Mumbai: The trail of multiple terror threat messages received by Mumbai police over the past three years has reached a dead end. In two cases despite strong technical indicators linking the threats to Pakistani networks, the inability to identify the senders forced the police to close two key cases as “A Summary – true but undetected”.The city crime branch has recently closed two of at least 10 high-profile terror threat message cases, which had triggered major security alerts across Mumbai. The criminal intelligence unit (CIU) probing at least five such cases concluded in two that while the threats were genuine, the accused could not be traced.One of the earliest incidents dates back to Aug 19, 2022, when the Worli traffic control room’s WhatsApp number received 26 messages along with screenshots warning of a terror attack bigger than 26/11. Another incident occurred on July 17, 2023, when a fresh threat message in Urdu claimed armed shooters possessing AK-47 rifles were planning to target the govt and carry out an attack similar to 26/11. Minutes later, another message from a number with Pakistan country code (+92) warned authorities about an alleged agent and potential harm to India.Following these inputs, Mumbai police heightened security across the city, deploying additional bandobast and intensifying checks. However, the threats later appeared to be hoaxes. Given the international nature of the numbers, the cases were transferred to the CIU for detailed investigation. Officials said while FIRs are routinely registered after such threats, arrests are rare because the senders often rely on sophisticated tools such as virtual private networks (VPNs), encrypted email services hosted abroad and the dark web to hide their digital footprint.During the probe, investigators used technical surveillance and digital forensics, which revealed that one of the numbers operated through Voice over Internet Protocol (VoIP), with IP addresses shifting across countries such as Qatar, Singapore, and Ireland. Another number was traced directly to Pakistan, with telecom data pointing to the Pakistan Telecommunication Company network.Police also explored possible domestic links, focusing on Bijnor in Uttar Pradesh, where a suspect, Anis Ahmed Sajid Ansari, was identified. He was later found to be working in Qatar, and a Look Out Circular (LOC) was issued against him. However, no concrete evidence linking him to the threats could be established.Despite extracting mobile data, verifying multiple suspects, and coordinating with agencies, investigators failed to identify the actual sender due to the use of virtual numbers, frequently changing IP addresses, and lack of access to foreign-based data.With no actionable leads and limited scope for further progress, Mumbai police have filed an A Summary report before a metropolitan magistrate court, classifying the cases as “true but undetected.” Officials stated that the investigation may be reopened if any fresh leads emerge in the future.
