Over the past nine days, over 100 schools in Delhi have faced bomb threats, causing widespread disruption. Police and experts have pointed to VPNs and proxy servers as significant obstacles in solving such cases, citing inadequate legal frameworks for obtaining information from these services, which has led to investigative delays.
Since May, more than 50 bomb threat emails have targeted not only schools but also hospitals, airports, and airline companies in Delhi. However, police have yet to make any major breakthroughs in these cases.
Former Delhi Chief Minister Arvind Kejriwal expressed concerns on Wednesday about threats to schools and questioned the police’s inability to apprehend the perpetrators.
Senior officials revealed that Delhi Police have approached service providers like Google, VK (Mail.ru), and Outlook.com to retrieve the IP addresses of the email senders. While some responses have been received, the exact origins of the threats remain undetermined. Assistance has also been sought from Interpol through central agencies.
“We are investigating and trying to trace the sender’s origin,” a police officer said, explaining that while some servers or domains have been linked to European or Middle Eastern countries, the actual sources remain elusive due to the use of VPNs and proxy servers. A special unit of the Delhi Police Special Cell has been assigned to handle these cases.
In the last nine days, several schools have received bomb threat emails, prompting security agencies to conduct checks in five separate incidents. Though no suspicious items were found, every threat was treated with seriousness, and all security protocols were followed.
The officer explained that VPNs create a network of indirect connections, making it difficult to trace communication back to its origin. For example, communication via a VPN passes through multiple domain servers, obscuring its starting point.
The first bomb threat cases involving schools and hospitals were reported in May, followed by threats to other institutions like Tihar Jail and various Union Ministry departments. In October, over 150 flights from Delhi received similar bomb threats on X (formerly Twitter), with the sender using VPNs. Despite 16 cases being registered, no breakthroughs have been achieved.
Cyber law expert and Supreme Court advocate Dr Pavan Duggal highlighted India’s lack of a dedicated law to regulate VPN usage. Most VPN providers operate outside India’s jurisdiction, making it challenging to obtain information from them. While the Information Technology Act, of 2000 grants extraterritorial jurisdiction, enforcing this against foreign VPN providers has proven difficult.
Also Read: False promises, freezing nights: Delhi shelter board’s claims exposed
“Cybercriminals take advantage of India’s inadequate legal frameworks, knowing that VPN service providers cannot be compelled to share user information,” Duggal added.
Vikas Kundu, a researcher at cybersecurity firm CloudSEK, explained how combining certain email services with VPNs or Tor enhances anonymity, posing a challenge for law enforcement. He cited ProtonMail, which uses end-to-end encryption and does not log users’ IP addresses, as an example. When paired with VPNs, the user’s real IP address is masked, and Tor further conceals the origin by routing traffic through multiple global relays.
Shashank Shekhar, Co-Founder of the Future Crime Research Foundation, noted that traditional investigative methods are insufficient against sophisticated cybercriminal tactics. He emphasised the need for technical expertise, real-time threat intelligence, and international collaboration to address these challenges. Shekhar also advocated for investing in advanced forensic tools, AI-driven analytics, and partnerships with global cybersecurity organizations to overcome these hurdles.
(With inputs from PTI)
