Oh lol, this is a scam site. Yes, there are potential other uses for a sim box but mostly they are used for VoIP purposes. It's honestly so hard reading quotes from the US government these days. Cartels, drugs, guns. They make it sound like they interrupted the staging of an assault on the UN when the article actually says that the locations were within 35 miles of the UN headquarters in NYC. This is a significant distance as it covers beyond the 5 boroughs, it's the "tri state area". Like 20M people live in that circle. I highly doubt this is for anything other than VoIP scams.
Yup. This is literally just a cellular grey route site for some shitty VoIP provider, just like the SIM box SMS scams go marching on in other countries. Some operator is shitting their pants right now, probably.
The SIM cards come from cheap MVNOs that have dealer arrangements for cheap or free first month activations, then they just set up a handful of SIM boxes and a residential Internet connection back to the mothership (like they did at the captured house with the white Verizon 5G Home router just casually sitting on the floor next to the units).
Similarly, I’ve had some friends on US MVNOs themselves that have access to “free” international calling, yet every time they call (the same) international number the receiving party gets a wildly different caller ID from a wildly different country each time (Poland, Moldova, etc). Also dodgy SIM boxes!
Or grey-route bulk messaging and SMS OTP bypass so actors can register throwaway accounts on Signal/WhatsApp/Telegram, social platforms, fintech, crypto etc. then burn the numbers after use.
You need 100k SIMs to defeat per-SIM rate/behavior caps, receive OTPs for mass account creation and run thousands of campaigns/conversations in parallel while keeping each SIM's pattern below carrier detection thresholds.
It's not about the UN.
NYC is a prime market for "local presence" numbers (212/917/646 etc.), which boosts answer rates and trust for scams, impersonation, mass disinfo campaigns.
Agreed. These days setups imho aren't vanilla origination and termination VoIP scratch card traffic it's more likely a distributed bot farm obfuscation as a service provider. I have seen commercially available sim bank gateways that can separate the sim from the antenna in order to change towers and simulate movement. The use of eSim adapters make it superscaleable now in terms of abstracting the numbers from the sims. Whatever the application a press release tie in to UN is a little odd.
> Yes, there are potential other uses for a sim box but mostly they are used for VoIP purposes.
So you mean... like, these are the exit points into the "legitimate" telephone network for, say, those random MedAlert scam calls I keep getting from numbers scattered all over North America? Or if not, what does "VoIP" mean here exactly?
Bingo! And the call's been "verified by the carrier" because it came off the cell network from a purportedly valid SIM... but patched into a dodgy SIP connection back to the scammer.
Perhaps the Secret Service possesses additional information they're not disclosing that supports their narrative. It might come out at trial, if it gets to that stage. Or, it might not, because certain methods and sources of law enforcement operations might not be publicly disclosed if national security is involved.
The article really should have put that map front and center, because that map alone is enough to show how ridiculously overhyped the government claims are.
I'm presuming this discovery was near the outer perimiter of that circle, because otherwise presumably they'd have quoted a smaller, scarier number.
> Officials said the anonymous communications network, which included more than 100,000 SIM cards and 300 servers, could interfere with emergency response services and could be used to conduct encrypted communication. One official said the network was capable of sending 30 million text messages per minute, anonymously. The official said the agency had never before seen such an extensive operation.
> Investigators found the SIM cards and servers in August at several locations within a 35-mile radius of the United Nations headquarters. The discovery followed a monthslong investigation into what the agency described as anonymous “telephonic threats” made to three high-level U.S. government officials this spring — one official in the Secret Service and two who work at the White House, one of the officials said.
So 100k SIM cards scattered around the middle of New York City.
Probably an egress point for scammers and bot farms, and the speculation about local disruptions isn't grounded in anything other than scale?
That would be my first guess if the devices were found in the Middle East, but legitimate interconnect in the US is stupid cheap. (See e.g. Twilio's SIP pricing; I assume they have reasonable supply chain security.)
Maybe some sort of darknet service for anonymous sms / calls which was used for stuff that really raised alarms such as calling/messaging these officials
Nah it's that size. You need an individual modem for each SIM card because you need a unique IMEI. It's possible each of those SIMs are eUICCs as well which means basically that each card is like a "wallet" with multiple profiles.
I've used hardware a decent amount larger than what's pictured in the OP for work. But what I was using wasn't just for SMS. So I needed more sophisticated modems. What they're using looks like a bunch of 64 port modem banks exclusively for SMS.
(Oh wait if you mean the devices for what's in the article you linked, then yea, those I'm sure are much smaller and quite different.)
The Bad Guys are neat with their cable ties, and number their gateway boxes.
The Bad Guys went with simple heavy-duty metal garage shelving rather than real racking, seemingly vastly overengineered for the weight of the equipment, as that sort of shelving can hold up to a Mg per shelf UDL. The "WallOfSimBoxes" kit does not sport any rack mounting brackets.
The Bad Guys don't use redundant power supplies, or battery backup.
By the way, if you want a quick overview of this kind of equipment if you've never seen it before, here's (randomly picked by Bing Shopping) China Skyline's marketing blurb for a similar 64-port SMS gateway:
Re Shelving: I exclusively buy very similar shelving. It is cheap, reliable, large, and strong. In fact, I have not found any other shelving that can match the performance/price of these.
I buy from Walmart. search their site for "Hyper Tough wire storage shelves"
I'm seriously wondering about the practicality of this operation. Wouldn't that many SIMs on the same spot overload any nearby cell tower? And even if the antennas could stand the load, that many SIMs hugging the network without any logical reason (like a parade or a demonstration) is bound to raise alarms at the network operator HQ. If this is a scam operation, I would expect these boxes to be distributed across several locations.
It's likely a "crime-web" service host. They are probably somewhere in Manhattan or Brooklyn to have enough tower cells to handle it (tis the benefits of a dense city for this type of operation). They probably gradually grew it as their crime web demand rose and flew too close to the sun.
It also sounds like they did have multiple locations, but they didn't distribute the modems out enough to flew under the radar longer.
Actually no, overload is easily avoided even on cheap chinese 20-channel LTE base stations (aka tower segments) if all you do is just rotating SIMs and sending some SMS.
Logically one would switch sms-sending using some number of (fixed or mobile) sdr-based simboxes so that they would even appear to move around the city randomly.
Those guys did it on the cheap. But then they did not expect SS to drop on them.
Oh! Those pics are interesting - the handful on the floor of an appartment feel very different to me from the room with hundreds of them; that's much larger scale.
> The discovery followed a monthslong investigation into what the agency described as anonymous “telephonic threats” made to three high-level U.S. government officials this spring — one official in the Secret Service and two who work at the White House, one of the officials said.
> The agency did not provide details about the threats made to the three officials, but Mr. McCool described some as “fraudulent calls.”
> Investigators have been going through the data on SIM cards that were part of the network, including calls, texts and browser history. Mr. McCool said they expected to find that other senior government officials had also been targeted in the operation.
The article goes out of its way to imply a link between this farm and the threats, but doesn't actually explicitly make that link.
So that's the tip. Makes you really wonder about the iceberg, this raises many more questions than it answers.
The UK has criminalized possessing or using SIM farms or related gear in response to these popping up with some regularity. But the operators are pretty clever and know how to hide. I've been thinking about how easy it would be to detect these when you're a telco and I think the signature is unique enough that it should be possible to detect which SIMs are part of a farm, even if you don't know the exact location of the farm.
Since you seem to know about the subject, how are these not immediately found and shut down? It seems like the messages they send could be traced to the sims physical location, and having a massive cluster of thousands of sims just sitting in an apartment also seems like an obvious giveaway. And there’s all the traceability required to rent the locations and buy the equipment. It seems like bothering with this is just asking to get caught.
Well, they did get caught. But for that to happen immediately would require a detection method that can point out the presence of a farm with only a few samples. SIMs don't know their 'physical location' and triangulation of signals in these bands in the urban environment is non trivial.
Whoever did this likely isn't all that happy that their carefully created infra was used to harass officials, which most likely is the single reason this operation got uncovered in the first place. If it would have just been used for low level crime who knows how long they could have continued to do this.
Note that these are not unique to NYC or even to the United States, they've been found in other countries as well, the UK has now criminalized possession or operation of these (but the fines are so low that I don't think it will make much difference).
They could probably be quickly found if someone is looking for them, but carriers don't necessarily care that much about these. Add a couple layers of indirection with MVNOs and there's a lot of meh to spread around.
If the reporting around this is accurate, sounds like someone(s) was swatting through these, which brought the attention needed to find this group.
> Since you seem to know about the subject, how are these not immediately found and shut down?
Because - depending on cell tower coverage and the antennas installed on it - the degree of precision is far too low to be useful. In rural installations and the worst case, aka a tower with a dipole antenna on a mountaintop, at 900 MHz the coverage will be around 35 km. Segmented antennas just limit the section of the circle where the endpoints are. In suburban areas, coverage is usually 10-20 km, and urban areas it's 5km and less.
Now you know which cell and cell section the user is in... but to actually pinpoint the user? That takes some more work. First, you need a few more towers that the user can reach for triangulation - the more the better - but if the operator of such a setup is even remotely clever and the hardware/firmware supports it, they will have locked the devices to only connect to a single tower (you can see a map at [1] that shows the IDs). If the operator didn't do that but the site is too remote to achieve triangulation, you might need to drive around in a van and use an IMSI catcher, aka a phone tower emulator, and hope that eventually the site's devices register at it. That, however, is a lot of awful work, and is often not legal for police authorities, only for secret services.
