Oh lol, this is a scam site. Yes, there are potential other uses for a sim box but mostly they are used for VoIP purposes. It's honestly so hard reading quotes from the US government these days. Cartels, drugs, guns. They make it sound like they interrupted the staging of an assault on the UN when the article actually says that the locations were within 35 miles of the UN headquarters in NYC. This is a significant distance as it covers beyond the 5 boroughs, it's the "tri state area". Like 20M people live in that circle. I highly doubt this is for anything other than VoIP scams.
Yup. This is literally just a cellular grey route site for some shitty VoIP provider, just like the SIM box SMS scams go marching on in other countries. Some operator is shitting their pants right now, probably.
The SIM cards come from cheap MVNOs that have dealer arrangements for cheap or free first month activations, then they just set up a handful of SIM boxes and a residential Internet connection back to the mothership (like they did at the captured house with the white Verizon 5G Home router just casually sitting on the floor next to the units).
Similarly, I’ve had some friends on US MVNOs themselves that have access to “free” international calling, yet every time they call (the same) international number the receiving party gets a wildly different caller ID from a wildly different country each time (Poland, Moldova, etc). Also dodgy SIM boxes!
Or grey-route bulk messaging and SMS OTP bypass so actors can register throwaway accounts on Signal/WhatsApp/Telegram, social platforms, fintech, crypto etc. then burn the numbers after use.
You need 100k SIMs to defeat per-SIM rate/behavior caps, receive OTPs for mass account creation and run thousands of campaigns/conversations in parallel while keeping each SIM's pattern below carrier detection thresholds.
It's not about the UN.
NYC is a prime market for "local presence" numbers (212/917/646 etc.), which boosts answer rates and trust for scams, impersonation, mass disinfo campaigns.
Those "local presence" numbers are highly depleted and highly unlikely to be available for MVNOs. Not to mention you don't need to be basically present in NYC to use those numbers.
The real reason this shit is in NYC is because the number of tower cells is huge due to population density. It makes having a few hundred to thousand devices in one office a bit more viable.
I live in the NY area (Long Island), and have a business line on my phone, so I get dozens of scam calls per day.
Most are spoofed. Many, from local Long Island exchanges.
All the spoofed calls just reuse existing numbers. When I first started getting them, I called a couple, until I figured it out. I usually got some poor, confused schlub.
I’ve gotten some calls, myself, and have been said poor, confused schlub.
Agreed. These days setups imho aren't vanilla origination and termination VoIP scratch card traffic it's more likely a distributed bot farm obfuscation as a service provider. I have seen commercially available sim bank gateways that can separate the sim from the antenna in order to change towers and simulate movement. The use of eSim adapters make it superscaleable now in terms of abstracting the numbers from the sims. Whatever the application a press release tie in to UN is a little odd.
> Yes, there are potential other uses for a sim box but mostly they are used for VoIP purposes.
So you mean... like, these are the exit points into the "legitimate" telephone network for, say, those random MedAlert scam calls I keep getting from numbers scattered all over North America? Or if not, what does "VoIP" mean here exactly?
Bingo! And the call's been "verified by the carrier" because it came off the cell network from a purportedly valid SIM... but patched into a dodgy SIP connection back to the scammer.
Perhaps the Secret Service possesses additional information they're not disclosing that supports their narrative. It might come out at trial, if it gets to that stage. Or, it might not, because certain methods and sources of law enforcement operations might not be publicly disclosed if national security is involved.
Of course. Trust in our Government is at a historic low these days, and reasonably so. However, that doesn't mean that everyone is inept or has ill intent. Most people I've met in government as well as the private sector want to do good (or at least not evil).
I agree with the idea that people want to do their best, and I think it's the machine itself that's really the problem day to day. That said, this is being filtered through a media mouthpiece, and that's where I raise an eyebrow.
The leaders of the US govt at high levels have specifically shown they aren't trustworthy which must impact the formerly trustworthy orgs, such as the FBI and the head of the FCC.
Generally, yes. You have a right to discovery of anything that they plan to introduce at trial against you, or anything that would cast doubt on your guilt (exculpatory evidence).
Most facts, yes. Non-disclosure is the exception, not the rule, thanks to the Sixth Amendment's right to a fair trial. However, when national security is involved, the Classified Information Protection Act (CIPA) may apply, and some evidence may be reserved for in camera hearings.
Also, if the information would not exculpate the defendant, and the prosecution won't introduce it at trial as evidence of guilt, then the information can be withheld.
I'm on the verge of not trusting the US govt when they prosecute things. Epstein details being proclaimed and then hiding them is just the start. If the large and formerly mostly independent and trustworthy federal law enforcement groups can't disclose info there, what should make you feel like they are honest?
The article really should have put that map front and center, because that map alone is enough to show how ridiculously overhyped the government claims are.
I'm presuming this discovery was near the outer perimiter of that circle, because otherwise presumably they'd have quoted a smaller, scarier number.
> Officials said the anonymous communications network, which included more than 100,000 SIM cards and 300 servers, could interfere with emergency response services and could be used to conduct encrypted communication. One official said the network was capable of sending 30 million text messages per minute, anonymously. The official said the agency had never before seen such an extensive operation.
> Investigators found the SIM cards and servers in August at several locations within a 35-mile radius of the United Nations headquarters. The discovery followed a monthslong investigation into what the agency described as anonymous “telephonic threats” made to three high-level U.S. government officials this spring — one official in the Secret Service and two who work at the White House, one of the officials said.
So 100k SIM cards scattered around the middle of New York City.
Probably an egress point for scammers and bot farms, and the speculation about local disruptions isn't grounded in anything other than scale?
That would be my first guess if the devices were found in the Middle East, but legitimate interconnect in the US is stupid cheap. (See e.g. Twilio's SIP pricing; I assume they have reasonable supply chain security.)
> legitimate interconnect in the US is stupid cheap
This is a to take advantage of "free calls to North America" provided by MVNOs, and free < cheap. Twilio starts at $0.01/min; 1 cent/minute x 200 lines results in a delta of $2.8k per day. I'm assuming a 20% utilization rate[1] on a device that holds 1000 SIMs
Further, it's a way to bypass STIR/SHAKEN requirements for a less-than-legitimate VOIP termination operations, which can attract paying customers that want to evade detection, typically criminal endeavors.
1. 20% utilization is pretty generous, but even if its 2%, not using Twilio is profitable at scale.
Legitimate interconnect is presumably easier to get shut down, so I agree maybe not so much cheap as shady, as in a provider that knows their customers are likely to use the numbers for things that'd make them likely to lose a legitimate interconnect.
Maybe some sort of darknet service for anonymous sms / calls which was used for stuff that really raised alarms such as calling/messaging these officials
Nah it's that size. You need an individual modem for each SIM card because you need a unique IMEI. It's possible each of those SIMs are eUICCs as well which means basically that each card is like a "wallet" with multiple profiles.
I've used hardware a decent amount larger than what's pictured in the OP for work. But what I was using wasn't just for SMS. So I needed more sophisticated modems. What they're using looks like a bunch of 64 port modem banks exclusively for SMS.
(Oh wait if you mean the devices for what's in the article you linked, then yea, those I'm sure are much smaller and quite different.)
The modems don’t support on-the-fly IMEI programming? Even if not, I could see the same RF components share a number of whatever the bare minimum chip is for an IMEI and switch
I would just get a decent SDR like xtrx and some derivative of osmocom stack and then it's two antennas and however many sims you want. But.. this info is outdated, this stuff was available five years ago.
I used to send a lot of SMS verification codes. We considered setting up a SIM box, but never did. You get different SMS routing from a phone on a major network than you do from the SMS aggregators, and that could be useful for getting codes to difficult destinations.
But we had enough volume that we could typically get improvements on routing by asking aggregators about difficult destinations (unless the difficulty was coming intentionally from the destination carrier). The aggregators do sometimes use grey routes from SIM farms. Squishyness around terms of use and accounting would have been an issue too, we would not have been able to fly under the radar on 'unlimited messaging'
Another potential use could be if you needed to send a lot of alerts to your employees/customers in a short period. Most aggregators have rate limits, and so do carriers... if you're a big customer, you can probably get limits raised; if you only have an occasional need, you might prefer to have a large number of low cost SIMs.
The Bad Guys are neat with their cable ties, and number their gateway boxes.
The Bad Guys went with simple heavy-duty metal garage shelving rather than real racking, seemingly vastly overengineered for the weight of the equipment, as that sort of shelving can hold up to a Mg per shelf UDL. The "WallOfSimBoxes" kit does not sport any rack mounting brackets.
The Bad Guys don't use redundant power supplies, or battery backup.
By the way, if you want a quick overview of this kind of equipment if you've never seen it before, here's (randomly picked by Bing Shopping) China Skyline's marketing blurb for a similar 64-port SMS gateway:
Re Shelving: I exclusively buy very similar shelving. It is cheap, reliable, large, and strong. In fact, I have not found any other shelving that can match the performance/price of these.
I buy from Walmart. search their site for "Hyper Tough wire storage shelves"
I'm seriously wondering about the practicality of this operation. Wouldn't that many SIMs on the same spot overload any nearby cell tower? And even if the antennas could stand the load, that many SIMs hugging the network without any logical reason (like a parade or a demonstration) is bound to raise alarms at the network operator HQ. If this is a scam operation, I would expect these boxes to be distributed across several locations.
It's likely a "crime-web" service host. They are probably somewhere in Manhattan or Brooklyn to have enough tower cells to handle it (tis the benefits of a dense city for this type of operation). They probably gradually grew it as their crime web demand rose and flew too close to the sun.
It also sounds like they did have multiple locations, but they didn't distribute the modems out enough to flew under the radar longer.
Actually no, overload is easily avoided even on cheap chinese 20-channel LTE base stations (aka tower segments) if all you do is just rotating SIMs and sending some SMS.
Logically one would switch sms-sending using some number of (fixed or mobile) sdr-based simboxes so that they would even appear to move around the city randomly.
Those guys did it on the cheap. But then they did not expect SS to drop on them.
Oh! Those pics are interesting - the handful on the floor of an appartment feel very different to me from the room with hundreds of them; that's much larger scale.
> The discovery followed a monthslong investigation into what the agency described as anonymous “telephonic threats” made to three high-level U.S. government officials this spring — one official in the Secret Service and two who work at the White House, one of the officials said.
> The agency did not provide details about the threats made to the three officials, but Mr. McCool described some as “fraudulent calls.”
> Investigators have been going through the data on SIM cards that were part of the network, including calls, texts and browser history. Mr. McCool said they expected to find that other senior government officials had also been targeted in the operation.
The article goes out of its way to imply a link between this farm and the threats, but doesn't actually explicitly make that link.
So that's the tip. Makes you really wonder about the iceberg, this raises many more questions than it answers.
The UK has criminalized possessing or using SIM farms or related gear in response to these popping up with some regularity. But the operators are pretty clever and know how to hide. I've been thinking about how easy it would be to detect these when you're a telco and I think the signature is unique enough that it should be possible to detect which SIMs are part of a farm, even if you don't know the exact location of the farm.
Since you seem to know about the subject, how are these not immediately found and shut down? It seems like the messages they send could be traced to the sims physical location, and having a massive cluster of thousands of sims just sitting in an apartment also seems like an obvious giveaway. And there’s all the traceability required to rent the locations and buy the equipment. It seems like bothering with this is just asking to get caught.
Well, they did get caught. But for that to happen immediately would require a detection method that can point out the presence of a farm with only a few samples. SIMs don't know their 'physical location' and triangulation of signals in these bands in the urban environment is non trivial.
Whoever did this likely isn't all that happy that their carefully created infra was used to harass officials, which most likely is the single reason this operation got uncovered in the first place. If it would have just been used for low level crime who knows how long they could have continued to do this.
Note that these are not unique to NYC or even to the United States, they've been found in other countries as well, the UK has now criminalized possession or operation of these (but the fines are so low that I don't think it will make much difference).
> SIMs don't know their 'physical location' and triangulation of signals in these bands in the urban environment is non trivial.
IIRC modern cell towers use cool tricks to send stuff for a particular phone to only where that phone is so they can send more total data. Can this not be turned into a precomputed map by taking a test phone everywhere and seeing what settings the tower picks to talk to it?
With 5g and beamforming and mimo and decent bts software(Ericsson or Hua) you can pinpoint the given phone very accurately (within 20m in urban settings) - without any triangulation, as you know the cell tower sector :) Guess what: you can also measure the azimuth within 0.1 degree, so you could have SOME data at where to look.
FYI: That was available back in 2022 as standard. Now it could be even better. :P
I've already narrowed it down to four buildings for you, so we can consider that all of those methods worked. What is your next move?
I'm not saying it can't be done, clearly it can be done otherwise this article wouldn't exist. But it is not quite as easy as pointing a magic wand (aka an antenna) at a highrise and saying '14th floor, apartment on the North-West corner', though that would obviously make for good cinema.
> I've already narrowed it down to four buildings for you, so we can consider that all of those methods worked. What is your next move?
Subpoena the power, water & gas company, and look at apartments that have unusual power usage, coupled with almost zero water & gas usage. Especially look at apartments that don't have a spike in power usage in the morning & evening that corresponds to people having a regular commute.
I'm not sure how much power this equipment draws at idle - I'm assuming it's more idle at night, no need to send scammy SMS messages at 3am Eastern - but I'd wager you could track that.
