By utilizing advanced Technical methods, Indian intelligence agencies successfully exposed a hoax bomb threat campaign targeting schools in Delhi and Ahmedabad. Investigation was conducted with assistance from Intelligence Bureau (IB), Anti Terrorist Squad (ATS), NTRO, R&AW and other central agencies.
The mass emails, sent to 32 schools in Ahmedabad city and four schools in Ahmedabad rural, were sent through a Russian domain (mail.ru), specifically from the email address “tauheedl@mail.ru,” and was termed as “hoax” by the police the same day after searches were conducted by bomb detection and disposal squad, dog squad and Crime Branch teams on the premises of the schools. The mails were also received days after more than 100 schools in Delhi-NCR received similar threats from the same Russian domain.. The Ministry of Home Affairs (MHA) promptly issued a statement labelling the emails a “hoax,” urging the public not to succumb to panic. The MHA reassured citizens that the Delhi Police and security agencies were taking necessary steps per protocol.
A technical surveillance was then initiated to trace the sender of the email. The intelligence agency employed advanced infiltration techniques and a social engineering tactic known as “honeytrap” to identify the perpetrator.
Investigators discovered the emails originated from mail.ru addresses linked to a chat platform owned by a Russian firm. Then Delhi Police approached the Ministry of Home Affairs(MHA) and, subsequently, the court to request a Letter Rogatory (LR) to Russia, seeking information about the email ID responsible for sending bomb threats to schools in Delhi-NCR. They have already sought assistance from Interpol through the Central Bureau of Investigation (CBI). Russian intelligence reportedly shared crucial information that aided the investigation.
The findings, including the suspect’s location within a Pakistani military cantonment, bolster suspicions of Pakistani involvement, possibly backed by Chinese intelligence. The culprit, traced to Faislabad, Pakistan, is suspected to be an agent of Pakistan’s ISI intelligence agency. Indian authorities in Delhi and Gujarat have been informed of the initial investigation results. Both bomb threats exhibited similar characteristics. The Delhi emails, signed with the term “Sawarim” associated with ISIS propaganda, included religious verses. The Ahmedabad emails originated from the “tauheedl@mail.ru” address, with the sender identifying himself as a “Tauheed Warrior” threatening suicide attacks. Investigators traced the “tauheedl” address to an account belonging to “Tauheed Liyaqat,” linked to another account under the name “Ahmad Javed.” Both accounts exhibited activity on gaming platforms and assumed different identities on various social media platforms such as Snapchat, Twitter, ICQ (cross-platform instant messaging software).
Indian Military News 