New Delhi: A Delhi court has extended judicial custody of key accused in the November 10 Red Fort blast case amid ongoing investigations into the explosion that killed at least 15 people near the historic monument. The judicial decisions come as investigative agencies uncover detailed methods that the alleged terror module employed to communicate with handlers outside India.
On January 5, Principal District and Sessions Judge Anju Bajaj Chandna remanded Yasir Ahmed Dar, one of the accused in the case, to 11 days of judicial custody until January 16 after his production before the court. Dar was arrested by the National Investigation Agency (NIA) on December 18 and is reported to have been a close associate of Dr. Umar-un-Nabi, the man identified as driving the explosives-laden vehicle that detonated near the Red Fort.
Earlier, on January 3, the same court remanded Dr. Bilal Naseer Malla, another accused in the blast conspiracy, to 13 days of judicial custody until January 16. The NIA considers Malla a key conspirator, alleging that he provided logistical support to the suspected suicide bomber and was involved in the destruction of evidence related to the attack.
The blast on November 10 in Delhi near the Red Fort metro station raised significant national security concerns and has been formally investigated as a terror attack. Investigators identified Umar-un-Nabi as the driver of the vehicle used in the explosion and connected him with a broader terror network under investigation. The NIA and multiple law enforcement agencies have arrested several suspects, including doctors and other individuals alleged to have been part of this network.
Separate from the judicial proceedings, investigators have revealed in the probe that the alleged terror module used sophisticated methods to communicate with handlers in Pakistan and Pakistan-occupied Kashmir. Officials said that the accused, who include highly educated doctors, relied on a network of so-called “ghost” SIM cards and encrypted messaging applications such as WhatsApp, Telegram, and Signal to coordinate activities with handlers across the border.
According to investigative findings, each accused operative carried two to three mobile handsets. One handset was a “clean” phone registered in their own name for routine personal and professional communications while another served as a “terror phone” used exclusively for encrypted communication. The SIM cards used in these devices were often obtained fraudulently by misusing the Aadhaar details of unsuspecting civilians or through fake identity documents.
Officials cited in media reports said that this setup was part of a dual-phone protocol designed to evade law enforcement surveillance. The compromised SIMs remained active on messaging platforms even when they were accessed from outside India, allowing handlers to direct the module’s activities, including remote instruction on assembling improvised explosive devices (IEDs) through online resources.
The findings of the communication methods used in the case prompted the Department of Telecommunications (DoT) to issue a directive on November 28, 2025. This directive mandates that app-based communication services must remain continuously linked to an active physical SIM card within a device. The DoT stated that allowing messaging apps to operate without a SIM posed a cybersecurity risk, as such features could be exploited from abroad for terrorist and cybercriminal purposes.
The terror module under investigation reportedly began to unravel when banned group posters appeared near Srinagar in October 2025, leading to deeper inquiries by police, including in Haryana and Jammu and Kashmir. Large quantities of explosive materials and weapons have been seized during these operations. The National Investigation Agency continues to lead the investigation.
(Rh/MSM)
