Maybe weird hardware, but easily available on aliexpress. Y’all need to explore more. Appears to be scrubbed off now but used to be more available.
Tbh, contraptions like this have a long history for gray-market VoIP call termination, but usually in countries where governments charge a lot for incoming international calls as means of fund-raising (or inefficient telecoms) but domestic rates are low.
I had an inkling these things existed (I’ve been in telco for a few decades), but the last ones I saw had nowhere near this scale. The amount of manual labor to put in the SIMs _and_ configure/remove the PIN codes must be staggering unless they get a bulk manifest of some sort (which you do get if you order batches of SIM cards for IoT applications), so expect these things to have a CSV import of some kind…
Plus I’m wondering what exactly are the radio capabilities of these things with so many antennae close to each other. Anyway, anyone doing network planning would hardly notice a few dozen registered subscribers unless they started generating traffic heavily (in which case they’d probably saturate one sector of a cell, but not with SMS and LTE…)
What a delightfully arcane rabbit hole to get into today, I’m going to do some research…
I don't really get comments about unreasonable labor in this comment and TFA. It's what, 16x16 = 256 SIM cards per such machine. At 10 seconds per SIM card, that's like an hour to fill one machine. In a week at 8 hours per day you can fill 40 such machines with SIM cards.
Yeah, I don't think labor is a problem here since the people willing to make this happen somehow also found 1) money to buy these racks, 2) many times 256 SIM cards, 3) a few locations in NYC
> We would put it on our vehicle and drive around the city to spam sms message.
Why would you drive around? You can just put it in one place and spam. It doesn't change the network connectivity or the numbers or anything to drive, except perhaps running from law enforcement?
To avoid showing up on 2G/3G networks as a static congestion factor. SMS in 2G a can easily block calls if done intensively enough, since it’s part of the actual call signaling. We could tell when high-school classes ended by the sudden increase in SMS and decrease in call volumes in certain cells.
i don't recall exactly reason, quite a long time since then, but it has something to do with fake number detection and the amount of phone number we can reach.
Apparently, it worked for them. We don't care about message (as long as it's not too "uncomfortable"). Anyone can use our service. They decide how long to broadcast, we take care the rest.
Such a cool write-up, I enjoyed the screenshots of the admin interfaces ... which look exactly as bad as I'd hoped
Sad to see Mobile-X MVNO as the preferred SIM in the photos shown, but I wonder if an MVNO has local-level data to detect a situation like this when hundreds of phones are in one area and don't move. Postpaid carriers running their own network might easily connect the dots between SIM/accounts/phone towers... but the piggyback nature of MVNO network management probably makes even detecting this behavior even harder.
> I wonder if an MVNO has local-level data to detect a situation like this when hundreds of phones are in one area and don't move
MVNOs don't care because they collect the profit without having to deal with any of the network issues. The carriers in turn only care when it impacts performance for legitimate customers, as they also see a piece of the pie.
I assumed there would be anti-fraud measures blocking this kind of activity, but if this is a paying customer it isn't necessarily fraud/bad to the carrier or mvno
It'd depend on the mvno and their costs, but if the user fees pay for the underlying costs, the mvno is making money, and their user numbers go up, which makes for happy graphs.
They can also cancel or limit sims that do too much messaging or calling, which drives new user signups and makes more happy graphs. Doesn't really matter to them if all the abusers live in the same office.
Increased volume also likely reduces their unit costs with the underlying operator and messaging/calling providers, so even break even abusers help their bottom line by increasing margins for normal customers.
Off the top of my head Good2Go is better and cheaper. I don't have the names of any others, but get AI to do a deep search and it'll find a whole bunch and show you stats for them all.
I don't think there's some other seedy reason - Mobile-X is just the least expensive option I know of right now in the US that can be purchased at retail, so that is probably the main reason
This is only tangentially relevant, and a violation of the Guidelines, but I looked up the MVNO brand in the Secret Service photo (MobileX) and holy moly every single button on their website just opens a "scan to download the app" modal (or on mobile, takes you directly to the App/Play Store). It also asked for location permissions half a dozen times in as many seconds until I told Firefox to remember my refusal. MobileX, I am not under any circumstances going to install your app.
The reason for NYC is probably deploying it in a crowded network area to avoid detection. Deploying it in a suburban space would immediately show red flags.
The use case is fraud. You need thousands of burner SIMs to send millions of spam texts. But the way it works, every SIM needs a radio (the negotiation with the network is very heavyweight compared to an SMS transmission, you wouldn't want to bounce between them by constantly reconnecting). So you need thousands of radios.
I've read that at least for for GSM VoIP gateway setups, people typically rotate SIMs because it looks suspicious for one customer to be making calls all day. In fact there is a whole industry most people have no idea about dedicated to detecting these so-called grey routes. Having perused some of these offerings, it seems fairly typical to offer 16-32 radios and 256 SIM card slots. For residential proxy setups, I've seen a bunch of 16 port USB hubs with Huawei LTE modems.
It's like a multi-SIM phone, taken to the next level. Seeing this comment recently about ultra-cheap 4G LTE modems, I do wonder if one could make something cheaper with a bunch of those connected to a PC: https://news.ycombinator.com/item?id=45250676
The device is probably 256 of those, or similar, chipsets on a board with integrated SIM slots and connectors for SMA antennas. You'd have a hard time producing something like this cheaper than China.
There's only 64 antennas but 256 SIMs, so there are either 64 separate quad-SIM modems (AFAIK only Mediatek made those, and in 2G only) or it's just one big FPGA, managed by a small CPU and connected to a bunch of RF ICs, like the inverse of a base station.
Can’t read it since I don’t have a login there but i’m guessing they buy sims from all over the country and sms on matching prefixes since people will assume a local number is less likely to be spam.
This explains using such a bank. You want to cover as many prefixes as possible and you can’t match area codes with traditional sms services.
I actually did see the tweet in full it turns out. It's just that there's not much content so i figured "oh it's one of those twitter thread chains i can't read".
FWIW I have found him to be a good follow over the years. Unfortunately he mostly only posts on Twitter & not Bsky so I only see his stuff when he crosses over to bsky.
These days the way to go is social media proxies. A popular one is xcancel. Just replace the x in the domain with xcancel and you'll land on a proxy site (somebody's Nitter instance to be specific): https://xcancel.com/ErrataRob/status/1970586083374112784
Still not gonna help if you have cookies disabled because of the rate limiting, but hey.
I love how spammers do that- it works out great for me. I no longer live in my phones area code. I block the entire area code, which catches a huge amount of spam calls.
Same. The only downside is local contractors will also screen you, but most call me back when I leave a message insisting I'm local and give my address.
You don't even need to be a founder, just a person in a position that people may believe is responsible for buying products and signing checks at a company.
With marginal cost of spam being $0, I am pretty sure homeless people and Bill Gates get exactly the same amount of spam. I’d be surprised if there was any target selection.
It really is. I don't have my phone number on there, obviously, but when I went from being a random code monkey to having a 'Director' title at a very large institution, my sales spam went from 0 to probably 50 pieces a day.
Also need to do something about the inherent insecurity of most phones. GrapheneOS being a pretty decent solution nowadays to control those errant radio signals won't help against profiling for your next oil change/maintenance with those TPMS sensors beaconing everywhere you go.
Things I learnt today: that mobile phone numbers in the USA are 'local'
Here in the UK, all landline residential numbers start with an area code that starts 02 for London and 01 for the rest of the coountry (eg 020 for London and 0114 for Sheffield).
Mobile numbers here all start 07 here, and the first 5 digits are carrier specific - but so many people port their numbers that it becomes meaningless pretty quickly. But years ago you could spot a number an know what provider the caller was on.
