Illuminati-Inspired Hackers Behind Wave Of Bomb Threats To Indian Airlines: Investigation Revealed

Mumbai: In a recent series of bomb threat messages targeting Indian airlines and airports, security agencies have uncovered that several of these threats were routed through masked VPNs, with IP addresses traced to locations in London, Germany, and ultimately France, According to the sources Indian authorities are now coordinating with French security agencies as part of the ongoing investigation.

On Thursday, there was a sharp increase in bomb threat incidents, with 85 new threats reported in a single day. These threats targeted major airlines, including 20 flights each from Air India, IndiGo, and Vistara, along with 13 Akasa flights, 5 SpiceJet flights, and 5 Alliance Air flights. Prior to this, the country had already been grappling with a surge in bomb threats to airlines and airports, with over 190 cases reported. mid-October 70 threats were issued within just one week.

Officials from Delhi's security apparatus suspect they are dealing with a complex group of hackers, potentially operating as a shadow organization inspired by conspiracy theories, such as those related to the Illuminati secret group.The group’s Illuminati-like behavior suggests that these hackers might be creating an aura of mystery or power to intimidate their targets.

According to officials, the hacker group is believed to behave similarly to the infamous Illuminati secret society, projecting a mirror image of the aura typically associated with the Illuminati. This behavior is characterized by secrecy, power, and manipulation, much like the stories and illusionary theories that surround the Illuminati. By adopting such tactics, the group seeks to create an intimidating and mysterious presence, further complicating the investigation.

Sources indicate that officials might seek the expertise of psychological profiling experts to better understand the motives driving this group. "Groups like these often thrive on fear, secrecy, and conspiracy.

According to the officials, they may use deep packet inspection and global surveillance tools to analyze traffic flow, identifying anomalies across the countries where the hackers operate.

In the ongoing investigation, a 17 Year-old minor from Chhattisgarh has also come under the scrutiny of the agencies. The Class 11 student was apprehended last week for his alleged involvement in posting threatening messages against international flights operating from Mumbai, leading to significant delays and diversions. According to sources, the boy is suspected of being linked to at least 19 such threats, and agencies are currently investigating his role.

According to top agency officials, the hackers involved in the threat cases appear to be using hardware VPNs, which make it more complex to trace and ascertain their real identities. These VPNs route traffic at the network level and often operate across different countries. Since hardware VPNs add an extra layer of security and disguise, it becomes harder to track down the originating IP. However, metadata analysis (such as connection times and traffic volume) could provide leads, especially if the hackers make mistakes, like using the same VPN servers repeatedly.

The hackers may also be using virtual machines combined with VPNs to further obscure their activities. Security teams can look for signs of this by monitoring suspicious patterns in data flow.

Given the international scope of the investigation, India's National Technical Research Organisation (NTRO), along with the Bureau of Civil Aviation Security (BCAS), the Ministry of Home Affairs, and various intelligence agencies, is intensifying efforts to address this emerging threat. Cybersecurity units are focusing on identifying the hackers and preventing further disruptions to the nation’s aviation sector.

In the ongoing investigation a senior cyber-forensic analyst has highlighted the advanced techniques employed by professional hackers. According to the official, hardware VPNs—dedicated physical devices designed for high-level encryption and network anonymity.

A hardware VPN is a specialized device that independently manages encryption and VPN functions, bypassing the need for computers or mobile devices. By connecting directly to a network, it provides an added layer of security that is difficult to penetrate. Operating at the network level, hardware VPNs can mask the IP addresses of all devices within the network, making it nearly impossible to trace individual users, the official explained.

The challenge of IP tracing is further complicated because hardware VPNs route all network traffic through an external IP address controlled by the VPN provider. This method conceals the original IP addresses much more effectively than software-based VPNs.

In addition to their strong security features, hardware VPNs offer faster and more reliable performance due to their dedicated processing power, which handles encryption and network traffic without overburdening individual devices. This makes them particularly appealing to hackers seeking anonymity while carrying out high-stakes attacks.

On the other hand, software-based VPNs, commonly installed on devices such as phones and PCs, also reroute internet traffic through encrypted tunnels. While they similarly mask IP addresses, they rely on the device's resources, which may compromise security if the software is misconfigured or breached. "Software VPNs are more prone to vulnerabilities, potentially making tracing easier in the event of a breach," the official added.

Although both hardware and software VPNs effectively hide users' IP addresses by replacing them with the VPN server’s IP, hardware VPNs are generally considered the gold standard for security-critical operations. Their ability to conceal an entire network’s traffic through a single access point makes them significantly harder to trace compared to software VPNs, which operate on individual devices.

As Indian agencies intensify efforts to identify the source of these threats, the hackers' use of hardware VPNs presents a significant challenge, complicating the task of IP tracing.