Encrypted chats, shadow financing and the dark web—the blast near the Red Fort metro station that killed 12 and injured several more has peeled back the layers of what the police and central investigating
agencies are calling India’s ‘new-age militancy’ involving ‘educated’ operators.
As the information related to the chain of supply, and the series of communication that were in the works, emerge, it seems that the old playbook of arms, hideouts, and foreign handlers has now been modified. It is a digital architecture with fluid, faceless and frighteningly adaptive infrastructure, one that thrives in encrypted networks, invisible payments, and fragmented loyalties.
According to the sources in the central agencies involved in the investigation process, the preliminary probe suggests that the module behind the Red Fort blast relied on Telegram channels and chats along with closed WhatsApp groups, communicating under coded aliases and temporary usernames.
“Each group was compartmentalised, each member knew only one layer above,” said a senior police officer. “The handlers and the members of the module used self-destruct messages, mirrored servers, and VPN routes that made interception nearly impossible,” he added.
The investigators are now also looking into the dark web for joining the dots and looking for further networks, traces of outreach to dark web forums known to host extremist content and weapon manuals. These forums, often accessible only via layered encryption, have become the new “digital training ground”, where ideologies are sharpened, targets discussed, and logistical information exchanged anonymously.
Speaking with News18 exclusively, retired IPS officer Satish Chandra Jha, who served as special director in IB and also as the chairman of NTRO (National Technical Research Organisation), said: “They have always used the technology of their time, starting from landlines and PCOs in the 90s to encrypted apps and the dark web today. Over the last 15-16 years, they have kept pace with every technological shift. What is alarming now is how this ecosystem has spread beyond Kashmir into the hinterland.
“The financiers and handlers across the border are emboldened, as they recruit young men and radicalise them as operatives coming from educated background. The operatives now are engineers, management graduates, doctors and professors who are ideologically driven. They dared to attempt this in the heartland, which makes it a serious inflection point.”
Jha, who has held substantial positions in CBI and MEA, also investigated the 1993 serial blasts and played a crucial role in probing terrorist acts in India thereafter. He added: “We have to stay fully alert and take this investigation to its logical end. Every element, including financiers, handlers, and recruits, must be tracked down. The good part is that our security grid is robust, and early breakthroughs suggest we are in a strong position to launch a decisive counter. They started this game of tech-driven terror, but we have matched and countered it. And we are getting better. What we are seeing now is both a challenge and an opportunity to neutralise this network completely.”
The New-Age Laundering
If communication was encrypted, the money trail was scattered by design. Several terror modules often reportedly use hawala operators for cash movements at the local level, while digital payments were layered through cryptocurrency wallets and offshore exchanges. Small transactions, often under regulatory radar, were split across multiple IDs and converted into cryptic dealings.
“It is a dual economy of terror,” an officer involved with investigating such money trails explained. “Hawala gives liquidity, easy accessibility, but for a sophisticated operation, crypto gives invisibility,” he added.
Significantly, for agencies, the officers said the financing and supply chain networks pose one of the tough challenges. Hawala operators are deeply embedded in legitimate trade networks, and crypto transactions, routed through privacy coins and tumblers, can at times disappear in seconds. “By the time a wallet is traced, it’s wiped clean,” he added.
“Starting from using the dark web to effectively using the platforms that offer encrypted communication, they do not appear to be just a hidden space anymore. it is an economy and a space of anonymity,” said Abijit Tripathy, a senior cybersecurity and cyber forensic expert, adding that such platforms host parallel marketplaces where ideology, logistics, and money intersect.
“From hawala to crypto, the shift now seems complete for the educated and tech-driven militants. The same networks that once carried cash in duffel bags now move value in digital tokens. Several forms of cyber currencies make borderless financing seamless, but the real danger is how they decentralised control. A single operator sitting abroad can now fund and coordinate multiple cells without leaving a traceable paper trail. That is what makes tracking new-age terror funding so complex,” he added. Tripathy has worked and remains associated with several cyber security organsiations globally.
Mutated Militancy
The Red Fort blast symbolises the mutation of militancy into a tech-driven ecosystem. Handlers operate across time zones. Operatives come from the established, privileged and educated class of the society, who do not need money for being ‘lured’. They are ‘radicalised’ through tech. Here the lure is often psychological, built around a sense of belonging to a ’cause’ that transcends geography.
Investigators say this trend mirrors a global shift in low-cost, high-impact terrorism, where the operational model borrows heavily from cybercrime networks. “Encrypted communication, layered funding, freelance logistics, these are hallmarks of decentralised extremism. These are the factors emerging from the investigation of this particular module,” said another senior police officer.
And here, the fallout appears to be a cybersecurity nightmare for central agencies. “What we are seeing today is no longer just encryption. It is communication camouflage,” the officer explained.
“There are multiple layers, including end-to-end encryption, steganography, and pre-coded language. A phrase as simple as ‘meeting at the mall’ could mean an entirely different location, time or target. They undergo specific training to build this coded vocabulary, and it constantly evolves to beat interception. Through steganography, people use images and videos to send a cipher and then decode it through a key that only members of the group know. You are not chasing one Telegram or WhatsApp channel anymore. You are chasing an ecosystem that rewrites its own language week after week,” Tripathy further elaborated.
In many ways, the Red Fort incident is not an isolated act but a signal of the times, where the line between cybercrime, ideological extremism, and organised terror is blurring fast.
