| ▲ | Cache of devices capable of crashing cell network is found in NYC(nytimes.com) |
| 207 points by adriand 7 hours ago | 113 comments |
| Also https://www.cbsnews.com/news/u-s-secret-service-disrupts-tel... |
|
| ▲ | belter 6 hours ago | parent | next [-] |
| https://archive.is/wNpfX |
|
| ▲ | wildzzz 6 hours ago | parent | prev | next [-] |
| Oh lol, this is a scam site. Yes, there are potential other uses for a sim box but mostly they are used for VoIP purposes. It's honestly so hard reading quotes from the US government these days. Cartels, drugs, guns. They make it sound like they interrupted the staging of an assault on the UN when the article actually says that the locations were within 35 miles of the UN headquarters in NYC. This is a significant distance as it covers beyond the 5 boroughs, it's the "tri state area". Like 20M people live in that circle. I highly doubt this is for anything other than VoIP scams. |
| |
| ▲ | kotaKat 5 hours ago | parent | next [-] | | Yup. This is literally just a cellular grey route site for some shitty VoIP provider, just like the SIM box SMS scams go marching on in other countries. Some operator is shitting their pants right now, probably. The SIM cards come from cheap MVNOs that have dealer arrangements for cheap or free first month activations, then they just set up a handful of SIM boxes and a residential Internet connection back to the mothership (like they did at the captured house with the white Verizon 5G Home router just casually sitting on the floor next to the units). Similarly, I’ve had some friends on US MVNOs themselves that have access to “free” international calling, yet every time they call (the same) international number the receiving party gets a wildly different caller ID from a wildly different country each time (Poland, Moldova, etc). Also dodgy SIM boxes! | | |
| ▲ | panarky 10 minutes ago | parent [-] | | > shitty VoIP ... Or grey-route bulk messaging and SMS OTP bypass so actors can register throwaway accounts on Signal/WhatsApp/Telegram, social platforms, fintech, crypto etc. then burn the numbers after use. You need 100k SIMs to defeat per-SIM rate/behavior caps, receive OTPs for mass account creation and run thousands of campaigns/conversations in parallel while keeping each SIM's pattern below carrier detection thresholds. It's not about the UN. NYC is a prime market for "local presence" numbers (212/917/646 etc.), which boosts answer rates and trust for scams, impersonation, mass disinfo campaigns. |
| |
| ▲ | CoastalCoder 10 minutes ago | parent | prev | next [-] | | > This is a significant distance as it covers beyond the 5 boroughs, it's the "tri state area" Same year as the Phineas and Ferb reboot. Coincidence??? | |
| ▲ | otterley 18 minutes ago | parent | prev | next [-] | | Perhaps the Secret Service possesses additional information they're not disclosing that supports their narrative. It might come out at trial, if it gets to that stage. Or, it might not, because methods and sources of law enforcement operations are rarely publicly disclosed. | | |
| ▲ | SketchySeaBeast 10 minutes ago | parent | next [-] | | But we can agree that we aren't obliged to believe them, right? | | |
| ▲ | otterley 5 minutes ago | parent [-] | | Of course. Trust in our Government is at a historic low these days, and reasonably so. However, that doesn't mean that everyone is inept or has ill intent. Most people I've met in government as well as the private sector want to do good (or at least not evil). |
| |
| ▲ | nyc_data_geek1 14 minutes ago | parent | prev [-] | | And perhaps monkeys might fly out of my butt. Guess we'll never know, since we don't have evidence either way. |
| |
| ▲ | jimmySixDOF 4 hours ago | parent | prev | next [-] | | Agreed. These days setups imho aren't vanilla origination and termination VoIP scratch card traffic it's more likely a distributed bot farm obfuscation as a service provider. I have seen commercially available sim bank gateways that can separate the sim from the antenna in order to change towers and simulate movement. The use of eSim adapters make it superscaleable now in terms of abstracting the numbers from the sims. Whatever the application a press release tie in to UN is a little odd. | |
| ▲ | Hizonner 3 hours ago | parent | prev | next [-] | | > Yes, there are potential other uses for a sim box but mostly they are used for VoIP purposes. So you mean... like, these are the exit points into the "legitimate" telephone network for, say, those random MedAlert scam calls I keep getting from numbers scattered all over North America? Or if not, what does "VoIP" mean here exactly? Somehow I've missed this entire phenomenon... | |
| ▲ | pavel_lishin 4 hours ago | parent | prev [-] | | Like XKCD said, every map is basically a population map: https://xkcd.com/1138/ | | |
| ▲ | lawlessone 22 minutes ago | parent | next [-] | | reminds me of when i see articles in the news in my country sometimes, with headlines like : "Man found with drugs within 500 meters of school" There are schools everywhere, usually in places where there are lots of other amenities like shops, and doctors, and pubs. | |
| ▲ | Chance-Device 3 hours ago | parent | prev [-] | | The interesting part is in the delta between population and usage. |
|
|
|
| ▲ | tbrownaw 6 hours ago | parent | prev | next [-] |