Now you might ask yourself, what about 911, how can they locate callers precisely? The thing is... it depends. Landlines and VoIP lines are usually mapped to a specific address (which is why VoIP providers give you an explicit warning that, if you do not keep that record up to date, 911 calls will be misrouted!), so that's trivial. Mobile phone callers however, until a few years ago the degree of precision was exactly what I just described - it completely depended on celltower coverage, with the only caveat that a phone will connect to another operator if it shows a stronger signal for 911 calls. Only then, Android introduced Emergency Location Service [2] and Apple introduced Hybridized Emergency Location [3] - these work with the sensors on the phone, most notably GPS/GLONASS/Beidou, but also SSIDs of nearby WiFi APs and specific Bluetooth beacons. Downside of that is, of course, the 911 dispatch needs an integration with Apple and Google's services, users can disable it for privacy reasons, and older phones won't have anything - so in these cases, 911 dispatchers are straight out of luck and again reduced to the above range of precision.
1. Sim box operators were running multiple locations for sending spam texts, cheap VoIP for scams, and potentially other phone-related crimes.
2. Operators were associated with other criminal gangs. Maybe directly, maybe indirectly. Someone may have been running a drug side-business from a location.
3. Someone uses this sim box operation to send threatening scam messages that happen to reach these government officials. For whatever reason, they take it seriously.
4. Now that the feds and NYPD have raided this sim box operation, they have to justify why they were doing this. It's probably not directly illegal to run a sim box farm so they are going to play up the threat a bit to get more coverage of the investigation.
I can assure you, a lot more dangerous criminal activity happened within a 35 mile radius of the UN than some zombie cell phones sending scam texts. While I applaud anyone shutting down scams, the window dressing is embarrassing. Someone has watched too much Blacklist or any of those fantastical police procedurals.
Yeah. Sorta weird USSS is investigating this. Maybe it was originally related to some Treasury-related fraud case. We're close to budget time so they have to demonstrate congress should give them the money they asked for, so it's pretty easy to upgrade some random scam/spam texter to a terrorism case. It's sort of endearing, actually, when they get some adults back in the USSS reporting chain we'll probably see less "imaginative" press releases.
They might have randomly spammed phone numbers that have special purpose and triggered some sort of honeypot. Or someone powerful got scammed. Either way, happy they take it down and provide some photos. Would love to learn more details.
Speculation: Some gov't types wanted to shut down the scammers (or whatever they are) - but were not getting much traction with the higher-ups, to actually do something. Vs. after their case was rebranded as "this may be part of a plot to assassinate the President" - suddenly every approval and resource they could want was being push into their laps.
Literally anything the government does from now on is going to be related to discovering terrorist plots. They have to find some way to fit the agenda into that giant post-9/11 loophole.
> 1. Sim box operators were running multiple locations for sending spam texts, cheap VoIP for scams, and potentially other phone-related crimes.
Agree, I would guess this was just a bottom-rate VOIP/text spam service, potentially affiliated/run by organized crime, that doesn't ask many questions, accepts payment exclusively in BTC, etc.
> 2. Operators were associated with other criminal gangs. Maybe directly, maybe indirectly. Someone may have been running a drug side-business from a location.
I think this is just another version of a grow-op. Run by a gang, mainly for profit. Perhaps the shelves were even from an old grow-op that became unprofitable when New York legalized marijuana.
> 3. Someone uses this sim box operation to send threatening scam messages that happen to reach these government officials. For whatever reason, they take it seriously.
I disagree here, from the description of the messages I think these were supposed to be actionable threats. At least two of the incidents mentioned were swatting attempts, which are still taken somewhat seriously and are treated as serious threats when directed at elected officials. US Police are highly armed and often very aggressive, swatting incidents have resulted in deaths before.
This, to me, reeks of the sort of foreign interference with domestic politics that has been mentioned in the past. Trying to escalate domestic tensions is straight out of that playbook.
What I think happened is - some foreign actor used organized crime connections, or some other way in to get time on this spam farm, and they used the numbers there to SWAT and threaten officials around the US in a way that's harder to trace than a regular VOIP provider.
> 4. Now that the feds and NYPD have raided this sim box operation, they have to justify why they were doing this. It's probably not directly illegal to run a sim box farm so they are going to play up the threat a bit to get more coverage of the investigation.
I think they see this as a wonderful coincidence. With the setup as described in the article, I could see this farm overloading the few cells that serve the particular area around whichever building(s?) these sites were found in, but city cellular networks are very dense. There's hundreds of mobile cells in New York City, and frankly I think if you wanted to seriously take down the cell network a few high power jammers distributed across the city would be more effective.
And yeah, I wouldn't be surprised if this isn't directly illegal, although I bet the operation as a whole has been dodging taxes and know-your-customer rules. But, here we have a golden opportunity to play this up as a major terrorist threat instead of just organized crime, and they're going to take that option every time.
The only interesting bit that makes this sound like something more than a VoiP farm
> Telephonic threats to multiple senior U.S. officials this past spring – including multiple people protected by the Secret Service – first triggered the investigation, but officials say the network was seized within the last three weeks.
and guns/drugs
> Investigators also found 80 grams of cocaine, illegal firearms, plus computers and phones.
Maybe cartel tech stuff, but I'm not sure why cartels would mess with threatening politicians.
I don't see where they made the political connection other than the farm was located in range. Maybe they had evidence they didn't share. The site was also in range of Wall Street and everybody else in the city. All kinds of fraud, surveillance, and private comms were possible.
It's possible after some threats they decided to probe cell network behaviour around some buildings downtown. And this particular farm wasn't the original source, just something they found in the process.
> Telephonic threats to multiple senior U.S. officials this past spring – including multiple people protected by the Secret Service – first triggered the investigation, but officials say the network was seized within the last three weeks.
So you mean they could have shut down these SMS and outbound call spam farms years ago
I would guess that this is still more likely some scam infrastructure middle man setup, and one of their customers chose to use it to make threats / do more than just scam people.
It seems unlikely you'd setup a scam setup like this and out yourself by making threats to government officials via your own infrastructure ...
I mean as opposed to the narrative about threatening New York and UN. Being able to spam the phone networks isn't very novel and the location isn't super relevant AFAIK.
It's a remote phone number as a service system, and some customer of the service used it to make anonymous threats. On the whole, it's a good thing this outfit got shut down, as one of the primary customers of such services are large scale social media bot farms.
Yeah I'm skeptical about the political threat angle being directly connected to this set up. The press release was vague about the connection for a reason.
"It could have overwhelmed cell towers, toppling New York City’s cell service and preventing every Manhattan resident from accessing Google Maps."
Seems odd that the most important use they can highlight for cell service in NYC is accessing Google Maps. Not accessing 911, not some other vital use of cell service, but Google Maps.
NYC is full of free Wifi all over the place. So many McDs, Starbucks, and other restaurants and sites you can get Google Maps anywhere.
What a bizarre story. They say it's an anonymous network. What does that mean when multiple locations with racks of tens of thousands of SIM cards and the supporting equipment are found around NYC area? In order to manage this hardware and the operations around this equipment it would take boots on the ground, at least occasionally, for repairs and maintenance.
No mention of arrests or surveillance of any site to try and apprehend anyone related.
While the headline on NYT highlights an attack on the towers for disruption, the CNN piece gives more weight to two other uses: (1) criminal communication network and (2) swatting.
I think those two make sense. The SIMs would probably hold US numbers and would appear authentic for accessing the US operators' networks.
(2) is the thing that brought attention of LE on these, and likely was a very dumb move by one of the users of this system. If just (1) they could have kept it going for much longer, (2) is what brought it down.
I don't see why you'd actually need any SIMs in the first place if you wanted to DoS a cell tower. My guess is that it's basically just a device farm for either sending spam or receiving activation codes for spam accounts elsewhere. By putting them in a populated area, the increase in traffic is less noticeable.
It makes it much harder to nail down exactly where the farm is. You can't just go break down all the doors in a large high-rise and the reflections of the radio signals in the urban canyon will further hamper your ability to pin-point the devices. But you might be able to correlate power consumption or heat signature with activity.
Yeah, they are putting two facts together to heavily imply that they are part of a single story, but there is no evidence presented that they are. "UN leaders are gathering!" "There is a huge SIM farm that could disrupt communications!" Both true, but seemingly unrelated. All those car warranty texts have to come from somewhere - this is probably where.
Exactly. And the whole point of a cellular network architecture is that it's resistant to DoS attacks (what the rubes call "unexpectedly heavy usage"). Sure, you can take a cell out with a hundred fake phones, and all the users in that cell will hop to the next one. Or at worst walk a block over to find another. The attack doesn't scale, at all.
And even if you wanted to deploy custom hardware to do it, it would be far easier to just use a high power jammer on the band anyway than mucking around with all those SIMs.
These are for making actual use of the telecom facilities at scale, with the anonymity you get from burner SIMs. It's fraud, not terrorism.
Some parts of it are (DoS resistant.) And some carriers are more resistant than others. Verizon's CDMA from the 90s / early 2000s was NOTORIOUS for falling over when too many people texted at the same time. But yeah, it's been a while since things were that bad.
