Kerala IS module operatives used Hoop, Rocket Chat for secure communications

The National Investigation Agency (NIA), which is probing the Kerala Islamic State (IS) module case, has found that the terror group’s operatives in India were using much more secure messaging applications like Hoop and Rocket Chat for communicating with their handlers and also to share materials to radicalise potential targets for recruitment.

A senior NIA official privy to the investigation said: “In the Kerala IS Module case, we have registered a case against seven known and unknown persons under sections of the Indian Penal Code and Unlawful Activities (Prevention) Act, on March 5 this year pertaining to terrorist activities of one Mohammed Ameen aka Abu Yahya of the state and his associates, who have been allegedly running various IS propaganda channels on different social media platforms for propagating IS ideology and recruiting new members.”

The official said that during the probe it was found that Ameen was using Hoop and Rocket Chat for communicating.

The official said that in the Hoop app, messages shared with another member gets automatically deleted.

Meanwhile in Rocket Chat, a user does not have to verify his/her mobile number or their email id, the NIA official added.

In March this year, the NIA had conducted searches and had arrested three accused persons — Ameen, Rahees Rasheed and Mushab Anwar in this case.

On August 5, the Agency carried out searches at five locations in Jammu and Kashmir and Karnataka and arrested Obaid Hamid of Bemina in Srinagar, Muzammil Hassan Bhat in Bandipora (Kashmir), Ammar Abdul Rahman of Ullal Mangalore and Shankar Venkatesh Perumal aka Ali Muaviya of Bengaluru.

Wani and Beigh were arrested in March 2020, while Rahman was caught in August last year.

Earlier, the NIA during its probe into the IS Iraq and Syria Khorasan Province (ISIS-KP) case had found that the arrested accused Jahanzaib Sami Wani and his wife Hina Bashir Beigh and Bengaluru-based doctor Abdur Rahman aka ‘Dr Brave’ were using Threema, a secure messaging platform.

According to the NIA official, the terrorists were found using Threema application as well as its desktop version because it leaves minimal digital footprint making it almost impossible to be traced back.

“Tracing of the message or call generated from the Threema is tough,” the official pointed out.

Developed in Switzerland, Threema is a paid open-source end-to-end encrypted instant messaging application for iPhone and Android smartphones.

The official said that on Threema like so many other secure applications, a user does not have to enter an email address or phone number to create an account, thus allowing the person to use the service with a very high level of anonymity.

The official said that Threema also hides all the tracks of the user as it minimises the footprint on servers that route traffic.

The official claimed that on Threema the contacts and messages are stored on the user’s device, instead of on the server.

He said that Threema offers text and voice messages, voice and video calls, groups and distribution lists as features in the application, thus allowing the terrorists to remain “untraced”.

The official said besides the mobile application, there is also a browser-based secure desktop chat option of Threema which also does not log IP addresses or metadata of the user.

However, this is not the first time that the NIA has come across the secure messaging platform used by the IS terrorists as well as Hizbul Mujahideen, Lashkar-e-Teiba and Al Qaeda militants.

During the probe into the February 2019 Pulwama terror attack case in which 40 CRPF troopers were killed, the NIA and the other intelligence agencies in their probe had earlier found that Jaish-e-Mohammad terrorists were using peer-to-peer software service — YSMS — or a similar mobile application to communicate with their counterparts in India and abroad.

(Anand Singh can be contacted at