After schools and CM Secretariat, Delhi High Court is latest bomb threat target: Why police haven’t been unable to stop them for 3 years

Now that the Delhi High Court has been targeted, disrupting court proceedings, the case of unresolved hoax bomb threats — and tracing the people behind them — has emerged as the single biggest challenge to the Delhi Police.

In fact, a similar bomb threat email had disrupted work at the Delhi Chief Minister’s Secretariat, Maulana Azad Medical College (MAMC) and University College of Medical Sciences on Tuesday (September 4).

In the past year, schools, colleges, hospitals, and various government and private institutions have received over 30 fake bomb threat emails.

Advocates walk past a Bomb Disposal Team vehicle after the Delhi High Court received a bomb threat through e-mail, in New Delhi, Friday, Sept.ember 12. (PTI Photo)

In the earlier cases, the Delhi Police cited the use of a VPN (Virtual Private Network) — an encrypted connection over the Internet which helps the sender hide their identity — to send the emails as the reason for the roadblock.

In the HC’s case, too, it initially appears that the email was sent using a VPN. Police said the Cyber Wing has begun an investigation and is working to identify the sender.

As per police records, only a few of the cases were solved last year, and just one so far this year.

When it all started

Bomb threats to schools via emails or messages are not new. In 2022, a private school in Sadiq Nagar received such a threat, and in 2023, similar threats were sent to different schools on three separate occasions.

In several of these cases, the police discovered that school students were behind the emails. They were later caught and given counselling. The students said they mainly sent such bomb threats to avoid examinations, get a day off, or simply as a prank.

The main issue, however, began last year in May when over 200 schools and other institutions received bomb threat emails. Since the emails were sent in bulk, the agencies registered a First Information Report (FIR) under sections pertaining to conspiracy and other relevant sections of the Indian Penal Code (IPC). A specialised unit of the Special Cell’s Counter-Intelligence (CI) was tasked with conducting the probe.

The email threats continued in June, August, October, and November, triggering concern in several schools, colleges, hospitals, airlines, and other government institutions. The police decided to club all these cases under the initial FIR registered by the CI unit.
Use of encrypted connections
A senior police officer said the cases that remain to be solved involve emails sent via a VPN. In the cases that they did crack, no VPN was used.

Last December, the police had zeroed in on a student who had emailed a bomb threat to his school to avoid an examination. The student had simply used an email ID without VPN, making it easier for the police to track him. The child was counselled and allowed to go.

In July this year, investigation allegedly revealed that a minor boy had sent fake threats to two educational institutions — Delhi University’s St Stephen’s College and St Thomas School in Dwarka. He was briefly detained and released after counselling. In this case, too, the boy had not used a VPN, an officer said.

The officer said that when the servers are based abroad, they seek assistance from central agencies to collect details. “Over the past few months, in most cases, the domains used in emails were traced to European countries. However, accessing the IP (Internet Protocol) addresses or other sender details is nearly impossible, as they are encrypted and masked using VPN or proxy servers,” he added.

The officer added, “If we try to understand VPN as a layman… when we are talking to each other, it is direct connectivity, but if we are connected through a VPN, we communicate via multiple domain servers.”

Cyber expert Shashank Shekhar, who is the co-founder of the thinktank FCRF, said tracing the location of a person using a VPN is inherently challenging because VPNs are designed to mask the user’s real IP address by “routing traffic through multiple servers across different countries”.

“Advanced VPN services also implement features like multi-hop routing and no-log policies, which further obscure digital footprints. When threat actors send emails using such anonymised networks — often coupled with encrypted email services or compromised accounts — it significantly limits the ability of law enforcement to pinpoint the true origin,” Shekhar said.

“In recent cases involving threat emails sent to schools in Delhi, the attackers have leveraged such techniques, creating multiple layers of obfuscation that delay or derail attribution efforts, especially when international cooperation is required to access logs or trace traffic,” he added.

Shekhar said most of these VPN service providers are headquartered outside India and often refuse to share user data or logs with Indian law enforcement agencies, citing privacy policies or foreign jurisdiction. He pointed out that it is imperative to establish regulatory frameworks mandating data sharing and log retention by such providers to assist probe agencies.