The Karachi Project shifted the visible face of militancy from Pakistani infiltrators to Indian citizens, exploiting existing sociopolitical grievances to create what appeared to be homegrown terrorism. The “hiding in plain sight” philosophy that defined the Karachi Project naturally extended to its communication infrastructure. Rather than developing increasingly exotic technologies to evade detection, Pakistan’s intelligence architects adopted a counterintuitive approach – embracing the most commonplace communication tools of contemporary society while developing sophisticated operational protocols to mask their significance.

This strategic pivot represented a return to fundamentals, albeit with modern technology. Much like the approach used with Kashmiri militants in the late 1980s, Indian recruits would be brought to Pakistan for extensive training and indoctrination, receiving detailed instructions before returning to India as sleeper agents. This minimised the need for ongoing communication while preserving operational security. But the nature of urban terrorism – fluid, opportunistic and requiring precise timing – still demanded some form of reliable contact between handlers and operatives.

Rather than employing specialised equipment that might trigger suspicion, operatives would use regular, commercially available mobile phones with unencrypted SIM cards. In an era before widespread governmental metadata collection and real-time surveillance of cellular networks, this approach brilliantly exploited a critical gap in India’s security architecture.

The strategic calculation was masterful in its simplicity. In the mid-2000s, India’s intelligence agencies were primarily focused on tracking specialised terrorist communications equipment – satellite phones, encrypted radios, specific Internet protocols. The idea that terrorists would communicate on regular mobile networks, hiding amid the hundreds of millions of routine calls made daily across India, represented a paradigm shift in tradecraft.

The SIM cards used in these operations were typically procured through elaborate cut-out systems. Local criminal networks with no ideological connection to terrorist groups would be paid to acquire SIM cards using fraudulent identification documents. These cards would then pass through multiple hands before reaching the intended operatives, creating layers of separation between the communication tool and its ultimate user. The handsets themselves would be purchased with cash from different locations, further obscuring the connection.

This approach solved the central paradox that had plagued Pakistan’s proxy warfare strategy since Partition: the tension between operational control and plausible deniability. Regular mobile communications allowed for detailed tactical guidance while creating no direct evidence of state involvement. If a phone was captured, it led only to false identities or low-level criminals with no demonstrable connection to Pakistan’s intelligence services.

Moreover, the nature of urban bombing campaigns – as opposed to prolonged firefights with security forces that characterised the Kashmir insurgency – minimised the need for real-time communication during operations. Handlers could provide detailed instructions before an attack, maintain radio silence during execution, and re-establish contact only after the operative had safely withdrawn, further reducing the risk of communications being intercepted during the most sensitive phases.

By 2005, Indian intelligence agencies had begun to detect this new pattern. Investigations into bombing campaigns across Indian cities consistently uncovered evidence of ordinary mobile phones being used for operational coordination. The calls themselves were typically brief, used predetermined code phrases, and occurred at irregular intervals to avoid establishing detectable patterns. Most frustratingly for investigators, the SIM cards were frequently discarded after use, creating dead ends for traditional investigative methods.

It was amidst this growing awareness of Pakistan’s new communications strategy that we launched the counterintelligence operation that would ultimately allow us to listen in on conversations between the 26/11 terrorists and their handlers in real time.

In 2008, the Intelligence Bureau in Delhi received information from its Srinagar field office about a sophisticated counterintelligence opportunity. A senior Jammu and Kashmir police official had identified a channel through which Lashkar-e-Taiba was procuring Indian SIM cards for operational use.

The detection of Lashkar-e-Taiba’s efforts to procure Indian SIM cards presented intelligence agencies with a classic operational dilemma that illuminates the fundamental distinction between intelligence and law enforcement paradigms. Where these worlds intersect, they often create tensions born of inherently different institutional missions.

A law enforcement approach to this tip – that LeT operatives were actively seeking Indian SIM cards – would have followed a more commonsensical trajectory: immediate interdiction, arrests of the procurement network and subsequent prosecution. Such action would have yielded visible, quantifiable results – a disrupted supply chain, suspects in custody, perhaps even headlines touting successful counterterrorism operations. The logic of law enforcement demands closure, the restoration of order through the application of legal sanction.

However, the calculus of intelligence operates in a different dimension altogether. Intelligence work inhabits the shadows where patience often yields greater dividends than immediate action, where knowing sometimes matters more than stopping.

The philosophical distinction became eminently practical in this case. Arresting the low-level operatives seeking these SIM cards would have yielded little strategic advantage. Such foot soldiers were ultimately replaceable – anonymous cogs in a machine that would simply find alternative procurement channels. Worse, such action would have compromised the human sources who had provided the intelligence in the first place, burning assets painstakingly developed over years. The temporary victory would have come at the cost of permanent blindness.

Instead, intelligence officials conceived a more sophisticated countermove, one that exemplified the strategic patience characteristic of high-level intelligence operations. They would allow compromised SIM cards to flow into the terrorist pipeline, creating digital Trojan horses programmed to activate surveillance protocols the moment they became operational. Like the mythical wooden horse left outside Troy’s gates, these innocuous devices would bypass the enemy’s defences by appearing as gifts rather than weapons.

D.P. Sinha, the then head of the Intelligence Bureau’s operations wing, recalled the operation’s careful calibration: ‘A pack of 30 prepaid SIM cards was being sent to Pakistan through a Lashkar agent. It was hoped that if Lashkar armed its operatives with these SIM cards, and they were already under surveillance by Indian agencies, security officials would get to know before these operatives could plan a strike.”

The operational brilliance lay in its fusion of traditional human intelligence with modern signals capabilities. The SIM cards themselves were unremarkable commercial products, but they had been flagged in India’s telecommunications monitoring systems. The moment any of these cards became active, they would trigger immediate surveillance without requiring additional legal authorisation or technical deployment. It was intelligence judo at its finest – using the adversary’s own operational necessities against them.

Excerpted with permission from Perfect Storm: The History and Anatomy of 26/11, Prabhakar Aloka and Nikhil Ravi, Penguin India.