MUMBAI/NEW DELHI: Two tweets purportedly from Indian Mujahideen that claimed the terror outfit carried out the serial blasts at Bodh Gaya and warned about a plot to attack Mumbai by July 13 have been traced to Pakistan. The Twitter handle @IndianMujahidin sent out the warning to Mumbai on July 6. It followed that up by claiming responsibility for the explosions at the Buddhist site in Bihar in a tweet on July 7, almost 12 hours after the explosive devices placed inside the temple complex had gone off.
Sources in Maharashtra’s Anti-Terrorism Squad (ATS) and the home ministry in Delhi told TOI that the person using the Twitter handle @IndianMujahidin had uploaded the messages from somewhere in Pakistan. “Our probe has established that the tweets originated in Pakistan. We cannot pinpoint the exact city or location at this point of time since we have not got a detailed report from the microblogging firm,” a senior source in Maharashtra ATS said.
The Pakistan origin of the tweets was also confirmed by home ministry sources and the Information Technology department in Delhi.
The handle remained silent for three days before getting active briefly on Wednesday. It went silent after “unfollowing” the chief of Pakistan-based terror outfit Lashkar-e-Taiba (LeT) Hafiz Muhammad Saeed.
The July 6 tweet warned that the IM, an LeT-sponsored group which has been linked to a spate of terror attacks beginning November 2007, would attack Mumbai during the weekend. It signed off with an audacious warning that IM, which had struck Mumbai earlier, would attack the city again by July 13. “Hamara agla target Mumbai hai. Rok sago (sako) to rok lo. Seven days left,” tweeted the IM account which introduced itself as the official account of the terror outfit, saying that its objective was to take revenge against India.
Sources, however, acknowledged that the location could not be precisely determined unless Twitter gets back with the information India has sought. “It could be a case of spoofing or using a proxy IP address. We cannot establish the exact IP address until the server provides us a detailed report. The preliminary report, however, suggests that the IP address is in Pakistan. We have sent a request to Twitter for the details,” an ATS officer said.
Official sources said the tweets just could be a brag or a prank, but said they were constrained to investigate its origin. The fact that it put out its first tweet barely 16 hours before the terror strike has forced agencies to pursue the US-based social network site for details on the account holder’s location.
The account also claims the support of D Company, a reference to the underworld empire of the 1993 Mumbai blasts accused.
The first tweet from the Twitter handle came at 14:02 hours on July 6. On July 7, at 18:32 hours, there was another tweet saying “9 dhamake humne karay” (We carried out the nine blasts).
Although IM has made a “rok sako to rok lo (stop us if you can)” taunt earlier also, sources said there were reasons to doubt the authenticity of this purported IM Twitter handle as “there are spelling mistakes.” The introduction spells terrorist as “terriorist”. Even the ‘Indian Mujahideen’ is spelt different as ‘Indian Mujahidin’ (unlike what IM emails used).
Past e-mails from IM have consistently stressed the Indian roots of the group in order to distract attention from the Lashkar’s role. However, this particular account made no secret that it was following Twitter accounts of LeT founder Hafiz Saeed and Tehrik-e-Taliban Pakistan. Four others include Indian cricket captain Mahendra Singh Dhoni.
Also, IM had so far used long emails to justify terror attacks as retaliation against alleged persecution of Indian Muslims and to hold out warnings. The 6 emails sent between 2007 and 2010 quoted from Islamic scriptures and were full of rants against Hindus and their faith. They were also replete with references to the Babri demolition, communal violence in Gujarat and other instances of alleged atrocities on Muslims in Maharashtra and elsewhere.
A home ministry official also pointed out that if the tweets were found to be genuine, this would be the first instance of IM using a public platform to claim responsibility. “Till now, IM has used only emails to claim responsibility for the blasts. These were sent to select media houses,” the official said.
Initially, it was felt that the person operating the account used a proxy server that indicated a location in Canada.
“We are trying to gather details relating to identity and IP address used to register the account. Though it could be a fake handle created by an impostor, we have to rule out any genuine link to IM, more so as a tweet ahead of the blasts warns of an impending strike at Mumbai,” a senior home ministry official told TOI.
He also warned against reading much into the tweet on Mumbai, as no terror group is known to give a seven-day notice to the agencies and public ahead of a strike.