Both this article and the NYT one strongly implies a link between these farms & the threats to government officials without actually outright stating so.
Yes, this is what I want to know. I didn't think a cell phone (or any number of cell phones) could intercept other phone calls/data. I know a fake cell tower has some capability for that.
> “While forensic examination of these devices is ongoing, early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.”
Criminals and intel services using a criminal network? News at 11.
The Secret Service is really trying to make hay out of these things being close to UN, but so are millions of other things in the New York City Metro Area. Either they have intelligence they aren't disclosing or someone's try to put a lot of spin on this crime bust.
If state actor propaganda botfarms operate in this fashion in other cities, we can try to find more of these patterns. Would be interesting to see a drop in youtube, reddit or facebook user activity correlated with such bust.
Which makes me wonder how much these guys spent per phone number. If you figure you can use a phone number maybe 2 or 3 times per service before it gets blocked they could create literally millions of accounts with this operation across various services. I don't know what the black market value for a Gmail, Facebook, Instagram, Reddit, HN, etc... account is, but I suspect it is more than the price of a SIM card.
They were running an extortion and intimidation campaigns.
Remember when Trump was running the second time? Those white Americans who were calling people all throughout America with those moronic threatening messages?
Until it happens to you or yours it is hard to comprehend.
Were they? I haven't seen that stated anywhere. The news report from NYTimes does say "the cartels were using it too".
>One official, speaking on the condition of anonymity, said agents also found 80 grams of cocaine, illegal firearms, computers and cellphones when they discovered the network.
Sounds like literally a mobile botnet and it was probably just leased out access to a range of users.
Leasing access to botnets and other resources is 1000% normal in the "crime web" and is a business in of itself rather than being directly part of the crimes.
On top of that, a "nation state" attacker isn't going to be giving their employees cocaine, unless its Hamas lolololol.
> Remember when Trump was running the second time? Those white Americans who were calling people all throughout America with those moronic threatening messages?
"The agency said on Tuesday that last month it found more than 300 SIM servers and 100,000 SIM cards that could have been used for telecom attacks within the area encompassing parts of New York, New Jersey and Connecticut."
Isn't it costly to acquire that many SIM cards? Or maybe they were inactive until they were associated with an account? So it was just to keep allowing for a rotating set of SIM accounts?
Are we going to find out that all these cellphones were used to run bots on X or similar?
Could simply be a propaganda botfarm. Each of these sim cards registers on facebook, youtube, reddit and the faraway propaganda teams use them to relay messages.
I'm curious how this would work without being traced. Someone is paying rent on the apartments. For the simcards, I think they are all able to call 911 even if they don't have credit/dataplan. They're also able to connect to a tower and take up slots. So probably the only way to financially trace the simcards is the initial purchase.
I wonder if all the cards in the photo are active at once, or only activated on some rotation. The latter would certainly make them a lot harder to detect
Probably depends how hard the phone companies are looking at the data. If the cards are mostly idle then they probably don't impact the service at the tower and if there is no service impact then the operators probably don't care.
When you think about the sheer scale of monitoring every cell phone in the country it probably doesn't stand out nearly as much as you would expect.
Can also text 911 now which would overburden the texting protocol network so no one else’s texts will go through.
It’s a cell tower jammer and terrorism multiplier. Can’t call or text. It will probably disturb internet service as well. Include a few radio jammers for local police and a few satellite antennas you could create an opportunity then a panic to cover your tracks getting out.
I would wager a huge majority of text messages in NYC will go through either RCS or iMessages which skips the SMS layer and instead goes direct to data.
I wonder what kinds of techniques, if any, these virtual cell phones employ to evade being discovered. You would suspect that they could be discovered through triangulation.
Two possibilities:
1. Most if not all of these virtual cell phones are connecting from the same location.
2. Some of these virtual cell phones are connecting from the same location, with the remainder in reserve.
In the case of (1), you have both a fixed location and a high saturation that is unlikely.
In the case of (2), you could imagine using certain numbers at certain times to simulate the work day or hours during which people are more likely to be at home. Randomization or round robin could produce unlikely patterns, but without them, these virtual phones would be underutilized, save for some kind of cyberattack that would compromise their location.
Or the truth simply may be that they aren't doing anything, because no one is watching.
Not sure why, but I find that an astonishingly professional setup. The sim servers clearly haven't really got a legit use at that size - yet they come built with a very professional steel case. Setups even have color coded uplink vs downlink cat5 cables. I mean just very neat and tidy.
That pictures with the sim cards are impressive, mainly with how clean the setup looks. Can even see power/network cords taped down to the floor even underneath the metal shelving[1].
Could it perhaps be espionage related to a downgrade attack? ie force a target's phone to switch to 3G by temporarily overloading/confusing the 4G/5G network.
This is pretty low on information but maybe that's how it has to be, since there probably is a tradeoff between covering the investigation & revealing investigative methods that should be kept private.
>>...early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.
>>These devices were concentrated within 35 miles of the global meeting of the United Nations General Assembly now underway in New York City. Given the timing, location and potential for significant disruption to New York telecommunications posed by these devices, the agency moved quickly to disrupt this network.
What nation-state actor might want to disrupt a major US city during a meeting of the UN General Assembly?
There is no claim that it had anything to do with the UN General Assembly ('within 35 miles' covers a lot more than the UN General Assembly). They do say senior US officials were targeted.
Umm, that claim is literally a cut-and-paste quote from the US Secret Service announcement (which is why I inserted the ">>" at the beginning of the paragraph to signify the quotation).
So YES, there is a specific claim, and it came directly from the USSS, in the exact article heading this topic. The USSS does not merely toss in observations without a basis in their working threat model (unless they've changed since I worked adjacent to them). It may indeed turn out to be unrelated, but the USSS is publicly stating they are treating it as more than a coincidence.
I made this comment on another thread that ended up getting flagged as dupe, but this is probably not all that mysterious. These SIM boxes are a commercial product you can buy from China:
...and their purpose is mostly to provide an IP-to-cell-phone-number gateway for SMS spam and phone scams. A real cell phone number is greatly preferable to VoIP phone numbers, which are blocked / flagged at a much higher rate.
> While forensic examination of these devices is ongoing, early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.
> These devices were concentrated within 35 miles of the global meeting of the United Nations General Assembly now underway in New York City. Given the timing, location and potential for significant disruption to New York telecommunications posed by these devices, the agency moved quickly to disrupt this network.
These passages are from the Secret Service's press release and are not quoted in the CNN article. Note that a 35 mile radius of the UN includes literally all of NYC and then some. CNN wisely chose to change that to "35 miles of New York City" and not mention the UN at all, as the supposed link is extremely tenuous.
The photos in the NY Post article make it look like they raided cell phone shops in normal retail locations. It looked more like an engagement/click fraud operation.
There are hundreds of these operations at any one moment in time, some more legit than others (voip dial backs, short message farms for scammers) not sure why they are making this out to be the end all and be all of this type of things. Telcos have the ability to lock these down pretty quickly using proximity of devices alone, but the almighty dollar is more important ;)
It's just another distraction from the unreleased Epstein files. The admin has been doing this periodically since people started asking about the files - taking something mundane and blowing it up into front page news.
What sane cellular carrier would issue tens of thousands of sims to a party like this? There do appear to be a few different colors / designs of sims in the photos but still there has to be some shady back-end dealings with cellular carriers for this to even be plausible.
The packaging in one of the photos is a MVNO. It's easier to get sims for a MVNO than a carrier, but either way, there's tons of sim card resellers, they have to be getting inventory from carriers/MVNOs. Ask a hundred resellers for 1000 sims each, and you'll get to 100k. 1000 sims may be a lot for some resellers, but is probably small for many of them.
Probably they were next to sports stadiums. Most of the time there is ample unused cell capacity. Also: the New York marathon hosts 50k+ runners. I don't easily believe that 100k phones distributed over several sites on a 35 mile radius around New York have any impact.
I think smaller ones might be useful for network quality testing and mapping. I think carriers drive around with boxes in vehicles to test their own networks reliability and map their competitors.
They have lots of illegitimate use that isn't about crashing the cell network like sending out spam https://www.cyberdaily.au/security/9949-sydney-man-arrested-... or allowing people to use in-network free call allowance to instead make voip international calls
The NSA doesn't use a bunch of SIM cards on wire racks.
If the NSA needs outbound phone numbers, they're more likely to set up a shell company and pretend to be an MVNO or a VOIP telco provider, a couple computers on a cheap cloud host masquerading as a phone provider is a lot easier to manage and hide than a setup like this. This is a pretty common kind of business so it's easy enough to blend in, and it isn't restricted to a single apartment or city.
If the NSA wants to eavesdrop on phone calls, they just set up a room inside the relevant phone provider [0].
I think this is more likely a gang operation or a foreign influence operation. Details are thin but it feels like a shady organized crime operation (think quasi-legal, probably advertising as bottom-rate VOIP numbers or text gateways) that got used at one point by a foreign influence operation to make threats and try to interfere in domestic politics.
Inside the US? Unlikely. This is physical hardware being shipped to the US, that sort of thing really lacks plausible deniability unlike rolling up phone records in foreign countries that happen to contain American tourist phone calls.
If these were found in a foreign country then maybe, but these would be far more likely to be some foreign intel service than the NSA.