| > Officials said the anonymous communications network, which included more than 100,000 SIM cards and 300 servers, could interfere with emergency response services and could be used to conduct encrypted communication. One official said the network was capable of sending 30 million text messages per minute, anonymously. The official said the agency had never before seen such an extensive operation. > Investigators found the SIM cards and servers in August at several locations within a 35-mile radius of the United Nations headquarters. The discovery followed a monthslong investigation into what the agency described as anonymous “telephonic threats” made to three high-level U.S. government officials this spring — one official in the Secret Service and two who work at the White House, one of the officials said. So 100k SIM cards scattered around the middle of New York City. Probably an egress point for scammers and bot farms, and the speculation about local disruptions isn't grounded in anything other than scale? |
| |
| ▲ | bflesch 5 hours ago | parent | next [-] | | Maybe some sort of darknet service for anonymous sms / calls which was used for stuff that really raised alarms such as calling/messaging these officials | | |
| ▲ | t-3 3 hours ago | parent [-] | | Another article about the same event mentioned swatting against public officials but wasn't clear on whether or not that was how they found these. |
| |
| ▲ | fiprisoner 2 hours ago | parent | prev | next [-] | | >Probably an egress point for scammers and bot farms, and the speculation about local disruptions isn't grounded in anything other than scale? More likely an egress point for cheap VOIP routing. | | |
| ▲ | MrMorden an hour ago | parent [-] | | That would be my first guess if the devices were found in the Middle East, but legitimate interconnect in the US is stupid cheap. (See e.g. Twilio's SIP pricing; I assume they have reasonable supply chain security.) |
| |
| ▲ | chedabob 6 hours ago | parent | prev [-] | | Yeah there was this the other day, although I'd expect the hardware for this is much smaller than is shown in the photos in the OP: https://news.ycombinator.com/item?id=45294766 | | |
| ▲ | cootsnuck 4 hours ago | parent [-] | | Nah it's that size. You need an individual modem for each SIM card because you need a unique IMEI. It's possible each of those SIMs are eUICCs as well which means basically that each card is like a "wallet" with multiple profiles. I've used hardware a decent amount larger than what's pictured in the OP for work. But what I was using wasn't just for SMS. So I needed more sophisticated modems. What they're using looks like a bunch of 64 port modem banks exclusively for SMS. (Oh wait if you mean the devices for what's in the article you linked, then yea, those I'm sure are much smaller and quite different.) | | |
| ▲ | foobarian 3 hours ago | parent [-] | | What kinds of things do these devices get used for in legit enterprises? If you're able to say :-) | | |
| ▲ | toast0 3 hours ago | parent [-] | | I used to send a lot of SMS verification codes. We considered setting up a SIM box, but never did. You get different SMS routing from a phone on a major network than you do from the SMS aggregators, and that could be useful for getting codes to difficult destinations. But we had enough volume that we could typically get improvements on routing by asking aggregators about difficult destinations (unless the difficulty was coming intentionally from the destination carrier). The aggregators do sometimes use grey routes from SIM farms. Squishyness around terms of use and accounting would have been an issue too, we would not have been able to fly under the radar on 'unlimited messaging' Another potential use could be if you needed to send a lot of alerts to your employees/customers in a short period. Most aggregators have rate limits, and so do carriers... if you're a big customer, you can probably get limits raised; if you only have an occasional need, you might prefer to have a large number of low cost SIMs. |
|
|
|
|
|
| ▲ | JdeBP 4 hours ago | parent | prev | next [-] |
| Looking at the original press release (https://www.secretservice.gov/newsroom/releases/2025/09/us-s...) and the attached high-resolution photographs, there are things that probably leap out at a Hacker News readership: The Bad Guys are neat with their cable ties, and number their gateway boxes. The Bad Guys went with simple heavy-duty metal garage shelving rather than real racking, seemingly vastly overengineered for the weight of the equipment, as that sort of shelving can hold up to a Mg per shelf UDL. The "WallOfSimBoxes" kit does not sport any rack mounting brackets. The Bad Guys don't use redundant power supplies, or battery backup. |
| |
| ▲ | otterley 24 minutes ago | parent | next [-] | | Those might be photos of the equipment in storage after it was confiscated, not of the equipment in the location and condition in which it was found. | |
| ▲ | JdeBP 4 hours ago | parent | prev | next [-] | | By the way, if you want a quick overview of this kind of equipment if you've never seen it before, here's (randomly picked by Bing Shopping) China Skyline's marketing blurb for a similar 64-port SMS gateway: * https://chinaskyline.net/sk-gsm-voip-gateway/esim-64-ports-s... | | | |
| ▲ | Maken 3 hours ago | parent | prev | next [-] | | I'm seriously wondering about the practicality of this operation. Wouldn't that many SIMs on the same spot overload any nearby cell tower? And even if the antennas could stand the load, that many SIMs hugging the network without any logical reason (like a parade or a demonstration) is bound to raise alarms at the network operator HQ. If this is a scam operation, I would expect these boxes to be distributed across several locations. | | |