---
Are residential and mobile numbers similar in the States?
Go back far enough at London was 01 and the rest 02-09. London, Birmingham, Manchester and a few others were 7 digits (041 xxx xxxx for Glasgow)
Then London changed to 081/071, then all changed to 01xxx (eg 0564 to 01564, 081 to 0181), then finally London, Southampton, Belfast and a few others mixed to 02x and 8 digits.
03 became national geographic numbers and things like 0345 and 0500 were phased out, 0800 remained free but not always with mobiles, 0845 was “local” but was basically premium, 0870 was even more, 0898 was super premium etc
But as phones took off in the 00s everyone just had 07 with 9 digits. Not sure when that will fill up, but it feels like a billion numbers is enough for now.
Yes. There's no obvious way to differentiate between a mobile and a non-mobile number in the USA. Numbers are "somewhat local" in that the first three digits usually correspond to a strict geographical area. However that's not a guarantee since if someone moves to another area/state these days the mobile providers will let them keep their number.
It was very shocking to me how many minutes cell phone plans had in the US when I moved there (it was ... a while ago) compared to France.
But also: in the US, calling someone on their cell cost the same as calling someone on a land line. In France, calling someone on their cell from a land line was something like 4x more per minute.
Really, the structure of phone costs (both land and cell) in the US was quite different.
Yep. France was similar to the UK. I spent years online between 10pm and 6am to use our dialup at the off-hours cost (which wasn't free, but significantly cheaper).
Not the good old days of spending money to browse the internet at 28.8kbps.
> Also traditionally American cellphone users pay to receive calls, which will blow the mind of a Britisher.
IIRC, we had to pay for any kind of use on a cell phone use (both to make and receive calls), which is probably stemmed from them being considered premium devices when they were introduced, with a lot of expensive fixed infrastructure you'd use no matter the direction of the call.
The UK (and Australia) set up a separate prefix for mobile calls. They were more expensive to call. You also knew if you could text someone because it was a mobile number.
The US had analog cell phones for longer and they were introduced to be in the same area code so counted as a "local" call (vs "long distance") for anyone calling that number. The receiver also paid to receive that call, originally.
I honestly don't know how landlines are charged now. It's been probably 20 years since I've had one. Some cheaper cell phone plans might have limited minutes but it's way more common to have unlimited talk and text to any US domestic number (landline or cell).
Oh we had 1800 that were "toll free" meaning they didn't incur long distance charges, originally but this doesn't really apply now. Also, they ran out of 1800 numbers so pretty much anything 18xx is a toll free number.
Note the 1 in front too. That's also a US thing. It technically indicates you're making a "long distance" call. More specifically, you're specifying an area code.e Modern smartphones don't generally require you to type in the 1. Old phones did.
So if you were on a 718 number and call someone else on a 718 number, you could just use the 7 digits of their number. This isn't something people really do anymore. But if you had to call a 646 number you'd put in 1-646-123-4567 back in the day.
By the way, the cell phone numbers being in a given area code explains this joke [1].
Oh the UK/Australia system had its issues too, like it mattered if you were calling from Vodafone to another Vodafone user or if it was an Orange or BT cutstomer because you were charged differently and it could count against different free minutes pools. And you really had no way of knowing.
I don't believe the US had that kind of issue or, they did, it was so long ago that nobody remembers.
> I don't believe the US had that kind of issue or, they did, it was so long ago that nobody remembers.
There is still a similar issue of not knowing whether an area code is for another country in the North American Numbering Plan. It’s fairly common for me to see an unfamiliar number and be unsure whether it’s from the US or Canada, for instance, without additional context.
The funny thing for me is that I still have the phone number I had when I was growing up, which is for a state halfway across the US. Most of my spam calls are in the area code of my phone number, making them pretty easy to recognize since I dont really know anyone from that area code anymore
If for some reason your browsing environment isn't/can't be configured to circumvent login shenanigans, at least for now, xitter can be read by inserting cancel right behind the X-part of the URL. Like so:
I am very familiar with the hardware being used in that operation and Rob is 100% correct.
Someone used an online SMS service to send threatening messages to a member of the Gleichschaltung squad, and the secret service traced the SIM card back to one of these rented apartments. The reason it was linked to a "Chinese state sponsored blah blah blah" is because most Chinese criminal operations in the US have some indirect benefit to the Chinese government, which is why they are allowed to operate.
You could use this hardware to launch some sort of a flooding attack, but given the density all you are going to knock out is the one cell site all your devices are talking to. If China wanted to knock out cell service around the UN they would use the hundreds of thousands of backdoored Android phones in New York to launch a more distributed attack.
I not familiar with any of it, so I’m willing to take your word, but doesn’t the scope raise some eyebrows?
Using the prices quoted in TFA they’re talking about $900,000 in servers and another $500,000 in SIM cards, before labor, rent and electricity.
Is that sort of outlay typical for phone scammers.
Also on a technical note is there an advantage to having all your sites in the NYC area? Is it simply that there’s enough cell traffic, the bad actors illicit traffic won’t stand out?
No way, whatever the sim hardware cost is and the sim service per month for the carrier.
NYC is just high density, remember cell means cellular so the towers are configured for high traffic and more fall back, also being easy to go around in general, airports etc
Esims go for $5-10 a month.
Hardware is less than 20k max.
Apartment and general utilities are a sunk cost.
>Is that sort of outlay typical for phone scammers.
Really yes. If they're just selling VOIP routing to the US, they can sell essentially unlimited amounts of it. The more you invest, the more you profit. Grows organically and exponentially.
In some countries you can find entire office blocks filled with people who do nothing all day but participate in scam enterprises. I don't think the scale of this phone bank, if its as described, is that surprising really.
They operate a bunch of cellular modems that send SMS spam, receive SMS verification codes for creating fake accounts, and use the data to act as proxies for web scraping and other nonsense. It isn't criminal, but it isn't exactly ethical either. But it is profitable.
You have to go swap out some of the SIM cards every day to get new numbers, so you need to balance spreading your locations out across multiple cell towers for throughput, but also needing to be within reasonable travel distance.
NYC has cellular density for bandwidth to be available and enough traffic so this does not raise red flags with mobile operator. Do this in nowhere Oklahoma and providers would probably notice very quickly.
Yeah thanks, that makes more sense. The devices probably are in New York because of the high antenna density which makes it easier to actually not jam the cell towers.
The secret service spun it as a terror threat in the same way your orthopedist tells you your teeth problem comes from bad posture.
I mean, the thing might be used to jam the networks (one would have to check that the devices still work when using all the antennas simultaneously), but that really sounds like an awful lot of effort for a disruption that’s neither guaranteed nor that distuptive. I mean, this would create some chaos for sure, but law enforcement and emergency services use radio to communicate. 99% of businessses use wired phones. So this would mostly affect what? deliveries?
A large scale spam operation is way more plaisible.
That the secret service is directly under Trump may also explain why they spun it as potential terrorism stuff. it’s part of their effort to make people believe that America is under terror threat, so that they can legitimize power grabbing…
> It's just normal criminal enterprise for sending SMS spam and anonymous messages. Somebody used this service to send SMS threats to some politicians, so the Secret Service traced it back here. They are describing it as some special political threat ("35 mile radius from the UN") when it's just perfectly normal criminal enterprise.
> We know it's a crap story because to the way the New York Times story on this cites anonymous sources in the administration, and then James A. Lewis to confirm it. This guy, formerly of the CSIS think tank, is the the NYTimes regularly trots out to confirm cybersecurity claims by anonymous government officials.
> Ir's just normal crime folks, there's absolutely none of the threats here that they claim.