Unless NSA is listening to the diplomats from other countries. Maybe this is a system to quietly force devices belonging to diplomats onto certain networks/nodes so they can be more easily intercepted. If someone wanted to simply shut down a network, a few basic white noise jammers could block frequencies far more easily/cheaply than a thousand sims.
I'm so happy at least one other person caught onto this. I figure if it had been a China/Russia/North Korea type actor they would've put it in the headline.
I'm out of my depth here, but I find it Matt McCool (honestly...) who is head of the WASHINGTON field office is the reporting to have broken this case for the NY Field office. Hmm.
PRIOR to his serving in Washington, he was head of the New York Field office...likely from 2021 to early 2024. Hmmmmmmmm.
Also, nothing from the FBI or FCC--agencies NORMALLY involved in telecom takedowns. HMMMMmmmmmmmmm. mm. mm.
The cards are the easy part. It's setting up 100,000 accounts where you run into trouble. There was some traceable payment methods in use here, which might be how they got busted by the Secret Service. The whole thing could have been fallout from an earlier counterfeiting operation.
100k Not sure. Good question! 100 is easy, in NL you can just grab boxes of them at certain phone shops, Lebara etc. These are free and anonymous. Sometimes they will stop you and say: these are only for clients, other times they are happy if you take the whole box of 100pcs.
The pictures of the confiscated equipment is every phone phreaks orgiastic wet dreams.
It is interesting that these sorts of things are going on in the first world, and until discovered anyone vocalizing suspicions of such a thing would be regarded as a paranoid delusional crackpot.
It does seem like the sort of PR-rewrite for a press release that results in distances measured in football fields.
Looking at a map, a 35 mile as-the-crow-flies (and as the cell network signal flies) radius of the U.N. Secretariat building almost gets one to Lake Hopatcong, New Jersey, in one direction and past Stamford, Connecticut, in another.
It reminds me of those "how to promote yourself" things about say turning "did routine performance optimizations on the website" into "saved the company $ZZZ million" and such.
It's worth highlighting that that link suggests this may be linked to foreign states rather than just garden-variety organized crime ("...early analysis indicates cellular communications between nation-state threat actors...").
"Concentrated within this 10000 km² area" sounds not nearly as impressive. Granted, "concentrated within 35 miles" sounds already rather dilute when talking about mobile phones.
This hardware is fascinating - I've seen other examples of these farms Deployed in Ukraine but does anyone have more info on how these "servers" are orchestrated?
My question is: are any of these alternatives helpful against these novel attacks? If you are on a phone using a network vanilla provider like tmobile or otherwise, is there any way to prevent your phone from trying to connect to a fake network?
If I controlled the entire cell phone stack, like I would with FLX1s, then could I have something like the ssh initial connection signature:
The authenticity of host '100.64.0.46 (100.64.0.46)' can't be established.
ED25519 key fingerprint is SHA256:yE4jh7gROroduLqbIFcInlUXrpDy8JIpJPc+XvtIpWs.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Once I accept that sshd endpoint, I know my ssh client will protect me if the sshd changes and I'm experiencing a MITM.
It would be a bit of a pain to accept a new cell tower when I'm in a new city, but I could imagine syncing a whitelisted trusted set of cell phone towers (ha, when I think of that the whole idea of "trusted" is laughable). But, at least I would have more insight into when I am getting surveilled. And, I could say "not today ICE!" or "tmobile, idk, please give me my HN fix, I don't even care if you know I'm aware my government is tracking me as I pay the service fee!" I bet a whitelist hosted on github would be faster to update than tmobile installing new cell phone towers so privacy enthusiasts could enable their own safety.
> Are there ways to prevent this kind of thing using GrapheneOS or FLX1s?
Prevent what exactly?
> If you are on a phone using a network vanilla provider like tmobile or otherwise, is there any way to prevent your phone from trying to connect to a fake network?
LTE and beyond have mutual authentication. Your phone will attach to any network for an emergency call, but attachment to LTE requires the network trusts your sim and your sim trusts the network. [1] No trust on first use necessary, because the SIM includes its private keys and public keys for the network.
https://archive.is/wNpfX
Oh lol, this is a scam site. Yes, there are potential other uses for a sim box but mostly they are used for VoIP purposes. It's honestly so hard reading quotes from the US government these days. Cartels, drugs, guns. They make it sound like they interrupted the staging of an assault on the UN when the article actually says that the locations were within 35 miles of the UN headquarters in NYC. This is a significant distance as it covers beyond the 5 boroughs, it's the "tri state area". Like 20M people live in that circle. I highly doubt this is for anything other than VoIP scams.
Yup. This is literally just a cellular grey route site for some shitty VoIP provider, just like the SIM box SMS scams go marching on in other countries. Some operator is shitting their pants right now, probably.
The SIM cards come from cheap MVNOs that have dealer arrangements for cheap or free first month activations, then they just set up a handful of SIM boxes and a residential Internet connection back to the mothership (like they did at the captured house with the white Verizon 5G Home router just casually sitting on the floor next to the units).
Similarly, I’ve had some friends on US MVNOs themselves that have access to “free” international calling, yet every time they call (the same) international number the receiving party gets a wildly different caller ID from a wildly different country each time (Poland, Moldova, etc). Also dodgy SIM boxes!
> shitty VoIP ...
Or grey-route bulk messaging and SMS OTP bypass so actors can register throwaway accounts on Signal/WhatsApp/Telegram, social platforms, fintech, crypto etc. then burn the numbers after use.
You need 100k SIMs to defeat per-SIM rate/behavior caps, receive OTPs for mass account creation and run thousands of campaigns/conversations in parallel while keeping each SIM's pattern below carrier detection thresholds.
It's not about the UN.
NYC is a prime market for "local presence" numbers (212/917/646 etc.), which boosts answer rates and trust for scams, impersonation, mass disinfo campaigns.
5 replies →
> yet every time they call (the same) international number the receiving party gets a wildly different caller ID from a wildly different country
Skype was like that for a long time
Agreed. These days setups imho aren't vanilla origination and termination VoIP scratch card traffic it's more likely a distributed bot farm obfuscation as a service provider. I have seen commercially available sim bank gateways that can separate the sim from the antenna in order to change towers and simulate movement. The use of eSim adapters make it superscaleable now in terms of abstracting the numbers from the sims. Whatever the application a press release tie in to UN is a little odd.
> Yes, there are potential other uses for a sim box but mostly they are used for VoIP purposes.
So you mean... like, these are the exit points into the "legitimate" telephone network for, say, those random MedAlert scam calls I keep getting from numbers scattered all over North America? Or if not, what does "VoIP" mean here exactly?
Somehow I've missed this entire phenomenon...
Bingo! And the call's been "verified by the carrier" because it came off the cell network from a purportedly valid SIM... but patched into a dodgy SIP connection back to the scammer.
> This is a significant distance as it covers beyond the 5 boroughs, it's the "tri state area"
Same year as the Phineas and Ferb reboot. Coincidence???
The "canonical" tri-state area is greater New York City, which stretches into Connecticut and New Jersey.
But the lyrics are still stuck in my mind, "The tri state area was the bi state area with an adjacent area, right over there".
Perhaps the Secret Service possesses additional information they're not disclosing that supports their narrative. It might come out at trial, if it gets to that stage. Or, it might not, because certain methods and sources of law enforcement operations might not be publicly disclosed if national security is involved.
But we can agree that we aren't obliged to believe them, right?
4 replies →
Don't you need to reveal the facts in criminal court? Right to see the evidence against you and all that.
6 replies →
[flagged]
The article really should have put that map front and center, because that map alone is enough to show how ridiculously overhyped the government claims are.
I'm presuming this discovery was near the outer perimiter of that circle, because otherwise presumably they'd have quoted a smaller, scarier number.
Like XKCD said, every map is basically a population map: https://xkcd.com/1138/
reminds me of when i see articles in the news in my country sometimes, with headlines like : "Man found with drugs within 500 meters of school"
There are schools everywhere, usually in places where there are lots of other amenities like shops, and doctors, and pubs.
1 reply →
The interesting part is in the delta between population and usage.
why did the voip scammers need guns and cocaine?
Gun ownership is a protected constitutional right and cocaine is a popular drug. May but be connected.
There's probably a pretty significant overlap of scammer, gun owner and cocaine user Venn diagram. Is it that surprising?
> Officials said the anonymous communications network, which included more than 100,000 SIM cards and 300 servers, could interfere with emergency response services and could be used to conduct encrypted communication. One official said the network was capable of sending 30 million text messages per minute, anonymously. The official said the agency had never before seen such an extensive operation.
> Investigators found the SIM cards and servers in August at several locations within a 35-mile radius of the United Nations headquarters. The discovery followed a monthslong investigation into what the agency described as anonymous “telephonic threats” made to three high-level U.S. government officials this spring — one official in the Secret Service and two who work at the White House, one of the officials said.
So 100k SIM cards scattered around the middle of New York City.
Probably an egress point for scammers and bot farms, and the speculation about local disruptions isn't grounded in anything other than scale?
>Probably an egress point for scammers and bot farms, and the speculation about local disruptions isn't grounded in anything other than scale?
More likely an egress point for cheap VOIP routing.
That would be my first guess if the devices were found in the Middle East, but legitimate interconnect in the US is stupid cheap. (See e.g. Twilio's SIP pricing; I assume they have reasonable supply chain security.)
