Ghost SIM Cards

Home » Ghost SIM Cards

Why in News ?

Investigations into the Red Fort blast module (Nov 2025) revealed that the accused allegedly used “ghost SIM cards” and encrypted apps to communicate with handlers in Pakistan .
These SIMs were issued using misused Aadhaar identities and remained active on messaging apps even without being physically present in the device — creating a serious traceability gap.
Following this, the Centre issued a directive (28 Nov 2025) requiring app-based communication services to remain linked to an active physical SIM to curb such misuse.

Relevance

GS-III | Internal Security, Cybersecurity & Terror Networks

A SIM obtained or operated without verifiable, lawful user identity, or one that continues to enable communication after decoupling from the device/SIM holder.
Typically created through:
- Aadhaar/KYC identity theft or forgery
- SIM mule networks issuing connections in others’ names
- Decoupled messaging logins (apps running without a live SIM)

Purpose: anonymity, evasion of lawful interception, cross-border covert communication.

Dual-phone / dual-identity protocol
- Clean phone → in real name, normal activity
- Terror / crime phone → ghost SIM + encrypted apps only
App–SIM Decoupling
- WhatsApp/Telegram accounts continue after SIM removal
- Handlers can retain control from outside India
Cross-border persistence
- SIM registered in India → account active across PoK
KYC Exploitation
- SIMs issued using stolen Aadhaar details of unsuspecting civilians

Stronger KYC accountability
- periodic audits, retailer licensing, strict penalties
Device-binding & anomaly detection
- auto-logout on SIM removal / geo-anomaly
SIM lifecycle risk scoring
- flag multi-state / multi-device behaviour
Cross-platform traceability protocols
- lawful metadata-sharing timelines
Public awareness
- protection of Aadhaar credentials, reporting misuse
Capacity building
- ATS/SIT cyber-forensics & telecom-analytics units