Granted, it's not fast, but depending on how quickly the companies bend over backward for such a request & how good your interns are at using Excel, you might be able to get this done before sundown.
Maybe in a city like NYC with old apartments you could do that. It’s common for newer LEED buildings to use heat pumps and collective water/sewer billing. Power maybe but WFH is common these days too. And then you’d have to convince a judge that you’ve got something narrow enough.
This inspired me to find this catalog, thank you for mentioning it!
For those who have not seen it before, Waterwitch is on page 43 of the 2013 catalog here [1], and is described as "Hand held finishing tool used for geolocating targeted handsets in the field". It did seem to require, if I'm reading right, that the target be connected to a malicious GSM router called "Typhon" (page 42).
A portable spectrum analyzer. A high concentration of phones like this would light up the spectrum when used with a directional wand.
Portable spectrum analyzers are regularly used to identify interference in urban environments. Even a damaged cable coax line on the street can interfere with cellular signals.
If even a fraction of those antennas are transmitting at any given time, which you can arrange simply by having the network poll them, all you need to do is wander up and down the hall with a TinySA or something similar. It will be almost ridiculously obvious where all the RF racket is coming from.
Even before doing that, a handheld Yagi in the parking lot will easily narrow it down to a couple of floors in a specific quadrant of the building.
Yeah modern cellular and WiFi modems use multiple antenna and beam forming to allow multiple same frequency connections to occur, without interference.
But when people think of beam forming as “pointing a beam at a phone” that’s kinda thinking of the problem backwards. Modems beam form by looking at the various bits of signal delay coming down multiple antenna, and computing a transform function that will effectively result in the signal it sends mimicking those delays and thus forming a beam pointing in the opposite direction of the incoming signal.
But the modem has no idea what physical direction that beam is pointing in, and doesn’t care. It just know how to analyse an incoming signal to effectively mask the inputs from different antenna in order to extract a very weak signal, by taking advantage of constructive interference between a signal received on multiple antenna, and in turn invert that function to create an equivalently strong constructive interference pattern at the source of the signal when replying.
Most important the modem has no idea what the actual signal path was, it could have bounced of several buildings, been channeled by some random bit of metal acting as a wave guide, or any other manner of funky interference that literally any physical object creates. All it knows is that is a viable signal path must exist (because it received something), and it can compute a function to send a return signal back down the same path. But it’s very hard to turn that abstract signal path function the modem understands, into an actual physical direction. Not without doing a load of extra calibration and sampling work to understand exactly how all the antenna the modem uses interact with each other, which nobody does, because that information won’t improve the cell towers performance.
Thank you for this. I feel like I’ve finally gone from the 0% understanding of how beamforming works, where I’ve been for a decade, to “some basic appreciation for the concept”!
Indeed. The output of the beamforming algorithm is something like four (complex) numbers that you use to tell which of your radios to shout the loudest (and with what delay), which magically makes the signal become the strongest possible at wherever the device was last heard. And at an infinite amount of other places.
If you have MIMO, i.e., multiple signal streams, it will be more like an 4x4 matrix instead (how loud should radio X shout signal Y), and you'll not only optimize for “signal 1 should be the loudest possible at receiver 1” but _also_ “signal 1 should be at the _most quiet_ possible at receiver 2”.
The fact that cheap consumer devices are able to do this fairly reliably (one could even say it's pedestrian) at near-gigabit speeds says something about how insane our level of technology is.
I think it is the same kind of magic thinking about 5G that causes people to believe that those base stations somehow mysteriously know to within a couple of feet where a handset is located. That's just not how it works, at all. At best you could say that the interference pattern caused by a particular engagement of the radios has a local peak that - hopefully - coincides with the location of a particular handset. But there are countless such interference patterns and no single one will stand out to say 'that's the one', besides the impossibility of actually calculating the patterns because of the lack of knowledge about the environment.
It's also amusing to see lots of people state with great authority how simple it is to track down a transmitter, when in fact they've probably never so much as participated in a fox hunt, which can get quite interesting at higher frequencies and when not in open field.
Yes, but they don't know physical location, just a complex number matrix of how each receiver perceives each transmitter, which is inverted to determine how to transmit to optimize that receiver's reception. They don't first determine location and then optimise based on location - they optimise based directly on how the radio waves propagate.
They could probably be quickly found if someone is looking for them, but carriers don't necessarily care that much about these. Add a couple layers of indirection with MVNOs and there's a lot of meh to spread around.
If the reporting around this is accurate, sounds like someone(s) was swatting through these, which brought the attention needed to find this group.
> Since you seem to know about the subject, how are these not immediately found and shut down?
Because - depending on cell tower coverage and the antennas installed on it - the degree of precision is far too low to be useful. In rural installations and the worst case, aka a tower with a dipole antenna on a mountaintop, at 900 MHz the coverage will be around 35 km. Segmented antennas just limit the section of the circle where the endpoints are. In suburban areas, coverage is usually 10-20 km, and urban areas it's 5km and less.
Now you know which cell and cell section the user is in... but to actually pinpoint the user? That takes some more work. First, you need a few more towers that the user can reach for triangulation - the more the better - but if the operator of such a setup is even remotely clever and the hardware/firmware supports it, they will have locked the devices to only connect to a single tower (you can see a map at [1] that shows the IDs). If the operator didn't do that but the site is too remote to achieve triangulation, you might need to drive around in a van and use an IMSI catcher, aka a phone tower emulator, and hope that eventually the site's devices register at it. That, however, is a lot of awful work, and is often not legal for police authorities, only for secret services.
Now you might ask yourself, what about 911, how can they locate callers precisely? The thing is... it depends. Landlines and VoIP lines are usually mapped to a specific address (which is why VoIP providers give you an explicit warning that, if you do not keep that record up to date, 911 calls will be misrouted!), so that's trivial. Mobile phone callers however, until a few years ago the degree of precision was exactly what I just described - it completely depended on celltower coverage, with the only caveat that a phone will connect to another operator if it shows a stronger signal for 911 calls. Only then, Android introduced Emergency Location Service [2] and Apple introduced Hybridized Emergency Location [3] - these work with the sensors on the phone, most notably GPS/GLONASS/Beidou, but also SSIDs of nearby WiFi APs and specific Bluetooth beacons. Downside of that is, of course, the 911 dispatch needs an integration with Apple and Google's services, users can disable it for privacy reasons, and older phones won't have anything - so in these cases, 911 dispatchers are straight out of luck and again reduced to the above range of precision.
Sure, but again - you gotta have one of your low-level chumps stop by the van every so often, and that raises the chances of that chump getting caught and squeezed by the cops until names start coming out.
No, actually that's not a crime either, unless you know they're criminals and you know they're doing a crime. Helping criminals do a crime is a crime, but driving around with a box of SIM cards and radio modems isn't a crime.
This is very much location dependent and I think you should qualify your statement with where you think this is not a crime. In plenty of locations it would be.
An unattended apartment can raise red flags. A van however, in most jurisdictions even if you end up in a police checkpoint, they may not force you to reveal what is in your van.
The last three places I've lived, I'd never seen the residents of fully half the apartments on my floor. They could have been jam packed with SIM farms, or abandoned tigers, or dead hookers in chest freezers for all I or anyone else in the building knew or cared about.
An apartment where nobody bothers their neighbors or the super, but keeps the rent checks coming, is the absolute best case scenario for everyone involved.
And again - if an unattended apartment is raided, there's nobody there to drop names. You lose the investment, but that's likely a lesser problem than worrying about what Kasim is going to tell the cops once the handcuffs go on.
I was thinking about that for this scenario. Dude could easily have just paid rent in cash and never shared much (real) personal info with the landlord; literally what happened here is exactly what you posit.
Put the sim farm stuff in a non-metalic box, wired to the 12v system, earn some extra money while driving a delivery job.
Assuming you have carrier diversity on your sims, you could likely manage good enough backhaul over the sims for the control layer. At least for grey market SMS; grey market voip might need more consistent networking. Grey market VPN, eh... variable conditions might help customer traffic be considered mobile.
They were detected inadvertently. Telco fraud management looked for stationary farms. This gang was detected because an engineer spotted the pattern in a debug log.
HP if memory serves me right. Around 20 years ago.
1. Sim box operators were running multiple locations for sending spam texts, cheap VoIP for scams, and potentially other phone-related crimes.
2. Operators were associated with other criminal gangs. Maybe directly, maybe indirectly. Someone may have been running a drug side-business from a location.
3. Someone uses this sim box operation to send threatening scam messages that happen to reach these government officials. For whatever reason, they take it seriously.
4. Now that the feds and NYPD have raided this sim box operation, they have to justify why they were doing this. It's probably not directly illegal to run a sim box farm so they are going to play up the threat a bit to get more coverage of the investigation.
I can assure you, a lot more dangerous criminal activity happened within a 35 mile radius of the UN than some zombie cell phones sending scam texts. While I applaud anyone shutting down scams, the window dressing is embarrassing. Someone has watched too much Blacklist or any of those fantastical police procedurals.
Yeah. Sorta weird USSS is investigating this. Maybe it was originally related to some Treasury-related fraud case. We're close to budget time so they have to demonstrate congress should give them the money they asked for, so it's pretty easy to upgrade some random scam/spam texter to a terrorism case. It's sort of endearing, actually, when they get some adults back in the USSS reporting chain we'll probably see less "imaginative" press releases.
They might have randomly spammed phone numbers that have special purpose and triggered some sort of honeypot. Or someone powerful got scammed. Either way, happy they take it down and provide some photos. Would love to learn more details.
Yeah. There's another post on HN saying the investigation started when someone texted a threat to a congress-critter via this system. So I guess that tracks.
Speculation: Some gov't types wanted to shut down the scammers (or whatever they are) - but were not getting much traction with the higher-ups, to actually do something. Vs. after their case was rebranded as "this may be part of a plot to assassinate the President" - suddenly every approval and resource they could want was being push into their laps.
Literally anything the government does from now on is going to be related to discovering terrorist plots. They have to find some way to fit the agenda into that giant post-9/11 loophole.
> 1. Sim box operators were running multiple locations for sending spam texts, cheap VoIP for scams, and potentially other phone-related crimes.
Agree, I would guess this was just a bottom-rate VOIP/text spam service, potentially affiliated/run by organized crime, that doesn't ask many questions, accepts payment exclusively in BTC, etc.
> 2. Operators were associated with other criminal gangs. Maybe directly, maybe indirectly. Someone may have been running a drug side-business from a location.
I think this is just another version of a grow-op. Run by a gang, mainly for profit. Perhaps the shelves were even from an old grow-op that became unprofitable when New York legalized marijuana.
> 3. Someone uses this sim box operation to send threatening scam messages that happen to reach these government officials. For whatever reason, they take it seriously.
I disagree here, from the description of the messages I think these were supposed to be actionable threats. At least two of the incidents mentioned were swatting attempts, which are still taken somewhat seriously and are treated as serious threats when directed at elected officials. US Police are highly armed and often very aggressive, swatting incidents have resulted in deaths before.
This, to me, reeks of the sort of foreign interference with domestic politics that has been mentioned in the past. Trying to escalate domestic tensions is straight out of that playbook.
What I think happened is - some foreign actor used organized crime connections, or some other way in to get time on this spam farm, and they used the numbers there to SWAT and threaten officials around the US in a way that's harder to trace than a regular VOIP provider.
> 4. Now that the feds and NYPD have raided this sim box operation, they have to justify why they were doing this. It's probably not directly illegal to run a sim box farm so they are going to play up the threat a bit to get more coverage of the investigation.
I think they see this as a wonderful coincidence. With the setup as described in the article, I could see this farm overloading the few cells that serve the particular area around whichever building(s?) these sites were found in, but city cellular networks are very dense. There's hundreds of mobile cells in New York City, and frankly I think if you wanted to seriously take down the cell network a few high power jammers distributed across the city would be more effective.
And yeah, I wouldn't be surprised if this isn't directly illegal, although I bet the operation as a whole has been dodging taxes and know-your-customer rules. But, here we have a golden opportunity to play this up as a major terrorist threat instead of just organized crime, and they're going to take that option every time.
The only interesting bit that makes this sound like something more than a VoiP farm
> Telephonic threats to multiple senior U.S. officials this past spring – including multiple people protected by the Secret Service – first triggered the investigation, but officials say the network was seized within the last three weeks.
and guns/drugs
> Investigators also found 80 grams of cocaine, illegal firearms, plus computers and phones.
Maybe cartel tech stuff, but I'm not sure why cartels would mess with threatening politicians.
Yeah, this makes the guy sound like a mid-high end career criminal. Sells coke to Wall Street guys in the morning. Gets shipments of weird hardware during the day that he drives over to buildings and sets up according to their directions. Probably runs crypto scams or card duping or whatever else is good for a buck whenever there is a chance.
I don't see where they made the political connection other than the farm was located in range. Maybe they had evidence they didn't share. The site was also in range of Wall Street and everybody else in the city. All kinds of fraud, surveillance, and private comms were possible.
It's possible after some threats they decided to probe cell network behaviour around some buildings downtown. And this particular farm wasn't the original source, just something they found in the process.
> Telephonic threats to multiple senior U.S. officials this past spring – including multiple people protected by the Secret Service – first triggered the investigation, but officials say the network was seized within the last three weeks.
