The Hindu: Published on 20th November 2025.
Why in News?
A deadly car explosion near Delhi’s Red Fort on November 10 killed at least 15 people and injured over 30. Investigations revealed that the attack was executed using advanced digital tradecraft such as encrypted communication, private servers, VPNs, and spy-style email techniques. This signals a new frontier in terrorism where battles extend into encrypted digital spaces, not just physical locations.
What Happened?
The blast occurred near Gate No. 1 of the Red Fort Metro Station. It was immediately treated as a terror attack, and the National Investigation Agency (NIA) took over the case. Three doctors linked to Al Falah University in Faridabad—Dr. Umar Un Nabi, Dr. Muzammil Ganaie, and Dr. Shaheen Shahid—were identified as key suspects, allegedly deeply involved in planning the attack.
Major Findings:
Investigators discovered that the suspects used the encrypted messaging app Threema, possibly through a private server, to share maps, layouts, and instructions. The app requires no phone or email identity and allows deletion of messages from both sides, leaving almost no trace.
The accused also used a spy-style method known as “dead-drop emails,” where messages were written in the draft folder of a shared account without ever being sent. The second person would log in, read or edit the draft, and delete it, leaving no record of communication.
They maintained strict operational discipline: conducting recce missions, stockpiling ammonium nitrate through a familiar vehicle to avoid suspicion, and switching off devices to erase trails. There may also be links to JeM-inspired networks, indicating trained and structured planning.
Link to Academic Scholarship:
Counter-terrorism researchers have long warned that extremist groups would merge physical attacks with advanced digital secrecy. The blending of encrypted apps, private servers, VPNs, physical reconnaissance, and minimal digital footprints aligns exactly with academic predictions of multi-domain terrorism.
Implications:
Traditional surveillance tools such as phone tapping, metadata tracking, and email interception are becoming ineffective. Apps like Threema remain usable despite bans, through VPNs. Normal device seizures may not yield data due to message deletion and self-hosted servers. This demands new investigative structures focused on digital forensics and server tracing.
Policy Solutions:
Governments must build specialized digital forensic teams skilled in encrypted network analysis, memory forensics, and private server tracking. New regulations are needed to govern self-hosted communication platforms with lawful access provisions. Counter-terror laws must evolve to address digital dead-drops, VPN misuse, and decentralised communication. Universities and professional institutions should develop counter-radicalisation programmes, as the suspects were doctors. International cooperation and tech diplomacy must strengthen access to foreign servers and encrypted platforms used for terror operations.
What Next?
The Red Fort blast makes it clear that modern terrorism is no longer limited to bombs and ideology — it now operates through code, servers, VPNs, and anonymous platforms. Democracies must build sophisticated cyber-forensic and legal tools to safeguard their societies, balancing security with civil liberties.