4 replies →
Maybe some sort of darknet service for anonymous sms / calls which was used for stuff that really raised alarms such as calling/messaging these officials
Another article about the same event mentioned swatting against public officials but wasn't clear on whether or not that was how they found these.
Yeah there was this the other day, although I'd expect the hardware for this is much smaller than is shown in the photos in the OP: https://news.ycombinator.com/item?id=45294766
Nah it's that size. You need an individual modem for each SIM card because you need a unique IMEI. It's possible each of those SIMs are eUICCs as well which means basically that each card is like a "wallet" with multiple profiles.
I've used hardware a decent amount larger than what's pictured in the OP for work. But what I was using wasn't just for SMS. So I needed more sophisticated modems. What they're using looks like a bunch of 64 port modem banks exclusively for SMS.
(Oh wait if you mean the devices for what's in the article you linked, then yea, those I'm sure are much smaller and quite different.)
6 replies →
Looking at the original press release (https://www.secretservice.gov/newsroom/releases/2025/09/us-s...) and the attached high-resolution photographs, there are things that probably leap out at a Hacker News readership:
The Bad Guys are neat with their cable ties, and number their gateway boxes.
The Bad Guys went with simple heavy-duty metal garage shelving rather than real racking, seemingly vastly overengineered for the weight of the equipment, as that sort of shelving can hold up to a Mg per shelf UDL. The "WallOfSimBoxes" kit does not sport any rack mounting brackets.
The Bad Guys don't use redundant power supplies, or battery backup.
By the way, if you want a quick overview of this kind of equipment if you've never seen it before, here's (randomly picked by Bing Shopping) China Skyline's marketing blurb for a similar 64-port SMS gateway:
* https://chinaskyline.net/sk-gsm-voip-gateway/esim-64-ports-s...
This is fascinating.
Re Shelving: I exclusively buy very similar shelving. It is cheap, reliable, large, and strong. In fact, I have not found any other shelving that can match the performance/price of these.
I buy from Walmart. search their site for "Hyper Tough wire storage shelves"
I'm seriously wondering about the practicality of this operation. Wouldn't that many SIMs on the same spot overload any nearby cell tower? And even if the antennas could stand the load, that many SIMs hugging the network without any logical reason (like a parade or a demonstration) is bound to raise alarms at the network operator HQ. If this is a scam operation, I would expect these boxes to be distributed across several locations.
It's likely a "crime-web" service host. They are probably somewhere in Manhattan or Brooklyn to have enough tower cells to handle it (tis the benefits of a dense city for this type of operation). They probably gradually grew it as their crime web demand rose and flew too close to the sun.
It also sounds like they did have multiple locations, but they didn't distribute the modems out enough to flew under the radar longer.
Actually no, overload is easily avoided even on cheap chinese 20-channel LTE base stations (aka tower segments) if all you do is just rotating SIMs and sending some SMS.
Logically one would switch sms-sending using some number of (fixed or mobile) sdr-based simboxes so that they would even appear to move around the city randomly.
Those guys did it on the cheap. But then they did not expect SS to drop on them.
It's likely they round-robin the SIMs through a much smaller number of modems
Oh! Those pics are interesting - the handful on the floor of an appartment feel very different to me from the room with hundreds of them; that's much larger scale.
Those might be photos of the equipment in storage after it was confiscated, not of the equipment in the location and condition in which it was found.
> The discovery followed a monthslong investigation into what the agency described as anonymous “telephonic threats” made to three high-level U.S. government officials this spring — one official in the Secret Service and two who work at the White House, one of the officials said.
> The agency did not provide details about the threats made to the three officials, but Mr. McCool described some as “fraudulent calls.”
> Investigators have been going through the data on SIM cards that were part of the network, including calls, texts and browser history. Mr. McCool said they expected to find that other senior government officials had also been targeted in the operation.
The article goes out of its way to imply a link between this farm and the threats, but doesn't actually explicitly make that link.
The CNN article covering the same story does the same thing: https://www.cnn.com/2025/09/23/us/swatting-investigation-ser...
The Secret Service statement, however, does make that claim explicitly in the first sentence: https://www.secretservice.gov/newsroom/releases/2025/09/us-s...
I really dislike that I cannot trust what comes from .gov right now. Even something as innocuous seeming as this article. That's a big problem.
[flagged]
Please tell me how the government before this administration, and the one before, and the one before etc was trustworthy?
"please provide evidence"
Provides evidence
"No, not that evidence"
No thank you.
If you have nothing to ground yourself upon, then you're just floating In space.
So that's the tip. Makes you really wonder about the iceberg, this raises many more questions than it answers.
The UK has criminalized possessing or using SIM farms or related gear in response to these popping up with some regularity. But the operators are pretty clever and know how to hide. I've been thinking about how easy it would be to detect these when you're a telco and I think the signature is unique enough that it should be possible to detect which SIMs are part of a farm, even if you don't know the exact location of the farm.
Since you seem to know about the subject, how are these not immediately found and shut down? It seems like the messages they send could be traced to the sims physical location, and having a massive cluster of thousands of sims just sitting in an apartment also seems like an obvious giveaway. And there’s all the traceability required to rent the locations and buy the equipment. It seems like bothering with this is just asking to get caught.
Well, they did get caught. But for that to happen immediately would require a detection method that can point out the presence of a farm with only a few samples. SIMs don't know their 'physical location' and triangulation of signals in these bands in the urban environment is non trivial.
Whoever did this likely isn't all that happy that their carefully created infra was used to harass officials, which most likely is the single reason this operation got uncovered in the first place. If it would have just been used for low level crime who knows how long they could have continued to do this.
Note that these are not unique to NYC or even to the United States, they've been found in other countries as well, the UK has now criminalized possession or operation of these (but the fines are so low that I don't think it will make much difference).
20 replies →
They could probably be quickly found if someone is looking for them, but carriers don't necessarily care that much about these. Add a couple layers of indirection with MVNOs and there's a lot of meh to spread around.
If the reporting around this is accurate, sounds like someone(s) was swatting through these, which brought the attention needed to find this group.
> Since you seem to know about the subject, how are these not immediately found and shut down?
Because - depending on cell tower coverage and the antennas installed on it - the degree of precision is far too low to be useful. In rural installations and the worst case, aka a tower with a dipole antenna on a mountaintop, at 900 MHz the coverage will be around 35 km. Segmented antennas just limit the section of the circle where the endpoints are. In suburban areas, coverage is usually 10-20 km, and urban areas it's 5km and less.
Now you know which cell and cell section the user is in... but to actually pinpoint the user? That takes some more work. First, you need a few more towers that the user can reach for triangulation - the more the better - but if the operator of such a setup is even remotely clever and the hardware/firmware supports it, they will have locked the devices to only connect to a single tower (you can see a map at [1] that shows the IDs). If the operator didn't do that but the site is too remote to achieve triangulation, you might need to drive around in a van and use an IMSI catcher, aka a phone tower emulator, and hope that eventually the site's devices register at it. That, however, is a lot of awful work, and is often not legal for police authorities, only for secret services.
Now you might ask yourself, what about 911, how can they locate callers precisely? The thing is... it depends. Landlines and VoIP lines are usually mapped to a specific address (which is why VoIP providers give you an explicit warning that, if you do not keep that record up to date, 911 calls will be misrouted!), so that's trivial. Mobile phone callers however, until a few years ago the degree of precision was exactly what I just described - it completely depended on celltower coverage, with the only caveat that a phone will connect to another operator if it shows a stronger signal for 911 calls. Only then, Android introduced Emergency Location Service [2] and Apple introduced Hybridized Emergency Location [3] - these work with the sensors on the phone, most notably GPS/GLONASS/Beidou, but also SSIDs of nearby WiFi APs and specific Bluetooth beacons. Downside of that is, of course, the 911 dispatch needs an integration with Apple and Google's services, users can disable it for privacy reasons, and older phones won't have anything - so in these cases, 911 dispatchers are straight out of luck and again reduced to the above range of precision.
[1] https://opencellid.org/
[2] https://www.android.com/safety/emergency-help/emergency-loca...
[3] https://www.apple.com/newsroom/2018/06/apple-ios-12-securely...
There was at least one SIM farm which was installed in a delivery type van and driven around. This was to avoid being detected as a stationary device.
Clever! Also far more risky because it would require near constant attention.
16 replies →
Sim farm or SMS blaster? SMS blaster in van would make more sense, detecting a moving sim farm would be easier than a stationary one.
Here's my guess how this has and will play out:
1. Sim box operators were running multiple locations for sending spam texts, cheap VoIP for scams, and potentially other phone-related crimes. 2. Operators were associated with other criminal gangs. Maybe directly, maybe indirectly. Someone may have been running a drug side-business from a location. 3. Someone uses this sim box operation to send threatening scam messages that happen to reach these government officials. For whatever reason, they take it seriously. 4. Now that the feds and NYPD have raided this sim box operation, they have to justify why they were doing this. It's probably not directly illegal to run a sim box farm so they are going to play up the threat a bit to get more coverage of the investigation.
I can assure you, a lot more dangerous criminal activity happened within a 35 mile radius of the UN than some zombie cell phones sending scam texts. While I applaud anyone shutting down scams, the window dressing is embarrassing. Someone has watched too much Blacklist or any of those fantastical police procedurals.
