Coordinated Bombings in India are Nothing New!
The only thing new here is the targeting of westerners.
For those who are coming to this realization recently, please forgive a diversion from our normal Cyber Crime topics to explain.
The most telling revelations about the current bombing will be to see the construction of the bombs, and none of the media outlets has that level of information right now.
The National Security Guard's National Bomb Data Centre has statistics on bombings in India. During 2007 there were 376 IED blasts and a total of 530 bombing incidents in 2007.
October 30, 2008 - The Assam Bombings
10 - 18 blasts kill 84, 470 injured
In the city of Guwahati, Assam, crowded shops in Pan Bazar and Fancy Bazar were hit with grenade attacks, while a car bomb went off at Ganeshguri. 41 killed in Guwahati, 21 killed in Kokrajhar, 15 killed in Barpeta. The explosions all occured within 15 minutes, and Assam police chief Mathur says most of the bombs were planted in cars. While the original attack was claimed by "Islamic Security Force-Indian Mujahideen" via text message, and original attribution was assigned to the Harkat-ul-Jihad-al-Islami (HuJI), investigations later focused on the National Democratic Front of Bodoland (NDFB), a separatist group focused on seeking an independent state for the Bodo people group. As the investigations unfolded, it became clear that there were actually three terror groups working together here. The ULFA (the United Liberation Front of Asom), the NDFB, and HuJI. These groups were actually united as a result of "Operation All Clear" which destroyed more than 30 terrorist camps in the southeastern area of Bhutan. While the Indian Chief of Army Staff, General N.C. Vij claims that more than 650 militants were neutralized during Operation All Clear, more than 2,000 other militants from these camps scattered to fight another day.
For more on Operation All Clear, see Praveen Kumar's article in "Strategic Analysis", External Linkages and Internal Security: Assessing Bhutan's Operation All Clear (21 page PDF).
Arrests in the Assam bombings continued as recently as last week, when Dipak Basumatary was identified as the NDFB Lieutenant behind the serial bombing. Investigators into the bombing shared details about the bomb according to the South Asia Terrorism Portal. (SATP has the hands-down best publicly available data on India's Terrorist groups)
The investigating agencies had found clues that ULFA and NDFB carried out the Assam serial blast of October 30 with the help of Bangladesh-based HuJI. "We have found that the Bangladesh-based HuJI has provided the expertise to ULFA and NDFB as none of them has the technology to explode such devastating bombs which claimed 84 lives," a Home Ministry official said. Home Ministry sources also added that the government is worried over the fact that the northeast militants has started using a deadly mixture of RDX, ammonium nitrate and plasticised explosives to carry out explosions which led to greater casualties which was never seen in the past. Though the operation was masterminded by HuJI at the behest of the ISI, the NDFB and ULFA had provided logistical support.
-- see Incidents Involving NDFB
Sep 13, 2008 - New Delhi Bombings
5 bombs kill 30 and injure 100+
Five small bombs went off in the spamce of 25 minutes in India's capitol city.
The New Delhi bombing has the similarity to the current situation in that an email of responsibility was sent claiming responsibility. In this case the email came just AFTER the first bombing, (see below for some where the email came BEFORE, which is of course much more interesting). The email, which was sent to several television stations claimed that there would be nine blasts in all, "Within five minutes from now . . . this time with the Message of Death, dreadfully terrorizing you for your sins". The email was quickly traced to a Mumbai suburb, with cooperation from Yahoo, (the from address was: Arbi Hindi -- email@example.com. It was sent from an open WIFI connection belonging to Christian missionary Kenneth Haywood. "Guru Al-Hindi" was the signature on the email, which matched the emails sent prior to two other bomb attacks. Sunny Vaghela, a cyber-cop in Ahmedabad, shared the details with the IT Examiner for their story Avoid being arrested for sending terror mail:
26JUL2008 - firstname.lastname@example.org - sent from 22.214.171.124 - Kenneth Haywood's house in Navi Bombay - an unsecured WiFi router.
31JUL2008 - email@example.com - sent from 126.96.36.199 - the Medical College at Vaghodiya, in Gujarat. (This one was sent through a proxy, but traced ultimately the given location).
23AUG2008 - firstname.lastname@example.org - sent from 188.8.131.52 - Khalsa College at Bombay - another unsecured WiFi router.
13SEP2008 - email@example.com - sent from Kamran Power Limited at Bombay - another unsecured WiFi router.
If the current bombing's emails follow the same pattern, it could be an indication that they are related. The most recent email was accompanied by a 13-page document, which is certainly rich for forensic and linguistic analysis!
These earlier emails are thought to have been sent by Abdul Subhan Qureshi, who is called a "crack bomb-maker" after attending SIMI (Students Islamic Movement of India) terror camps from 2006 to 2008 to learn his craft. Before becoming a full-time terrorist, Qureshi worked for Wipro, a computer software company, where he disappeared in 2001, leaving a letter for his employers saying "I wish to inform you that I have decided to devote one complete year to pursue religious and spiritual matters". Despite the proof now that these were SIMI operations, the emails claimed to be from "Indian Mujahideen". Qureshi is also known as Abdul Subhan Tauqeer, and Bilal Qureshi. Qureshi was profiled in The Hindu, reprinted in Rediff as "The Hunt for the Indian Mujahideen's al-Arbi".
