VPNs, ‘safe browsers’ hamper Chandigarh Police probe into series of bomb threats

According to police sources, preliminary examination revealed that the emails were sent through accounts created on platforms operated by Microsoft and Google, including Hotmail, Outlook and Gmail. While some of the email IDs were recently created and carried limited recovery details such as mobile numbers or secondary email addresses, most were found to have been created nearly a decade ago and contained little verifiable user information.

When the Chandigarh Cyber Crime Cell wrote to Google and Microsoft seeking login data, the companies shared IP log details indicating access from locations in Bangladesh, the United States and parts of Europe. However, further scrutiny suggested that these IP addresses were not direct identifiers of the accused but rather exit nodes or masked routes.

Police officials said that the accused had allegedly used Virtual Private Networks (VPNs) to conceal their real IP addresses. When investigators approached the relevant internet service providers linked to the IP logs, they were informed that VPN usage had obscured the original source and that logs were either not maintained or not available. The absence of retained VPN logs has emerged as a major roadblock in tracing the origin of the emails.

Police have also found indications that “safe browsers” and other dark web tools may have been used to send the messages. Such browsers route internet traffic through multiple encrypted layers, making it extremely difficult to identify the actual device or location of the sender.

The Cyber Crime Cell has conducted email header analysis — a process that involves examining hidden metadata embedded in emails to trace their route through mail servers and verify authenticity. However, police sources admitted that this exercise has not yielded concrete leads so far, as the emails were routed through multiple international servers and anonymising tools.

“Multiple login IDs were analysed and technical data was scrutinised, but no actionable identity could be established at this stage,” a police source said.

Police sources said that apart from Chandigarh Police, police of states of Haryana, Punjab, Delhi, UP, NIA, probing the series of emails regarding bomb threats, have been unsuccessful in their pursuits so far.

International assistance sought through BharatPol

With domestic technical efforts facing limitations, the Chandigarh Police has now sought international assistance. A communication has been sent to BharatPol, India’s nodal agency for coordination with Interpol, requesting help from international law enforcement agencies to gather further evidence and identify the individuals behind the threat emails. Officials said a response from BharatPol is awaited.

Parallelly, the police are preparing to invoke Mutual Legal Assistance Treaties (MLATs) to formally seek information from foreign jurisdictions where relevant servers or service providers may be located. MLATs allow one country to request legal and investigative assistance from another in criminal matters, including access to digital records.

If the identity of any suspect is established through international cooperation, the authorities may proceed with issuing Letters Rogatory — formal judicial requests from an Indian court to a foreign court seeking assistance in collecting evidence or serving legal documents. Depending on the findings, extradition proceedings could also be initiated in accordance with applicable treaties and legal frameworks.

Police officials maintain that the investigation is ongoing and technical analysis continues. However, they acknowledge that the deliberate use of VPNs, decade-old email accounts with minimal credentials, anonymising browsers and cross-border digital routing has made the process of tracing the senders particularly challenging.

For now, police officials are relying on international coordination mechanisms in the hope that deeper data access and cross-border cooperation may eventually reveal the identities behind the threatening emails.