How Terrorists Used Encrypted Swiss App Threema to Plan Delhi Red Fort Blast Conspiracy

Threema does not require a phone number or email ID for registration

New Delhi:

The three doctors associated with Al Falah University in Faridabad, who are under investigation for the fatal car explosion near the Red Fort on Monday evening, maintained regular communication through a Swiss messaging application called Threema, according to police statements on Thursday.

The suspects - Dr Umar Un Nabi, Dr Muzammil Ganaie, and Dr Shaheen Shahid - reportedly utilized this encrypted messaging platform to organize and coordinate their activities related to the terror plot.

Investigators believe that Umar, who was driving the car that exploded on Monday, along with his associates, used a red EcoSport vehicle, which has been confiscated from Faridabad, to gradually transport and store ammonium nitrate.

Sources describe Umar as the most radicalized member of the group and the connecting link between all the doctors. He allegedly turned off his phones and cut digital connections following the arrest of Muzammil and others involved in the terror conspiracy.

The death toll from the blast near the Red Fort increased to 13 on Thursday after another injured individual succumbed at LNJP Hospital, while numerous others remain hospitalized, an official confirmed.

The suspects had conducted multiple reconnaissance missions in the capital. The group was planning several serial explosions and was waiting for final instructions from their handlers when they were apprehended.

"Unlike conventional messaging platforms, Threema does not require a phone number or email ID for registration, making it extremely difficult to trace the users," a source explained.

The application assigns each user a unique identifier not connected to any mobile number or SIM card and provides end-to-end encryption with the option to operate on private servers.

Investigators suspect the accused doctors established a private Threema server for secure communication to avoid detection. This server was allegedly used to exchange sensitive documents, maps, and layouts connected to the Delhi blast conspiracy.

"Detailed planning, including location sharing and task allocation, is believed to have been conducted through this private network," added a police source.

The trio reportedly employed the app for encrypted text messages, document and design sharing, and voice communication instead of using standard mobile networks.

For enhanced secrecy, Threema allows messages to be deleted from both sides and does not retain metadata, further complicating forensic recovery, the source noted.

Agencies believe this closed Threema network played a significant role in planning and coordinating the blast.

Investigators are now working to determine whether the private server used by the group was located within India or abroad, and if other members of the module had access to it.

Initial findings indicate the app was used to transfer restricted material and coded messages among members of the terror module, officials stated.

Police have also discovered that approximately 32 vehicles were being prepared to carry out explosions near historic locations and vital installations in the national capital.

While one vehicle exploded in the blast near the Red Fort, three others have been seized by police so far.