So you mean they could have shut down these SMS and outbound call spam farms years ago
I would guess that this is still more likely some scam infrastructure middle man setup, and one of their customers chose to use it to make threats / do more than just scam people.
It seems unlikely you'd setup a scam setup like this and out yourself by making threats to government officials via your own infrastructure ...
It's a remote phone number as a service system, and some customer of the service used it to make anonymous threats. On the whole, it's a good thing this outfit got shut down, as one of the primary customers of such services are large scale social media bot farms.
But none of that is illegal. The government, and especially the secret service, has no business shutting it down. This is the equivalent of them shutting down a Tor exit relay and then writing an article about how they shut down a Tor exit relay used for crime, complete with pictures of server racks, servers, switches and cables to show how sophisticated the operation is
Yeah I'm skeptical about the political threat angle being directly connected to this set up. The press release was vague about the connection for a reason.
I mean as opposed to the narrative about threatening New York and UN. Being able to spam the phone networks isn't very novel and the location isn't super relevant AFAIK.
"It could have overwhelmed cell towers, toppling New York City’s cell service and preventing every Manhattan resident from accessing Google Maps."
Seems odd that the most important use they can highlight for cell service in NYC is accessing Google Maps. Not accessing 911, not some other vital use of cell service, but Google Maps.
NYC is full of free Wifi all over the place. So many McDs, Starbucks, and other restaurants and sites you can get Google Maps anywhere.
What a bizarre story. They say it's an anonymous network. What does that mean when multiple locations with racks of tens of thousands of SIM cards and the supporting equipment are found around NYC area? In order to manage this hardware and the operations around this equipment it would take boots on the ground, at least occasionally, for repairs and maintenance.
No mention of arrests or surveillance of any site to try and apprehend anyone related.
While the headline on NYT highlights an attack on the towers for disruption, the CNN piece gives more weight to two other uses: (1) criminal communication network and (2) swatting.
I think those two make sense. The SIMs would probably hold US numbers and would appear authentic for accessing the US operators' networks.
(2) is the thing that brought attention of LE on these, and likely was a very dumb move by one of the users of this system. If just (1) they could have kept it going for much longer, (2) is what brought it down.
(2) shouldn't have brought it down because it's not illegal to be a pipeline for someone else's swatting, though you have to help LE identify who did the swatting to the extent you can (including if that's not at all).
I don't see why you'd actually need any SIMs in the first place if you wanted to DoS a cell tower. My guess is that it's basically just a device farm for either sending spam or receiving activation codes for spam accounts elsewhere. By putting them in a populated area, the increase in traffic is less noticeable.
It makes it much harder to nail down exactly where the farm is. You can't just go break down all the doors in a large high-rise and the reflections of the radio signals in the urban canyon will further hamper your ability to pin-point the devices. But you might be able to correlate power consumption or heat signature with activity.
Yeah, they are putting two facts together to heavily imply that they are part of a single story, but there is no evidence presented that they are. "UN leaders are gathering!" "There is a huge SIM farm that could disrupt communications!" Both true, but seemingly unrelated. All those car warranty texts have to come from somewhere - this is probably where.
Exactly. And the whole point of a cellular network architecture is that it's resistant to DoS attacks (what the rubes call "unexpectedly heavy usage"). Sure, you can take a cell out with a hundred fake phones, and all the users in that cell will hop to the next one. Or at worst walk a block over to find another. The attack doesn't scale, at all.
And even if you wanted to deploy custom hardware to do it, it would be far easier to just use a high power jammer on the band anyway than mucking around with all those SIMs.
These are for making actual use of the telecom facilities at scale, with the anonymity you get from burner SIMs. It's fraud, not terrorism.
Some parts of it are (DoS resistant.) And some carriers are more resistant than others. Verizon's CDMA from the 90s / early 2000s was NOTORIOUS for falling over when too many people texted at the same time. But yeah, it's been a while since things were that bad.
Both this article and the NYT one strongly implies a link between these farms & the threats to government officials without actually outright stating so.
> “While forensic examination of these devices is ongoing, early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.”
Criminals and intel services using a criminal network? News at 11.
The Secret Service is really trying to make hay out of these things being close to UN, but so are millions of other things in the New York City Metro Area. Either they have intelligence they aren't disclosing or someone's try to put a lot of spin on this crime bust.
If state actor propaganda botfarms operate in this fashion in other cities, we can try to find more of these patterns. Would be interesting to see a drop in youtube, reddit or facebook user activity correlated with such bust.
It's the wrong hardware for the job. The hardware for eavesdropping masquerades as a tower, not as 64 cell phones. A big sim bank like this is useless for that purpose.
Yes, this is what I want to know. I didn't think a cell phone (or any number of cell phones) could intercept other phone calls/data. I know a fake cell tower has some capability for that.
Which makes me wonder how much these guys spent per phone number. If you figure you can use a phone number maybe 2 or 3 times per service before it gets blocked they could create literally millions of accounts with this operation across various services. I don't know what the black market value for a Gmail, Facebook, Instagram, Reddit, HN, etc... account is, but I suspect it is more than the price of a SIM card.
The SIMs pictured in the article are from a carrier called MobileX so that’s the first clue to finding that out. Looks like a couple bucks is enough to get started, but a dealer on the take may have more attractive options and the ability to activate a lot of SIMs without the fuss of signing up accounts with email for each one.
"The agency said on Tuesday that last month it found more than 300 SIM servers and 100,000 SIM cards that could have been used for telecom attacks within the area encompassing parts of New York, New Jersey and Connecticut."
Isn't it costly to acquire that many SIM cards? Or maybe they were inactive until they were associated with an account? So it was just to keep allowing for a rotating set of SIM accounts?
Are we going to find out that all these cellphones were used to run bots on X or similar?
Could simply be a propaganda botfarm. Each of these sim cards registers on facebook, youtube, reddit and the faraway propaganda teams use them to relay messages.
Probably because it's way easier to pull a SIM out of the package and stuff it into the reader than it is to go through the QR code/web site/phone app you need to get the eSIM up and running for your provider.
What I'm really curious about is the money trail. These cards weren't bought in one off cash purchases or via some penny ante crypto reseller. Someone bought in bulk using real money. They probably had to talk with the salesguy at the MVNO to make an order that large. This kind of thing must leave a footprint.
The bar to getting access to MVNO sales is actually extremely, extremely low.
They're ordering and activating maybe 20-50 at a time, and ordering that number of SIM activation kits from dealer supply houses is extremely normal. Activation typically also is at little to no cost as well to dealers in this market.
FWIW: at sixteen, I somehow managed to get dealer access to a CDMA MVNO. I was able to activate accounts on the fly with $2 of "free" credit to start the user off, with zero cost to me. I still get emails to this day over a decade and a half later from various cellular resellers offering me bulk cellphones...
I'm curious how this would work without being traced. Someone is paying rent on the apartments. For the simcards, I think they are all able to call 911 even if they don't have credit/dataplan. They're also able to connect to a tower and take up slots. So probably the only way to financially trace the simcards is the initial purchase.
But that would mean someone who needed to call 911 couldn't - maybe their prepaid service ran out yesterday? It would be entirely ethical to allow anyone with working hardware who needed to call during an emergency to do so, and unethical to prevent people from calling because they didn't have a working SIM.
I think the intention is that any gray-market VoIP termination running over one of these is already blocking such calls. People usually don’t need to call 9-1-1 internationally, and there is some auto-enabled tracking in some countries for 911 calls that could leak the sim farm’s location.
I wonder if all the cards in the photo are active at once, or only activated on some rotation. The latter would certainly make them a lot harder to detect
Probably depends how hard the phone companies are looking at the data. If the cards are mostly idle then they probably don't impact the service at the tower and if there is no service impact then the operators probably don't care.
When you think about the sheer scale of monitoring every cell phone in the country it probably doesn't stand out nearly as much as you would expect.
I'm just salivating at the thought of being on the telco side with access to all the base stations and writing various visualizations/analysis to find hotspots like these, bet it's a lot of fun. :-)
Can also text 911 now which would overburden the texting protocol network so no one else’s texts will go through.
It’s a cell tower jammer and terrorism multiplier. Can’t call or text. It will probably disturb internet service as well. Include a few radio jammers for local police and a few satellite antennas you could create an opportunity then a panic to cover your tracks getting out.
I would wager a huge majority of text messages in NYC will go through either RCS or iMessages which skips the SMS layer and instead goes direct to data.
There are hundreds of these operations at any one moment in time, some more legit than others (voip dial backs, short message farms for scammers) not sure why they are making this out to be the end all and be all of this type of things. Telcos have the ability to lock these down pretty quickly using proximity of devices alone, but the almighty dollar is more important ;)
It's just another distraction from the unreleased Epstein files. The admin has been doing this periodically since people started asking about the files - taking something mundane and blowing it up into front page news.
That pictures with the sim cards are impressive, mainly with how clean the setup looks. Can even see power/network cords taped down to the floor even underneath the metal shelving[1].
Could it perhaps be espionage related to a downgrade attack? ie force a target's phone to switch to 3G by temporarily overloading/confusing the 4G/5G network.
This is pretty low on information but maybe that's how it has to be, since there probably is a tradeoff between covering the investigation & revealing investigative methods that should be kept private.
I made this comment on another thread that ended up getting flagged as dupe, but this is probably not all that mysterious. These SIM boxes are a commercial product you can buy from China:
...and their purpose is mostly to provide an IP-to-cell-phone-number gateway for SMS spam and phone scams. A real cell phone number is greatly preferable to VoIP phone numbers, which are blocked / flagged at a much higher rate.
> While forensic examination of these devices is ongoing, early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.
> These devices were concentrated within 35 miles of the global meeting of the United Nations General Assembly now underway in New York City. Given the timing, location and potential for significant disruption to New York telecommunications posed by these devices, the agency moved quickly to disrupt this network.
These passages are from the Secret Service's press release and are not quoted in the CNN article. Note that a 35 mile radius of the UN includes literally all of NYC and then some. CNN wisely chose to change that to "35 miles of New York City" and not mention the UN at all, as the supposed link is extremely tenuous.
This hardware is fascinating - I've seen other examples of these farms Deployed in Ukraine but does anyone have more info on how these "servers" are orchestrated?
What sane cellular carrier would issue tens of thousands of sims to a party like this? There do appear to be a few different colors / designs of sims in the photos but still there has to be some shady back-end dealings with cellular carriers for this to even be plausible.
The packaging in one of the photos is a MVNO. It's easier to get sims for a MVNO than a carrier, but either way, there's tons of sim card resellers, they have to be getting inventory from carriers/MVNOs. Ask a hundred resellers for 1000 sims each, and you'll get to 100k. 1000 sims may be a lot for some resellers, but is probably small for many of them.
Probably they were next to sports stadiums. Most of the time there is ample unused cell capacity. Also: the New York marathon hosts 50k+ runners. I don't easily believe that 100k phones distributed over several sites on a 35 mile radius around New York have any impact.
I think smaller ones might be useful for network quality testing and mapping. I think carriers drive around with boxes in vehicles to test their own networks reliability and map their competitors.
They have lots of illegitimate use that isn't about crashing the cell network like sending out spam https://www.cyberdaily.au/security/9949-sydney-man-arrested-... or allowing people to use in-network free call allowance to instead make voip international calls
Not sure why, but I find that an astonishingly professional setup. The sim servers clearly haven't really got a legit use at that size - yet they come built with a very professional steel case. Setups even have color coded uplink vs downlink cat5 cables. I mean just very neat and tidy.
I'm so happy at least one other person caught onto this. I figure if it had been a China/Russia/North Korea type actor they would've put it in the headline.
The cards are the easy part. It's setting up 100,000 accounts where you run into trouble. There was some traceable payment methods in use here, which might be how they got busted by the Secret Service. The whole thing could have been fallout from an earlier counterfeiting operation.
100k Not sure. Good question! 100 is easy, in NL you can just grab boxes of them at certain phone shops, Lebara etc. These are free and anonymous. Sometimes they will stop you and say: these are only for clients, other times they are happy if you take the whole box of 100pcs.
They were running an extortion and intimidation campaigns.
Remember when Trump was running the second time? Those white Americans who were calling people all throughout America with those moronic threatening messages?
Until it happens to you or yours it is hard to comprehend.
Were they? I haven't seen that stated anywhere. The news report from NYTimes does say "the cartels were using it too".
>One official, speaking on the condition of anonymity, said agents also found 80 grams of cocaine, illegal firearms, computers and cellphones when they discovered the network.
Sounds like literally a mobile botnet and it was probably just leased out access to a range of users.
Leasing access to botnets and other resources is 1000% normal in the "crime web" and is a business in of itself rather than being directly part of the crimes.
On top of that, a "nation state" attacker isn't going to be giving their employees cocaine, unless its Hamas lolololol.
> Remember when Trump was running the second time? Those white Americans who were calling people all throughout America with those moronic threatening messages?
We tried, but that provided the right wing folks with their boogie-man du jour, labelled as "woke" and "DEI" (pejoratively by them), and the baby boomers were all "nuh-uh, that'd help THOSE PEOPLE! we can't have that!" and that was that.
The photos in the NY Post article make it look like they raided cell phone shops in normal retail locations. It looked more like an engagement/click fraud operation.
The NSA doesn't use a bunch of SIM cards on wire racks.
