In a concerning trend of security disruptions, the Cyberabad police have registered a staggering 16 cases of bomb threats at Hyderabad's Rajiv Gandhi International Airport (RGIA) in the month of December alone. All threats, including one received this past Monday, were later verified to be hoaxes, but not before causing significant operational chaos and passenger distress.
Spate of Hoax Threats and Immediate Impact
The latest incident occurred around midnight on Monday when the GMR Hyderabad International Airport Limited (GHIAL) management alerted the RGIA police. They had received an email warning of explosives aboard the KLM Royal Dutch Airlines flight KLM 873, which had landed at 1.12 am. Following the standard protocol, CISF personnel conducted thorough anti-sabotage checks on the aircraft and screened all passengers. No suspicious items were found, confirming it was a malicious hoax, and a formal case was filed.
This was not an isolated event. Earlier in December, three international flights were forced to divert due to similar fake threats. Two IndiGo services from Madina and Kuwait, along with a Kuwait Airways flight from Kuwait to Hyderabad, were redirected to Ahmedabad, Mumbai, and Muscat respectively. These incidents placed immense pressure on airport security teams and airlines, while causing severe inconvenience to hundreds of travelers.
Protocol: How Airport Security Responds to Threats
According to officials from the CISF and Cyberabad police, a well-defined procedure swings into action the moment a threat email or call is received. The alert is first forwarded to the Airport Predictive Operations Centre (APOC), which then informs the CISF-operated Security Operations Control Centre (SOCC).
A Bomb Threat Assessment Committee (BTAC) meeting is promptly convened. This committee includes senior officials from the CISF, Cyberabad police, Bureau of Civil Aviation Security (BCAS), customs, immigration, GHIAL management, and the terminal manager. "The BTAC assesses the threat's severity and decides the course of action," explained a senior police official.
If the threat is specific—mentioning details like time, location, or airline—the committee decides whether to divert the flight or inspect it at its origin or destination. CISF teams, including canine units, carry out checks with support from customs and immigration for baggage and passenger screening. For vague threats mentioning only the airport, a general anti-sabotage sweep of the terminals is conducted. Each such response mobilizes at least 50 personnel from multiple agencies, draining resources and causing major disruptions.
The Cyber Challenge: Tracing Anonymous Culprits
Investigations into the source of these threats reveal a deliberate attempt to evade detection. Before Monday's case, 15 similar threat emails were received this month through RGIA's customer support email. Cybercrime officials found that the senders used privacy-focused email services like mail2tor.email and ProtonMail, and even spoofed domains of media organizations to appear legitimate.
"Some email IDs were spoofed, while others were created using Tormail. All threat emails were sent via VPNs, making it difficult to identify the accused. More than half a dozen emails were sent using the same name. We are analysing technical details in the mails to trace the culprits," a cybercrime official stated. To streamline the probe, on the directions of the Cyberabad police commissioner, 22 of the 28 hoax bomb threat cases registered at RGIA police station in 2025 have been transferred to the cybercrime police station, with the rest to follow soon.
This alarming rise in hoax threats underscores a growing challenge for aviation security, where anonymous digital tools are weaponized to trigger costly and frightening security scares, wasting precious manpower and undermining public confidence in airport safety.
