shot-button
Maharashtra Elections 2024 Maharashtra Elections 2024
Home > Mumbai > Mumbai Crime News > Article > SUV bomb scare case Did Mumbai cops really crack Telegram ask experts

SUV bomb scare case: Did Mumbai cops really crack Telegram, ask experts

Updated on: 26 March,2021 07:24 AM IST  |  Mumbai
Faizan Khan | faizan.khan@mid-day.com

As central agency turns its attention to how Mumbai police zeroed in on a Telegram channel ‘created in Tihar jail to issue threat letter’, cyber experts say there are far too unexplained aspects to Crime Branch’s claims

SUV bomb scare case: Did Mumbai cops really crack Telegram, ask experts

A forensic team and NIA officers examine the Scorpio car found with explosives parked near Antilia. File pic

Even as the NIA investigates the report by a private cyber firm, which traced the origin of unknown organisation Jaish-Ul-Hind’s Telegram messages taking responsibility for the Ambani bomb scare incident and later denying it, cyber experts mid-day spoke to point to several loopholes. The most important question is how did the firm get the IP address of the terror outfit’s group on Telegram, which runs on an anonymous server, experts said.


A screenshot of text on Jaish-Ul-Hind’s Telegram channel, which was shared with the private firm after it went viral
A screenshot of text on Jaish-Ul-Hind’s Telegram channel, which was shared with the private firm after it went viral


Only the messenger can provide the IP address, but the report didn’t say the cyber firm had officially secured it from Telegram, the experts said. The cyber experts mid-day spoke to have been helping different investigation agencies, including the Mumbai cyber cell, on multiple investigations.


Former Mumbai police commissioner Param Bir Singh had consulted with the private cyber agency after screenshots of messages on a Telegram channel of Jaish-Ul-Hind, an unknown terror organisation, went viral. The firm, in its report submitted to Mumbai police in the second week of March, mentioned that the channel was created at or near Tihar jail. “As per the investigation and analysis through various exploits and tools, it was found that the group was operating through Tor Proxy,” the report had stated.

However, an expert of a leading cyber firm, on condition of anonymity, told mid-day, “My first question is, how do you know that the suspect was using TOR? Did you have access to his mobile or computer?”

The spot where the explosives-laden car was found outside industrialist Mukesh Ambani`s residence, Antilia, on February 25. Pic/Ashish Raje
The spot where the explosives-laden car was found outside industrialist Mukesh Ambani's residence, Antilia, on February 25. Pic/Ashish Raje

The report had also stated, “Upon further exploitation of the phone, it was found that virtual number apps along with other anonymous communication apps were being used by the target identity, upon access and analysis of IP address fetched on February 26 at 15.28 hours and at 1951 hours [7:51pm], it appeared that he was using Airtel SIM card to run internet on the device on which the Telegram channel @jaishulhind was being used. After tracking the location of the number it is suspected that the number is used near/inside  Tihar Jail.”

Questioning this particular claim, an expert asked, “Was he [hacker with the private cyber firm] part of that group or was the group active so that he was able to penetrate the phone? How can the hacker come to know anyone’s mobile number on the basis of just one IP address?”

According to sources, Jaish-Ul-Hind’s channel was created on February 27 and had 49 subscribers. The first messages was sent at 4.20 am on February 28 and seen by 684 people. The message was “Assalam o Alekum Warahmatullah Wabarkathu” means peace be upon you, a standard salutation among Muslims. The second message was at 4.22 am and seen by 691 people. The threat letter, claiming responsibility for placing explosives near industrialist Mukesh Ambani’s residence, was posted at 4.31 am, and seen by 851 people. Sources said the group disappeared 30 minutes after posting this letter.

“Seems that this was an open channel. Hence few subscribers and more views. Why would someone keep this group open? Looks like some existing channel with thousands of subscribers was renamed to [@jaishulhind],” said a cyber expert.

What caught the NIA’s attention was a line written in Roman Hindi -- Nita Bhabhi aur Mkesh bhyya aur femi. The similar line, in the same format, was used in the threat letter found inside the explosives-laden Scorpio near Antilia on February 25. “Everything related to the case is in our ambit of investigation. The accused and the suspect in the case will be questioned about Jaish-Ul-Hind’s messages as well,” a senior officer from the NIA told mid-day. The officer refused to comment on the question about suspended cop Sachin Waze’s role in this.

Another cyber expert said, “There is no vulnerability in Telegram. The one which was noted two years ago was fixed within a few hours. My only question is how the person got the IP address of a Telegram channel? How accurate is the IP mentioned in the report? Are there any possibilities that the attacker would have used VPN (virtual private network)? What if Telegram is used in parallel space with VPN?.”

When the messages claiming the conspiracy came on February 28, senior officers of Mumbai police department called them fake. But the same night, they shared a screenshot of a letter from Jaish-Ul-Hind denying any involvement in the bomb scare, but did not say where it was posted or how they got it.

Ritesh Bhatia, Cybercrime Investigator and Founder, V4WEB Cybersecurity, said, “It is simply not possible to get the IP address of most of the popular chat messengers like Telegram, unless the user is tricked to click on a link that may reveal his IP address. Such IP addresses can only be provided by Telegram and that too only if the LEAs and other agencies write to them seeking all the details.”

The Telegram privacy policy states, “If Telegram receives a court order that confirms you’re a terror suspect, we may disclose your IP address and phone number to the relevant authorities. So far, this has never happened. When it does, we will include it in a semi-annual transparency report.”

"Exciting news! Mid-day is now on WhatsApp Channels Subscribe today by clicking the link and stay updated with the latest news!" Click here!


Mid-Day Web Stories

Mid-Day Web Stories

This website uses cookie or similar technologies, to enhance your browsing experience and provide personalised recommendations. By continuing to use our website, you agree to our Privacy Policy and Cookie Policy. OK