If the NSA needs outbound phone numbers, they're more likely to set up a shell company and pretend to be an MVNO or a VOIP telco provider, a couple computers on a cheap cloud host masquerading as a phone provider is a lot easier to manage and hide than a setup like this. This is a pretty common kind of business so it's easy enough to blend in, and it isn't restricted to a single apartment or city.
If the NSA wants to eavesdrop on phone calls, they just set up a room inside the relevant phone provider [0].
I think this is more likely a gang operation or a foreign influence operation. Details are thin but it feels like a shady organized crime operation (think quasi-legal, probably advertising as bottom-rate VOIP numbers or text gateways) that got used at one point by a foreign influence operation to make threats and try to interfere in domestic politics.
Inside the US? Unlikely. This is physical hardware being shipped to the US, that sort of thing really lacks plausible deniability unlike rolling up phone records in foreign countries that happen to contain American tourist phone calls.
If these were found in a foreign country then maybe, but these would be far more likely to be some foreign intel service than the NSA.
Unless NSA is listening to the diplomats from other countries. Maybe this is a system to quietly force devices belonging to diplomats onto certain networks/nodes so they can be more easily intercepted. If someone wanted to simply shut down a network, a few basic white noise jammers could block frequencies far more easily/cheaply than a thousand sims.
>>...early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.
>>These devices were concentrated within 35 miles of the global meeting of the United Nations General Assembly now underway in New York City. Given the timing, location and potential for significant disruption to New York telecommunications posed by these devices, the agency moved quickly to disrupt this network.
What nation-state actor might want to disrupt a major US city during a meeting of the UN General Assembly?
There is no claim that it had anything to do with the UN General Assembly ('within 35 miles' covers a lot more than the UN General Assembly). They do say senior US officials were targeted.
Umm, that claim is literally a cut-and-paste quote from the US Secret Service announcement (which is why I inserted the ">>" at the beginning of the paragraph to signify the quotation).
So YES, there is a specific claim, and it came directly from the USSS, in the exact article heading this topic. The USSS does not merely toss in observations without a basis in their working threat model (unless they've changed since I worked adjacent to them). It may indeed turn out to be unrelated, but the USSS is publicly stating they are treating it as more than a coincidence.
I wonder what kinds of techniques, if any, these virtual cell phones employ to evade being discovered. You would suspect that they could be discovered through triangulation.
Two possibilities:
1. Most if not all of these virtual cell phones are connecting from the same location.
2. Some of these virtual cell phones are connecting from the same location, with the remainder in reserve.
In the case of (1), you have both a fixed location and a high saturation that is unlikely.
In the case of (2), you could imagine using certain numbers at certain times to simulate the work day or hours during which people are more likely to be at home. Randomization or round robin could produce unlikely patterns, but without them, these virtual phones would be underutilized, save for some kind of cyberattack that would compromise their location.
Or the truth simply may be that they aren't doing anything, because no one is watching.
The pictures of the confiscated equipment is every phone phreaks orgiastic wet dreams.
It is interesting that these sorts of things are going on in the first world, and until discovered anyone vocalizing suspicions of such a thing would be regarded as a paranoid delusional crackpot.
It does seem like the sort of PR-rewrite for a press release that results in distances measured in football fields.
Looking at a map, a 35 mile as-the-crow-flies (and as the cell network signal flies) radius of the U.N. Secretariat building almost gets one to Lake Hopatcong, New Jersey, in one direction and past Stamford, Connecticut, in another.
It reminds me of those "how to promote yourself" things about say turning "did routine performance optimizations on the website" into "saved the company $ZZZ million" and such.
It's worth highlighting that that link suggests this may be linked to foreign states rather than just garden-variety organized crime ("...early analysis indicates cellular communications between nation-state threat actors...").
"Concentrated within this 10000 km² area" sounds not nearly as impressive. Granted, "concentrated within 35 miles" sounds already rather dilute when talking about mobile phones.
A "35-mile radius of the United Nations headquarters" includes literally all of New York City and then some, making the supposed connection to the UN meeting extremely tenuous.
This looks exactly like a "SIM farm" operation, which rents out access to real mobile numbers, usually for the purpose of spamming or fraud. Yet there's no mention of this possibility.
My question is: are any of these alternatives helpful against these novel attacks? If you are on a phone using a network vanilla provider like tmobile or otherwise, is there any way to prevent your phone from trying to connect to a fake network?
If I controlled the entire cell phone stack, like I would with FLX1s, then could I have something like the ssh initial connection signature:
The authenticity of host '100.64.0.46 (100.64.0.46)' can't be established.
ED25519 key fingerprint is SHA256:yE4jh7gROroduLqbIFcInlUXrpDy8JIpJPc+XvtIpWs.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Once I accept that sshd endpoint, I know my ssh client will protect me if the sshd changes and I'm experiencing a MITM.
It would be a bit of a pain to accept a new cell tower when I'm in a new city, but I could imagine syncing a whitelisted trusted set of cell phone towers (ha, when I think of that the whole idea of "trusted" is laughable). But, at least I would have more insight into when I am getting surveilled. And, I could say "not today ICE!" or "tmobile, idk, please give me my HN fix, I don't even care if you know I'm aware my government is tracking me as I pay the service fee!" I bet a whitelist hosted on github would be faster to update than tmobile installing new cell phone towers so privacy enthusiasts could enable their own safety.
> Are there ways to prevent this kind of thing using GrapheneOS or FLX1s?
Prevent what exactly?
> If you are on a phone using a network vanilla provider like tmobile or otherwise, is there any way to prevent your phone from trying to connect to a fake network?
LTE and beyond have mutual authentication. Your phone will attach to any network for an emergency call, but attachment to LTE requires the network trusts your sim and your sim trusts the network. [1] No trust on first use necessary, because the SIM includes its private keys and public keys for the network.
https://archive.is/wNpfX
Oh lol, this is a scam site. Yes, there are potential other uses for a sim box but mostly they are used for VoIP purposes. It's honestly so hard reading quotes from the US government these days. Cartels, drugs, guns. They make it sound like they interrupted the staging of an assault on the UN when the article actually says that the locations were within 35 miles of the UN headquarters in NYC. This is a significant distance as it covers beyond the 5 boroughs, it's the "tri state area". Like 20M people live in that circle. I highly doubt this is for anything other than VoIP scams.
Yup. This is literally just a cellular grey route site for some shitty VoIP provider, just like the SIM box SMS scams go marching on in other countries. Some operator is shitting their pants right now, probably.
The SIM cards come from cheap MVNOs that have dealer arrangements for cheap or free first month activations, then they just set up a handful of SIM boxes and a residential Internet connection back to the mothership (like they did at the captured house with the white Verizon 5G Home router just casually sitting on the floor next to the units).
Similarly, I’ve had some friends on US MVNOs themselves that have access to “free” international calling, yet every time they call (the same) international number the receiving party gets a wildly different caller ID from a wildly different country each time (Poland, Moldova, etc). Also dodgy SIM boxes!
> shitty VoIP ...
Or grey-route bulk messaging and SMS OTP bypass so actors can register throwaway accounts on Signal/WhatsApp/Telegram, social platforms, fintech, crypto etc. then burn the numbers after use.
You need 100k SIMs to defeat per-SIM rate/behavior caps, receive OTPs for mass account creation and run thousands of campaigns/conversations in parallel while keeping each SIM's pattern below carrier detection thresholds.
It's not about the UN.
NYC is a prime market for "local presence" numbers (212/917/646 etc.), which boosts answer rates and trust for scams, impersonation, mass disinfo campaigns.
Those "local presence" numbers are highly depleted and highly unlikely to be available for MVNOs. Not to mention you don't need to be basically present in NYC to use those numbers.
The real reason this shit is in NYC is because the number of tower cells is huge due to population density. It makes having a few hundred to thousand devices in one office a bit more viable.
I live in the NY area (Long Island), and have a business line on my phone, so I get dozens of scam calls per day.
Most are spoofed. Many, from local Long Island exchanges.
All the spoofed calls just reuse existing numbers. When I first started getting them, I called a couple, until I figured it out. I usually got some poor, confused schlub.
I’ve gotten some calls, myself, and have been said poor, confused schlub.
Bonus points when they spoof your own number?
Hasn't happened to me, but a friend of mine, said it happened to him.
> Those "local presence" numbers are highly depleted
Yeah, the last time I asked for a 212 number from Verizon Wireless the guy literally laughed at me.
> yet every time they call (the same) international number the receiving party gets a wildly different caller ID from a wildly different country
Skype was like that for a long time
Agreed. These days setups imho aren't vanilla origination and termination VoIP scratch card traffic it's more likely a distributed bot farm obfuscation as a service provider. I have seen commercially available sim bank gateways that can separate the sim from the antenna in order to change towers and simulate movement. The use of eSim adapters make it superscaleable now in terms of abstracting the numbers from the sims. Whatever the application a press release tie in to UN is a little odd.
> Yes, there are potential other uses for a sim box but mostly they are used for VoIP purposes.
So you mean... like, these are the exit points into the "legitimate" telephone network for, say, those random MedAlert scam calls I keep getting from numbers scattered all over North America? Or if not, what does "VoIP" mean here exactly?
Somehow I've missed this entire phenomenon...
Bingo! And the call's been "verified by the carrier" because it came off the cell network from a purportedly valid SIM... but patched into a dodgy SIP connection back to the scammer.
> This is a significant distance as it covers beyond the 5 boroughs, it's the "tri state area"
Same year as the Phineas and Ferb reboot. Coincidence???
The "canonical" tri-state area is greater New York City, which stretches into Connecticut and New Jersey.
But the lyrics are still stuck in my mind, "The tri state area was the bi state area with an adjacent area, right over there".
Perhaps the Secret Service possesses additional information they're not disclosing that supports their narrative. It might come out at trial, if it gets to that stage. Or, it might not, because certain methods and sources of law enforcement operations might not be publicly disclosed if national security is involved.
But we can agree that we aren't obliged to believe them, right?
Of course. Trust in our Government is at a historic low these days, and reasonably so. However, that doesn't mean that everyone is inept or has ill intent. Most people I've met in government as well as the private sector want to do good (or at least not evil).
I agree with the idea that people want to do their best, and I think it's the machine itself that's really the problem day to day. That said, this is being filtered through a media mouthpiece, and that's where I raise an eyebrow.
The leaders of the US govt at high levels have specifically shown they aren't trustworthy which must impact the formerly trustworthy orgs, such as the FBI and the head of the FCC.
It does, and it's a shame for those careerists who are competent.
Don't you need to reveal the facts in criminal court? Right to see the evidence against you and all that.
Generally, yes. You have a right to discovery of anything that they plan to introduce at trial against you, or anything that would cast doubt on your guilt (exculpatory evidence).
Most facts, yes. Non-disclosure is the exception, not the rule, thanks to the Sixth Amendment's right to a fair trial. However, when national security is involved, the Classified Information Protection Act (CIPA) may apply, and some evidence may be reserved for in camera hearings.
Also, if the information would not exculpate the defendant, and the prosecution won't introduce it at trial as evidence of guilt, then the information can be withheld.
I'm on the verge of not trusting the US govt when they prosecute things. Epstein details being proclaimed and then hiding them is just the start. If the large and formerly mostly independent and trustworthy federal law enforcement groups can't disclose info there, what should make you feel like they are honest?
Are we talking about the criminal trial process here? Or the pre-trial investigation and prosecution process? They're not the same.
[flagged]
The article really should have put that map front and center, because that map alone is enough to show how ridiculously overhyped the government claims are.
I'm presuming this discovery was near the outer perimiter of that circle, because otherwise presumably they'd have quoted a smaller, scarier number.
Like XKCD said, every map is basically a population map: https://xkcd.com/1138/
The interesting part is in the delta between population and usage.
reminds me of when i see articles in the news in my country sometimes, with headlines like : "Man found with drugs within 500 meters of school"
There are schools everywhere, usually in places where there are lots of other amenities like shops, and doctors, and pubs.
Yes, when there are schools every few miles, it's very likely that any given thing will end up within range of a school.
why did the voip scammers need guns and cocaine?
There's probably a pretty significant overlap of scammer, gun owner and cocaine user Venn diagram. Is it that surprising?
Gun ownership is a protected constitutional right and cocaine is a popular drug. May but be connected.
> Officials said the anonymous communications network, which included more than 100,000 SIM cards and 300 servers, could interfere with emergency response services and could be used to conduct encrypted communication. One official said the network was capable of sending 30 million text messages per minute, anonymously. The official said the agency had never before seen such an extensive operation.
> Investigators found the SIM cards and servers in August at several locations within a 35-mile radius of the United Nations headquarters. The discovery followed a monthslong investigation into what the agency described as anonymous “telephonic threats” made to three high-level U.S. government officials this spring — one official in the Secret Service and two who work at the White House, one of the officials said.
So 100k SIM cards scattered around the middle of New York City.
Probably an egress point for scammers and bot farms, and the speculation about local disruptions isn't grounded in anything other than scale?
>Probably an egress point for scammers and bot farms, and the speculation about local disruptions isn't grounded in anything other than scale?
More likely an egress point for cheap VOIP routing.
That would be my first guess if the devices were found in the Middle East, but legitimate interconnect in the US is stupid cheap. (See e.g. Twilio's SIP pricing; I assume they have reasonable supply chain security.)
