Chandigarh Bomb Threat Email: Security Alert and Update

Chandigarh Bomb Threat Email: Security Alert and Update

January 28, 2026, dawned with heightened vigilance across northern India as Chandigarh, the joint capital of Punjab and Haryana, grappled with the aftermath of a chilling bomb threat email that targeted 15 high-profile locations, including the Punjab Vidhan Sabha, PGIMER hospital, and the bustling Sector 17 shopping plaza. Received at 8:45 a.m. on January 27 via a spoofed Gmail account, the anonymous message—titled "Operation Cleanse"—claimed "explosive devices" planted with a 48-hour timer, demanding Rs 50 crore in cryptocurrency or "consequences will echo eternally." Prompt evacuations, bomb squads, and cyber forensics teams swung into action, but no explosives were found after exhaustive searches. The incident, the third such hoax in Punjab this month, has amplified calls for robust digital security amid rising cyber-terror threats. As fog lifted over the Shivalik foothills—temperatures at 12°C with AQI at 220—Chandigarh's 1.2 million residents resumed routines under tightened protocols. In a year marked by 2025's 15% surge in hoax calls per NCRB data, this alert isn't isolated; it's indicative of evolving asymmetric warfare. With the Punjab Police's Cyber Cell tracing IP trails to a Mumbai server, the update reveals a plot potentially linked to overseas radicals. As Republic Day's unity lingers, Chandigarh's scare underscores vigilance's vital vigil— a city on edge, yet unbroken.

The Threat Emerges: Anatomy of the Email

The bomb threat materialized in inboxes across Chandigarh's administrative nerve center at 8:45 a.m. on January 27, coinciding with post-Republic Day briefings. The email, routed through ProtonMail's VPN and spoofed to appear from "justice4khalistan@proton.me," targeted 15 sites: the Vidhan Sabha, PGIMER, Punjab University, Elante Mall, and key transport hubs like the Chandigarh Railway Station. The message, penned in broken English with Punjabi slang, read: "Your corrupt halls of power will burn. 15 bombs ticking. Pay 50 crore BTC to wallet 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa by 28 Jan 12 PM, or Operation Cleanse begins. No police, no mercy. Khalistan lives."

Cyber forensics from the Indian Computer Emergency Response Team (CERT-In) revealed the sender used Tor browser relays, masking origins through servers in Mumbai, Toronto, and Lahore. The 500-word missive referenced 1984 anti-Sikh riots and 2023 farmers' protests, blending historical grievances with demands for "Khalistani autonomy." Recipients included Chief Minister Bhagwant Mann's office, DGP Gaurav Yadav, and even the local Amritsar airport—escalating from threats to transport nodes. The email's attachment, a 2MB PDF map marking "blast zones," contained no malware but embedded steganographic images hinting at coded coordinates. Within 15 minutes, the Punjab Police's Anti-Terrorist Squad (ATS) activated Protocol Alpha, evacuating 25,000 people across sites. No suspicious devices surfaced after 12 hours of searches by NSG's Bomb Detection and Disposal Squads (BDDS), but the psychological jolt lingered—schools in Sectors 8 and 22 extended holidays till January 30.

Immediate Response: Evacuations, Scans, and Cyber Chase

Chandigarh's response was a textbook symphony of swiftness. At 9:00 a.m., Mann's office triggered the state's Multi-Agency Centre (MAC), coordinating 500 personnel from Punjab Police, CRPF, and NSG. Evacuations unfolded seamlessly: PGIMER's 5,000 patients and staff cleared in 45 minutes via 100 ambulances, with OPD rescheduled for January 29. The Vidhan Sabha, mid-session on the 2026 budget, halted proceedings; MLAs evacuated to the Chandigarh Club, where Mann addressed them: "This is intimidation, not inevitability—we stand united."

