Delhi Police busted an international cybercrime syndicate extorting Indians via 'digital arrest' and fake terror threats. The gang used SIMBOXes routed from Cambodia, with key members from Taiwan and Pakistan, to mask calls and evade police.
In one of the most alarming cybercrime investigations in recent years, the IFSO Unit, Special Cell, Delhi Police has dismantled a highly sophisticated international cyber fraud syndicate that weaponized fear, terrorism narratives, and cutting-edge telecom manipulation to extort innocent citizens across India.
Beginning September 2025, victims nationwide were subjected to phone calls from fraudsters impersonating officers of the Anti-Terrorist Squad (ATS), particularly from Uttar Pradesh. Citizens were falsely accused of links with terror attacks including Pahalgam and Delhi Blasts, warned of immediate arrest, and placed under so-called "digital arrest", a psychological trap designed to force instant monetary transfers in the name of national security.
Sophisticated Telecom Manipulation Uncovered
The task of unravelling this syndicate was taken up by IFSO Unit. Initial investigations revealed that the gang was employing highly sophisticated telecom manipulation techniques to evade detection.
Related Articles
The Investigation found that the calls were deliberately routed over low-frequency (2G) networks to avoid real-time location tracking. The criminals were operating SIMBOX systems, enabling them to mask international calls as domestic Indian numbers. These calls were originating from foreign countries, particularly Cambodia, and were routed into India through clandestine SIMBOX installations.
The SIMBOX devices were being manipulated by overwriting and rotating IMEI numbers, making device identification extremely difficult. Advanced software was used to merge multiple SIMBOXes into a single virtual entity, dynamically rotating IMEIs and SIM numbers. As a result, when call data records were analyzed, the same number appeared to originate from multiple cities within a single day, deliberately misleading investigators. Despite these formidable obstacles, through persistent technical analysis and field intelligence, the IFSO Unit, Special Cell successfully narrowed down the first physical location of the SIMBOX operations to Goyla Dairy, Delhi. A one-month-long covert surveillance operation confirmed the presence of 04 active locations with SIMBOX installations. A swift and decisive raid followed.
International Conspiracy and Key Arrest
Further investigation revealed a significant international conspiracy angle. It was established that the SIMBOX devices were supplied, installed, and technically configured exclusively by Taiwanese nationals. Communication between Indian handlers and foreign conspirators was conducted via Telegram, using encrypted chats.
Forensic analysis of seized digital devices led to the identification of a Taiwanese national On December 21, I-Tsung Chen, the Taiwanese man allegedly controlling the illegal SIMBOX infrastructure from abroad, was swiftly intercepted and arrested at the Delgi International Airport, marking a decisive breakthrough in the case.
During sustained interrogation and forensic examination of his digital devices, it was found Chen to be the principal operational backbone of the syndicate, responsible for illegally smuggling SIMBOX devices into India, deploying them across multiple locations, and ensuring their technical concealment to enable mass-scale cyber fraud targeting Indian citizens.
National Security Angle and Foreign Sponsorship
Further interrogation and intelligence analysis revealed that Chen was not acting alone. He emerged as a key operative of a larger Taiwan-based organized crime network, allegedly led by one gangster namely, Shang-Min Wu.
Interrogation of the accused has unveiled a disturbing transnational conspiracy that stretches far beyond routine cyber fraud. Both accused admitted to having previously worked inside organized scam centres operating in Cambodia, infamous for running industrial-scale cybercrime operations targeting victims across the globe. It was during their stay in Cambodia that they allegedly came under the influence of a Pakistani national, who systematically recruited, radicalised, and redirected them into a deeper criminal role. Acting on his explicit instructions, the accused returned to India and established an illegal SIMBOX hub in Mohali, Punjab, designed to clandestinely route international scam calls into the Indian telecom network.
Investigators found that every critical resource for this operation, funding, SIMBOX devices, technical instructions, and operational guidance--was allegedly arranged and supplied by the Pakistani handler, indicating direct foreign sponsorship and control of the illegal setup on Indian soil. More alarmingly, advanced forensic and technical analysis revealed that the syndicate was using *Pakistani-origin IMEI numbers of Faywa Make to overwrite and mask the original identities of SIMBOX devices. This deliberate manipulation of telecom identifiers was aimed at evading **lawful interception, defeating tracking mechanisms, and misleading security agencies*, a tactic that significantly elevates the case from cyber fraud to a serious national-security concern.
Multi-Country Command and Control Structure
Interrogation of the accused also brought to light an international command-and-control structure behind the "Digital Arrest" scam, revealing that the operation running on Indian soil was merely the last link in a multi-country syndicate.
The accused disclosed that he was in continuous contact with an individual who had earlier operated from Delhi and had masterminded 02 major illegal SIMBOX installations in Narela and Nihal Vihar, both of which were busted earlier in the year 2025. This Delhi-based operator is now believed to be part of a larger offshore syndicate, having shifted operational control outside India to evade law enforcement.
Further investigation has uncovered that the entire module is being actively supported and remotely directed by a foreign-based group currently operating from Nepal. Intelligence inputs suggest that this Nepal-based layer is suspected to be backed by foreign groups, providing funding, technical direction, and operational cover. Evidence collected in investigation has already established that, Cambodia served as the training and recruitment ground, where operators were inducted inside scam centres. China nationals supplied and configured the SIMBOX hardware and technical architecture. The Pakistan handler allegedly facilitated funding, IMEI manipulation, and identity masking techniques; and Nepal emerged as the current operational nerve centre, from where instructions were relayed to Indian ground operators.
Nationwide Impact and Scale of the Fraud
With critical analytical support from the Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs, investigators cross-mapped these IMEIs and mobile numbers against national cybercrime databases. The results were staggering thousands of cybercrime complaints and registered cases from across the length and breadth of India were found to be linked to this very network.
This case exposes a deeply entrenched international cybercrime syndicate, leveraging advanced telecom fraud, psychological manipulation, and cross-border coordination to exploit Indian citizens under the guise of national security threats. (ANI)
(Except for the headline, this story has not been edited by Asianet Newsable English staff and is published from a syndicated feed.)