> legitimate interconnect in the US is stupid cheap
This is a to take advantage of "free calls to North America" provided by MVNOs, and free < cheap. Twilio starts at $0.01/min; 1 cent/minute x 200 lines results in a delta of $2.8k per day. I'm assuming a 20% utilization rate[1] on a device that holds 1000 SIMs
Further, it's a way to bypass STIR/SHAKEN requirements for a less-than-legitimate VOIP termination operations, which can attract paying customers that want to evade detection, typically criminal endeavors.
1. 20% utilization is pretty generous, but even if its 2%, not using Twilio is profitable at scale.
Legitimate interconnect is presumably easier to get shut down, so I agree maybe not so much cheap as shady, as in a provider that knows their customers are likely to use the numbers for things that'd make them likely to lose a legitimate interconnect.
0.7 cents per minute for twilio. 47000 minutes in a month = $329/month if you run it around the clock.
Round-robining around some unlim SIM cards to stay below the radar will be cheaper.
Maybe some sort of darknet service for anonymous sms / calls which was used for stuff that really raised alarms such as calling/messaging these officials
Another article about the same event mentioned swatting against public officials but wasn't clear on whether or not that was how they found these.
Yeah there was this the other day, although I'd expect the hardware for this is much smaller than is shown in the photos in the OP: https://news.ycombinator.com/item?id=45294766
Nah it's that size. You need an individual modem for each SIM card because you need a unique IMEI. It's possible each of those SIMs are eUICCs as well which means basically that each card is like a "wallet" with multiple profiles.
I've used hardware a decent amount larger than what's pictured in the OP for work. But what I was using wasn't just for SMS. So I needed more sophisticated modems. What they're using looks like a bunch of 64 port modem banks exclusively for SMS.
(Oh wait if you mean the devices for what's in the article you linked, then yea, those I'm sure are much smaller and quite different.)
The modems don’t support on-the-fly IMEI programming? Even if not, I could see the same RF components share a number of whatever the bare minimum chip is for an IMEI and switch
They seem to do some multiplexing of the antennas at least. Counting from the pictures I see 16x16=256 SIM cards and 4x4x4=64 antennas.
I would just get a decent SDR like xtrx and some derivative of osmocom stack and then it's two antennas and however many sims you want. But.. this info is outdated, this stuff was available five years ago.
What kinds of things do these devices get used for in legit enterprises? If you're able to say :-)
I used to send a lot of SMS verification codes. We considered setting up a SIM box, but never did. You get different SMS routing from a phone on a major network than you do from the SMS aggregators, and that could be useful for getting codes to difficult destinations.
But we had enough volume that we could typically get improvements on routing by asking aggregators about difficult destinations (unless the difficulty was coming intentionally from the destination carrier). The aggregators do sometimes use grey routes from SIM farms. Squishyness around terms of use and accounting would have been an issue too, we would not have been able to fly under the radar on 'unlimited messaging'
Another potential use could be if you needed to send a lot of alerts to your employees/customers in a short period. Most aggregators have rate limits, and so do carriers... if you're a big customer, you can probably get limits raised; if you only have an occasional need, you might prefer to have a large number of low cost SIMs.
Looking at the original press release (https://www.secretservice.gov/newsroom/releases/2025/09/us-s...) and the attached high-resolution photographs, there are things that probably leap out at a Hacker News readership:
The Bad Guys are neat with their cable ties, and number their gateway boxes.
The Bad Guys went with simple heavy-duty metal garage shelving rather than real racking, seemingly vastly overengineered for the weight of the equipment, as that sort of shelving can hold up to a Mg per shelf UDL. The "WallOfSimBoxes" kit does not sport any rack mounting brackets.
The Bad Guys don't use redundant power supplies, or battery backup.
By the way, if you want a quick overview of this kind of equipment if you've never seen it before, here's (randomly picked by Bing Shopping) China Skyline's marketing blurb for a similar 64-port SMS gateway:
* https://chinaskyline.net/sk-gsm-voip-gateway/esim-64-ports-s...
This is fascinating.
Re Shelving: I exclusively buy very similar shelving. It is cheap, reliable, large, and strong. In fact, I have not found any other shelving that can match the performance/price of these.
I buy from Walmart. search their site for "Hyper Tough wire storage shelves"
I'm seriously wondering about the practicality of this operation. Wouldn't that many SIMs on the same spot overload any nearby cell tower? And even if the antennas could stand the load, that many SIMs hugging the network without any logical reason (like a parade or a demonstration) is bound to raise alarms at the network operator HQ. If this is a scam operation, I would expect these boxes to be distributed across several locations.
It's likely a "crime-web" service host. They are probably somewhere in Manhattan or Brooklyn to have enough tower cells to handle it (tis the benefits of a dense city for this type of operation). They probably gradually grew it as their crime web demand rose and flew too close to the sun.
It also sounds like they did have multiple locations, but they didn't distribute the modems out enough to flew under the radar longer.
Actually no, overload is easily avoided even on cheap chinese 20-channel LTE base stations (aka tower segments) if all you do is just rotating SIMs and sending some SMS.
Logically one would switch sms-sending using some number of (fixed or mobile) sdr-based simboxes so that they would even appear to move around the city randomly.
Those guys did it on the cheap. But then they did not expect SS to drop on them.
It's likely they round-robin the SIMs through a much smaller number of modems
Oh! Those pics are interesting - the handful on the floor of an appartment feel very different to me from the room with hundreds of them; that's much larger scale.
Those might be photos of the equipment in storage after it was confiscated, not of the equipment in the location and condition in which it was found.
I really dislike that I cannot trust what comes from .gov right now. Even something as innocuous seeming as this article. That's a big problem.
[flagged]
Please tell me how the government before this administration, and the one before, and the one before etc was trustworthy?
If you have nothing to ground yourself upon, then you're just floating In space.
"please provide evidence"
Provides evidence
"No, not that evidence"
No thank you.
> The discovery followed a monthslong investigation into what the agency described as anonymous “telephonic threats” made to three high-level U.S. government officials this spring — one official in the Secret Service and two who work at the White House, one of the officials said.
> The agency did not provide details about the threats made to the three officials, but Mr. McCool described some as “fraudulent calls.”
> Investigators have been going through the data on SIM cards that were part of the network, including calls, texts and browser history. Mr. McCool said they expected to find that other senior government officials had also been targeted in the operation.
The article goes out of its way to imply a link between this farm and the threats, but doesn't actually explicitly make that link.
The CNN article covering the same story does the same thing: https://www.cnn.com/2025/09/23/us/swatting-investigation-ser...
The Secret Service statement, however, does make that claim explicitly in the first sentence: https://www.secretservice.gov/newsroom/releases/2025/09/us-s...
So that's the tip. Makes you really wonder about the iceberg, this raises many more questions than it answers.
The UK has criminalized possessing or using SIM farms or related gear in response to these popping up with some regularity. But the operators are pretty clever and know how to hide. I've been thinking about how easy it would be to detect these when you're a telco and I think the signature is unique enough that it should be possible to detect which SIMs are part of a farm, even if you don't know the exact location of the farm.
Since you seem to know about the subject, how are these not immediately found and shut down? It seems like the messages they send could be traced to the sims physical location, and having a massive cluster of thousands of sims just sitting in an apartment also seems like an obvious giveaway. And there’s all the traceability required to rent the locations and buy the equipment. It seems like bothering with this is just asking to get caught.
Well, they did get caught. But for that to happen immediately would require a detection method that can point out the presence of a farm with only a few samples. SIMs don't know their 'physical location' and triangulation of signals in these bands in the urban environment is non trivial.
Whoever did this likely isn't all that happy that their carefully created infra was used to harass officials, which most likely is the single reason this operation got uncovered in the first place. If it would have just been used for low level crime who knows how long they could have continued to do this.
Note that these are not unique to NYC or even to the United States, they've been found in other countries as well, the UK has now criminalized possession or operation of these (but the fines are so low that I don't think it will make much difference).
> SIMs don't know their 'physical location' and triangulation of signals in these bands in the urban environment is non trivial.
IIRC modern cell towers use cool tricks to send stuff for a particular phone to only where that phone is so they can send more total data. Can this not be turned into a precomputed map by taking a test phone everywhere and seeing what settings the tower picks to talk to it?
Sure, so now you are at the front door of a quad of four 300 apartment highrises. What is your next move?
With 5g and beamforming and mimo and decent bts software(Ericsson or Hua) you can pinpoint the given phone very accurately (within 20m in urban settings) - without any triangulation, as you know the cell tower sector :) Guess what: you can also measure the azimuth within 0.1 degree, so you could have SOME data at where to look.
FYI: That was available back in 2022 as standard. Now it could be even better. :P
I've already narrowed it down to four buildings for you, so we can consider that all of those methods worked. What is your next move?
I'm not saying it can't be done, clearly it can be done otherwise this article wouldn't exist. But it is not quite as easy as pointing a magic wand (aka an antenna) at a highrise and saying '14th floor, apartment on the North-West corner', though that would obviously make for good cinema.
> I've already narrowed it down to four buildings for you, so we can consider that all of those methods worked. What is your next move?
Subpoena the power, water & gas company, and look at apartments that have unusual power usage, coupled with almost zero water & gas usage. Especially look at apartments that don't have a spike in power usage in the morning & evening that corresponds to people having a regular commute.
I'm not sure how much power this equipment draws at idle - I'm assuming it's more idle at night, no need to send scammy SMS messages at 3am Eastern - but I'd wager you could track that.
Granted, it's not fast, but depending on how quickly the companies bend over backward for such a request & how good your interns are at using Excel, you might be able to get this done before sundown.
Maybe in a city like NYC with old apartments you could do that. It’s common for newer LEED buildings to use heat pumps and collective water/sewer billing. Power maybe but WFH is common these days too. And then you’d have to convince a judge that you’ve got something narrow enough.
There used to be a thing called Waterwitch in the NSA ANT catalog. Would that help?
This inspired me to find this catalog, thank you for mentioning it!
For those who have not seen it before, Waterwitch is on page 43 of the 2013 catalog here [1], and is described as "Hand held finishing tool used for geolocating targeted handsets in the field". It did seem to require, if I'm reading right, that the target be connected to a malicious GSM router called "Typhon" (page 42).
[1] https://www.cryptomuseum.com/covert/bugs/nsaant/files/NSA_AN...
A portable spectrum analyzer. A high concentration of phones like this would light up the spectrum when used with a directional wand.
Portable spectrum analyzers are regularly used to identify interference in urban environments. Even a damaged cable coax line on the street can interfere with cellular signals.
If even a fraction of those antennas are transmitting at any given time, which you can arrange simply by having the network poll them, all you need to do is wander up and down the hall with a TinySA or something similar. It will be almost ridiculously obvious where all the RF racket is coming from.
Even before doing that, a handheld Yagi in the parking lot will easily narrow it down to a couple of floors in a specific quadrant of the building.
Kill the power and see what happens
Yeah modern cellular and WiFi modems use multiple antenna and beam forming to allow multiple same frequency connections to occur, without interference.
But when people think of beam forming as “pointing a beam at a phone” that’s kinda thinking of the problem backwards. Modems beam form by looking at the various bits of signal delay coming down multiple antenna, and computing a transform function that will effectively result in the signal it sends mimicking those delays and thus forming a beam pointing in the opposite direction of the incoming signal.
But the modem has no idea what physical direction that beam is pointing in, and doesn’t care. It just know how to analyse an incoming signal to effectively mask the inputs from different antenna in order to extract a very weak signal, by taking advantage of constructive interference between a signal received on multiple antenna, and in turn invert that function to create an equivalently strong constructive interference pattern at the source of the signal when replying.
Most important the modem has no idea what the actual signal path was, it could have bounced of several buildings, been channeled by some random bit of metal acting as a wave guide, or any other manner of funky interference that literally any physical object creates. All it knows is that is a viable signal path must exist (because it received something), and it can compute a function to send a return signal back down the same path. But it’s very hard to turn that abstract signal path function the modem understands, into an actual physical direction. Not without doing a load of extra calibration and sampling work to understand exactly how all the antenna the modem uses interact with each other, which nobody does, because that information won’t improve the cell towers performance.
Thank you for this. I feel like I’ve finally gone from the 0% understanding of how beamforming works, where I’ve been for a decade, to “some basic appreciation for the concept”!
Indeed. The output of the beamforming algorithm is something like four (complex) numbers that you use to tell which of your radios to shout the loudest (and with what delay), which magically makes the signal become the strongest possible at wherever the device was last heard. And at an infinite amount of other places.
If you have MIMO, i.e., multiple signal streams, it will be more like an 4x4 matrix instead (how loud should radio X shout signal Y), and you'll not only optimize for “signal 1 should be the loudest possible at receiver 1” but _also_ “signal 1 should be at the _most quiet_ possible at receiver 2”.
The fact that cheap consumer devices are able to do this fairly reliably (one could even say it's pedestrian) at near-gigabit speeds says something about how insane our level of technology is.
I think it is the same kind of magic thinking about 5G that causes people to believe that those base stations somehow mysteriously know to within a couple of feet where a handset is located. That's just not how it works, at all. At best you could say that the interference pattern caused by a particular engagement of the radios has a local peak that - hopefully - coincides with the location of a particular handset. But there are countless such interference patterns and no single one will stand out to say 'that's the one', besides the impossibility of actually calculating the patterns because of the lack of knowledge about the environment.