Why did you put quote marks around the word “legitimate”, like he said the word in his post?
An interesting choosing of words - "It's just normal criminal enterprise for sending SMS spam and anonymous messages." It doesn't look anyway "normal" as for me. I feel that this guy just says me "move along, nothing to see here" and resembles some South Park absurdity tbh. As for me it looks quite advanced (though I'm not an expert here) for just sending spam messages.
You admit to not knowing what tech these criminals have, and then on the basis of that you conclude "it doesn't look normal to me"..
It's like landing in Saudi Arabia and saying, "All the women here wear head covering, that doesn't look normal to me"...
Meanwhile on the flipside the authorities hype it up to be some state-sponsored threat, as if to say "Look citizen, your very competent government is keeping you safe! Trust us!"
Well.. my judgment was based on the facts from the article, which are mostly about the amount and sophistication of equipment. I also read more facts from this link posted there as a reference https://apnews.com/article/unga-threat-telecom-service-sim-9... - they mention 300 SIM servers and 100K SIM cards which is quite impressive as for me. Also, for some reasons all of this is clustered around the UN facilities (in 35 miles radius). Even if all of this is related to spam only activities this is quite a large investment as for me and that's why I'm not really convinced this is just some "normal" thing to see.
The Secret Service is being overly alarmist, but to a hammer, everything looks like a nail.
“We need to do forensics on 100,000 cell phones, essentially all the phone calls, all the text messages, anything to do with communications, see where those numbers end up,” "You can’t text message, you can’t use your cell phone. And if you coupled that with some sort of other event associated with UNGA, you know, use your imagination there, it could be catastrophic to the city."
So until we do our jobs, imagine the worst case scenario. Thanks guys.
Could be rent US a number service, data roaming, VOIP or SMS termination, account registration (google, tiktok, whatsapp).
There are data roaming services that use 5G GSM modems to transfer the SIMs tower connection to pocket wifi devices for tourists who need data.
I suspect the Secret Service is keeping some cards (ahem) close to their chest. It's not difficult to believe that there is other evidence they chose not to publish that distinguishes a garden-variety spamming operation and one that is more nefarious.
> They just got the use case wrong. It's for fraud, not terrorism.
How do you know?
(BTW, I'm not suggesting that you are wrong. I have no idea. But in my experience with Federal law enforcement operations related to technology, they're not typically so incompetent as to confuse a fraud ring for a more serious operation. I choose to give them the benefit of the doubt.)
Sim boxes and etc aren't useful for terrorism, or at least you not anywhere near this many.
You only need this many for bulk messaging/calling. Legitimate bulk messaging/calling would be going through sip providers and SMS aggregators and/or interconnection with carriers at the kind of volumes you'd have this many sim boxes for. So it's got to be fraud/abuse of some sort. Probably selling bulk sms/calling to users that can't or don't want to use legitimate providers.
Again, I don’t know what the Secret Service isn’t saying, but I do know that failures of imagination have led to unpleasant surprises in the past. I’ll be very curious to learn more. Hopefully the details will come out.
What are you talking about? If you mean something like this (https://www.gov.ca.gov/2024/02/27/california-seizes-record-6...) then that's totally believable. It's the amount seized over the course of a year. Fentanyl is cheap to produce and as long as enough gets through the distribution process to be profitable, you can lose literally 30 tons of it as a cost of business.
I'm all for having a productive discussion, but casual exaggerations and half-truths aren't helpful. If you just don't trust LE, that's fine (and quite understandable), but that's a more honest thing to say than that you know something contradictory with absolute certainty.
This is sealioning. Demanding people on internet forums provide proof of really-not-very-controversial statements, hiding behind appeal to authority arguments and then feigning outrage when called out on it isn't really the right way to do this. There are many comments in this topic and others[1] explaining the idea you're pretending not to understand.
I’m not pretending not to understand anything. I absolutely get that it is a possibility that the Secret Service got it wrong. And it’s no surprise that there will be many opinions that challenge their narrative. But those other commentators have the same problem in that they may lack crucial context that might make the government’s narrative true. And the fact that several people agree is irrelevant; more than one person thinks Tylenol causes autism.
And it’s not sealioning; I'm not making a bad-faith argument to wear you down. I’m saying something really simple: unless you know something with absolute certainty, especially about a situation that doesn’t involve you, expect to be challenged when you claim you do. We have qualifying vocabulary for this very purpose. It’s why reporters use the word “alleged” when referring to criminal defendants who haven’t been convicted. It’s a pretty straightforward principle, and there are plenty of responsible people out there who formulate their doubts with the requisite nuanced writing. If I can do it, anyone can.
And no, it’s not unreasonable to demand that someone support their unqualified claims of certainty. It will be the Secret Service’s responsibility to eventually substantiate their claims, too.
no idea if its accurate. the replies appear to be disagreeing with it
>>>
It’s a Telecom Bypass Scam Using SIM Farms…Grey-routing is when international calls are re-routed through SIM farms like the one in those photos, instead of going through legitimate telecom carrier infrastructure.
Someone overseas makes a call to a U.S. number
Let’s say someone in Nigeria calls a U.S. bank or friend.
Normally, the call would be routed through official international telecom carriers, and each leg of that call would cost money.
The person calling (or their carrier) pays international calling fees to reach the U.S. phone network.
Scammers hijack the call and reroute it through their SIM farm
Instead of going through legit U.S. carrier infrastructure like AT&T or Verizon, the call:
Enters a VoIP (internet call) gateway.
Is then re-routed to one of the SIM cards in the SIM farm, which is sitting on U.S. soil and connected to a local mobile network (like T-Mobile or Boost).
This SIM answers and makes the call look like a local one like it’s just a guy in Houston calling a local pizza shop.
The call completes, but the real telecom carriers get screwed
The call appears as a local mobile call on U.S. networks, not international traffic.
For the record, someone may find this interesting.
The scammers avoid all the expensive international “termination” fees.
The telcos (Verizon, AT&T, etc.) get paid nothing, because it looks like local traffic.
Meanwhile, the grey-router charges the VoIP client a discounted rate, pockets the cash, and repeats the process at scale.
How do you do this bit? Is the caller deliberately cooperating, or they think they're using a real service?
I remember calling transcontinentally in the noughties - I would top up an international calls account. If I recall, I had bought a card from a shop with a scratch-off panel. To call first call a local number, then enter my account number. I would pay local rates for the call which were bundled with the contract, so free on the margin, and the call would cost me some pennies per minute from my calls account.
I have no idea how they completed the call, but I was thrilled as it was just before the time when you could just use apps, and the calls would have been ruinous otherwise. For all I know the whole network was a scam. Things like phone cards, money remittance etc, all seem pretty scammy anyway at the best of times.
Yes that's what popped in my mind too. Calling from abroad to back home, I would pay for a card. I would call the number on the card, the code, then my destination number then the hash key or something. I don't think I topped up it.
Why is it exactly, that mobile providers can’t catch this…?
Just like with SMS fraud. It might cost them a few cents per subscriber to do effective anti-spam measures, but now society has to pay the cost
The MVNOs such as MobileX mentioned above do not have their own towers or the cellular backbone i.e. the core network. They'll merely use the MNO such as Verizon or T-Mobile and have a commercial arrangement in which MVNO just handles the marketing and the customer support. So the MVNOs may not have the right tools or data or incentives to catch these sim farms.
It depends on how closely they monitor the network and how much these people abused it. A steady, slow increase in calls/messages on a site wouldn’t show up in stats unless there was a lot of constant congestion, and even then most telcos these days outsource a lot of their network monitoring and capacity management to contractors that just don’t care.
