Comment by tbrownaw

5 months ago

> Officials said the anonymous communications network, which included more than 100,000 SIM cards and 300 servers, could interfere with emergency response services and could be used to conduct encrypted communication. One official said the network was capable of sending 30 million text messages per minute, anonymously. The official said the agency had never before seen such an extensive operation.

> Investigators found the SIM cards and servers in August at several locations within a 35-mile radius of the United Nations headquarters. The discovery followed a monthslong investigation into what the agency described as anonymous “telephonic threats” made to three high-level U.S. government officials this spring — one official in the Secret Service and two who work at the White House, one of the officials said.

So 100k SIM cards scattered around the middle of New York City.

Probably an egress point for scammers and bot farms, and the speculation about local disruptions isn't grounded in anything other than scale?

16 comments

tbrownaw

Reply
fiprisoner  5 months ago

>Probably an egress point for scammers and bot farms, and the speculation about local disruptions isn't grounded in anything other than scale?

More likely an egress point for cheap VOIP routing.

  • MrMorden  5 months ago

    That would be my first guess if the devices were found in the Middle East, but legitimate interconnect in the US is stupid cheap. (See e.g. Twilio's SIP pricing; I assume they have reasonable supply chain security.)

    • overfeed  5 months ago

      > legitimate interconnect in the US is stupid cheap

      This is a to take advantage of "free calls to North America" provided by MVNOs, and free < cheap. Twilio starts at $0.01/min; 1 cent/minute x 200 lines results in a delta of $2.8k per day. I'm assuming a 20% utilization rate[1] on a device that holds 1000 SIMs

      Further, it's a way to bypass STIR/SHAKEN requirements for a less-than-legitimate VOIP termination operations, which can attract paying customers that want to evade detection, typically criminal endeavors.

      1. 20% utilization is pretty generous, but even if its 2%, not using Twilio is profitable at scale.

    • Scoundreller  5 months ago

      0.7 cents per minute for twilio. 47000 minutes in a month = $329/month if you run it around the clock.

      Round-robining around some unlim SIM cards to stay below the radar will be cheaper.

    • vidarh  5 months ago

      Legitimate interconnect is presumably easier to get shut down, so I agree maybe not so much cheap as shady, as in a provider that knows their customers are likely to use the numbers for things that'd make them likely to lose a legitimate interconnect.

bflesch  5 months ago

Maybe some sort of darknet service for anonymous sms / calls which was used for stuff that really raised alarms such as calling/messaging these officials

  • t-3  5 months ago

    Another article about the same event mentioned swatting against public officials but wasn't clear on whether or not that was how they found these.

chedabob  5 months ago

Yeah there was this the other day, although I'd expect the hardware for this is much smaller than is shown in the photos in the OP: https://news.ycombinator.com/item?id=45294766

  • cootsnuck  5 months ago

    Nah it's that size. You need an individual modem for each SIM card because you need a unique IMEI. It's possible each of those SIMs are eUICCs as well which means basically that each card is like a "wallet" with multiple profiles.

    I've used hardware a decent amount larger than what's pictured in the OP for work. But what I was using wasn't just for SMS. So I needed more sophisticated modems. What they're using looks like a bunch of 64 port modem banks exclusively for SMS.

    (Oh wait if you mean the devices for what's in the article you linked, then yea, those I'm sure are much smaller and quite different.)