It's also amusing to see lots of people state with great authority how simple it is to track down a transmitter, when in fact they've probably never so much as participated in a fox hunt, which can get quite interesting at higher frequencies and when not in open field.
Yes, but they don't know physical location, just a complex number matrix of how each receiver perceives each transmitter, which is inverted to determine how to transmit to optimize that receiver's reception. They don't first determine location and then optimise based on location - they optimise based directly on how the radio waves propagate.
“Triangulation is non trivial”
Uh. No it isn’t. SNR between 5 or so masts gives you the exact location of any cell device. This is how $oldemployer used to track them
What you're describing is trilateration , not triangulation
Sure, but when you say "triangulation" people know what you're talking about.
Multilateration if we want to get pedantic
They could probably be quickly found if someone is looking for them, but carriers don't necessarily care that much about these. Add a couple layers of indirection with MVNOs and there's a lot of meh to spread around.
If the reporting around this is accurate, sounds like someone(s) was swatting through these, which brought the attention needed to find this group.
> Since you seem to know about the subject, how are these not immediately found and shut down?
Because - depending on cell tower coverage and the antennas installed on it - the degree of precision is far too low to be useful. In rural installations and the worst case, aka a tower with a dipole antenna on a mountaintop, at 900 MHz the coverage will be around 35 km. Segmented antennas just limit the section of the circle where the endpoints are. In suburban areas, coverage is usually 10-20 km, and urban areas it's 5km and less.
Now you know which cell and cell section the user is in... but to actually pinpoint the user? That takes some more work. First, you need a few more towers that the user can reach for triangulation - the more the better - but if the operator of such a setup is even remotely clever and the hardware/firmware supports it, they will have locked the devices to only connect to a single tower (you can see a map at [1] that shows the IDs). If the operator didn't do that but the site is too remote to achieve triangulation, you might need to drive around in a van and use an IMSI catcher, aka a phone tower emulator, and hope that eventually the site's devices register at it. That, however, is a lot of awful work, and is often not legal for police authorities, only for secret services.
Now you might ask yourself, what about 911, how can they locate callers precisely? The thing is... it depends. Landlines and VoIP lines are usually mapped to a specific address (which is why VoIP providers give you an explicit warning that, if you do not keep that record up to date, 911 calls will be misrouted!), so that's trivial. Mobile phone callers however, until a few years ago the degree of precision was exactly what I just described - it completely depended on celltower coverage, with the only caveat that a phone will connect to another operator if it shows a stronger signal for 911 calls. Only then, Android introduced Emergency Location Service [2] and Apple introduced Hybridized Emergency Location [3] - these work with the sensors on the phone, most notably GPS/GLONASS/Beidou, but also SSIDs of nearby WiFi APs and specific Bluetooth beacons. Downside of that is, of course, the 911 dispatch needs an integration with Apple and Google's services, users can disable it for privacy reasons, and older phones won't have anything - so in these cases, 911 dispatchers are straight out of luck and again reduced to the above range of precision.
[1] https://opencellid.org/
[2] https://www.android.com/safety/emergency-help/emergency-loca...
[3] https://www.apple.com/newsroom/2018/06/apple-ios-12-securely...
There was at least one SIM farm which was installed in a delivery type van and driven around. This was to avoid being detected as a stationary device.
Clever! Also far more risky because it would require near constant attention.
Plus, you can leave an apartment unattended - a van being driven has a big weak link in the chain that has to push the gas and brake pedals.
Nothing stopping you from parking the van and just moving it every few hours. Put a some plumbing decals on the side and nobody will look twice at it.
Sure, but again - you gotta have one of your low-level chumps stop by the van every so often, and that raises the chances of that chump getting caught and squeezed by the cops until names start coming out.
We're all just ignoring the fact that it's not actually a crime to have a lot of SIM cards?
But it is a crime to drive a van around with a SIM farm that provides services to criminals.
No, actually that's not a crime either, unless you know they're criminals and you know they're doing a crime. Helping criminals do a crime is a crime, but driving around with a box of SIM cards and radio modems isn't a crime.
This is very much location dependent and I think you should qualify your statement with where you think this is not a crime. In plenty of locations it would be.
That depends on your location.
An unattended apartment can raise red flags. A van however, in most jurisdictions even if you end up in a police checkpoint, they may not force you to reveal what is in your van.
> An unattended apartment can raise red flags.
The last three places I've lived, I'd never seen the residents of fully half the apartments on my floor. They could have been jam packed with SIM farms, or abandoned tigers, or dead hookers in chest freezers for all I or anyone else in the building knew or cared about.
An apartment where nobody bothers their neighbors or the super, but keeps the rent checks coming, is the absolute best case scenario for everyone involved.
And again - if an unattended apartment is raided, there's nobody there to drop names. You lose the investment, but that's likely a lesser problem than worrying about what Kasim is going to tell the cops once the handcuffs go on.
I was thinking about that for this scenario. Dude could easily have just paid rent in cash and never shared much (real) personal info with the landlord; literally what happened here is exactly what you posit.
Put the sim farm stuff in a non-metalic box, wired to the 12v system, earn some extra money while driving a delivery job.
Assuming you have carrier diversity on your sims, you could likely manage good enough backhaul over the sims for the control layer. At least for grey market SMS; grey market voip might need more consistent networking. Grey market VPN, eh... variable conditions might help customer traffic be considered mobile.
They were detected inadvertently. Telco fraud management looked for stationary farms. This gang was detected because an engineer spotted the pattern in a debug log.
HP if memory serves me right. Around 20 years ago.
Sim farm or SMS blaster? SMS blaster in van would make more sense, detecting a moving sim farm would be easier than a stationary one.
Here's my guess how this has and will play out:
1. Sim box operators were running multiple locations for sending spam texts, cheap VoIP for scams, and potentially other phone-related crimes. 2. Operators were associated with other criminal gangs. Maybe directly, maybe indirectly. Someone may have been running a drug side-business from a location. 3. Someone uses this sim box operation to send threatening scam messages that happen to reach these government officials. For whatever reason, they take it seriously. 4. Now that the feds and NYPD have raided this sim box operation, they have to justify why they were doing this. It's probably not directly illegal to run a sim box farm so they are going to play up the threat a bit to get more coverage of the investigation.
I can assure you, a lot more dangerous criminal activity happened within a 35 mile radius of the UN than some zombie cell phones sending scam texts. While I applaud anyone shutting down scams, the window dressing is embarrassing. Someone has watched too much Blacklist or any of those fantastical police procedurals.
Yeah. Sorta weird USSS is investigating this. Maybe it was originally related to some Treasury-related fraud case. We're close to budget time so they have to demonstrate congress should give them the money they asked for, so it's pretty easy to upgrade some random scam/spam texter to a terrorism case. It's sort of endearing, actually, when they get some adults back in the USSS reporting chain we'll probably see less "imaginative" press releases.
They might have randomly spammed phone numbers that have special purpose and triggered some sort of honeypot. Or someone powerful got scammed. Either way, happy they take it down and provide some photos. Would love to learn more details.
Yeah. There's another post on HN saying the investigation started when someone texted a threat to a congress-critter via this system. So I guess that tracks.
Speculation: Some gov't types wanted to shut down the scammers (or whatever they are) - but were not getting much traction with the higher-ups, to actually do something. Vs. after their case was rebranded as "this may be part of a plot to assassinate the President" - suddenly every approval and resource they could want was being push into their laps.
It makes no sense: anyone with a phone would loooove to hear about an SMS/voicecall spammer takedown.
[dead]
Literally anything the government does from now on is going to be related to discovering terrorist plots. They have to find some way to fit the agenda into that giant post-9/11 loophole.
My read is slightly different:
> 1. Sim box operators were running multiple locations for sending spam texts, cheap VoIP for scams, and potentially other phone-related crimes.
Agree, I would guess this was just a bottom-rate VOIP/text spam service, potentially affiliated/run by organized crime, that doesn't ask many questions, accepts payment exclusively in BTC, etc.
> 2. Operators were associated with other criminal gangs. Maybe directly, maybe indirectly. Someone may have been running a drug side-business from a location.
I think this is just another version of a grow-op. Run by a gang, mainly for profit. Perhaps the shelves were even from an old grow-op that became unprofitable when New York legalized marijuana.
> 3. Someone uses this sim box operation to send threatening scam messages that happen to reach these government officials. For whatever reason, they take it seriously.
I disagree here, from the description of the messages I think these were supposed to be actionable threats. At least two of the incidents mentioned were swatting attempts, which are still taken somewhat seriously and are treated as serious threats when directed at elected officials. US Police are highly armed and often very aggressive, swatting incidents have resulted in deaths before.
This, to me, reeks of the sort of foreign interference with domestic politics that has been mentioned in the past. Trying to escalate domestic tensions is straight out of that playbook.
What I think happened is - some foreign actor used organized crime connections, or some other way in to get time on this spam farm, and they used the numbers there to SWAT and threaten officials around the US in a way that's harder to trace than a regular VOIP provider.
> 4. Now that the feds and NYPD have raided this sim box operation, they have to justify why they were doing this. It's probably not directly illegal to run a sim box farm so they are going to play up the threat a bit to get more coverage of the investigation.
I think they see this as a wonderful coincidence. With the setup as described in the article, I could see this farm overloading the few cells that serve the particular area around whichever building(s?) these sites were found in, but city cellular networks are very dense. There's hundreds of mobile cells in New York City, and frankly I think if you wanted to seriously take down the cell network a few high power jammers distributed across the city would be more effective.
And yeah, I wouldn't be surprised if this isn't directly illegal, although I bet the operation as a whole has been dodging taxes and know-your-customer rules. But, here we have a golden opportunity to play this up as a major terrorist threat instead of just organized crime, and they're going to take that option every time.
The only interesting bit that makes this sound like something more than a VoiP farm
> Telephonic threats to multiple senior U.S. officials this past spring – including multiple people protected by the Secret Service – first triggered the investigation, but officials say the network was seized within the last three weeks.
and guns/drugs
> Investigators also found 80 grams of cocaine, illegal firearms, plus computers and phones.
Maybe cartel tech stuff, but I'm not sure why cartels would mess with threatening politicians.
> 80 grams of cocaine
This sounds more like someone's personal property or a small party and not a commercial operation?
80 grams is a whole bunch. I agree it isn't "cartel operation" amount, but it is definitely a dealer.
Yeah, this makes the guy sound like a mid-high end career criminal. Sells coke to Wall Street guys in the morning. Gets shipments of weird hardware during the day that he drives over to buildings and sets up according to their directions. Probably runs crypto scams or card duping or whatever else is good for a buck whenever there is a chance.
Iunno, some people buy years worth of car at a time to save money instead of by-the-weekend as they consume it.
If you know of a better risk-free, tax-free ROI than 20%+ in a year
I don't see where they made the political connection other than the farm was located in range. Maybe they had evidence they didn't share. The site was also in range of Wall Street and everybody else in the city. All kinds of fraud, surveillance, and private comms were possible.
It's possible after some threats they decided to probe cell network behaviour around some buildings downtown. And this particular farm wasn't the original source, just something they found in the process.
> Telephonic threats to multiple senior U.S. officials this past spring – including multiple people protected by the Secret Service – first triggered the investigation, but officials say the network was seized within the last three weeks.
So you mean they could have shut down these SMS and outbound call spam farms years ago
…but just didn’t have the motivation
I would guess that this is still more likely some scam infrastructure middle man setup, and one of their customers chose to use it to make threats / do more than just scam people.
It seems unlikely you'd setup a scam setup like this and out yourself by making threats to government officials via your own infrastructure ...
Hard to see how 100,000 SIMs are needed to make a few anonymous threats.
It's a remote phone number as a service system, and some customer of the service used it to make anonymous threats. On the whole, it's a good thing this outfit got shut down, as one of the primary customers of such services are large scale social media bot farms.
But none of that is illegal. The government, and especially the secret service, has no business shutting it down. This is the equivalent of them shutting down a Tor exit relay and then writing an article about how they shut down a Tor exit relay used for crime, complete with pictures of server racks, servers, switches and cables to show how sophisticated the operation is
Yeah I'm skeptical about the political threat angle being directly connected to this set up. The press release was vague about the connection for a reason.
> The only interesting bit that makes this sound like something more than a VoiP farm
The word only is doing a lot of work here. There are also pictures of the equipment.
I mean as opposed to the narrative about threatening New York and UN. Being able to spam the phone networks isn't very novel and the location isn't super relevant AFAIK.
"It could have overwhelmed cell towers, toppling New York City’s cell service and preventing every Manhattan resident from accessing Google Maps."
Seems odd that the most important use they can highlight for cell service in NYC is accessing Google Maps. Not accessing 911, not some other vital use of cell service, but Google Maps.
NYC is full of free Wifi all over the place. So many McDs, Starbucks, and other restaurants and sites you can get Google Maps anywhere.
I’ve lived through enough cellular downtimes to have Google offline maps
What a bizarre story. They say it's an anonymous network. What does that mean when multiple locations with racks of tens of thousands of SIM cards and the supporting equipment are found around NYC area? In order to manage this hardware and the operations around this equipment it would take boots on the ground, at least occasionally, for repairs and maintenance.
