After months of chasing a maze of nearly 100 hoax bomb threat emails that rattled schools, courts and public institutions across the Tricity, the Chandigarh Police has zeroed in on a crucial link — an accused arrested in Gujarat. The UT Police is now preparing to seek his custody on what they suspect could be a wider, anonymised and possibly transnational network.
According to police sources, the accused, identified as Sourav Biswas (30), was arrested on March 1 in a joint operation by the Ahmedabad Crime Branch and Cyber Crime Cell in connection with a series of similar hoax bomb threat emails sent to institutions in Gujarat. Originally from Bangladesh and reportedly residing in West Bengal, Biswas is alleged to have been running an online marketplace selling compromised email IDs for as little as $1.
Police officials in Chandigarh said Biswas’s suspected role has emerged during the ongoing probe into emails received in Chandigarh, Panchkula and Mohali over the past few months.
“We are in the process of obtaining production warrants. Once he is brought here, he will be questioned about his modus operandi, how these email IDs were sourced and sold, the payment channels used, and who all were accessing them,” a senior police official said.
Police suspect that compromised email accounts may have been used by multiple persons, making attribution difficult. Sources indicated that some of the email traffic under scrutiny could have links to foreign nationals, including those based in Pakistan and Bangladesh, though officials stressed that this aspect is still under verification.
The scale and pattern of the emails have prompted a multi-agency response, with teams from Punjab Police, Haryana Police and Delhi Police coordinating with central agencies such as the National Investigation Agency (NIA) and the Research and Analysis Wing (RAW).
Police officials said similar threat emails have been reported from different parts of the country, suggesting a broader pattern.
Story continues below this ad
Fresh threat to HC via encrypted service
On Tuesday, the Punjab and Haryana High Court received another email warning of a bomb blast. The message, according to sources, contained provocative and threatening content in Urdu and referred to the proscribed outfit Lashkar-e-Taiba.
The email was sent through Proton Mail, an end-to-end encrypted email service. Investigators said obtaining subscriber information linked to such accounts requires legal intervention through authorities in Switzerland, adding a layer of complexity to the probe.
Security agencies carried out a thorough search of the high court premises following the alert, but nothing suspicious was found.
Emails invoke varied ideological narratives
Analysis of the nearly 100 emails received so far suggests an attempt to invoke diverse ideological themes to create panic. Officials said earlier emails referenced organisations associated with Dravidian politics as well as Khalistan-linked militant groups.
Story continues below this ad
In one such instance, a previously accessed email — now part of the investigation record — was sent from an ID bearing the name “Sourav Biswas” to an official high court email address. The subject line referred to a so-called “Dravida Nadu Government-in-Exile,” and the content appeared politically motivated.
Police are examining whether such identifiers were used as deliberate misdirection.
Digital masking, VPNs complicate probe
Despite registering multiple FIRs — including at Sector 3 police station following a threat to the high court and at Sector 17 police station after emails sent to schools in January — police have so far been unable to trace the origin of the emails conclusively.
Preliminary findings suggest that the emails were sent through accounts on platforms operated by Google and Microsoft, including Gmail, Outlook and Hotmail. While some of the accounts were recently created with minimal recovery details, others were found to be nearly a decade old with little verifiable user information.
Story continues below this ad
When the Chandigarh Cyber Crime Cell sought data from the companies, IP logs indicated access points in Bangladesh, the United States and parts of Europe. However, officials said these IP addresses are likely masked through Virtual Private Networks (VPNs), making it difficult to identify the actual user.
“When we reached out to internet service providers linked to these IP logs, we were informed that VPN usage had obscured the original IP addresses. In several cases, logs were either not maintained or were unavailable,” an officer said, adding that this has emerged as a major hurdle in the investigation.
International assistance sought
With domestic technical leads yielding limited results, Chandigarh Police has sought international assistance through BharatPol, India’s nodal agency for coordination with Interpol. A formal communication has been sent requesting help from foreign law enforcement agencies to trace the origin of the emails and identify those involved.
Officials said a response is awaited.
