Bomb threats to flights: VPNs hurdle for cops trying to trace hoax origin

Akasa Air was one of the carriers forced to ground aircraft after receiving a bomb threat via X. Representation pic

Several hoax messages targeting Indian airlines, particularly on X and through emails sent via Hotmail, have come under the scrutiny of the Mumbai Crime Branch. Officials have reached out to X and Hotmail to obtain details of certain social media handles and email addresses. However, initial information has been of little use, as those responsible for these threats have been using highly secure Virtual Private Networks (VPNs), making it difficult to trace the origins of the accounts. Experts claim that the accused can be arrested only through the collaboration of social media platforms, enforcement agencies and international partners such as VPN providers.

According to sources, multiple FIRs have been registered at the Sahar and Airport police stations, as both domestic and international airlines have received threats. Individuals familiar with the investigation revealed that the IP addresses linked to the social media handles involved are being examined. "The criminals have used multiple layers of security and the IP addresses associated with these X handles are fluctuating between the USA, UK, and Austria," said one source.

IN PHOTOS: Bomb threats target 36 flights, including seven with Mumbai fliers; hoax suspected

1 day agoPHOTO GALLERY

"These are not the actual IP addresses; they keep shifting between countries. Until we identify the exact IP address of the social media handles, it will be challenging to pinpoint the origin of the threats and those responsible," an officer, speaking on condition of anonymity, explained.

Officials have stated that multiple agencies, including the Intelligence Bureau and the Multi-Agency Centre (MAC), are involved in the investigation. Meetings have been convened to discuss the hoax threat calls, which have caused panic, leading to delays and significant financial losses. "We have verified the calls and messages and confirmed they are hoaxes. We believe anti-social elements are behind these actions, attempting to either provoke Indian intelligence agencies or test their response," the officer added.

The agencies are also investigating whether Khalistani terrorists are linked to the threats, especially since Gurpatwant Singh Pannu - a leader of the Khalistani movement operating from Canada - recently issued warnings advising against travel on Air India flights between November 1 and November 19, citing the 40th anniversary of the 1984 Sikh riots.

Threats made on X According to an FIR filed by SpiceJet at the Airport police station, an unknown Twitter user posted through the handle ‘Psychward': "Hi l have placed explosives onboard Flight SEJ116 and Flight SEJ124. The bombs are going to go off very soon. Hurry up and evacuate the plain… blood will spread everywhere."

An FIR filed by Akasa Air alleges that an unknown X user, using the handle @ihearvoices, posted threats saying, "There are bombs onboard Flight AKJ114U. Everyone inside the plane will die. None of you deserve to live. You will all end up in a pool of blood. Hurry up and evacuate the plane as quickly as possible."

Another FIR registered by SpiceJet alleges that Twitter handle @schizobomber10 posted saying, "Hi. There are explosives onboard Flight SEJl16. The bombs will go off Soon. You will all die. Vacate the plane quickly before it's too late."

VPN googly

"VPNs mask the real IP address of the user, making it harder to pinpoint their location. However, investigators can work with VPN providers, access metadata, or rely on other digital traces left behind. Quick cooperation between law enforcement agencies, social media platforms, and international partners (VPN providers) is essential to identify the source," said leading cyber expert Ritesh Bhatia.