No mention of arrests or surveillance of any site to try and apprehend anyone related.
The details are skimpy. In a CNN article we can see photos and mention that these were housed in apartment units and perhaps other rentals.
https://www.cnn.com/2025/09/23/us/swatting-investigation-ser...
EDIT:
While the headline on NYT highlights an attack on the towers for disruption, the CNN piece gives more weight to two other uses: (1) criminal communication network and (2) swatting.
I think those two make sense. The SIMs would probably hold US numbers and would appear authentic for accessing the US operators' networks.
(2) is the thing that brought attention of LE on these, and likely was a very dumb move by one of the users of this system. If just (1) they could have kept it going for much longer, (2) is what brought it down.
(2) shouldn't have brought it down because it's not illegal to be a pipeline for someone else's swatting, though you have to help LE identify who did the swatting to the extent you can (including if that's not at all).
A reminder not to take legal advice from HN.
I don't see why you'd actually need any SIMs in the first place if you wanted to DoS a cell tower. My guess is that it's basically just a device farm for either sending spam or receiving activation codes for spam accounts elsewhere. By putting them in a populated area, the increase in traffic is less noticeable.
It makes it much harder to nail down exactly where the farm is. You can't just go break down all the doors in a large high-rise and the reflections of the radio signals in the urban canyon will further hamper your ability to pin-point the devices. But you might be able to correlate power consumption or heat signature with activity.
100,000 sims connecting to a cell network in Vermont will crash things. In midtown Manhattan that's a blip.
That much capacity could easily overwhelm things that scale poorly. 911 service for instance.
Could be as simple as faking app downloads for the NYC area to raise the appstore ranking
Yeh very weird; I mean if it was just spammers then you wouldn't bothered putting it in somewhere expensive like NY would you?
With that many devices, you'd need to have them in some place with very dense cell service.
This is presented as if it's part of something like a terror plot, but my money is on it being related to your car warranty expiring.
Yeah, they are putting two facts together to heavily imply that they are part of a single story, but there is no evidence presented that they are. "UN leaders are gathering!" "There is a huge SIM farm that could disrupt communications!" Both true, but seemingly unrelated. All those car warranty texts have to come from somewhere - this is probably where.
It’s not. The Secret Service already has identified nation stare actors as being responsible.
That doesn't mean it wasn't money-making scams. North Korea engages in crypto theft all the time.
I'm sure they'll find someone specific eventually
Wait. What? My car warrant is expiring? If only there were some way to get more information and perhaps extend it ...
Yes, they were using these to commit crimes, and will miss them.
Exactly. And the whole point of a cellular network architecture is that it's resistant to DoS attacks (what the rubes call "unexpectedly heavy usage"). Sure, you can take a cell out with a hundred fake phones, and all the users in that cell will hop to the next one. Or at worst walk a block over to find another. The attack doesn't scale, at all.
And even if you wanted to deploy custom hardware to do it, it would be far easier to just use a high power jammer on the band anyway than mucking around with all those SIMs.
These are for making actual use of the telecom facilities at scale, with the anonymity you get from burner SIMs. It's fraud, not terrorism.
Some parts of it are (DoS resistant.) And some carriers are more resistant than others. Verizon's CDMA from the 90s / early 2000s was NOTORIOUS for falling over when too many people texted at the same time. But yeah, it's been a while since things were that bad.
Looks like those bulk sms ‘gateway’ boxes sold on Ali etc: https://ejointech.shop/products/ejointech-4g-16-port-gsm-voi...
Edit: removed tracking id
Both this article and the NYT one strongly implies a link between these farms & the threats to government officials without actually outright stating so.
Missing the key context:
> “While forensic examination of these devices is ongoing, early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.”
https://www.secretservice.gov/newsroom/releases/2025/09/us-s...
Criminals and intel services using a criminal network? News at 11.
The Secret Service is really trying to make hay out of these things being close to UN, but so are millions of other things in the New York City Metro Area. Either they have intelligence they aren't disclosing or someone's try to put a lot of spin on this crime bust.
If state actor propaganda botfarms operate in this fashion in other cities, we can try to find more of these patterns. Would be interesting to see a drop in youtube, reddit or facebook user activity correlated with such bust.
For reference, ~18 million people live within 35 miles of Manhattan.
"In addition to jamming the cellular network, he said, such a large amount of equipment near the United Nations could be used for eavesdropping."
How could a SIM farm be used for eavesdropping?
It can’t, its a lie.
Explain why it can't please.
It's the wrong hardware for the job. The hardware for eavesdropping masquerades as a tower, not as 64 cell phones. A big sim bank like this is useless for that purpose.
You don't need to masquerade to eavesdrop. In fact masquerading would likely get you caught
Because of encryption, you can only eavesdrop traffic between a phone and a tower if you are the phone or you are the tower.
How could lots of cellular radios be used to capture data that's in the air?
Yes, this is what I want to know. I didn't think a cell phone (or any number of cell phones) could intercept other phone calls/data. I know a fake cell tower has some capability for that.
Crash the tower (instead of jamming it) and then put up your own fake tower?
It's wireless comms, can't anyone with a radio tune in? The problem is capturing all channels which can be accomplished with lots of radios
How are cell signals different from any other radio comms?
The problem is that it's all encrypted.
Yes I know. I assume a state actor could still use it if not decrypt it.
Hopefully this is a wakeup call for anyone thinking that phone number validation is sufficient to prevent botting and fraud.
There's no such thing as (completely) "prevent", just substantially reduce by making it more expensive.
Which makes me wonder how much these guys spent per phone number. If you figure you can use a phone number maybe 2 or 3 times per service before it gets blocked they could create literally millions of accounts with this operation across various services. I don't know what the black market value for a Gmail, Facebook, Instagram, Reddit, HN, etc... account is, but I suspect it is more than the price of a SIM card.
The SIMs pictured in the article are from a carrier called MobileX so that’s the first clue to finding that out. Looks like a couple bucks is enough to get started, but a dealer on the take may have more attractive options and the ability to activate a lot of SIMs without the fuss of signing up accounts with email for each one.
About a $1 for a Gmail, IG etc these days.
I've used this before when I need to create an IG for a work project without wanting to link it to a personal number:
https://www.textverified.com/verifications
"The agency said on Tuesday that last month it found more than 300 SIM servers and 100,000 SIM cards that could have been used for telecom attacks within the area encompassing parts of New York, New Jersey and Connecticut."
Isn't it costly to acquire that many SIM cards? Or maybe they were inactive until they were associated with an account? So it was just to keep allowing for a rotating set of SIM accounts?
Are we going to find out that all these cellphones were used to run bots on X or similar?
100k is the number of active cards. It is being reported that they had 2-3x as many cards in total.
Seems like a nation-state level attack from somebody that has millions to spend to keep this up their sleeve
Could simply be a propaganda botfarm. Each of these sim cards registers on facebook, youtube, reddit and the faraway propaganda teams use them to relay messages.
Yeah, it feels like it could be related to various propaganda effects on social media networks, stuff like this:
https://readsludge.com/2025/09/15/democratic-pr-firm-to-run-...
Why even have cards when there are eSims, but maybe cards have some advantages in terms of deniability or something?
It sounds sophisticated, but nation state or cartel or something else big?
Probably because it's way easier to pull a SIM out of the package and stuff it into the reader than it is to go through the QR code/web site/phone app you need to get the eSIM up and running for your provider.
What I'm really curious about is the money trail. These cards weren't bought in one off cash purchases or via some penny ante crypto reseller. Someone bought in bulk using real money. They probably had to talk with the salesguy at the MVNO to make an order that large. This kind of thing must leave a footprint.
The bar to getting access to MVNO sales is actually extremely, extremely low.
They're ordering and activating maybe 20-50 at a time, and ordering that number of SIM activation kits from dealer supply houses is extremely normal. Activation typically also is at little to no cost as well to dealers in this market.
FWIW: at sixteen, I somehow managed to get dealer access to a CDMA MVNO. I was able to activate accounts on the fly with $2 of "free" credit to start the user off, with zero cost to me. I still get emails to this day over a decade and a half later from various cellular resellers offering me bulk cellphones...
Yeah this should have triggered some serious KYC flags at the carrier(s)...
Is SIM card KYC mandatory in the land of the free? I thought it was more of a European thing
Most the these SIM card stations require physical SIM cards, just because they always have.
You could buy normal sim cards with cash
I'm curious how this would work without being traced. Someone is paying rent on the apartments. For the simcards, I think they are all able to call 911 even if they don't have credit/dataplan. They're also able to connect to a tower and take up slots. So probably the only way to financially trace the simcards is the initial purchase.
SIM cards don't 'call 911', you can call 911 even if there is no SIM card at all, all you need is a working radio.
I wouldn’t be too surprised if the hardware vendors had the bare minimum of ethics to prevent that.
But that would mean someone who needed to call 911 couldn't - maybe their prepaid service ran out yesterday? It would be entirely ethical to allow anyone with working hardware who needed to call during an emergency to do so, and unethical to prevent people from calling because they didn't have a working SIM.
I think the intention is that any gray-market VoIP termination running over one of these is already blocking such calls. People usually don’t need to call 9-1-1 internationally, and there is some auto-enabled tracking in some countries for 911 calls that could leak the sim farm’s location.
TFA suggests they were used for swatting which I think would require 911 access to work.
I wonder if all the cards in the photo are active at once, or only activated on some rotation. The latter would certainly make them a lot harder to detect
Probably depends how hard the phone companies are looking at the data. If the cards are mostly idle then they probably don't impact the service at the tower and if there is no service impact then the operators probably don't care.
When you think about the sheer scale of monitoring every cell phone in the country it probably doesn't stand out nearly as much as you would expect.
I'm just salivating at the thought of being on the telco side with access to all the base stations and writing various visualizations/analysis to find hotspots like these, bet it's a lot of fun. :-)
Can also text 911 now which would overburden the texting protocol network so no one else’s texts will go through.
It’s a cell tower jammer and terrorism multiplier. Can’t call or text. It will probably disturb internet service as well. Include a few radio jammers for local police and a few satellite antennas you could create an opportunity then a panic to cover your tracks getting out.
Its relatively hard to jam modern BTS with LTE and 5G. It's part of the design. PTP with fancy modulation helps :p
I would wager a huge majority of text messages in NYC will go through either RCS or iMessages which skips the SMS layer and instead goes direct to data.
There are hundreds of these operations at any one moment in time, some more legit than others (voip dial backs, short message farms for scammers) not sure why they are making this out to be the end all and be all of this type of things. Telcos have the ability to lock these down pretty quickly using proximity of devices alone, but the almighty dollar is more important ;)
It's just another distraction from the unreleased Epstein files. The admin has been doing this periodically since people started asking about the files - taking something mundane and blowing it up into front page news.
That pictures with the sim cards are impressive, mainly with how clean the setup looks. Can even see power/network cords taped down to the floor even underneath the metal shelving[1].
Could it perhaps be espionage related to a downgrade attack? ie force a target's phone to switch to 3G by temporarily overloading/confusing the 4G/5G network.
[1] https://www.secretservice.gov/sites/default/files/2025-09/Si...
This is pretty low on information but maybe that's how it has to be, since there probably is a tradeoff between covering the investigation & revealing investigative methods that should be kept private.
That's being extremely charitable.
I made this comment on another thread that ended up getting flagged as dupe, but this is probably not all that mysterious. These SIM boxes are a commercial product you can buy from China:
https://cnetross.en.made-in-china.com/product/OSomfpPGJWUH/C...
...and their purpose is mostly to provide an IP-to-cell-phone-number gateway for SMS spam and phone scams. A real cell phone number is greatly preferable to VoIP phone numbers, which are blocked / flagged at a much higher rate.
> While forensic examination of these devices is ongoing, early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.
> These devices were concentrated within 35 miles of the global meeting of the United Nations General Assembly now underway in New York City. Given the timing, location and potential for significant disruption to New York telecommunications posed by these devices, the agency moved quickly to disrupt this network.
These passages are from the Secret Service's press release and are not quoted in the CNN article. Note that a 35 mile radius of the UN includes literally all of NYC and then some. CNN wisely chose to change that to "35 miles of New York City" and not mention the UN at all, as the supposed link is extremely tenuous.
Also unclear whether shutting down the UN would be a desirable outcome.
This hardware is fascinating - I've seen other examples of these farms Deployed in Ukraine but does anyone have more info on how these "servers" are orchestrated?
What sane cellular carrier would issue tens of thousands of sims to a party like this? There do appear to be a few different colors / designs of sims in the photos but still there has to be some shady back-end dealings with cellular carriers for this to even be plausible.
The packaging in one of the photos is a MVNO. It's easier to get sims for a MVNO than a carrier, but either way, there's tons of sim card resellers, they have to be getting inventory from carriers/MVNOs. Ask a hundred resellers for 1000 sims each, and you'll get to 100k. 1000 sims may be a lot for some resellers, but is probably small for many of them.
Presumably they issued tens of thousands of SIMs to hundreds of accomplices using hundreds of false names each.
Probably they were next to sports stadiums. Most of the time there is ample unused cell capacity. Also: the New York marathon hosts 50k+ runners. I don't easily believe that 100k phones distributed over several sites on a 35 mile radius around New York have any impact.
My first instinct is this is a normal mobile proxy/bot farm.
Also, how would 100,000 phones in a single cell affect the network. Isn't this pretty normal for any major concert or sporting event?
