Delhi Red Fort Blast Probe Exposes Doctors' Ghost SIMs, Encrypted Apps & Pak Handlers in White-Collar Terror Plot

New Delhi (India) January 4,2026: Experts investigating the “white-collar” terror module underlying the blast near Delhi’s Red Fort on Nov. 10 last year said the highly educated doctors had relied on a complex network of “ghost” SIM cards and encrypted apps to work with Pakistani handlers, officials said on Sunday. 

Dual-Phone Tactics: Clean vs Terror Handsets

Investigators said probing the “white-collar” terror module triggered a network of “ghost” SIM cards used by the arrested doctors, including Muzammil Ganaie, Adeel Rather and other suspects, as part of a tactical “dual-phone” plan to elude security agencies. 

The accused reportedly carried one “clean” phone, registered using their own names for frequent personal and professional use, to deflect suspicion, and another was the “terror phone,” used only for WhatsApp, Telegram, and exchange of messages with their handlers in Pakistan. Each accused, including Dr Umar-un-Nabi, who died while driving an explosives-laden vehicle next to the Red Fort, was carrying two to three mobile handsets, they said. 

YouTube IED Lessons and Hinterland Targets

The officials said this trend became clear as security agencies reported these compromised SIMs had been active on messaging platforms across the border in Pakistan-occupied Kashmir (PoK) or Pakistan. 

Using features that enable messaging apps to operate without a real SIM in the device, the handlers instructed the module to learn how to assemble an IED from YouTube and to plan "hinterland" attacks, even while the recruits initially intended to join conflict zones in Syria or Afghanistan. 

What is a Ghost SIM?

A ghost SIM card is a mobile connection illegally issued or fraudulently switched on without being associated with the real user, security officials said. Those SIMs are mostly obtained through forged or misused identity documents (including Aadhaar numbers of unsuspecting civilians) or through bulk activations that skip verification norms. 

The criminals and terror operatives can use encryption messaging apps to communicate and use these numbers, investigators say, but they remain mostly unrevealed, becoming a daunting challenge to telecom surveillance and law enforcement agencies. 

New Telecom Rules to Crush Ghost SIM Menace

To address vulnerabilities in the telecoms industry, the Centre implemented the Telecommunications Act, 2023 and the Telecom Cyber Security Rules to protect the integrity of the telecom ecosystem. The new mechanism ensures TIUEs have 90 days to verify that their activities are only available when there's an active SIM card on the device. 

The order also directs telecom operators to automatically remove clients from applications including WhatsApp, Telegram and Signal if no active SIM is found. Messaging and social media platforms – Snapchat, Sharechat and Jiochat – have been invited to submit compliance reports to the DoT. 

Red Fort Blast: 13 Dead in Rush-Hour Horror

The explosion occurred on November 10, 2025, near Gate 1 of the Red Fort Metro Station during the evening rush hour. A powerful car bomb exploded at a traffic signal, killing 13 people and wounding at least 20 others. 

The explosion involved a Hyundai i20 car driven by a suspected terrorist, Dr Umar Nabi. The group was supposed to be planning strikes akin to the 26/11 Mumbai attacks and had carried out reconnaissance of key targets such as the Constitution Club and the Gauri Shankar Temple, according to security agencies. CCTV footage showed the time of the explosion and has been used as crucial evidence.