Delhi blast suspects used ‘dead drop’ emails to plan attacks, reveals probe

The investigation into the car explosion near Red Fort in Delhi has revealed that the suspects used the covert ‘dead drop’ email method to communicate to plan terror activities in order to evade getting caught by internet surveillance, sources said. The probe into the 10 November terror attack has disclosed that the three arrested doctors linked to Al Falah University used the ‘dead drop’ email technique to communicate. This method, often used by terror groups, ensures safe exchange of information with minimal digital traces.

Also Read: Delhi Police file 2 FIRs against Al Falah University after terror module bust

What is ‘dead drop’?

The dead drop, a term used in espionage terminology, was used to secretly pass information or items in a clandestine fashion without face-to-face interaction at a common location. It was a covert method that was used quite extensively during the Cold War to pass information, instructions, or objects between agents.

The physical dead drop method was used digitally, and terror groups like the Islamic State, al Qaeda, and al Shabaab used online dead drops to store and disseminate information.

Also Read: Al Falah hired Dr Hassan, who was fired by J&K govt for terror links, as professor

Al Falah doctors used draft folder of common email id

The Faridabad-based module adopted the communication method used by Pakistan-based Jaish-e-Mohammad (JeM), with whom the suspects are suspected to have ties.

The key suspects—Dr Muzammil Shakeel, Dr Umar Mohammad, and Dr Shaheen Saeed—shared a common email account and used to type plans and updates in the email drafts and saved it for others to view and respond without sending the email.

The three would log in, read the draft email, make changes and add their replies, and deleted the content if needed as per directions.

Since no emails were actually sent, conventional surveillance systems struggled to detect the exchange.

Suspects also used encrypted apps

The three doctors had been holding secret meetings in Muzammil’s room at Al Falah University, and investigators believe they were planning coordinated blasts in Delhi before the module was exposed.

Digital forensics experts are analysing the recovered devices, cloud accounts, draft logs, and network patterns to produce a comprehensive sequence of events.

The suspects in the ‘white-collar terror module’ used a mix of encrypted and relatively untraceable digital platforms, including Threema, Telegram, and other secure apps, said sources. Unlike popular messaging platforms, Threema does not require a phone number or email ID for registration, making it extremely difficult to trace the users, and it offers end-to-end encryption.

Also Read: ‘Lungs and gut ruptured, bones broken,’ reveal Delhi blast victims’ post-mortem details

Earlier instances when terrorists used ‘dead drop’ email method

The September 11 attacks planners Mohammed Atta and Ramzi Binalshibh also used shared Hotmail accounts to communicate and coordinate through messages saved in the draft folders for others to read. They also used coded language and referred to the World Trade Centre as “architecture” and the Pentagon as “arts” to conceal their plans.

The 2004 Madrid train bombings conspirator Hassan el Haski and his confederates also used shared Yahoo and Hotmail accounts to read and post messages in the draft folder.

While doing reconnaissance for the 2008 Mumbai attacks, David Headley also used the “dead drop” method for sensitive communication with his handlers.