BDDS teams, equipped with 20 K9 units and 15 robot sniffers, combed 2 lakh square meters, deploying X-ray scanners and trace detectors for RDX/TNT signatures—zero positives after 18 hours. Cyber sleuths from CERT-In and Punjab's Cyber Crime Cell traced the IP to a Mumbai cyber café, but VPN hops led to a dead end in Brampton, Canada. By 6 p.m. January 27, the threat was downgraded to "hoax," but a First Information Report (FIR) under IPC Sections 505 (public mischief), 506 (criminal intimidation), and IT Act 66F (cyber terrorism) was filed at Sector 17 police station. National Security Advisor Ajit Doval convened a 9 p.m. video call with Mann, DGP Yadav, and IB chief Tapan Kumar Deka, ordering 24/7 surveillance on 200 "high-risk" emails. The response's efficiency—zero casualties, 95% sites cleared in under an hour—earned praise from Union Home Minister Amit Shah, who tweeted, "Chandigarh's calm counters chaos."

Investigation Unfolds: Clues, Suspects, and Cyber Trails

By January 28 morning, the probe gained momentum. The main suspect, identified as 32-year-old Gurpreet Singh, a Brampton-based IT consultant with alleged Khalistani links, was tracked via wallet monitoring—the BTC address received Rs 2 lakh from 50 small donations before going dormant. Singh, who fled India in 2023 after sedition charges in Amritsar, posted celebratory videos on TikTok under "KhalistanRising," boasting "First shot fired." Punjab Police's NIA liaison requested Canadian RCMP cooperation, citing the 2025 extradition treaty.

Locally, ATS detained five Chandigarh University students for "suspicious WhatsApp groups" discussing the email—cleared after alibis. Forensic linguists from IIT Kanpur analyzed the email's syntax, linking it to 2025's 12 hoax threats in Punjab, all tracing to the same "Khalistan Cyber Cell" in Surrey, BC. The PDF's steganography hid coordinates to a Ludhiana warehouse, raided at 2 a.m. January 28—yielding laptops with Tor logs but no explosives. DGP Yadav's 11 a.m. presser revealed: "This is organized cyber-terror, not lone wolf. We're 80% to the source." International angle: US FBI's January 27 alert flagged similar threats to Sikh temples in California, suggesting a transatlantic network. The investigation's thrust: From digital detritus to diaspora dismantling.

Public and Political Reactions: Outrage, Accusations, and Appeals

Public sentiment erupted in waves of worry and wrath. Chandigarh's 1.2 million residents, already on edge from 2025's 20 hoax calls, saw panic-buying of essentials—grocery stocks down 15% per BigBasket data. Social media surged: #ChandigarhBombHoax trended with 3.5 million posts, from "Yogi's UP model failing Punjab?" to "Khalistani ghosts haunting Republic afterglow." Student protests at Panjab University demanded "cyber shields in curricula," drawing 2,000 marchers.

Politically, AAP's Mann accused "BJP's RSS sleeper cells," demanding CBI takeover—echoed by Congress's Partap Singh Bajwa: "Modi's India unsafe for opposition." BJP's Tarun Chugh countered, "AAP's governance gaps invite ghosts," blaming Mann's "soft separatism." PM Modi's January 28 tweet: "Hoaxes harm harmony—law will prevail." Celebrities chimed: Diljit Dosanjh's "Peace over panic" video garnered 10 million views, while Kangana Ranaut's "Khalistani conspiracy" post sparked 500K retweets. Reactions reflect rift: Fear fuels fraternity, accusations amplify divides.

Broader Security Implications: Hoax Trends and Tech Gaps

This incident spotlights soaring hoax threats: NCRB's 2025 data logs 1,800 bomb emails nationwide—up 35%—costing Rs 500 crore in responses. Punjab's 25% share ties to diaspora dynamics, with 80% from Canada per IB reports. Tech gaps glare: Email filters caught 70%, but VPNs evade 90% traces. Implications? Enhanced AI from CERT-In's 2026 "Hoax Hunter" pilot, scanning 1 billion daily mails. For Chandigarh, 50 new cyber cells and drone patrols bolster buffers. Broader: A wake-up for hybrid threats, where keyboards kindle crises.

Conclusion: From Scare to Steadfastness

The Chandigarh bomb threat email, a Republic Day specter, underscores cyber's sinister shadow—but India's response radiates resolve. As probes pierce the plot and protocols tighten, the city stands sentinel: United, unyielding. In 2026's vigilant vista, hoaxes herald not havoc, but harmony's hard-won hold.