Plus if they’re using legacy 2G/3G, it’s not the shiny thing that most telco network quality crews care about for customer experience…
Just want to say: Thanks! I was waiting for this article.
Thanks to Ernie Smith, to tedium.co, to HN, to community.
This is the kind of curious and intelligent response to FUD that I want to find whenever major news outlets start an insane new spin-cycle (as increasingly is the way of things in the world).
I’ll let the HN comment thread spin out (as it must), but amidst that, I just want to say that this right here is the reason I still keep coming back to this place and read all of it. So, thanks!
So they find some SIM boxes and assume terrorism? It's the way calling card services offer cheap rates to various countries. They suck from a cell planning POV but they're hardly nefarious.
oh that's why google have been silently banning all corporations using gvoice unless they email support for each number to be manually checked for compliance.
it's been a few interesting couple months at work, as google being google there was never an announcement or anything.
At what point does an article shift from giving insights -> giving a step by step to start your own spam farm?
Praising the device and stating how cool it is? Highlighting how inexpensive it is? Screenshots of how it works? Saying where you can buy it from?
The line is blurry but this article has all of that. Here's to responsible journalism and being inundated with more spam on my phone so that a newsletter gets more clicks.
I doubt a random blog post is enabling this. If you are at the point of dropping thousands of dollars on a spam farm you've got the ability to find this stuff yourself. If anything it's highlighting how this stuff works to the average person.
This problem isn't going to be solved by making information about the devices more obscure. It's going to be solved by technical preventions and legal action against the senders.
I do not think that the blog is the reason why the practice exists. I am stating that the blog's framing of the issue is a counter-productive way to cover an illegal activity that 99% of citizens actually hate.
The author probably turned up everything in the article by searching on google so it's probably not helping anyone unless they want to turn to the dark side right this second
I can do a google search for ghost guns too, but once I compile my information and it goes viral on an unrelated site, isn't that still contributing to the visibility (and potentially distribution) of ghost guns?
So what's the solution? Prohibit talking about the subject? That doesn't seem like the right answer, not to mention it would run afoul of the First Amendment.
I think the author does a good job of showing how commoditized this kind of crime is. There are no special insights here that someone who wanted to do this thing couldn't easily find on their own.
This seems like a pretty far fetched idea that phone manufacturers are pushing for esim to enable spammers to spam easier, rather than to free up space in phones for a bigger battery.
> phone manufacturers are pushing for esim [...] rather than to free up space in phones for a bigger battery.
It is being pushed by the carriers because retail locations are their biggest overhead expense, for what is basically a place to go pick up a SIM card.
Was never much a fan of eSIMs, but after seeing them in action, I kinda like it. Saved me inconvenient trips and delay.
Yes, it’d be nice to just be able to move a sim from one device to the next. In practice, I’ve only done that a few times in the past 20 years, about as often as I switch carriers. So, kinda a wash.
Hoping if phone suddenly breaks, can get new eSIM as easily.
You can't get a new eSim without working network and working carrier provisioning. I recently observed a friend try to get a new eSim for a new phone... no wifi, so he hotspotted from the old phone... carrier kicked the old phone before the new sim was downloaded, so he was stuck until he got somewhere with wifi he could use. Physical sim would have been easy peasy.
Carriers are the slowest ones in the process though. Apple has had to drag them kicking and screaming on esim. Physical sims can be purchased in every supermarket. I'd guess the retail stores mostly exist for marketing and selling boomers on overpriced long term plans.
I'm not sure it's viable to run large amounts of iMessage accounts, e.g. looking at https://bluebubbles.app/faq/ it needs a running MacOS machine/VM to work.
Maybe weird hardware, but easily available on aliexpress. Y’all need to explore more. Appears to be scrubbed off now but used to be more available.
Tbh, contraptions like this have a long history for gray-market VoIP call termination, but usually in countries where governments charge a lot for incoming international calls as means of fund-raising (or inefficient telecoms) but domestic rates are low.
Merge with https://news.ycombinator.com/item?id=45353925 ?
I had an inkling these things existed (I’ve been in telco for a few decades), but the last ones I saw had nowhere near this scale. The amount of manual labor to put in the SIMs _and_ configure/remove the PIN codes must be staggering unless they get a bulk manifest of some sort (which you do get if you order batches of SIM cards for IoT applications), so expect these things to have a CSV import of some kind…
Plus I’m wondering what exactly are the radio capabilities of these things with so many antennae close to each other. Anyway, anyone doing network planning would hardly notice a few dozen registered subscribers unless they started generating traffic heavily (in which case they’d probably saturate one sector of a cell, but not with SMS and LTE…)
What a delightfully arcane rabbit hole to get into today, I’m going to do some research…
I don't really get comments about unreasonable labor in this comment and TFA. It's what, 16x16 = 256 SIM cards per such machine. At 10 seconds per SIM card, that's like an hour to fill one machine. In a week at 8 hours per day you can fill 40 such machines with SIM cards.
Yeah, I don't think labor is a problem here since the people willing to make this happen somehow also found 1) money to buy these racks, 2) many times 256 SIM cards, 3) a few locations in NYC
Also, from the article:
> The exact devices [..] are sold for an eye-watering $3,730.
That seems just a tad bit hyperbolic
[dead]
I used to have a machine that look like this(A bit smaller tho).
My machine was for...spamming text sms. We would put it on our vehicle and drive around the city to spam sms message.
We stop doing that now since it's not really effective anymore.
But our machine having same form factor does not mean they have same functionality.
> We would put it on our vehicle and drive around the city to spam sms message.
Why would you drive around? You can just put it in one place and spam. It doesn't change the network connectivity or the numbers or anything to drive, except perhaps running from law enforcement?
To avoid showing up on 2G/3G networks as a static congestion factor. SMS in 2G a can easily block calls if done intensively enough, since it’s part of the actual call signaling. We could tell when high-school classes ended by the sudden increase in SMS and decrease in call volumes in certain cells.
i don't recall exactly reason, quite a long time since then, but it has something to do with fake number detection and the amount of phone number we can reach.
You were probably driving around with a "SMS Blaster" that didn't use sim cards, no?
How did that work economically? Who paid for you to do that and how was it worth it for them to do so?
Apparently, it worked for them. We don't care about message (as long as it's not too "uncomfortable"). Anyone can use our service. They decide how long to broadcast, we take care the rest.
Mind you, we are not in US.
Such a cool write-up, I enjoyed the screenshots of the admin interfaces ... which look exactly as bad as I'd hoped
Sad to see Mobile-X MVNO as the preferred SIM in the photos shown, but I wonder if an MVNO has local-level data to detect a situation like this when hundreds of phones are in one area and don't move. Postpaid carriers running their own network might easily connect the dots between SIM/accounts/phone towers... but the piggyback nature of MVNO network management probably makes even detecting this behavior even harder.
An MVNO seldom has access to per-cell data. They get the bulk traffic delivered to them (sometimes) and billing info, and that is that.
> I wonder if an MVNO has local-level data to detect a situation like this when hundreds of phones are in one area and don't move
MVNOs don't care because they collect the profit without having to deal with any of the network issues. The carriers in turn only care when it impacts performance for legitimate customers, as they also see a piece of the pie.
> MVNOs don't care
This is an excellent point
I assumed there would be anti-fraud measures blocking this kind of activity, but if this is a paying customer it isn't necessarily fraud/bad to the carrier or mvno
It'd depend on the mvno and their costs, but if the user fees pay for the underlying costs, the mvno is making money, and their user numbers go up, which makes for happy graphs.
They can also cancel or limit sims that do too much messaging or calling, which drives new user signups and makes more happy graphs. Doesn't really matter to them if all the abusers live in the same office.
