India’s Security Agencies Struggle with Probe into Serial Bombings in Gujarat and Karnataka

Publication: Terrorism Focus Volume: 5 Issue: 29

Intelligence and crime investigation units from eight Indian states as well as three federal agencies – the Intelligence Bureau (IB), Research and Analysis Wing (RAW) and National Technical Research Organisation (NTRO) – are busy sifting through evidence for clues to the group or groups involved in the terror attacks in Ahmedabad (the capital of Gujarat state) and Bengaluru (or Bangalore, the capital city of Karnataka state) in the last week of July.

The half dozen low-intensity blasts in Bengaluru on July 25, followed the next day by 16 blasts in Ahmedabad and the discovery of 22 live bombs with integrated circuits from the “Diamond City” of Surat, clearly show the involvement of a large network of local people (possibly including women and children) aiding the coalition of terror networks that has carried out attacks in different places in India over the past three years (Times of India, August 2). Indian intelligence officials have described for the author the existence of a wide network of supporters, including women, who are assisting the terror groups – one such group even maintains a women’s wing called Shaheen Force (, April 24).

What has surprised the intelligence and police agencies is the audacity of the group in launching serial blasts in high-profile areas like Ahmedabad and Bengaluru, which have been under police watch for quite sometime. The bombings were a challenge to security agencies that already had information as early as last March about the possibility of former Students Islamic Movement of India (SIMI) activists carrying out serial bombings (Times of India, March 19).

Two other elements of the attacks which have forced the investigating agencies to rework their strategy are the 14-page “Indian Mujahideen (IM)” manifesto, which was emailed to newspapers and television channels minutes before the Ahmedabad blasts, and the possible signature of the Indonesian al-Qaeda ally Jemaah Islamiyah (JI) in the manufacture of the Surat bombs (The Hindu, July 27; The Times of India, July 31).

Unlike past occasions when emails from terrorist groups were sent from cybercafés, this time the militants sent their manifesto by hacking into the wi-fi router of Keith Haywood, an American national working for a firm teaching call centre employees to speak with an American accent. Although Haywood, a Californian staying in Navi Mumbai, denied any knowledge of the email, he is under investigation by federal investigating agencies after his military service was discovered (Daily News and Analysis, [Mumbai], July 31).

The use of Integrated Circuit chips (ICs) in the Surat bombs is another “foreign” link which has worried the investigators (Economic Times, New Delhi, August 1). Indonesian-designed ICs are used by Indonesia’s Jemaah Islamiyah (JI) terrorist group, which has close ties to al-Qaeda. JI has already successfully exported this technology to the Filipino Abu Sayyaf terrorist group. In India, local militants may have obtained training in these techniques from the Bangladesh-based Harkat-ul Jihad al Islami (HuJI), which has had contacts with JI and possibly training in bomb manufacture (UPI, September 26, 2003). The new JI link worries security agencies because of the implication that al-Qaeda may be developing allies or proxies in the Indian terror coalition.

The multi-agency probe is focusing on sifting through a massive collection of interrogation reports and intelligence inputs on former SIMI workers and leaders. Some teams are already revisiting SIMI leaders and their associates lodged in various jails. Known sympathizers and friends of former SIMI leaders and workers have been rounded up for questioning – over 280 in Surat in the first five days after the discovery of the bombs (The Hindu, July 31). A record of stolen vehicles in Gujarat and Maharashtra was hastily collated as four cars used in the bombings —two in Ahmedabad and two in Surat – were among the 11 stolen recently from Navi Mumbai, a suburb of Mumbai in Maharashtra state (Daily News and Analysis, August 4).

Cyber-security teams from different agencies, including the Cyber Crime Investigation Cell of the Mumbai Police, are trying hard to crack the mystery of the manifesto email and other recent emails, particularly one which was sent to Muslim movie stars demanding they stop performing (Times of India, July 28). Hard disks from the two laptops and a desktop computer seized from Kenneth Haywood’s Navi Mumbai apartment are being analyzed at the state forensic laboratory. Also joining the investigation is the NTRO, the federal agency responsible for technical intelligence (such as tracking down IP addresses and solving cyber crimes). The success rate in tracking down the authors of such terror emails, however, has been dismal in the past, mainly due to the lax application of cyber laws by private cybercafé owners.

Unraveling the identity of the group or group members of the recent wave of terror attacks has left investigators equally stymied. Although the “Indian Mujahideen” has surfaced twice before the Ahmedabad serial blasts, the security agencies have no clue about its leadership or command structure. IM previously claimed responsibility for the 2007 Uttar Pradesh serial bombings and the May 2008 blasts in Jaipur. Before the latest bombings, the group was dismissed as a prank. The 14-page manifesto (written in English), the photograph of one of the motorcycles used in the Jaipur bombing pasted on the manifesto cover and the specific nature of the threats within have forced the agencies to review their assessment. It is now believed that IM could be a front used by former SIMI activists working in tandem with terrorist groups like Lashkar-e-Tayyeba (LeT) and HuJI.