Yeah. Sorta weird USSS is investigating this. Maybe it was originally related to some Treasury-related fraud case. We're close to budget time so they have to demonstrate congress should give them the money they asked for, so it's pretty easy to upgrade some random scam/spam texter to a terrorism case. It's sort of endearing, actually, when they get some adults back in the USSS reporting chain we'll probably see less "imaginative" press releases.
They might have randomly spammed phone numbers that have special purpose and triggered some sort of honeypot. Or someone powerful got scammed. Either way, happy they take it down and provide some photos. Would love to learn more details.
1 reply →
Speculation: Some gov't types wanted to shut down the scammers (or whatever they are) - but were not getting much traction with the higher-ups, to actually do something. Vs. after their case was rebranded as "this may be part of a plot to assassinate the President" - suddenly every approval and resource they could want was being push into their laps.
2 replies →
Literally anything the government does from now on is going to be related to discovering terrorist plots. They have to find some way to fit the agenda into that giant post-9/11 loophole.
My read is slightly different:
> 1. Sim box operators were running multiple locations for sending spam texts, cheap VoIP for scams, and potentially other phone-related crimes.
Agree, I would guess this was just a bottom-rate VOIP/text spam service, potentially affiliated/run by organized crime, that doesn't ask many questions, accepts payment exclusively in BTC, etc.
> 2. Operators were associated with other criminal gangs. Maybe directly, maybe indirectly. Someone may have been running a drug side-business from a location.
I think this is just another version of a grow-op. Run by a gang, mainly for profit. Perhaps the shelves were even from an old grow-op that became unprofitable when New York legalized marijuana.
> 3. Someone uses this sim box operation to send threatening scam messages that happen to reach these government officials. For whatever reason, they take it seriously.
I disagree here, from the description of the messages I think these were supposed to be actionable threats. At least two of the incidents mentioned were swatting attempts, which are still taken somewhat seriously and are treated as serious threats when directed at elected officials. US Police are highly armed and often very aggressive, swatting incidents have resulted in deaths before.
This, to me, reeks of the sort of foreign interference with domestic politics that has been mentioned in the past. Trying to escalate domestic tensions is straight out of that playbook.
What I think happened is - some foreign actor used organized crime connections, or some other way in to get time on this spam farm, and they used the numbers there to SWAT and threaten officials around the US in a way that's harder to trace than a regular VOIP provider.
> 4. Now that the feds and NYPD have raided this sim box operation, they have to justify why they were doing this. It's probably not directly illegal to run a sim box farm so they are going to play up the threat a bit to get more coverage of the investigation.
I think they see this as a wonderful coincidence. With the setup as described in the article, I could see this farm overloading the few cells that serve the particular area around whichever building(s?) these sites were found in, but city cellular networks are very dense. There's hundreds of mobile cells in New York City, and frankly I think if you wanted to seriously take down the cell network a few high power jammers distributed across the city would be more effective.
And yeah, I wouldn't be surprised if this isn't directly illegal, although I bet the operation as a whole has been dodging taxes and know-your-customer rules. But, here we have a golden opportunity to play this up as a major terrorist threat instead of just organized crime, and they're going to take that option every time.
The only interesting bit that makes this sound like something more than a VoiP farm
> Telephonic threats to multiple senior U.S. officials this past spring – including multiple people protected by the Secret Service – first triggered the investigation, but officials say the network was seized within the last three weeks.
and guns/drugs
> Investigators also found 80 grams of cocaine, illegal firearms, plus computers and phones.
Maybe cartel tech stuff, but I'm not sure why cartels would mess with threatening politicians.
> 80 grams of cocaine
This sounds more like someone's personal property or a small party and not a commercial operation?
80 grams is a whole bunch. I agree it isn't "cartel operation" amount, but it is definitely a dealer.
2 replies →
I don't see where they made the political connection other than the farm was located in range. Maybe they had evidence they didn't share. The site was also in range of Wall Street and everybody else in the city. All kinds of fraud, surveillance, and private comms were possible.
It's possible after some threats they decided to probe cell network behaviour around some buildings downtown. And this particular farm wasn't the original source, just something they found in the process.
> Telephonic threats to multiple senior U.S. officials this past spring – including multiple people protected by the Secret Service – first triggered the investigation, but officials say the network was seized within the last three weeks.
So you mean they could have shut down these SMS and outbound call spam farms years ago
…but just didn’t have the motivation
I would guess that this is still more likely some scam infrastructure middle man setup, and one of their customers chose to use it to make threats / do more than just scam people.
It seems unlikely you'd setup a scam setup like this and out yourself by making threats to government officials via your own infrastructure ...
> The only interesting bit that makes this sound like something more than a VoiP farm
The word only is doing a lot of work here. There are also pictures of the equipment.
I mean as opposed to the narrative about threatening New York and UN. Being able to spam the phone networks isn't very novel and the location isn't super relevant AFAIK.
Hard to see how 100,000 SIMs are needed to make a few anonymous threats.
It's a remote phone number as a service system, and some customer of the service used it to make anonymous threats. On the whole, it's a good thing this outfit got shut down, as one of the primary customers of such services are large scale social media bot farms.
1 reply →
Yeah I'm skeptical about the political threat angle being directly connected to this set up. The press release was vague about the connection for a reason.
"It could have overwhelmed cell towers, toppling New York City’s cell service and preventing every Manhattan resident from accessing Google Maps."
Seems odd that the most important use they can highlight for cell service in NYC is accessing Google Maps. Not accessing 911, not some other vital use of cell service, but Google Maps.
NYC is full of free Wifi all over the place. So many McDs, Starbucks, and other restaurants and sites you can get Google Maps anywhere.
I’ve lived through enough cellular downtimes to have Google offline maps
What a bizarre story. They say it's an anonymous network. What does that mean when multiple locations with racks of tens of thousands of SIM cards and the supporting equipment are found around NYC area? In order to manage this hardware and the operations around this equipment it would take boots on the ground, at least occasionally, for repairs and maintenance.
No mention of arrests or surveillance of any site to try and apprehend anyone related.
The details are skimpy. In a CNN article we can see photos and mention that these were housed in apartment units and perhaps other rentals.
https://www.cnn.com/2025/09/23/us/swatting-investigation-ser...
EDIT:
While the headline on NYT highlights an attack on the towers for disruption, the CNN piece gives more weight to two other uses: (1) criminal communication network and (2) swatting.
I think those two make sense. The SIMs would probably hold US numbers and would appear authentic for accessing the US operators' networks.
(2) is the thing that brought attention of LE on these, and likely was a very dumb move by one of the users of this system. If just (1) they could have kept it going for much longer, (2) is what brought it down.
2 replies →
I don't see why you'd actually need any SIMs in the first place if you wanted to DoS a cell tower. My guess is that it's basically just a device farm for either sending spam or receiving activation codes for spam accounts elsewhere. By putting them in a populated area, the increase in traffic is less noticeable.
It makes it much harder to nail down exactly where the farm is. You can't just go break down all the doors in a large high-rise and the reflections of the radio signals in the urban canyon will further hamper your ability to pin-point the devices. But you might be able to correlate power consumption or heat signature with activity.
100,000 sims connecting to a cell network in Vermont will crash things. In midtown Manhattan that's a blip.
That much capacity could easily overwhelm things that scale poorly. 911 service for instance.
Could be as simple as faking app downloads for the NYC area to raise the appstore ranking
Yeh very weird; I mean if it was just spammers then you wouldn't bothered putting it in somewhere expensive like NY would you?
With that many devices, you'd need to have them in some place with very dense cell service.
This is presented as if it's part of something like a terror plot, but my money is on it being related to your car warranty expiring.
Yeah, they are putting two facts together to heavily imply that they are part of a single story, but there is no evidence presented that they are. "UN leaders are gathering!" "There is a huge SIM farm that could disrupt communications!" Both true, but seemingly unrelated. All those car warranty texts have to come from somewhere - this is probably where.
It’s not. The Secret Service already has identified nation stare actors as being responsible.
That doesn't mean it wasn't money-making scams. North Korea engages in crypto theft all the time.
I'm sure they'll find someone specific eventually
Exactly. And the whole point of a cellular network architecture is that it's resistant to DoS attacks (what the rubes call "unexpectedly heavy usage"). Sure, you can take a cell out with a hundred fake phones, and all the users in that cell will hop to the next one. Or at worst walk a block over to find another. The attack doesn't scale, at all.
And even if you wanted to deploy custom hardware to do it, it would be far easier to just use a high power jammer on the band anyway than mucking around with all those SIMs.
These are for making actual use of the telecom facilities at scale, with the anonymity you get from burner SIMs. It's fraud, not terrorism.
Some parts of it are (DoS resistant.) And some carriers are more resistant than others. Verizon's CDMA from the 90s / early 2000s was NOTORIOUS for falling over when too many people texted at the same time. But yeah, it's been a while since things were that bad.
Yes, they were using these to commit crimes, and will miss them.
Wait. What? My car warrant is expiring? If only there were some way to get more information and perhaps extend it ...
Both this article and the NYT one strongly implies a link between these farms & the threats to government officials without actually outright stating so.
Looks like those bulk sms ‘gateway’ boxes sold on Ali etc: https://ejointech.shop/products/ejointech-4g-16-port-gsm-voi...
Edit: removed tracking id
For reference, ~18 million people live within 35 miles of Manhattan.