Increased volume also likely reduces their unit costs with the underlying operator and messaging/calling providers, so even break even abusers help their bottom line by increasing margins for normal customers.
Damn Mobile-X I hadn't heard of them but looks like a good deal. Maybe this is actually a marketing exercise?
Tello isn't quite as cheap as Mobile-X, but for low use it is also great https://tello.com/buy/custom_plans
If you use an Apple Watch cellular, Verizon's Visible seems to be the best price currently but sadly doesn't have a pay-for-use option.
There are plenty of cheaper, better MVNOs than Mobile X.
Do you want to keep us in suspense, or are these just MVNOs you've heard exist but don't have names of them?
Off the top of my head Good2Go is better and cheaper. I don't have the names of any others, but get AI to do a deep search and it'll find a whole bunch and show you stats for them all.
AI deep research is not needed to see that
$4.08 a month for 1GB on Mobile-X
is a better value than
$10.00 a month for 1GB on Good2Go
Better in what way? MobileX may have some properties that are attractive to criminals.
Mobile-X is cheap and is "pay for what you use"
I don't think there's some other seedy reason - Mobile-X is just the least expensive option I know of right now in the US that can be purchased at retail, so that is probably the main reason
More data etc, lower price.
I checked less than 90 days ago, and Mobile-X was cheaper than any other MVNO with retail availability in the US.
Do you have links to services that cost less, per line/sim? I don't think they exist, especially at retail.
For context, the original story from earlier today:
Cache of devices capable of crashing cell network is found in NYC (263 points, 251 comments)
https://news.ycombinator.com/item?id=45345514
This is only tangentially relevant, and a violation of the Guidelines, but I looked up the MVNO brand in the Secret Service photo (MobileX) and holy moly every single button on their website just opens a "scan to download the app" modal (or on mobile, takes you directly to the App/Play Store). It also asked for location permissions half a dozen times in as many seconds until I told Firefox to remember my refusal. MobileX, I am not under any circumstances going to install your app.
The reason for NYC is probably deploying it in a crowded network area to avoid detection. Deploying it in a suburban space would immediately show red flags.
A few more pictures here to get a scale of the operation: https://www.secretservice.gov/newsroom/releases/2025/09/us-s...
How can you have that many mobile radios in a small space without interference issues??
CDMA is magic.
They're not all going to be transmitting at the same time either.
This is not CDMA, CDMA is dead it is GSM and most of it will be passive channel and sms is empty bandwidth for the carrier anyway…
GP is referring to CDMA the technology, not CDMA as colloquial term for Qualcomm proprietary cdmaOne/cdma2000 implementations.
GSM is dead too. It's LTE (or maybe 5G) or it's not online in NYC...
The use case is fraud. You need thousands of burner SIMs to send millions of spam texts. But the way it works, every SIM needs a radio (the negotiation with the network is very heavyweight compared to an SMS transmission, you wouldn't want to bounce between them by constantly reconnecting). So you need thousands of radios.
I've read that at least for for GSM VoIP gateway setups, people typically rotate SIMs because it looks suspicious for one customer to be making calls all day. In fact there is a whole industry most people have no idea about dedicated to detecting these so-called grey routes. Having perused some of these offerings, it seems fairly typical to offer 16-32 radios and 256 SIM card slots. For residential proxy setups, I've seen a bunch of 16 port USB hubs with Huawei LTE modems.
the Chinese term for "SIM bank" is 猫池 (Modem pool)
it's mostly used to spam SMS and make fraud calls
That's cute!
It's like a multi-SIM phone, taken to the next level. Seeing this comment recently about ultra-cheap 4G LTE modems, I do wonder if one could make something cheaper with a bunch of those connected to a PC: https://news.ycombinator.com/item?id=45250676
The device is probably 256 of those, or similar, chipsets on a board with integrated SIM slots and connectors for SMA antennas. You'd have a hard time producing something like this cheaper than China.
There's only 64 antennas but 256 SIMs, so there are either 64 separate quad-SIM modems (AFAIK only Mediatek made those, and in 2G only) or it's just one big FPGA, managed by a small CPU and connected to a bunch of RF ICs, like the inverse of a base station.
Or there are 64 modems that can switch between 4 SIM slots.
This guy claims that it's not that suspicious and not a state-backed operation.
https://x.com/ErrataRob/status/1970586083374112784
Can’t read it since I don’t have a login there but i’m guessing they buy sims from all over the country and sms on matching prefixes since people will assume a local number is less likely to be spam.
This explains using such a bank. You want to cover as many prefixes as possible and you can’t match area codes with traditional sms services.
You can also see his takes on bsky [1] or h blog he posted there [2]
[1] https://bsky.app/profile/erratarob.bsky.social [2] https://cybersect.substack.com/p/that-secret-service-sim-far...
The second link there is much more meaningful.
I actually did see the tweet in full it turns out. It's just that there's not much content so i figured "oh it's one of those twitter thread chains i can't read".
FWIW I have found him to be a good follow over the years. Unfortunately he mostly only posts on Twitter & not Bsky so I only see his stuff when he crosses over to bsky.
Good post, also they use Quectel because it allows changing IMEI with a single AT command.
These days the way to go is social media proxies. A popular one is xcancel. Just replace the x in the domain with xcancel and you'll land on a proxy site (somebody's Nitter instance to be specific): https://xcancel.com/ErrataRob/status/1970586083374112784
Still not gonna help if you have cookies disabled because of the rate limiting, but hey.
I love how spammers do that- it works out great for me. I no longer live in my phones area code. I block the entire area code, which catches a huge amount of spam calls.
Same. The only downside is local contractors will also screen you, but most call me back when I leave a message insisting I'm local and give my address.
this is a required hack, for any founder
SO much value in being able to root out garbage sales calls
You don't even need to be a founder, just a person in a position that people may believe is responsible for buying products and signing checks at a company.
With marginal cost of spam being $0, I am pretty sure homeless people and Bill Gates get exactly the same amount of spam. I’d be surprised if there was any target selection.
LinkedIn scraping is rampant.
It really is. I don't have my phone number on there, obviously, but when I went from being a random code monkey to having a 'Director' title at a very large institution, my sales spam went from 0 to probably 50 pieces a day.
Also need to do something about the inherent insecurity of most phones. GrapheneOS being a pretty decent solution nowadays to control those errant radio signals won't help against profiling for your next oil change/maintenance with those TPMS sensors beaconing everywhere you go.
"Can't read it since I don't have a login there..."
https://nitter.poast.org/ErrataRob/
Things I learnt today: that mobile phone numbers in the USA are 'local'
Here in the UK, all landline residential numbers start with an area code that starts 02 for London and 01 for the rest of the coountry (eg 020 for London and 0114 for Sheffield).
Mobile numbers here all start 07 here, and the first 5 digits are carrier specific - but so many people port their numbers that it becomes meaningless pretty quickly. But years ago you could spot a number an know what provider the caller was on.
---
Are residential and mobile numbers similar in the States?
> all landline residential numbers start with an area code that starts 02 for London and 01 for the rest of the coountry
02 dialling codes are used in more than just London; Northern Ireland and Coventry phone numers start with 02 for example.
Go back far enough at London was 01 and the rest 02-09. London, Birmingham, Manchester and a few others were 7 digits (041 xxx xxxx for Glasgow)
Then London changed to 081/071, then all changed to 01xxx (eg 0564 to 01564, 081 to 0181), then finally London, Southampton, Belfast and a few others mixed to 02x and 8 digits.
03 became national geographic numbers and things like 0345 and 0500 were phased out, 0800 remained free but not always with mobiles, 0845 was “local” but was basically premium, 0870 was even more, 0898 was super premium etc
But as phones took off in the 00s everyone just had 07 with 9 digits. Not sure when that will fill up, but it feels like a billion numbers is enough for now.
