The Threema app's connection to the Red Fort blast investigation: Learn about this Swiss messaging platform and why it's banned in India.
The investigation into the car blast near Delhi's Red Fort has now taken a digital turn. The investigation revealed that the accused exploited Threema's infrastructure to create a closed and secure communication circuit.
Threema App: The investigation into the car blast near Delhi's Red Fort has now taken a digital turn. Security forces have linked the communications of three doctors involved in the attack—Dr. Umar Un Nabi, Dr. Muzaffar Ganai, and Dr. Shaheen Shahid—to a little-known Swiss messaging platform, Threema. According to the police, all the accused are said to be associated with Al-Falah University in Faridabad and were in constant contact with each other through the app before the blast. Threema's deep encryption and completely anonymous identity system made them extremely difficult to track.
Threema's Secret Network
The investigation revealed that the accused exploited Threema's infrastructure to create a closed and secure communication network. The app requires neither a mobile number nor an email address, and a random email address serves as a complete identity. This explains why the suspects remained undetected for so long.
According to sources, the three even went further by setting up their own private Threema server, through which they shared files, locations, maps, and planning documents. End-to-end encryption, the absence of metadata storage, and the permanent deletion of messages from both sides make it extremely challenging for investigating agencies to find evidence.
Forensic teams are now working to determine whether this private server was located in India or abroad, and whether other individuals were involved in this module. Cybersecurity investigations of the recovered devices are ongoing.
Threema Banned in India
After Threema's role came to light, it became clear that two Telegram groups had previously been on the agencies' radar. However, due to the app's limited data storage, investigators have limited access to material.
Threema was banned in India in May 2023 under Section 69A of the IT Act. A government investigation found that several Pakistan-based networks were using such high-encryption apps to spread propaganda and establish contacts in India.
The banned list included apps like Zangi, Briar, Nandbox, SafeSwiss, BChat, Element, Second Line, MediaFire, and IMO, all of which were virtually impossible to monitor.
Despite this, investigating agencies suspect that the accused continued to use Threema by circumventing the country's restrictions with the help of VPNs. They were able to use the app without restrictions, even during foreign trips, especially to Turkey and the UAE.
The app's payment system also makes tracking difficult. Users can purchase Threema by sending cash to a Swiss office or using Bitcoin. Both methods create no digital records.
A New Form of Digital Terrorism
The investigation into the Red Fort blast clearly demonstrates how complex and elusive the digital side of terrorism has become in modern times. A Swiss app designed for privacy, in the wrong hands, became a tool to conceal a deadly plot. As forensic teams unravel the conspiracy, it is clear that the future security battle will be even more complex in the digital world than it is on the ground.