"In addition to jamming the cellular network, he said, such a large amount of equipment near the United Nations could be used for eavesdropping."
How could a SIM farm be used for eavesdropping?
How could lots of cellular radios be used to capture data that's in the air?
Yes, this is what I want to know. I didn't think a cell phone (or any number of cell phones) could intercept other phone calls/data. I know a fake cell tower has some capability for that.
4 replies →
It can’t, its a lie.
Explain why it can't please.
4 replies →
Missing the key context:
> “While forensic examination of these devices is ongoing, early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.”
https://www.secretservice.gov/newsroom/releases/2025/09/us-s...
Criminals and intel services using a criminal network? News at 11.
The Secret Service is really trying to make hay out of these things being close to UN, but so are millions of other things in the New York City Metro Area. Either they have intelligence they aren't disclosing or someone's try to put a lot of spin on this crime bust.
If state actor propaganda botfarms operate in this fashion in other cities, we can try to find more of these patterns. Would be interesting to see a drop in youtube, reddit or facebook user activity correlated with such bust.
Hopefully this is a wakeup call for anyone thinking that phone number validation is sufficient to prevent botting and fraud.
There's no such thing as (completely) "prevent", just substantially reduce by making it more expensive.
Which makes me wonder how much these guys spent per phone number. If you figure you can use a phone number maybe 2 or 3 times per service before it gets blocked they could create literally millions of accounts with this operation across various services. I don't know what the black market value for a Gmail, Facebook, Instagram, Reddit, HN, etc... account is, but I suspect it is more than the price of a SIM card.
2 replies →
"Within 35 miles" is basically all of NYC and the surrounding suburban area lol. It's a ridiculous statement.
This was probably just a phone botnet for online botting purposes, where you want IP addresses in not-obviously-third-world bot countries.
They were running an extortion and intimidation campaigns.
Remember when Trump was running the second time? Those white Americans who were calling people all throughout America with those moronic threatening messages?
Until it happens to you or yours it is hard to comprehend.
May the Internet gods provide an audio link.
Were they? I haven't seen that stated anywhere. The news report from NYTimes does say "the cartels were using it too".
>One official, speaking on the condition of anonymity, said agents also found 80 grams of cocaine, illegal firearms, computers and cellphones when they discovered the network.
Sounds like literally a mobile botnet and it was probably just leased out access to a range of users.
Leasing access to botnets and other resources is 1000% normal in the "crime web" and is a business in of itself rather than being directly part of the crimes.
On top of that, a "nation state" attacker isn't going to be giving their employees cocaine, unless its Hamas lolololol.
> Remember when Trump was running the second time? Those white Americans who were calling people all throughout America with those moronic threatening messages?
I've never heard of this, do you have a source?
8 replies →
"The agency said on Tuesday that last month it found more than 300 SIM servers and 100,000 SIM cards that could have been used for telecom attacks within the area encompassing parts of New York, New Jersey and Connecticut."
Isn't it costly to acquire that many SIM cards? Or maybe they were inactive until they were associated with an account? So it was just to keep allowing for a rotating set of SIM accounts?
Are we going to find out that all these cellphones were used to run bots on X or similar?
100k is the number of active cards. It is being reported that they had 2-3x as many cards in total.
Seems like a nation-state level attack from somebody that has millions to spend to keep this up their sleeve
Why even have cards when there are eSims, but maybe cards have some advantages in terms of deniability or something?
It sounds sophisticated, but nation state or cartel or something else big?
6 replies →
Could simply be a propaganda botfarm. Each of these sim cards registers on facebook, youtube, reddit and the faraway propaganda teams use them to relay messages.
1 reply →
I'm curious how this would work without being traced. Someone is paying rent on the apartments. For the simcards, I think they are all able to call 911 even if they don't have credit/dataplan. They're also able to connect to a tower and take up slots. So probably the only way to financially trace the simcards is the initial purchase.
SIM cards don't 'call 911', you can call 911 even if there is no SIM card at all, all you need is a working radio.
I wouldn’t be too surprised if the hardware vendors had the bare minimum of ethics to prevent that.
4 replies →
I wonder if all the cards in the photo are active at once, or only activated on some rotation. The latter would certainly make them a lot harder to detect
Probably depends how hard the phone companies are looking at the data. If the cards are mostly idle then they probably don't impact the service at the tower and if there is no service impact then the operators probably don't care.
When you think about the sheer scale of monitoring every cell phone in the country it probably doesn't stand out nearly as much as you would expect.
1 reply →
Can also text 911 now which would overburden the texting protocol network so no one else’s texts will go through.
It’s a cell tower jammer and terrorism multiplier. Can’t call or text. It will probably disturb internet service as well. Include a few radio jammers for local police and a few satellite antennas you could create an opportunity then a panic to cover your tracks getting out.
I would wager a huge majority of text messages in NYC will go through either RCS or iMessages which skips the SMS layer and instead goes direct to data.
Its relatively hard to jam modern BTS with LTE and 5G. It's part of the design. PTP with fancy modulation helps :p
I wonder what kinds of techniques, if any, these virtual cell phones employ to evade being discovered. You would suspect that they could be discovered through triangulation.
Two possibilities:
1. Most if not all of these virtual cell phones are connecting from the same location.
2. Some of these virtual cell phones are connecting from the same location, with the remainder in reserve.
In the case of (1), you have both a fixed location and a high saturation that is unlikely.
In the case of (2), you could imagine using certain numbers at certain times to simulate the work day or hours during which people are more likely to be at home. Randomization or round robin could produce unlikely patterns, but without them, these virtual phones would be underutilized, save for some kind of cyberattack that would compromise their location.
Or the truth simply may be that they aren't doing anything, because no one is watching.
Not sure why, but I find that an astonishingly professional setup. The sim servers clearly haven't really got a legit use at that size - yet they come built with a very professional steel case. Setups even have color coded uplink vs downlink cat5 cables. I mean just very neat and tidy.
How could anyone but professionals know how to have colored cables
That pictures with the sim cards are impressive, mainly with how clean the setup looks. Can even see power/network cords taped down to the floor even underneath the metal shelving[1].
Could it perhaps be espionage related to a downgrade attack? ie force a target's phone to switch to 3G by temporarily overloading/confusing the 4G/5G network.
[1] https://www.secretservice.gov/sites/default/files/2025-09/Si...
This is pretty low on information but maybe that's how it has to be, since there probably is a tradeoff between covering the investigation & revealing investigative methods that should be kept private.
That's being extremely charitable.
>>...early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.
>>These devices were concentrated within 35 miles of the global meeting of the United Nations General Assembly now underway in New York City. Given the timing, location and potential for significant disruption to New York telecommunications posed by these devices, the agency moved quickly to disrupt this network.
What nation-state actor might want to disrupt a major US city during a meeting of the UN General Assembly?
There is no claim that it had anything to do with the UN General Assembly ('within 35 miles' covers a lot more than the UN General Assembly). They do say senior US officials were targeted.
Umm, that claim is literally a cut-and-paste quote from the US Secret Service announcement (which is why I inserted the ">>" at the beginning of the paragraph to signify the quotation).
So YES, there is a specific claim, and it came directly from the USSS, in the exact article heading this topic. The USSS does not merely toss in observations without a basis in their working threat model (unless they've changed since I worked adjacent to them). It may indeed turn out to be unrelated, but the USSS is publicly stating they are treating it as more than a coincidence.
1 reply →
Likely one that wanted to plausibly deniably create some kind of chaos via proxy actors.
yeah likely someone somewhere who wanted to do something bad via some kind of other group without us knowing
2 replies →
I made this comment on another thread that ended up getting flagged as dupe, but this is probably not all that mysterious. These SIM boxes are a commercial product you can buy from China:
https://cnetross.en.made-in-china.com/product/OSomfpPGJWUH/C...
...and their purpose is mostly to provide an IP-to-cell-phone-number gateway for SMS spam and phone scams. A real cell phone number is greatly preferable to VoIP phone numbers, which are blocked / flagged at a much higher rate.
> While forensic examination of these devices is ongoing, early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.
> These devices were concentrated within 35 miles of the global meeting of the United Nations General Assembly now underway in New York City. Given the timing, location and potential for significant disruption to New York telecommunications posed by these devices, the agency moved quickly to disrupt this network.
These passages are from the Secret Service's press release and are not quoted in the CNN article. Note that a 35 mile radius of the UN includes literally all of NYC and then some. CNN wisely chose to change that to "35 miles of New York City" and not mention the UN at all, as the supposed link is extremely tenuous.
Also unclear whether shutting down the UN would be a desirable outcome.
The photos in the NY Post article make it look like they raided cell phone shops in normal retail locations. It looked more like an engagement/click fraud operation.
The thing that caught my eye is the power plug needed an adapter to use the US socket. This suggests the hardware was shipped in from overseas.
There are hundreds of these operations at any one moment in time, some more legit than others (voip dial backs, short message farms for scammers) not sure why they are making this out to be the end all and be all of this type of things. Telcos have the ability to lock these down pretty quickly using proximity of devices alone, but the almighty dollar is more important ;)
It's just another distraction from the unreleased Epstein files. The admin has been doing this periodically since people started asking about the files - taking something mundane and blowing it up into front page news.
35 miles could be in Stamford, CT or the Jersey shore. They might as well state that it's in the same time zone as the UN.
