil in south Kashmir’s Pulwama and another from Lucknow, were arrested.

A huge quantity of arms and ammunition, including 2900 kg of ammonium nitrate, potassium nitrate, and sulphur, was also seized.

The car explosion case near the Red Fort claimed 15 lives and is being investigated by the National Investigation Agency.

Also Read:Delhi Blast Probe: NIA raids Lucknow home of alleged mastermind doctor