Journalism of Courage
Advertisement
Premium

Delhi bomb threats: Should central agencies take over probe? Here’s what experts say

On Saturday, several schools reported receiving bomb threats, the latest in a slew of such hoaxes that have been plaguing the Capital since 2022.

The Delhi Police has made no headway in its probe to ascertain the origin of these emails.The Delhi Police has made no headway in its probe to ascertain the origin of these emails. (PTI Image)

Delhi has seen a spike in bomb hoaxes, with 35 cases reported since May 2024. Each incident prompted bomb disposal searches by the Delhi Police and other agencies.

When these email threats first started, the first targets were schools and hospitals. This year, threats have been issued against vital institutions of the government, like the Delhi High Court and the Delhi CM’s Secretariat, disrupting the administration’s functioning.

On Saturday as well, several city schools reported bomb threats — the latest such incident in a month. Even in 2022 and 2023, schools faced several bomb threats — every single one was declared a hoax.

The Delhi Police has made no headway in its probe to ascertain the origin of these emails.

According to experts, a major challenge in solving these cases is the use of VPN (Virtual Private Network), TOR, or proxy servers to send the emails. These are encrypted connections over the Internet that help the sender hide their identity.

The Indian Express spoke to officials, cyber experts, and several top former police officers on how the issue could be tackled. While some said the case needs to be handed over to a central probe agency, others believe that a single centralised agency is the need of the hour.

According to Delhi Police officers, they have exhausted all available mechanisms — from collecting the full email headers, identifying servers and service providers, reaching out to them, contacting the country where the VPN is based, and finally seeking assistance from that country’s security agencies for technical investigations.

Story continues below this ad

The officer said, “One of the main reasons for the road block is mutual legal assistance treaties (MLATs) with other countries or non-cooperation from service providers. To communicate with these entities, Delhi Police seek help from central agencies, but the process again gets delayed,” the officer said.

Former Delhi Police Commissioner S N Srivastava said central security agencies are definitely in a better position to coordinate with their counterparts in other countries. While legal limitations may arise, they can help expedite the process to some extent.

According to a cyber expert, who wished to remain anonymous, it is not just a national problem but has become a global issue. “Definitely, the involvement of central investigative agencies in probing these cases would certainly help.”

In India, according to the CERT-In (Indian Computer Emergency Response Team) guidelines for VPN apps, a KYC registration is mandatory. However, in many other countries, this is not the case. “They follow a no-log policy. So, whenever someone sends an email using a VPN, the service provider does not keep a log of the IP address,” the expert said.

Story continues below this ad

Earlier this year, the i4C (Indian Cybercrime Coordination Centre), which operates under the Ministry of Home Affairs, asked Google to remove 11 VPN apps and two Chrome extensions as they were not providing information to Indian law-enforcement agencies, he said.

Central agencies, however, can collaborate with their counterparts in other countries to address these global issues, as similar fake bomb threats are being faced by other nations as well, he added.

Another cyber expert, who did not wish to be named, said the issue is not just about tracing the culprits. “Anyone with knowledge of using a VPN can do this from anywhere in the country, or even the world. But what we question is why service providers like Microsoft and Google don’t restrict such emails or content when it is being typed by the user,” he said.

“Besides mandating a KYC policy, service providers can use firewall techniques too to restrict such threat emails, especially when objectionable words like ‘bomb’, ‘explosives’, or ‘blast’ are used,” the officer said.

Story continues below this ad

A senior officer of the Delhi Police’s Cyber Crime investigation unit, however, disagreed. He said every agency will hit the same roadblock.

Lt General Rajesh Pant, an expert in the field of cyber security, who previously served as the National Cyber Security Coordinator in the Prime Minister’s Office, said the need of the hour is to set up a central agency to probe and investigate such critical matters.

“Agencies like i4C, CERT-In, NCSC (National Cyber Security Coordinator) have different roles, but (we need) a centralised agency, which can be responsible and accountable for dealing with such critical cyber security threats,” he said.

The senior Delhi Police officer also said the only way ahead is to set up an umbrella organisation of cyber experts and cyber officials who could exchange information to counter this threat.

Story continues below this ad

“The Delhi Police already seeks assistance from central security and intelligence agencies in solving such technical cases. While some cases might be expedited slightly, these agencies also face similar limitations and cannot do much beyond that,” the officer said.

From the homepage

Stay updated with the latest - Click here to follow us on Instagram

Tags:
  • delhi
Edition
Install the Express App for
a better experience
Featured
Trending Topics
News
Multimedia
Follow Us
Shashi Tharoor writesWhy Indian-Americans are silent — and its costs
X