Delhi blast: How suspects used Threema app to share maps, plans
The three suspects – Dr. Umar Un Nabi, Dr. Muzammil Ganaie, and Dr. Shaheen Shahid – allegedly used the encrypted messaging app
The Delhi Police on Thursday (November 13) said that the three doctors linked to Faridabad’s Al Falah University, who are under scanner for the deadly car blast near the Red Fort, were in constant contact through a Swiss communication app called Threema.
The three suspects – Dr. Umar Un Nabi, Dr. Muzammil Ganaie, and Dr. Shaheen Shahid – allegedly used the encrypted messaging app, which is listed as a paid application on Google Play Store, to plan and coordinate their activities related to the terror conspiracy, they said.
Investigators also suspect that Umar, the man behind the wheel of the car that exploded on Monday evening (November 10), and his team used a red EcoSport car, which has been seized from Faridabad, to transport and stockpile ammonium nitrate over time.
Group planned multiple serial blasts
Describing Umar as the most radicalised member of the module and the bridge between all the doctors, sources said he allegedly switched off his phones and snapped digital contacts after the arrest of Muzammil and others connected to the terror conspiracy.
Also read: Hyderabad doctor’s ricin terror plot: Probe reveals laboratory at home
The suspects had conducted several recce in the capital. The group was planning multiple serial blasts and was awaiting final orders from its handlers at the time it was busted.
“Unlike conventional messaging platforms, Threema does not require a phone number or email ID for registration, making it extremely difficult to trace the users,” a source told PTI.
App not linked to mobile number or SIM
The app assigns each user a unique ID not linked to any mobile number or SIM card and offers end-to-end encryption with an option to be run on private servers.
Also read: Congress seeks all-party meet on Delhi blast, Parliament's Winter Session to be advanced
Investigators suspect the accused doctors set up a private Threema server to communicate securely and evade detection. This server was allegedly used to share sensitive documents, maps, and layouts related to the Delhi blast conspiracy.
“Detailed planning, including location sharing and task allocation, is believed to have been conducted through this private network,” a police source added.
The trio reportedly used the app for encrypted text chats, sharing of documents and designs, and voice communication instead of relying on standard mobile networks.
Threema played ‘crucial role’
For additional secrecy, Threema allows messages to be deleted from both ends and does not store metadata, further complicating forensic retrieval, the source added.
Agencies believe this closed Threema network played a crucial role in the planning and coordination of the blast.
Investigators are now working to determine whether the private server used by the group was hosted inside India or abroad, and whether other members of the module had access to it.
Preliminary findings suggest the app was used to transfer restricted material and coded messages among the members of the terror module, officials said.
Police have also found that around 32 cars were being prepared to carry out blasts near historic locations and vital installations in the national capital.
While one car went off in the blast near the Red Fort, three others have been seized by police so far.
(With agency inputs)