On July 30th, an email sent to the Japanese embassy in Delhi claiming responsibility for the Jaipur and Ahmedabad bombings, and stating that the next attack would be in New Delhi.
July 26, 2008 - Ahmedabad
21 bomb blasts - 56 killed and 200+ injured
Just before this series of 21 bomb blasts (some say as high as 30), various media outlets received an email saying "Await 5 minutes for the revenge of Gujarat" and "In the name of Allah the Indian Mujahideen strike again! Do whatever you can, within 5 minutes from now, feel the terror of Death!" The fourteen page email had many threats, but also said "Have you forgotten the evening of July 11, 2006 so quickly and so easily?" The fullest version of the email text I can find so far is on the website Islamic Terrorism in India.
Similar to the current event, a second set of bombs went off at hospitals one hour after the initial bombs. (See for example: The Tribune of Chandigarh). Some reports say four hospitals were targeted.
SIMI leader Abul Bashar Qasmi was arrested as the mastermind behind the July 26, 2008 bombings. (AKA Mufti Abu Bashir). Qasmi was arrested on August 16th, and it was reported on August 17th that he had confessed to his involvement in the blasts in Ahmedabad, and was still being questioned regarding Jaipur.
July 25, 2008 - Bangalore
7 bombs - 2 killed and 20 injured
While these bombings were highly coordinated, the intensity fo the bombs used indicated simplistic explosive devices, very different than those above. Could this have been an effort to shift anti-terror forces attention prior to the bombings which followed the next day? The explosives were based on "gelatin sticks" used in quarry blasting.
Another question is that this bomb run targeted the IT sector (40% of Information Technology businesses in India are in Bangalore) and the current attack is in the heart of the Financial Center for India. Is this a targeting of key infrastructure sectors?
Police originally said that this attack looked like the work of Harkat-ul-Jihad al Islami. Bangladeshi national Mohammad Hakim was taken into custody on July 29th in conjunction with this attack. He admitted that he was trained in bomb making by Mohammad Ansari, who is also a Bangladeshi national.
On September 25th, a SIMI operative named Mohammad Samee Bagewadi, aka Mohammad Samee, was arrested in conjunction with this attack. He had attended SIMI training camps in Castle Rock, Vagamon, and other camps. He was a close associate of SIMI leaders Safdar Hussain Nagori, Hafeez Hussain, Abu Bashar, and others.
May 13, 2008 - Jaipur
eight bombs - 80 killed and 150 injured
The bombs were created using RDX and ammonium nitrate, and filled with ball bearings. Several of the bombs were attached to bicycles.
No one claimed responsibility initially, but the following day an email was sent to various television stations which contained a photo of one of the bicycles, and a close up of the bicycle showing the serial number, which was used in the bomb. The email came from firstname.lastname@example.org and said that Indian government must stop supporting the US in the international arena. It went on that "if you do continue then get ready to face more attacks at important tourist places."
As in others, a SIMI operative, Mohammad Shajid, was held for questioning, and raids were conducted in Jaipur, Ajmer, Fatehpur, Godhpur, Tonk, and Sikar.
On May 27th, a madrassa teacher and a telephone booth operator, Kamil, in Bharatpur was arrested for his role in the bombing. The teacher, who used the name "Hakimuddin" was from Nagla Imam Khan village, and had lived in Bharatpur for two years.
On August 24th, Shahbaz Hussain, a resident of Lucknow, was arrested for his involvement in Jaipur. He was called "a key player in planting the bombs" as well as selecting the team which executed the blasts. Shahbaz had a degree in mass communications and ran a cyber cafe in Maulviganj, and was a "key aide" to Sajid Mansoori, who was the mastermind of this attack.
On August 25th, seven more members from the Kota district were arrested. They were trained in three different terror camps between November 2007 and January 2008, along with SIMI activists Mufti Abu Bashir and Sajid Mansuri.
On September 1st, the Rajasthan Special Investigations Team (SIT) arrested four more for their parts in the Jaipur bombing - Munawar Husain (AKA Muzaffar Husain), Atiqur Rehman (AKA Abdul Hakim), Nadeem Akhtar (AKA Yaminuddin), and Mohammed Iliyas (AKA Mohammed Husain).
On September 7th, Mohammad Sohail and Azam from Jodhpur were arrested on their role in helping to generate funds for the Jaipur attacks.
On September 19th, two terrorists involved in the Jaipur, Ahmedabad, Hyderabad, and New Delhi blasts were killed when their flat was raided by the Delhi Police Special Cell. Mohammad Fakruddin (AKA Sajed) Mohammad Bashir (AKA Atiq) were both killed, while two others escaped. Inspector Mohan Chand Sharma, a police officer involved in the raid, was also killed in the firefight.
August 25, 2007 - Hyderabad
2 bombs - 42 killed and 50 injured
While 2 bombs were detonated, 19 other bombs were found, fitted with timers, at bus stops, cinemas, bridges, and a water fountain. The bombs which were detonated went off during a laser light show in a public park.
Sep 8, 2006 - Malegaon
3 blasts killed at least 37 people and injured at least 100
Police found that the explosives used were a mix of RDX, ammonium nitrate, and fuel oil, which is the same mixture used in the July 11, 2006 Mumbai train bombings. Most of those killed were gathered at a mosque where Friday prayers were being held.