I stand corrected, I didn't know that - but it is a while since I've paid attention to phone numbers like I used to.
Denmark went 2 steps further: we no longer have area codes and all phone numbers can be mobile or landline.
In old days the numbers were distinct but these days the overview just says "mostly mobile" or "mostly landline": https://digst.dk/media/x3tmvqsl/nummerplan_2020_farver.pdf
Yes. There's no obvious way to differentiate between a mobile and a non-mobile number in the USA. Numbers are "somewhat local" in that the first three digits usually correspond to a strict geographical area. However that's not a guarantee since if someone moves to another area/state these days the mobile providers will let them keep their number.
Also traditionally American cellphone users pay to receive calls, which will blow the mind of a Britisher.
And text messages.
It was very shocking to me how many minutes cell phone plans had in the US when I moved there (it was ... a while ago) compared to France.
But also: in the US, calling someone on their cell cost the same as calling someone on a land line. In France, calling someone on their cell from a land line was something like 4x more per minute.
Really, the structure of phone costs (both land and cell) in the US was quite different.
In the 90s local calls and thus Internet was free in America, where in the U.K. it cost upto £5 an hour (in today’s money) to be online.
Yep. France was similar to the UK. I spent years online between 10pm and 6am to use our dialup at the off-hours cost (which wasn't free, but significantly cheaper).
Not the good old days of spending money to browse the internet at 28.8kbps.
> Also traditionally American cellphone users pay to receive calls, which will blow the mind of a Britisher.
IIRC, we had to pay for any kind of use on a cell phone use (both to make and receive calls), which is probably stemmed from them being considered premium devices when they were introduced, with a lot of expensive fixed infrastructure you'd use no matter the direction of the call.
Cell phones evolved differently.
The UK (and Australia) set up a separate prefix for mobile calls. They were more expensive to call. You also knew if you could text someone because it was a mobile number.
The US had analog cell phones for longer and they were introduced to be in the same area code so counted as a "local" call (vs "long distance") for anyone calling that number. The receiver also paid to receive that call, originally.
I honestly don't know how landlines are charged now. It's been probably 20 years since I've had one. Some cheaper cell phone plans might have limited minutes but it's way more common to have unlimited talk and text to any US domestic number (landline or cell).
Oh we had 1800 that were "toll free" meaning they didn't incur long distance charges, originally but this doesn't really apply now. Also, they ran out of 1800 numbers so pretty much anything 18xx is a toll free number.
Note the 1 in front too. That's also a US thing. It technically indicates you're making a "long distance" call. More specifically, you're specifying an area code.e Modern smartphones don't generally require you to type in the 1. Old phones did.
So if you were on a 718 number and call someone else on a 718 number, you could just use the 7 digits of their number. This isn't something people really do anymore. But if you had to call a 646 number you'd put in 1-646-123-4567 back in the day.
By the way, the cell phone numbers being in a given area code explains this joke [1].
Oh the UK/Australia system had its issues too, like it mattered if you were calling from Vodafone to another Vodafone user or if it was an Orange or BT cutstomer because you were charged differently and it could count against different free minutes pools. And you really had no way of knowing.
I don't believe the US had that kind of issue or, they did, it was so long ago that nobody remembers.
[1]: https://xkcd.com/1129/
> I don't believe the US had that kind of issue or, they did, it was so long ago that nobody remembers.
There is still a similar issue of not knowing whether an area code is for another country in the North American Numbering Plan. It’s fairly common for me to see an unfamiliar number and be unsure whether it’s from the US or Canada, for instance, without additional context.
Thank you for this - these are the kind of facts that really scratch a mental itch for me.
> since people will assume a local number is less likely to be spam.
Local number has become an spam signifier for me
The funny thing for me is that I still have the phone number I had when I was growing up, which is for a state halfway across the US. Most of my spam calls are in the area code of my phone number, making them pretty easy to recognize since I dont really know anyone from that area code anymore
If for some reason your browsing environment isn't/can't be configured to circumvent login shenanigans, at least for now, xitter can be read by inserting cancel right behind the X-part of the URL. Like so:
https://xcancel.com/ErrataRob/status/1970586083374112784
With the additional advantage of giving you a view more like threadreader.app, or something. Without having to install anything.
You don't need a login to read a single tweet.
Twitter is inconsistent for me. From the mobile (FF, not authenticated) it's blocked but from desktop (FF, not authenticated) is visible.
With Google referrer, it loads even more often, even on mobile I believe. Same for LinkedIn. It will not authwall you if you're coming from Google.
Thanks! I was assuming it was a chain with more details than i saw there.
I am very familiar with the hardware being used in that operation and Rob is 100% correct.
Someone used an online SMS service to send threatening messages to a member of the Gleichschaltung squad, and the secret service traced the SIM card back to one of these rented apartments. The reason it was linked to a "Chinese state sponsored blah blah blah" is because most Chinese criminal operations in the US have some indirect benefit to the Chinese government, which is why they are allowed to operate.
You could use this hardware to launch some sort of a flooding attack, but given the density all you are going to knock out is the one cell site all your devices are talking to. If China wanted to knock out cell service around the UN they would use the hundreds of thousands of backdoored Android phones in New York to launch a more distributed attack.
I not familiar with any of it, so I’m willing to take your word, but doesn’t the scope raise some eyebrows?
Using the prices quoted in TFA they’re talking about $900,000 in servers and another $500,000 in SIM cards, before labor, rent and electricity.
Is that sort of outlay typical for phone scammers.
Also on a technical note is there an advantage to having all your sites in the NYC area? Is it simply that there’s enough cell traffic, the bad actors illicit traffic won’t stand out?
No way, whatever the sim hardware cost is and the sim service per month for the carrier.
NYC is just high density, remember cell means cellular so the towers are configured for high traffic and more fall back, also being easy to go around in general, airports etc
Esims go for $5-10 a month. Hardware is less than 20k max. Apartment and general utilities are a sunk cost.
>Is that sort of outlay typical for phone scammers.
Really yes. If they're just selling VOIP routing to the US, they can sell essentially unlimited amounts of it. The more you invest, the more you profit. Grows organically and exponentially.
Each one of those units is probably ~$6k for the device and sim cards. I don't think there were that many of them in the pictures to add up to $900k.
The article describes 300 servers and 100,000 SIMs across a handul of locations.
In some countries you can find entire office blocks filled with people who do nothing all day but participate in scam enterprises. I don't think the scale of this phone bank, if its as described, is that surprising really.
They made cold calling illegal in my country. Also you cannot just sell customer data. It made an entire industry disappear and nobody mourned.
But I'm sure some American lawyer would call that a breach of the constitution.
How does your country protect against callers and data sales outside of its jurisdiction?
It was maybe $50k in hardware at each site.
They operate a bunch of cellular modems that send SMS spam, receive SMS verification codes for creating fake accounts, and use the data to act as proxies for web scraping and other nonsense. It isn't criminal, but it isn't exactly ethical either. But it is profitable.
You have to go swap out some of the SIM cards every day to get new numbers, so you need to balance spreading your locations out across multiple cell towers for throughput, but also needing to be within reasonable travel distance.
The SS is either incompetent and watches too many movies or they are deliberately trying to spin this as some state actor terrorism thing.
Does anyone remember the Boston mooninite panic? This is exactly the kind of incompetence I can think of over at the secret service.
ok, fine, then why place it in NYC? it's a mobile phone, it could be anywhere.
NYC has cellular density for bandwidth to be available and enough traffic so this does not raise red flags with mobile operator. Do this in nowhere Oklahoma and providers would probably notice very quickly.