CIA called, wants their equipment back.
Do those devices have any legitimate use at all?
I think smaller ones might be useful for network quality testing and mapping. I think carriers drive around with boxes in vehicles to test their own networks reliability and map their competitors.
They have lots of illegitimate use that isn't about crashing the cell network like sending out spam https://www.cyberdaily.au/security/9949-sydney-man-arrested-... or allowing people to use in-network free call allowance to instead make voip international calls
They are mostly used for legal purposes, even if they might violate contracts with telcos.
NYC emergency services use consumer mobile phones for radio comms? News to me.
People in NYC use consumer mobile phones to reach NYC emergency services.
Not sure why, but I find that an astonishingly professional setup. The sim servers clearly haven't really got a legit use at that size - yet they come built with a very professional steel case. Setups even have color coded uplink vs downlink cat5 cables. I mean just very neat and tidy.
How could anyone but professionals know how to have colored cables
So they didn’t find the people running it or funding it?
Say, isn't there a country with a bone to pick with the UN that is considered """friendly"""?
I'm so happy at least one other person caught onto this. I figure if it had been a China/Russia/North Korea type actor they would've put it in the headline.
Maybe they should check the sewers
Russia?
Who's That Pariah State
If true that’s why their name won’t be published and why we won’t hear about this again.
(The country currently committing genocide with us tax payer bought weapons).
[dead]
“Cache of Devices Capable of Sending Millions of Spam Political Texts”
Where/how do people get 100.000 SIM cards?
The cards are the easy part. It's setting up 100,000 accounts where you run into trouble. There was some traceable payment methods in use here, which might be how they got busted by the Secret Service. The whole thing could have been fallout from an earlier counterfeiting operation.
100k Not sure. Good question! 100 is easy, in NL you can just grab boxes of them at certain phone shops, Lebara etc. These are free and anonymous. Sometimes they will stop you and say: these are only for clients, other times they are happy if you take the whole box of 100pcs.
Looks like they all came from https://mymobilex.com
Side deal with someone who can buy in bulk like convenience store or cell phone store owner.
Walmart
35 miles could be in Stamford, CT or the Jersey shore. They might as well state that it's in the same time zone as the UN.
"Within 35 miles" is basically all of NYC and the surrounding suburban area lol. It's a ridiculous statement.
This was probably just a phone botnet for online botting purposes, where you want IP addresses in not-obviously-third-world bot countries.
They were running an extortion and intimidation campaigns.
Remember when Trump was running the second time? Those white Americans who were calling people all throughout America with those moronic threatening messages?
Until it happens to you or yours it is hard to comprehend.
May the Internet gods provide an audio link.
Were they? I haven't seen that stated anywhere. The news report from NYTimes does say "the cartels were using it too".
>One official, speaking on the condition of anonymity, said agents also found 80 grams of cocaine, illegal firearms, computers and cellphones when they discovered the network.
Sounds like literally a mobile botnet and it was probably just leased out access to a range of users.
Leasing access to botnets and other resources is 1000% normal in the "crime web" and is a business in of itself rather than being directly part of the crimes.
On top of that, a "nation state" attacker isn't going to be giving their employees cocaine, unless its Hamas lolololol.
> Remember when Trump was running the second time? Those white Americans who were calling people all throughout America with those moronic threatening messages?
I've never heard of this, do you have a source?
https://www.reuters.com/legal/republican-operatives-pay-125-...
https://www.nysenate.gov/sites/default/files/admin/structure...
thanks, made it sound like the broad cooperation of White people writ large, but it was just 2 guys
You think “two guys”? There are hundreds of thousands of politically active white guys relying on extortion and social subterfuge.
Anyone can only catch “one or two” at a time.
The White House just buried its report on white terror in America.
Let me guess, you’ve never heard of it?
how do we fix the problem of all these White guys?
Stop pretending they love Jesus and work from moral and lawful foundations instead?
Sarcasm aside, the problem is far worse than one could imagine or anecdotally discuss on HN.
>problem is far worse than one could imagine or anecdotally discuss on HN.
What do you mean by that?
We tried, but that provided the right wing folks with their boogie-man du jour, labelled as "woke" and "DEI" (pejoratively by them), and the baby boomers were all "nuh-uh, that'd help THOSE PEOPLE! we can't have that!" and that was that.
Why are these networks accessible without signing keys in 2025?
They use legitimate SIM cards, wdyt is the point of them?
The photos in the NY Post article make it look like they raided cell phone shops in normal retail locations. It looked more like an engagement/click fraud operation.
The thing that caught my eye is the power plug needed an adapter to use the US socket. This suggests the hardware was shipped in from overseas.
Imagine how many guns there are "near" (i.e. 3800 sq. miles) the UN!
Anyone else think the secret service may have just "busted" some sort of NSA program?
The NSA doesn't use a bunch of SIM cards on wire racks.
If the NSA needs outbound phone numbers, they're more likely to set up a shell company and pretend to be an MVNO or a VOIP telco provider, a couple computers on a cheap cloud host masquerading as a phone provider is a lot easier to manage and hide than a setup like this. This is a pretty common kind of business so it's easy enough to blend in, and it isn't restricted to a single apartment or city.
If the NSA wants to eavesdrop on phone calls, they just set up a room inside the relevant phone provider [0].
I think this is more likely a gang operation or a foreign influence operation. Details are thin but it feels like a shady organized crime operation (think quasi-legal, probably advertising as bottom-rate VOIP numbers or text gateways) that got used at one point by a foreign influence operation to make threats and try to interfere in domestic politics.
[0] https://en.wikipedia.org/wiki/Room_641A
Inside the US? Unlikely. This is physical hardware being shipped to the US, that sort of thing really lacks plausible deniability unlike rolling up phone records in foreign countries that happen to contain American tourist phone calls.
If these were found in a foreign country then maybe, but these would be far more likely to be some foreign intel service than the NSA.
Unless NSA is listening to the diplomats from other countries. Maybe this is a system to quietly force devices belonging to diplomats onto certain networks/nodes so they can be more easily intercepted. If someone wanted to simply shut down a network, a few basic white noise jammers could block frequencies far more easily/cheaply than a thousand sims.
This seems like at best (for the attackers) a DDoS risk to me?
>>...early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.
>>These devices were concentrated within 35 miles of the global meeting of the United Nations General Assembly now underway in New York City. Given the timing, location and potential for significant disruption to New York telecommunications posed by these devices, the agency moved quickly to disrupt this network.
What nation-state actor might want to disrupt a major US city during a meeting of the UN General Assembly?
There is no claim that it had anything to do with the UN General Assembly ('within 35 miles' covers a lot more than the UN General Assembly). They do say senior US officials were targeted.
Umm, that claim is literally a cut-and-paste quote from the US Secret Service announcement (which is why I inserted the ">>" at the beginning of the paragraph to signify the quotation).
So YES, there is a specific claim, and it came directly from the USSS, in the exact article heading this topic. The USSS does not merely toss in observations without a basis in their working threat model (unless they've changed since I worked adjacent to them). It may indeed turn out to be unrelated, but the USSS is publicly stating they are treating it as more than a coincidence.
Likely one that wanted to plausibly deniably create some kind of chaos via proxy actors.
yeah likely someone somewhere who wanted to do something bad via some kind of other group without us knowing
I hope whoever it was thinks twice before they try to do whatever they were trying to do again, if they were trying to do it
Good thing we caught whoever it was
I wonder what kinds of techniques, if any, these virtual cell phones employ to evade being discovered. You would suspect that they could be discovered through triangulation.
Two possibilities:
1. Most if not all of these virtual cell phones are connecting from the same location.
2. Some of these virtual cell phones are connecting from the same location, with the remainder in reserve.
In the case of (1), you have both a fixed location and a high saturation that is unlikely.
In the case of (2), you could imagine using certain numbers at certain times to simulate the work day or hours during which people are more likely to be at home. Randomization or round robin could produce unlikely patterns, but without them, these virtual phones would be underutilized, save for some kind of cyberattack that would compromise their location.
Or the truth simply may be that they aren't doing anything, because no one is watching.
Well, that is news.
The pictures of the confiscated equipment is every phone phreaks orgiastic wet dreams.
It is interesting that these sorts of things are going on in the first world, and until discovered anyone vocalizing suspicions of such a thing would be regarded as a paranoid delusional crackpot.
Is there a less clickbait-y source? There's no tangible link to the United Nations described in the article; that seems to be a gratuitous flourish.
> "several locations within a 35-mile radius of the United Nations headquarters"
That's the entirety of New York City!
edit to add: This very weird part was actually lifted from the USSS press release,
> "These devices were concentrated within 35 miles of the global meeting of the United Nations General Assembly now underway in New York City."
https://www.secretservice.gov/newsroom/releases/2025/09/us-s... ("U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area")
We've taken the UN out of the title now.
It does seem like the sort of PR-rewrite for a press release that results in distances measured in football fields.
Looking at a map, a 35 mile as-the-crow-flies (and as the cell network signal flies) radius of the U.N. Secretariat building almost gets one to Lake Hopatcong, New Jersey, in one direction and past Stamford, Connecticut, in another.
It reminds me of those "how to promote yourself" things about say turning "did routine performance optimizations on the website" into "saved the company $ZZZ million" and such.
I read they were in Armonk, Greenwich, Jersey and Queens. A perimeter around Manhattan.
The article:
https://www.cnn.com/2025/09/23/us/swatting-investigation-ser...
Armonk and Greenwich don't really make sense if the idea was to create a perimeter around Manhattan.
The idea being there were caches to the West (Jersey), North (Armonk and Greenwich) and East (Queens).
The article mentions a "circle around NYC's cellular network infrastructure".
It's worth highlighting that that link suggests this may be linked to foreign states rather than just garden-variety organized crime ("...early analysis indicates cellular communications between nation-state threat actors...").
That probably just means that some foreign states were among the customers of these SIM farms.
Not a lot more detail but a better source in general https://therecord.media/secret-service-cellular-network-disr...
That quote comes directly from the Secret service press release lol
News organizations should not uncritically repeat press releases like these. It is an ethical failure to do so.
"Concentrated within this 10000 km² area" sounds not nearly as impressive. Granted, "concentrated within 35 miles" sounds already rather dilute when talking about mobile phones.
[dead]
Sorry to be nitpicky, but the US Secret Service really, really prefers the acronym "USSS" over "SS."
(I've removed the distraction).
[flagged]
[flagged]
They are, colloquially speaking, a "three letter agency." I think they should compromise with "USS".
But that moniker is already used for military war ships like the USS Enterprise
Followed by "Enterprise".
[flagged]
[flagged]
What is nonsense about this story?
A "35-mile radius of the United Nations headquarters" includes literally all of New York City and then some, making the supposed connection to the UN meeting extremely tenuous.
This looks exactly like a "SIM farm" operation, which rents out access to real mobile numbers, usually for the purpose of spamming or fraud. Yet there's no mention of this possibility.
Thank you, exactly this^
There are stories of these SIM farms all the time, here is an example with very similar gear: https://www.vice.com/en/article/video-ukraine-busts-alleged-...
These stories are always sensationalized when their primary purpose by enlarge is probably just spam.
The gear for those interested seems to be this: https://ejointech.shop/products/ejointech-4g-16-port-gsm-voi...
> "from an operational perspective, we want those behind the network to know that the Secret Service is aware and that we're kind of coming for them."
"Kind of"?
[dead]
[flagged]
Are there ways to prevent this kind of thing using GrapheneOS or FLX1s?
Lots of interesting discussions about cell phone networks lately.
Fake cell phone towers ICE is using to track people:
https://www.forbes.com/sites/the-wiretap/2025/09/09/how-ice-...
GrapheneOS (de-googled android) and FLX1s (pure Linux phone):
https://news.ycombinator.com/item?id=45312326
My question is: are any of these alternatives helpful against these novel attacks? If you are on a phone using a network vanilla provider like tmobile or otherwise, is there any way to prevent your phone from trying to connect to a fake network?
If I controlled the entire cell phone stack, like I would with FLX1s, then could I have something like the ssh initial connection signature:
Once I accept that sshd endpoint, I know my ssh client will protect me if the sshd changes and I'm experiencing a MITM.It would be a bit of a pain to accept a new cell tower when I'm in a new city, but I could imagine syncing a whitelisted trusted set of cell phone towers (ha, when I think of that the whole idea of "trusted" is laughable). But, at least I would have more insight into when I am getting surveilled. And, I could say "not today ICE!" or "tmobile, idk, please give me my HN fix, I don't even care if you know I'm aware my government is tracking me as I pay the service fee!" I bet a whitelist hosted on github would be faster to update than tmobile installing new cell phone towers so privacy enthusiasts could enable their own safety.
> Are there ways to prevent this kind of thing using GrapheneOS or FLX1s?
Prevent what exactly?
> If you are on a phone using a network vanilla provider like tmobile or otherwise, is there any way to prevent your phone from trying to connect to a fake network?
LTE and beyond have mutual authentication. Your phone will attach to any network for an emergency call, but attachment to LTE requires the network trusts your sim and your sim trusts the network. [1] No trust on first use necessary, because the SIM includes its private keys and public keys for the network.
[1] https://www.sharetechnote.com/html/Handbook_LTE_Authenticati...
ICE is probably all "we want our stuff back!!!"