Chandigarh: In what could be one of the biggest manhunts in India in recent times, police forces of 18 states are looking for those behind hundreds of hoax bomb threat e-mails sent to some of the more prominent establishments in the country over the past two years.
Starting from Kerala and Tamil Nadu in 2023, these threat mails targeted airports, planes, schools, government buildings, and important landmarks including the Golden Temple, Taj Mahal, Tirupati Temple and the Bombay Stock Exchange. The latest of such mails was received in Mumbai with the sender threatening to blow up the Iskcon Temple in Girgaon Chowpatty.
According to the Punjab police, it is still not known if there is a lone wolf behind these emails or if it’s the handiwork of a group of individuals.
Last week, a technical team of the Punjab State Cyber Police Division, which is investigating the nine emails sent to the Shiromani Gurdwara Parbandhak Committee (SGPC) threatening to blow up the Golden Temple, joined the nationwide search group created under the Indian Cybercrime Coordination Centre (I4C).
The group has cyber police teams from 18 states, sharing information and resources to nab those behind these hoax bomb threat e-mails, whose content are similar, and in many cases identical.
These mails have, over the past two years, led state police and security agencies to launch frenzied evacuation and search operations, with the threats turning out to be a hoax, aimed at gaining attention.
On Thursday, Congress MPs protested outside the Parliament House, demanding the government arrest those responsible for threatening the safety of the Golden Temple. Punjab Congress President Amarinder Singh Raja Warring attacked the Punjab government over the issue, saying the Harmandir Sahib getting threats is a “serious matter”.
“We also raised this issue in the Home Affairs Committee, urging the Indian government to pay attention and specifically request the Home Minister to comment on this matter and inform us about the person threatening our place of worship via email to the gurus’ place,” he said.
Also Read: ‘Fear of the unknown’: In Delhi, panic persists with recurrent hoax bomb threats to schools
The DMK ‘obsession’
In most of these emails, the sender has referred critically to the working of Tamil Nadu’s Dravida Munnetra Kazhagam (DMK), with the names of prominent politicians, journalists and social media influencers thrown in to gain wider publicity.
The keywords used in most of these mails include the Annamalai University (run by the Tamil Nadu government), Afzal Guru (who was convicted for his role in the 2001 Indian Parliament attack), Tamil Nadu Chief Minister M. K. Stalin and his son and sports minister Udhayanidhi, leading investigators to conclude that the sender is not just well versed with the political landscape of the state but “obsessed” with it.
Police told ThePrint the first such threat emails were received in 2023 in Tamil Nadu and Kerala. And then establishments in 16 more states including Karnataka, Maharashtra, Gujarat, Madhya Pradesh, Rajasthan, Bihar, Odisha and Manipur got such mails.
“The instances have increased manifold in the past few months. Tamil Nadu alone is said to have received over 200 such mails,” a senior member of the Punjab cyber division told ThePrint.
Punjab is among the latest states to be targeted, with nine mails received by the Shiromani Gurdwara Parbandhak Committee (SGPC), Amritsar, since 14 July. In all these mails, the sender threatened to blow up the Golden Temple in case investigation was not launched into the “wrongdoings” of half a dozen Chennai-based journalists.
One of the mails went on to give a list of the journalists along with their X accounts.
“The security of the temple has been heightened and policemen have been deployed in large numbers outside the temple,” Amritsar police commissioner Gurpreet Bhullar told mediapersons last week.
A Punjab police officer from the cyber division said, “While all these mails have turned out to be hoaxes, the panic they caused was real, diverting energy and resources of the security agencies apart from disrupting normal functioning of the places which were targeted. Crowded places have had to be evacuated, offices shut down, flights cancelled, schoolchildren have been traumatised. It’s not a joke.”
However, despite a sustained and collective effort being put in by police in the affected states, not much headway has been made in nabbing the culprits because of the encryption technologies and anonymity being offered by VPN and dark web service providers.
“The sender is creating multiple fake email IDs using Microsoft Outlook, hotmail and Atomic Mail and pushing these through VPN (virtual private networks) using dark web tools. This process masks the IP address (a unique numerical label assigned to a device connected to a network) that can lead to it being traced,” the officer said, adding that VPN servers used have been traced to Iceland and the Netherlands.
The Punjab police has sought data from Microsoft. “The data needed from Microsoft is the alternative email IDs and phone numbers shared by the user while registering an email account. That data can give a clue about the sender. We are hopeful to get the information,” the cyber division officer said.
During his first visit to the Golden Temple since the receipt of the mails, Chief Minister Bhagwant Mann told mediapersons Wednesday that the police have shortlisted some IP addresses which might lead to a breakthrough.
Sources in the cyber division added that efforts are on to locate the sender’s IP address through other means which they said cannot be shared at this stage. “But it will be like looking for a needle in a haystack,” said the officer.
The Amritsar police had detained a Faridabad-resident, Shubham Dubey, last week after his Internet activity timings corresponded with the receipt of the threats. “He is an unemployed techie and it was initially believed that he could be a suspect. But he was let off after questioning,” added the officer.
The inability of multiple state police and security agencies in nabbing the culprit has also brought the focus on the non-compliance by VPN providers to the directions issued by the Indian Computer Emergency Response Team (CERT-in) which functions under the Union Ministry of Electronics and Information Technology.
The directions issued in April 2022 regulate, among other entities, the functioning of VPNs and virtual private server providers in India. The directions require the VPN service provider to maintain the data of their subscribers or customers for a period of at least five years.
(Edited by Ajeet Tiwari)
Also Read: Why Italian jets escorted Delhi-bound American Airlines plane diverted to Rome after ‘bomb threat’