Probably a lot of places to buy MVNO sim cards from with cash as well.
Then why not another tech hub like SV or Seattle?
Because you happen to live in NYC.
I thought it was someone running a mobile ip proxy
"residential" proxies, ad clickbots, instagram/twitter bots - lots of "legit" use-cases these days
Ad clickbots are a win-win though? Make ad less profitable.
I believe that's rob from blog.erratasec.com.
The site may be being hugged to death currently i can see posts on ddg but it can't be reached.
Yeah thanks, that makes more sense. The devices probably are in New York because of the high antenna density which makes it easier to actually not jam the cell towers.
The secret service spun it as a terror threat in the same way your orthopedist tells you your teeth problem comes from bad posture.
I mean, the thing might be used to jam the networks (one would have to check that the devices still work when using all the antennas simultaneously), but that really sounds like an awful lot of effort for a disruption that’s neither guaranteed nor that distuptive. I mean, this would create some chaos for sure, but law enforcement and emergency services use radio to communicate. 99% of businessses use wired phones. So this would mostly affect what? deliveries?
A large scale spam operation is way more plaisible.
That the secret service is directly under Trump may also explain why they spun it as potential terrorism stuff. it’s part of their effort to make people believe that America is under terror threat, so that they can legitimize power grabbing…
[dead]
[flagged]
> This story is nonsense.
> It's just normal criminal enterprise for sending SMS spam and anonymous messages. Somebody used this service to send SMS threats to some politicians, so the Secret Service traced it back here. They are describing it as some special political threat ("35 mile radius from the UN") when it's just perfectly normal criminal enterprise.
> We know it's a crap story because to the way the New York Times story on this cites anonymous sources in the administration, and then James A. Lewis to confirm it. This guy, formerly of the CSIS think tank, is the the NYTimes regularly trots out to confirm cybersecurity claims by anonymous government officials.
> Ir's just normal crime folks, there's absolutely none of the threats here that they claim.
Why did you put quote marks around the word “legitimate”, like he said the word in his post?
>Why did you put quote marks around the word “legitimate”, like he said the word in his post?
They do say that in the associated blog post, though they don't seem to think it's likely to be legitimate. https://cybersect.substack.com/p/that-secret-service-sim-far...
It does note via screenshot at bottom that these devices are often seen in Russia. Not sure what that means
An interesting choosing of words - "It's just normal criminal enterprise for sending SMS spam and anonymous messages." It doesn't look anyway "normal" as for me. I feel that this guy just says me "move along, nothing to see here" and resembles some South Park absurdity tbh. As for me it looks quite advanced (though I'm not an expert here) for just sending spam messages.
You admit to not knowing what tech these criminals have, and then on the basis of that you conclude "it doesn't look normal to me"..
It's like landing in Saudi Arabia and saying, "All the women here wear head covering, that doesn't look normal to me"...
Meanwhile on the flipside the authorities hype it up to be some state-sponsored threat, as if to say "Look citizen, your very competent government is keeping you safe! Trust us!"
Well.. my judgment was based on the facts from the article, which are mostly about the amount and sophistication of equipment. I also read more facts from this link posted there as a reference https://apnews.com/article/unga-threat-telecom-service-sim-9... - they mention 300 SIM servers and 100K SIM cards which is quite impressive as for me. Also, for some reasons all of this is clustered around the UN facilities (in 35 miles radius). Even if all of this is related to spam only activities this is quite a large investment as for me and that's why I'm not really convinced this is just some "normal" thing to see.
The Secret Service is being overly alarmist, but to a hammer, everything looks like a nail.
“We need to do forensics on 100,000 cell phones, essentially all the phone calls, all the text messages, anything to do with communications, see where those numbers end up,” "You can’t text message, you can’t use your cell phone. And if you coupled that with some sort of other event associated with UNGA, you know, use your imagination there, it could be catastrophic to the city."
So until we do our jobs, imagine the worst case scenario. Thanks guys.
Could be rent US a number service, data roaming, VOIP or SMS termination, account registration (google, tiktok, whatsapp).
There are data roaming services that use 5G GSM modems to transfer the SIMs tower connection to pocket wifi devices for tourists who need data.
I suspect the Secret Service is keeping some cards (ahem) close to their chest. It's not difficult to believe that there is other evidence they chose not to publish that distinguishes a garden-variety spamming operation and one that is more nefarious.
It's not "difficult" to believe, no. But it's easier to believe that cops don't know how radio networks work, though.
This is clearly illegitimate, they can tell that much. They just got the use case wrong. It's for fraud, not terrorism.
> They just got the use case wrong. It's for fraud, not terrorism.
How do you know?
(BTW, I'm not suggesting that you are wrong. I have no idea. But in my experience with Federal law enforcement operations related to technology, they're not typically so incompetent as to confuse a fraud ring for a more serious operation. I choose to give them the benefit of the doubt.)
Sim boxes and etc aren't useful for terrorism, or at least you not anywhere near this many.
You only need this many for bulk messaging/calling. Legitimate bulk messaging/calling would be going through sip providers and SMS aggregators and/or interconnection with carriers at the kind of volumes you'd have this many sim boxes for. So it's got to be fraud/abuse of some sort. Probably selling bulk sms/calling to users that can't or don't want to use legitimate providers.
Again, I don’t know what the Secret Service isn’t saying, but I do know that failures of imagination have led to unpleasant surprises in the past. I’ll be very curious to learn more. Hopefully the details will come out.
You know how every year the DEA seizes enough fentanyl in one truck to kill half of Chicago or whatever? It's like that.
What are you talking about? If you mean something like this (https://www.gov.ca.gov/2024/02/27/california-seizes-record-6...) then that's totally believable. It's the amount seized over the course of a year. Fentanyl is cheap to produce and as long as enough gets through the distribution process to be profitable, you can lose literally 30 tons of it as a cost of business.
I'm all for having a productive discussion, but casual exaggerations and half-truths aren't helpful. If you just don't trust LE, that's fine (and quite understandable), but that's a more honest thing to say than that you know something contradictory with absolute certainty.
This is sealioning. Demanding people on internet forums provide proof of really-not-very-controversial statements, hiding behind appeal to authority arguments and then feigning outrage when called out on it isn't really the right way to do this. There are many comments in this topic and others[1] explaining the idea you're pretending not to understand.
[1] This one is at the top of the front page as we speak: https://news.ycombinator.com/item?id=45357693
I’m not pretending not to understand anything. I absolutely get that it is a possibility that the Secret Service got it wrong. And it’s no surprise that there will be many opinions that challenge their narrative. But those other commentators have the same problem in that they may lack crucial context that might make the government’s narrative true. And the fact that several people agree is irrelevant; more than one person thinks Tylenol causes autism.
And it’s not sealioning; I'm not making a bad-faith argument to wear you down. I’m saying something really simple: unless you know something with absolute certainty, especially about a situation that doesn’t involve you, expect to be challenged when you claim you do. We have qualifying vocabulary for this very purpose. It’s why reporters use the word “alleged” when referring to criminal defendants who haven’t been convicted. It’s a pretty straightforward principle, and there are plenty of responsible people out there who formulate their doubts with the requisite nuanced writing. If I can do it, anyone can.
And no, it’s not unreasonable to demand that someone support their unqualified claims of certainty. It will be the Secret Service’s responsibility to eventually substantiate their claims, too.
It's not. They are used for SIP gateways and calling card services all the time. Against TOS but hardly an illegitimate use.
found this on twitter: https://x.com/Hannibal9972485/status/1970540224867365060
no idea if its accurate. the replies appear to be disagreeing with it
>>>
It’s a Telecom Bypass Scam Using SIM Farms…Grey-routing is when international calls are re-routed through SIM farms like the one in those photos, instead of going through legitimate telecom carrier infrastructure.
