Home

National

How a Network of Doctors Used Ghost SIMs in the Red Fort Blast Investigation

The investigation into the Red Fort blast has unveiled a sophisticated terror network involving highly educated doctors who utilized ghost SIM cards and encrypted apps to communicate with handlers in Pakistan. This alarming discovery has led to new directives from the Department of Telecommunications aimed at enhancing telecom security. The probe revealed a dual-phone system used by the suspects to evade detection, raising significant concerns about the misuse of technology for terror activities. As authorities work to dismantle this network, the implications for national security are profound, with the National Investigation Agency now involved in the case. Read on to learn more about this intricate web of deception and the ongoing efforts to combat such threats.
By Narendra Chaudhary | Jan 4, 2026, 14:50 IST
How a Network of Doctors Used Ghost SIMs in the Red Fort Blast Investigation

Investigating the White-Collar Terror Module


Recent investigations into the terror module linked to the November 10 blast near Delhi's Red Fort have revealed that a group of highly educated doctors utilized a complex network of 'ghost' SIM cards and encrypted applications to communicate with handlers based in Pakistan, according to officials on Sunday.


The findings from these investigations prompted the Department of Telecommunications (DoT) to issue a significant directive on November 28, mandating that communication services reliant on apps like WhatsApp, Telegram, and Signal must be connected to an active physical SIM card within the device.


Authorities indicated that the inquiry into this 'white-collar' terror group, which included individuals like Muzammil Ganaie and Adeel Rather, uncovered their use of 'ghost' SIM cards as part of a strategic 'dual-phone' system designed to evade detection by security forces.


Each suspect, including Dr. Umar-un-Nabi, who died while driving an explosives-laden vehicle near the Red Fort, was found to possess two to three mobile devices.


They maintained one 'clean' phone registered in their names for everyday personal and professional communications to avoid raising suspicion, while the other served as a 'terror phone' dedicated solely to messaging with their Pakistani handlers, who were identified by codenames such as 'Ukasa', 'Faizan', and 'Hashmi'.


The SIM cards for these secondary devices were fraudulently issued in the names of unsuspecting civilians, with their Aadhaar details misappropriated, officials reported.


Additionally, the Jammu and Kashmir Police uncovered a separate scheme where SIM cards were issued using counterfeit Aadhaar cards.


Security agencies have observed a concerning trend where these compromised SIMs remain operational on messaging platforms in Pakistan-occupied Kashmir (PoK) or Pakistan.


By taking advantage of features that allow messaging applications to function without a physical SIM, handlers were able to instruct the module on IED assembly through YouTube and plan attacks in the hinterland, despite initial intentions of recruits to join conflict zones in Syria or Afghanistan.


To address these security vulnerabilities, the Centre has invoked the Telecommunications Act of 2023 and the Telecom Cyber Security Rules to 'protect the integrity of the telecom ecosystem'. This includes a stipulation that all Telecommunication Identifier User Entities (TIUEs) must ensure their apps operate only with an active SIM installed within 90 days.


The directive also instructs telecom operators to automatically log users out of apps like WhatsApp, Telegram, and Signal if an active SIM is not present, with all service providers, including Snapchat, Sharechat, and Jiochat, required to submit compliance reports to the DoT.


The ability to use apps without a SIM card poses a significant challenge to telecom cybersecurity, as it is being exploited from abroad to facilitate cyber fraud and terrorist activities, as explained in the DoT's statement regarding the rationale behind this initiative.


This directive is being expedited in the Jammu and Kashmir telecom sector. While officials acknowledge that it will take time to deactivate all expired or fraudulent SIMs, this action is viewed as a crucial blow to the digital infrastructure utilized by terror networks to radicalize and manage 'white-collar' operatives.


Non-compliance with these regulations will result in severe penalties under the Telecom Cyber Security Rules and other relevant laws, officials warned.


The 'white-collar' terror module began to come to light during the night of October 18-19, 2025, when posters from the banned Jaish-e-Mohammad (JeM) appeared on walls near Srinagar, threatening attacks on police and security personnel in the region.


Taking this matter seriously, Senior Superintendent of Police, Srinagar, G V Sundeep Chakravarthy, established multiple teams to conduct a thorough investigation.


The investigation, piecing together statements from the arrested suspects, led the Srinagar police to Al Falah University in Faridabad, Haryana, where two doctors, Ganaie from Pulwama and Shaheen Sayeed from Lucknow, were apprehended. A substantial cache of arms and ammunition, including 2,900 kg of ammonium nitrate, potassium nitrate, and sulfur, was also confiscated.


The car explosion incident near the Red Fort resulted in 15 fatalities and is currently under investigation by the National Investigation Agency.


Latest News

Politics

Entertainment

Sports

Science/Tech

Around The Web