Twenty-two people, including six minors, have been arrested in connection with a Pakistan-linked espionage operation in Ghaziabad, a city adjacent to Delhi. Police initially arrested five men and a woman on March 14, with subsequent arrests following as the investigation expanded.
Investigators found that operatives had accessed unsecured CCTV feeds and also installed their own covert, solar-powered cameras at sensitive locations, including Delhi Cantonment and Sonipat railway stations, to stream real-time footage to Pakistan's Inter-Services Intelligence (ISI) handlers. According to Ghaziabad Police, the individuals were recording videos of railway stations and locations associated with security forces, transmitting them to specific individuals, and luring other youngsters into participating in these activities by offering financial incentives.
Those recruited were typically paid 16,000-17,000 rupees to install cameras, significantly more than the standard 6,000-7,000 rupees for routine CCTV installation work. The network's manager allegedly recruited members and paid them around 5,000 rupees for each piece of information shared. The accused had also been forwarding One-Time Passwords (OTPs) generated for Indian SIM cards for use on WhatsApp and other social media platforms to recipients abroad, in exchange for payments ranging from 500 to 5,000 rupees per instance.
The operational scope was substantial. Investigators said nearly 50 such installations were planned nationwide, with accused installing solar-powered CCTV cameras at key locations, including along the Delhi-Jammu railway corridor, enabling continuous monitoring of troop movement and critical infrastructure.
The Ministry of Home Affairs has ordered a pan-India audit of CCTV networks across major cities and sensitive urban areas, with special attention to railway stations, cantonments, highways, and military movement routes. Central agencies have directed all state police forces and local administrative bodies to immediately conduct a physical verification of all cameras within their jurisdictions and identify any unauthorized or unregistered units.
The discovery reveals a significant institutional gap. India's CCTV ecosystem operates within a fragmented regulatory framework, with no single definitive law directly governing surveillance infrastructure. Overlapping mandates between the Ministry of Electronics and Information Technology (MeitY) and the Department of Telecommunications (DoT) have created gaps in enforcement. This regulatory patchwork has allowed hundreds of thousands of cameras to be installed with inconsistent security standards.
Authorities fear widespread compromise of CCTV cameras, a reasonable concern given that surveillance devices are notorious for running vulnerable versions of Linux and being co-opted into botnets like Mirai. India's government stated it has set standards for CCTV cameras sold, including checking for vulnerabilities that allow for unauthorized remote access, with India certifying 507 cameras for sale within its borders, while government entities must use only those devices.
However, enforcement remains incomplete. Civilian security systems often operate outside the government certification scheme, creating openings for espionage. Exemptions for state agencies under India's data protection framework raise concerns about oversight and accountability in government-led surveillance.
The investigation represents substantial law enforcement work. Police identified that the alleged racket recruited young men and women who had experience working as mobile repair technicians, CCTV operators or computer mechanics, and were in immediate need of money. Authorities believe the network was being managed within India by Suhel Malik, a resident of Bijnor district in Uttar Pradesh, who allegedly recruited members and paid them around 5,000 rupees for each piece of information shared.
The exposure of this network highlights a tension between security imperatives and institutional design. India has legitimate concerns about foreign surveillance, yet centralised oversight of thousands of cameras across multiple jurisdictions poses its own governance challenges. The audit now underway will likely need to balance the need for comprehensive security verification against the practical burden on already-stretched regulatory agencies. The scale of the task is substantial; establishing unified national standards for an infrastructure that has grown rapidly and inconsistently will require sustained effort and clear lines of authority.