According to investigators, the three suspects involved in the Red Fort blast, Dr. Umar Un Nabi, Dr. Muzammil Ganaie, and Dr. Shaheen Shahid, shared information not only through Threema, a Swiss messaging app, but also planned their supposed and alleged terror operation using the same medium.
Threema is created to have utmost privacy. It does not need any phone number or even email to create an account, unlike many chat applications.
Rather, every user is assigned an arbitrary Threema ID, and it is extremely difficult to attach the identity or location of the user to their account.
Due to such anonymity, it is incredibly difficult to trace the person speaking, and that is the reason why investigators think that the suspects chose it.
How Threema Assisted Them to Remain Invisible
Strong End-to-End Encryption
Threema offers an end-to-end encryption of any form of content, including texts, calls, media, and documents. The implication of this is that the company that is behind the app is not able to read the messages as well.
Private Servers
Police sources believe that there might have been a separate Threema server used within the group of suspects. By this they supposedly distributed maps, plans, papers, and briefs through a closed setting in an environment undisturbed by other Threema users.
No Metadata Storage
Threema has been designed to hold very minimal metadata. It does not record detailed logs on who communicated to whom, when, and where.
Such absence of data complicates forensic reconstruction in a great way.
Message Deletion Features
The application enables one to delete messages at both ends of the communication.
Such a burn after reading feature implies that any important evidence could be destroyed forever, and this interferes with the process of investigation.
Bypassing Security Blocks
However, in spite of its ban in India (in May 2023, the government blocked it in Section 69A of the IT Act).
The investigators think that the suspects may have bypassed this ban either with VPNs or foreign servers, possibly dialing Threema outside the country or concealing their IP.
Anonymous Payments
One more secrecy is also based on the way Threema is bought. The users are allowed to make payments through Bitcoin or even send money to the Swiss office of the company through mail, and there is no definite financial trail.
The reason why this is a big deal to security agencies
- Tactical Planning: It is said that the suspects also communicated via Threema for not only chatting but also planning specific in-depth operations, including the exchange of maps, layouts, and coordination between them.
- Minimal Forensic Trace: Threema raised the bar, placing investigators in a position where they were unable to rebuild their communication timeline due to the minimal metadata and the option of deleting messages.
- Possible Private Infrastructure: In the event that the group did have a privately hosted Threema server, it would provide them with a very secure and reserved network that is more difficult to break into or keep logs of.
- Legal and Enforcement Problems: Despite Threema being prohibited, VPNs and offshore servers demonstrate the potential of digital tools to evade the national blocks.
The investigators are looking into the possibility that the private Threema server of the suspects was located in India or in another country.
They are also examining the devices that were captured to determine the extent to which the network has been penetrated as well as the involvement of other individuals in it.
The case demonstrates that the privacy enhancing concept of encrypted messaging applications can be abused by malicious individuals and pose a problem to national security agencies.
Critics propose that such tools should be more controlled, and the privacy advocates state that they should provide people with such guarantees as well.
first digital tools by the suspects of the Red Fort blast represents another chilling culture: terrorist or criminal groups are using them more and more to organize and stage attacks, and this means that they are much harder to detect, trace, and prosecute by law enforcement agencies due to their digitally safe nature.
