Why tracing hoax bomb threats to schools in Delhi is easier said than done
Senior police officers stated that the entire business model of Virtual Private Network (VPN) works on the principle that the server won’t disclose the location or details.
3 min read
Experts said India or its security agencies should completely ban VPNs operating in the country if they don’t cooperate with law-enforcement agencies. (Express Archive)It is unlikely that the Delhi Police will be able to trace the person sending bomb threat emails to hundreds of schools or hospitals or even the IGI airport this year or the source. Why?
Because most of the e-mails sent starting from the one in May to the last 10 days used the Virtual Private Network (VPN). Senior police officers stated that the entire business model of VPN works on the principle that the server won’t disclose the location or details.
A senior police officer said, “It is not possible when e-mails are sent through VPN to detect the location; even if the location is determined, it would show several places, sometimes Sweden, Netherlands, or any other country in Europe. Currently, India doesn’t have its own VPN network so all these VPNs being used for mails are based abroad. If India had its own VPN network, then it would be bound by laws in the country and details would have to be shared with the law-enforcement agencies.”
The officer added that it is the same issue with Proton Mail as it offers end-to-end encryption: “If this is coupled with a masked VPN, then it is next to impossible to trace who or from where the mail was sent.”
Currently, only critical infrastructure such as banking systems are building their own VPN. Experts said India or its security agencies should completely ban VPNs operating in the country if they don’t cooperate with law-enforcement agencies.
Sunny Nehra, Founder of Secure Your Hacks, which deals in cyber security, said: “The blackmailers are using VPNs to hide their IP addresses. Most VPN companies have strict policies of not logging the details of their users, and even if they keep those logs, they avoid sharing them with authorities. Also, as most leading VPN companies are foreign-based, mainly in countries like Panama, they don’t generally cooperate with Indian law-enforcement agencies.”
“The IPs were of a VPN company named Private Internet Access. It preferred to leave India in 2022 as it didn’t want to share details with the authorities,” he said.
Nehra added that there are ways to trace VPNs as well but highlighted that the process is lengthy and chances are bleak.
For the police, the other issue is that of time. A police officer said, “Even if we know that the VPN originated from say, the Netherlands, by the time we write to their authorities to share details, the VPN will reflect another location.”
The Delhi Police had also written to the Interpol for help.
The first case of threats to Delhi schools and hospitals was reported in May. Several other government installations, including Tihar Jail and some Union Ministry departments, also received bomb threats.
In October, over 150 domestic and international flights operating from Delhi received similar bomb threat messages sent on X, where the sender had used VPN networks. The Delhi Airport police registered 16 separate cases but have seen no breakthrough so far.
You May Like
