A recent car explosion near the historic Red Fort in Delhi has taken a concerning digital twist. Investigators have uncovered the communication trail of three doctors allegedly involved in the incident. These doctors, associated with Al Falah University in Faridabad, are said to have extensively used the Swiss messaging platform Threema to plan and coordinate the attack. The suspects, identified as Dr Umar Un Nabi, Dr Muzammil Ganaie, and Dr Shaheen Shahid, utilized the encrypted app due to its high level of anonymity and lack of conventional identifiers, making it challenging for authorities to track their activities.
Exploring the Threema Platform
Authorities suggest that the accused individuals established a closed communication network using Threema, known for its robust privacy features. Unlike other apps, Threema does not require personal contact details for registration; instead, users receive a unique ID for identification. This layer of anonymity enabled the suspects to operate discreetly.
According to sources, the trio possibly went a step further by setting up a private Threema server to exchange confidential information and instructions securely. This private network was allegedly used for detailed planning, including sharing locations and assigning tasks among the group.
Threema’s design facilitates covert communication by encrypting all data end-to-end, avoiding metadata storage, and enabling users to permanently delete messages from both devices. This feature complicates forensic efforts to recover chat histories or backups.
Investigators are currently probing whether the group’s Threema server operated within India or overseas. Initial findings suggest that the server may have been utilized for transmitting coded instructions and confidential documents within the module. Forensic analysis of seized devices aims to unveil the full network scope and identify any additional participants.
Threema’s Ban in India
The revelation of Threema’s involvement followed the discovery of two Telegram groups associated with the same group. Metadata extracted from encrypted conversations between Umar, Shaheen, and Muzammil is being scrutinized, albeit with limited data available due to the app’s minimal footprint.
Threema was banned in India in May 2023, as part of the government’s initiative to block foreign messaging apps under Section 69A of the IT Act. Investigations revealed that these platforms were exploited by Pakistan-based entities for spreading propaganda and coordinating activities within India.
The banned list included several apps like Zangi, Briar, Nandbox, Safeswiss, BChat, Element, Second Line, MediaFire, and IMO, chosen for their encryption-centric systems that thwarted monitoring efforts.
Despite the ban, authorities suspect that the accused individuals circumvented restrictions by using VPN services to conceal their location and reroute traffic through foreign servers. It is also believed that the suspects accessed the app freely during international travels, including to Turkey and the UAE.
Compounding investigators’ challenges is Threema’s payment model, which allows users to purchase