What sane cellular carrier would issue tens of thousands of sims to a party like this? There do appear to be a few different colors / designs of sims in the photos but still there has to be some shady back-end dealings with cellular carriers for this to even be plausible.
The packaging in one of the photos is a MVNO. It's easier to get sims for a MVNO than a carrier, but either way, there's tons of sim card resellers, they have to be getting inventory from carriers/MVNOs. Ask a hundred resellers for 1000 sims each, and you'll get to 100k. 1000 sims may be a lot for some resellers, but is probably small for many of them.
Presumably they issued tens of thousands of SIMs to hundreds of accomplices using hundreds of false names each.
Probably they were next to sports stadiums. Most of the time there is ample unused cell capacity. Also: the New York marathon hosts 50k+ runners. I don't easily believe that 100k phones distributed over several sites on a 35 mile radius around New York have any impact.
My first instinct is this is a normal mobile proxy/bot farm.
Also, how would 100,000 phones in a single cell affect the network. Isn't this pretty normal for any major concert or sporting event?
Why are these networks accessible without signing keys in 2025?
They use legitimate SIM cards, wdyt is the point of them?
I'm 100% convinced that the UN was under attack...
But I'm very surprised there wasn't a copy of Sims 3 visible.
Do those devices have any legitimate use at all?
I think smaller ones might be useful for network quality testing and mapping. I think carriers drive around with boxes in vehicles to test their own networks reliability and map their competitors.
They have lots of illegitimate use that isn't about crashing the cell network like sending out spam https://www.cyberdaily.au/security/9949-sydney-man-arrested-... or allowing people to use in-network free call allowance to instead make voip international calls
They are mostly used for legal purposes, even if they might violate contracts with telcos.
CIA called, wants their equipment back.
Anyone else think the secret service may have just "busted" some sort of NSA program?
The NSA doesn't use a bunch of SIM cards on wire racks.
If the NSA needs outbound phone numbers, they're more likely to set up a shell company and pretend to be an MVNO or a VOIP telco provider, a couple computers on a cheap cloud host masquerading as a phone provider is a lot easier to manage and hide than a setup like this. This is a pretty common kind of business so it's easy enough to blend in, and it isn't restricted to a single apartment or city.
If the NSA wants to eavesdrop on phone calls, they just set up a room inside the relevant phone provider [0].
I think this is more likely a gang operation or a foreign influence operation. Details are thin but it feels like a shady organized crime operation (think quasi-legal, probably advertising as bottom-rate VOIP numbers or text gateways) that got used at one point by a foreign influence operation to make threats and try to interfere in domestic politics.
[0] https://en.wikipedia.org/wiki/Room_641A
Inside the US? Unlikely. This is physical hardware being shipped to the US, that sort of thing really lacks plausible deniability unlike rolling up phone records in foreign countries that happen to contain American tourist phone calls.
If these were found in a foreign country then maybe, but these would be far more likely to be some foreign intel service than the NSA.
Unless NSA is listening to the diplomats from other countries. Maybe this is a system to quietly force devices belonging to diplomats onto certain networks/nodes so they can be more easily intercepted. If someone wanted to simply shut down a network, a few basic white noise jammers could block frequencies far more easily/cheaply than a thousand sims.
No. It’s just vanilla spam crime.
NYC emergency services use consumer mobile phones for radio comms? News to me.
People in NYC use consumer mobile phones to reach NYC emergency services.
This seems like at best (for the attackers) a DDoS risk to me?
“Cache of Devices Capable of Sending Millions of Spam Political Texts”
So they didn’t find the people running it or funding it?
Say, isn't there a country with a bone to pick with the UN that is considered """friendly"""?
I'm so happy at least one other person caught onto this. I figure if it had been a China/Russia/North Korea type actor they would've put it in the headline.
Maybe they should check the sewers
Russia?
1 reply →
If true that’s why their name won’t be published and why we won’t hear about this again.
(The country currently committing genocide with us tax payer bought weapons).
[dead]
I'm out of my depth here, but I find it Matt McCool (honestly...) who is head of the WASHINGTON field office is the reporting to have broken this case for the NY Field office. Hmm. PRIOR to his serving in Washington, he was head of the New York Field office...likely from 2021 to early 2024. Hmmmmmmmm. Also, nothing from the FBI or FCC--agencies NORMALLY involved in telecom takedowns. HMMMMmmmmmmmmm. mm. mm.
Where/how do people get 100.000 SIM cards?
The cards are the easy part. It's setting up 100,000 accounts where you run into trouble. There was some traceable payment methods in use here, which might be how they got busted by the Secret Service. The whole thing could have been fallout from an earlier counterfeiting operation.
100k Not sure. Good question! 100 is easy, in NL you can just grab boxes of them at certain phone shops, Lebara etc. These are free and anonymous. Sometimes they will stop you and say: these are only for clients, other times they are happy if you take the whole box of 100pcs.
Looks like they all came from https://mymobilex.com
Side deal with someone who can buy in bulk like convenience store or cell phone store owner.
Walmart
Well, that is news.
The pictures of the confiscated equipment is every phone phreaks orgiastic wet dreams.
It is interesting that these sorts of things are going on in the first world, and until discovered anyone vocalizing suspicions of such a thing would be regarded as a paranoid delusional crackpot.
Imagine how many guns there are "near" (i.e. 3800 sq. miles) the UN!
Is there a less clickbait-y source? There's no tangible link to the United Nations described in the article; that seems to be a gratuitous flourish.
> "several locations within a 35-mile radius of the United Nations headquarters"
That's the entirety of New York City!
edit to add: This very weird part was actually lifted from the USSS press release,
> "These devices were concentrated within 35 miles of the global meeting of the United Nations General Assembly now underway in New York City."
https://www.secretservice.gov/newsroom/releases/2025/09/us-s... ("U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area")
We've taken the UN out of the title now.
It does seem like the sort of PR-rewrite for a press release that results in distances measured in football fields.
Looking at a map, a 35 mile as-the-crow-flies (and as the cell network signal flies) radius of the U.N. Secretariat building almost gets one to Lake Hopatcong, New Jersey, in one direction and past Stamford, Connecticut, in another.
It reminds me of those "how to promote yourself" things about say turning "did routine performance optimizations on the website" into "saved the company $ZZZ million" and such.
I read they were in Armonk, Greenwich, Jersey and Queens. A perimeter around Manhattan.
The article:
https://www.cnn.com/2025/09/23/us/swatting-investigation-ser...
Armonk and Greenwich don't really make sense if the idea was to create a perimeter around Manhattan.
1 reply →
It's worth highlighting that that link suggests this may be linked to foreign states rather than just garden-variety organized crime ("...early analysis indicates cellular communications between nation-state threat actors...").
That probably just means that some foreign states were among the customers of these SIM farms.
"Concentrated within this 10000 km² area" sounds not nearly as impressive. Granted, "concentrated within 35 miles" sounds already rather dilute when talking about mobile phones.
[dead]
Not a lot more detail but a better source in general https://therecord.media/secret-service-cellular-network-disr...
That quote comes directly from the Secret service press release lol
News organizations should not uncritically repeat press releases like these. It is an ethical failure to do so.
Sorry to be nitpicky, but the US Secret Service really, really prefers the acronym "USSS" over "SS."
(I've removed the distraction).
[flagged]
[flagged]
5 replies →
[flagged]
What is nonsense about this story?
3 replies →
> "from an operational perspective, we want those behind the network to know that the Secret Service is aware and that we're kind of coming for them."
"Kind of"?
[dead]
This hardware is fascinating - I've seen other examples of these farms Deployed in Ukraine but does anyone have more info on how these "servers" are orchestrated?
[flagged]
Are there ways to prevent this kind of thing using GrapheneOS or FLX1s?
Lots of interesting discussions about cell phone networks lately.
Fake cell phone towers ICE is using to track people:
https://news.ycombinator.com/item?id=45312326
My question is: are any of these alternatives helpful against these novel attacks? If you are on a phone using a network vanilla provider like tmobile or otherwise, is there any way to prevent your phone from trying to connect to a fake network?
If I controlled the entire cell phone stack, like I would with FLX1s, then could I have something like the ssh initial connection signature:
Once I accept that sshd endpoint, I know my ssh client will protect me if the sshd changes and I'm experiencing a MITM.
It would be a bit of a pain to accept a new cell tower when I'm in a new city, but I could imagine syncing a whitelisted trusted set of cell phone towers (ha, when I think of that the whole idea of "trusted" is laughable). But, at least I would have more insight into when I am getting surveilled. And, I could say "not today ICE!" or "tmobile, idk, please give me my HN fix, I don't even care if you know I'm aware my government is tracking me as I pay the service fee!" I bet a whitelist hosted on github would be faster to update than tmobile installing new cell phone towers so privacy enthusiasts could enable their own safety.
> Are there ways to prevent this kind of thing using GrapheneOS or FLX1s?
Prevent what exactly?
> If you are on a phone using a network vanilla provider like tmobile or otherwise, is there any way to prevent your phone from trying to connect to a fake network?
LTE and beyond have mutual authentication. Your phone will attach to any network for an emergency call, but attachment to LTE requires the network trusts your sim and your sim trusts the network. [1] No trust on first use necessary, because the SIM includes its private keys and public keys for the network.
[1] https://www.sharetechnote.com/html/Handbook_LTE_Authenticati...
ICE is probably all "we want our stuff back!!!"