Terrorist Network Using 'Ghost SIMs' to Evade Detection in Delhi Red Fort Blast

Dual-Phone System Exposed

The Delhi Red Fort blast, which claimed the lives of 15 individuals, is now being linked to a sophisticated terror network involving highly educated individuals. Officials revealed that members of the “white-collar” terror module behind the attack relied on a dual-phone system. Each individual carried two or three mobile phones: one for regular personal use, and another, a “terror phone,” dedicated solely to communication with handlers based in Pakistan.

The terror phones were used to send messages via encrypted platforms like WhatsApp and Telegram, facilitating coordination with handlers. These communications were often encrypted to prevent detection by security agencies.

Use of 'Ghost SIMs'

A key feature in this operation was the use of so-called "ghost SIM cards." These are SIM cards either unregistered or linked to fake identities, often activated with stolen or fabricated documents. Some SIMs were even cloned or used as eSIMs to further evade detection.

The terrorists exploited a critical vulnerability in telecom infrastructure, allowing them to communicate without the need for a physical SIM card. This loophole enabled their devices to function even when SIM cards were absent, bypassing traditional security checks. The SIMs were reportedly issued using the Aadhaar details of unsuspecting individuals, many of which were misused in Jammu and Kashmir.

New Rules to Combat the Threat

In response to this growing security threat, the Department of Telecommunications (DoT) has introduced stringent regulations aimed at eliminating the use of ghost SIM cards. As of November 28, 2025, messaging apps like WhatsApp, Telegram, and Signal must now require an active SIM card to function. The new rules mandate that if the SIM is removed from a device, these apps will cease to operate. The rules will also ensure that users logging in via computers must log out every six hours, after which they will need to reauthenticate using a QR code.

The rules are part of the government's broader effort to address telecom vulnerabilities, with particular attention on their exploitation for digital fraud and terrorism. This directive aligns with the Telecommunications Act of 2023 and Telecom Cybersecurity Rules, which aim to safeguard the integrity of India’s telecom ecosystem.

Security Challenges and Investigations

The investigation into the Red Fort attack also revealed how security agencies traced the origins of the terror network. The plot began to unfold when posters of the banned group Jaish-e-Mohammed (JeM) appeared in Srinagar in October 2025, threatening attacks on police and security forces. A series of investigations led to the arrest of key suspects, including two doctors, Ghani and Shaheen Saeed, who were involved in planning the attacks.

Authorities seized large quantities of explosives, including ammonium nitrate and potassium nitrate, during the operation. These materials were allegedly intended for use in improvised explosive devices (IEDs), further highlighting the sophistication of the terror network.

Telecom Vulnerabilities Under Scrutiny

Officials also uncovered a disturbing pattern of SIM cards linked to Pakistan-based terror operations. These compromised SIMs were found to remain active even when the devices were operated from Pakistan-occupied Kashmir (PoK) or Pakistan, posing a significant security threat.

The use of messaging platforms without a physical SIM card has raised alarms across Indian security agencies, as it provides a way for terror groups to operate undetected. The Department of Telecommunications’ recent directive aims to close this gap by mandating SIM card binding for these platforms, ensuring they can only be used on devices with a registered active SIM.

Impact on Terror Networks and Cybersecurity

The implementation of these new telecom rules is seen as a significant step in combating the digital infrastructure used by terror networks. The use of encrypted messaging apps by terrorist groups is not new, but the ability to use them without an active SIM card had made detection more difficult. The new regulations are expected to disrupt the ability of terror groups to manage operations remotely, particularly from locations outside of India.

Furthermore, security agencies have noted that similar methods have been used for cyber fraud and other criminal activities, making the new measures even more critical for national security.

Context:

The rise of “ghost SIM cards” is not only a threat to national security but also highlights broader vulnerabilities in digital communication systems. The telecom industry has long been scrutinised for its role in cybercrime, fraud, and terrorism. By implementing stricter regulations on SIM cards and messaging platforms, the Indian government aims to close these loopholes and ensure that communication apps cannot be misused for illegal or harmful activities.

Historically, similar security breaches have been observed in other countries, where terror groups have used digital platforms to recruit, plan, and execute attacks. The Indian government's new measures are part of a global push to enhance telecom cybersecurity and prevent the misuse of digital infrastructure by malicious actors.