Someone overseas makes a call to a U.S. number Let’s say someone in Nigeria calls a U.S. bank or friend.
Normally, the call would be routed through official international telecom carriers, and each leg of that call would cost money.
The person calling (or their carrier) pays international calling fees to reach the U.S. phone network.
Scammers hijack the call and reroute it through their SIM farm
Instead of going through legit U.S. carrier infrastructure like AT&T or Verizon, the call:
Enters a VoIP (internet call) gateway.
Is then re-routed to one of the SIM cards in the SIM farm, which is sitting on U.S. soil and connected to a local mobile network (like T-Mobile or Boost).
This SIM answers and makes the call look like a local one like it’s just a guy in Houston calling a local pizza shop.
The call completes, but the real telecom carriers get screwed
The call appears as a local mobile call on U.S. networks, not international traffic. For the record, someone may find this interesting.
The scammers avoid all the expensive international “termination” fees.
The telcos (Verizon, AT&T, etc.) get paid nothing, because it looks like local traffic.
Meanwhile, the grey-router charges the VoIP client a discounted rate, pockets the cash, and repeats the process at scale.
> Scammers hijack the call
How do you do this bit? Is the caller deliberately cooperating, or they think they're using a real service?
I remember calling transcontinentally in the noughties - I would top up an international calls account. If I recall, I had bought a card from a shop with a scratch-off panel. To call first call a local number, then enter my account number. I would pay local rates for the call which were bundled with the contract, so free on the margin, and the call would cost me some pennies per minute from my calls account.
I have no idea how they completed the call, but I was thrilled as it was just before the time when you could just use apps, and the calls would have been ruinous otherwise. For all I know the whole network was a scam. Things like phone cards, money remittance etc, all seem pretty scammy anyway at the best of times.
Yes that's what popped in my mind too. Calling from abroad to back home, I would pay for a card. I would call the number on the card, the code, then my destination number then the hash key or something. I don't think I topped up it.
I imagine this could work the same way.
You can find them on Alibaba or similar sites - search for "GSM Modem Pool"
I’m amazed to see this.
I’d have assumed the way to spam SMS is having some sort of dodgy SS7 connection somewhere?
Wild that the radio interface is the way to connect to the network for this.
And spoofing caller id is easy you shouldn’t need local SIMs?
Why is it exactly, that mobile providers can’t catch this…? Just like with SMS fraud. It might cost them a few cents per subscriber to do effective anti-spam measures, but now society has to pay the cost
The MVNOs such as MobileX mentioned above do not have their own towers or the cellular backbone i.e. the core network. They'll merely use the MNO such as Verizon or T-Mobile and have a commercial arrangement in which MVNO just handles the marketing and the customer support. So the MVNOs may not have the right tools or data or incentives to catch these sim farms.
It depends on how closely they monitor the network and how much these people abused it. A steady, slow increase in calls/messages on a site wouldn’t show up in stats unless there was a lot of constant congestion, and even then most telcos these days outsource a lot of their network monitoring and capacity management to contractors that just don’t care.
Plus if they’re using legacy 2G/3G, it’s not the shiny thing that most telco network quality crews care about for customer experience…
Why would the mobile provider want to catch it?
If these guys are paying MobileX for 256 sims per bank * 64 sim banks = 16,384 sims and say $20 per plan = $327,680 per month of company income.
FCC fines
Common carriers are usually absolved of the malfeasance of their customers.
> $20 per plan
Nope.
Cheaper, but still they do pay.
Maybe they did and informed the authorities accordingly.
Wonder if something like this would be easier via esim and wifi calling
Just want to say: Thanks! I was waiting for this article.
Thanks to Ernie Smith, to tedium.co, to HN, to community.
This is the kind of curious and intelligent response to FUD that I want to find whenever major news outlets start an insane new spin-cycle (as increasingly is the way of things in the world).
I’ll let the HN comment thread spin out (as it must), but amidst that, I just want to say that this right here is the reason I still keep coming back to this place and read all of it. So, thanks!
Great post/read!
So they find some SIM boxes and assume terrorism? It's the way calling card services offer cheap rates to various countries. They suck from a cell planning POV but they're hardly nefarious.
oh that's why google have been silently banning all corporations using gvoice unless they email support for each number to be manually checked for compliance.
it's been a few interesting couple months at work, as google being google there was never an announcement or anything.
At what point does an article shift from giving insights -> giving a step by step to start your own spam farm?
Praising the device and stating how cool it is? Highlighting how inexpensive it is? Screenshots of how it works? Saying where you can buy it from?
The line is blurry but this article has all of that. Here's to responsible journalism and being inundated with more spam on my phone so that a newsletter gets more clicks.
I doubt a random blog post is enabling this. If you are at the point of dropping thousands of dollars on a spam farm you've got the ability to find this stuff yourself. If anything it's highlighting how this stuff works to the average person.
This problem isn't going to be solved by making information about the devices more obscure. It's going to be solved by technical preventions and legal action against the senders.
I do not think that the blog is the reason why the practice exists. I am stating that the blog's framing of the issue is a counter-productive way to cover an illegal activity that 99% of citizens actually hate.
The author probably turned up everything in the article by searching on google so it's probably not helping anyone unless they want to turn to the dark side right this second
I can do a google search for ghost guns too, but once I compile my information and it goes viral on an unrelated site, isn't that still contributing to the visibility (and potentially distribution) of ghost guns?
So what's the solution? Prohibit talking about the subject? That doesn't seem like the right answer, not to mention it would run afoul of the First Amendment.
I think the author does a good job of showing how commoditized this kind of crime is. There are no special insights here that someone who wanted to do this thing couldn't easily find on their own.
“One has to wonder if the rise of eSIMs is designed to make these products obsolete.“ or significantly reduce their labor costs.
I think this explains why the spam texts I receive never show up as an iMessage or rcs. This thing-a-ma-hugger doesn’t support it.
This seems like a pretty far fetched idea that phone manufacturers are pushing for esim to enable spammers to spam easier, rather than to free up space in phones for a bigger battery.
> phone manufacturers are pushing for esim [...] rather than to free up space in phones for a bigger battery.
It is being pushed by the carriers because retail locations are their biggest overhead expense, for what is basically a place to go pick up a SIM card.
Agree.
Was never much a fan of eSIMs, but after seeing them in action, I kinda like it. Saved me inconvenient trips and delay.
Yes, it’d be nice to just be able to move a sim from one device to the next. In practice, I’ve only done that a few times in the past 20 years, about as often as I switch carriers. So, kinda a wash.
Hoping if phone suddenly breaks, can get new eSIM as easily.
You can't get a new eSim without working network and working carrier provisioning. I recently observed a friend try to get a new eSim for a new phone... no wifi, so he hotspotted from the old phone... carrier kicked the old phone before the new sim was downloaded, so he was stuck until he got somewhere with wifi he could use. Physical sim would have been easy peasy.
Carriers are the slowest ones in the process though. Apple has had to drag them kicking and screaming on esim. Physical sims can be purchased in every supermarket. I'd guess the retail stores mostly exist for marketing and selling boomers on overpriced long term plans.
> I'd guess the retail stores mostly exist for marketing and selling boomers on overpriced long term plans.
... and for customer support where you need someone to physically identify a customer against a government-issued ID.
I'm not sure it's viable to run large amounts of iMessage accounts, e.g. looking at https://bluebubbles.app/faq/ it needs a running MacOS machine/VM to work.
RCS, on the other hand, can be spoofed with a bunch of other tools.