| ▲ | delfinom 3 hours ago | parent [-] | | It's likely a "crime-web" service host. They are probably somewhere in Manhattan or Brooklyn to have enough tower cells to handle it (tis the benefits of a dense city for this type of operation). They probably gradually grew it as their crime web demand rose and flew too close to the sun. It also sounds like they did have multiple locations, but they didn't distribute the modems out enough to flew under the radar longer. |
| |
| ▲ | novaleaf 3 hours ago | parent | prev | next [-] | | Re Shelving: I exclusively buy very similar shelving. It is cheap, reliable, large, and strong. In fact, I have not found any other shelving that can match the performance/price of these. I buy from Walmart. search their site for "Hyper Tough wire storage shelves" | |
| ▲ | trebligdivad 3 hours ago | parent | prev [-] | | Oh! Those pics are interesting - the handful on the floor of an appartment feel very different to me from the room with hundreds of them; that's much larger scale. |
|
|
| ▲ | jacquesm 6 hours ago | parent | prev | next [-] |
| So that's the tip. Makes you really wonder about the iceberg, this raises many more questions than it answers. The UK has criminalized possessing or using SIM farms or related gear in response to these popping up with some regularity. But the operators are pretty clever and know how to hide. I've been thinking about how easy it would be to detect these when you're a telco and I think the signature is unique enough that it should be possible to detect which SIMs are part of a farm, even if you don't know the exact location of the farm. |
| |
| ▲ | Chance-Device 6 hours ago | parent | next [-] | | Since you seem to know about the subject, how are these not immediately found and shut down? It seems like the messages they send could be traced to the sims physical location, and having a massive cluster of thousands of sims just sitting in an apartment also seems like an obvious giveaway. And there’s all the traceability required to rent the locations and buy the equipment. It seems like bothering with this is just asking to get caught. | | |
| ▲ | jacquesm 6 hours ago | parent | next [-] | | Well, they did get caught. But for that to happen immediately would require a detection method that can point out the presence of a farm with only a few samples. SIMs don't know their 'physical location' and triangulation of signals in these bands in the urban environment is non trivial. Whoever did this likely isn't all that happy that their carefully created infra was used to harass officials, which most likely is the single reason this operation got uncovered in the first place. If it would have just been used for low level crime who knows how long they could have continued to do this. Note that these are not unique to NYC or even to the United States, they've been found in other countries as well, the UK has now criminalized possession or operation of these (but the fines are so low that I don't think it will make much difference). | | |
| ▲ | tbrownaw 5 hours ago | parent | next [-] | | > SIMs don't know their 'physical location' and triangulation of signals in these bands in the urban environment is non trivial. IIRC modern cell towers use cool tricks to send stuff for a particular phone to only where that phone is so they can send more total data. Can this not be turned into a precomputed map by taking a test phone everywhere and seeing what settings the tower picks to talk to it? | | |
| ▲ | jacquesm 5 hours ago | parent | next [-] | | Sure, so now you are at the front door of a quad of four 300 apartment highrises. What is your next move? | | |
| ▲ | iberator 5 hours ago | parent | next [-] | | With 5g and beamforming and mimo and decent bts software(Ericsson or Hua) you can pinpoint the given phone very accurately (within 20m in urban settings) - without any triangulation, as you know the cell tower sector :) Guess what: you can also measure the azimuth within 0.1 degree, so you could have SOME data at where to look. FYI: That was available back in 2022 as standard. Now it could be even better. :P | | |
| ▲ | jacquesm 4 hours ago | parent [-] | | I've already narrowed it down to four buildings for you, so we can consider that all of those methods worked. What is your next move? I'm not saying it can't be done, clearly it can be done otherwise this article wouldn't exist. But it is not quite as easy as pointing a magic wand (aka an antenna) at a highrise and saying '14th floor, apartment on the North-West corner', though that would obviously make for good cinema. | | |
| ▲ | pavel_lishin 4 hours ago | parent [-] | | > I've already narrowed it down to four buildings for you, so we can consider that all of those methods worked. What is your next move? Subpoena the power, water & gas company, and look at apartments that have unusual power usage, coupled with almost zero water & gas usage. Especially look at apartments that don't have a spike in power usage in the morning & evening that corresponds to people having a regular commute. I'm not sure how much power this equipment draws at idle - I'm assuming it's more idle at night, no need to send scammy SMS messages at 3am Eastern - but I'd wager you could track that. Granted, it's not fast, but depending on how quickly the companies bend over backward for such a request & how good your interns are at using Excel, you might be able to get this done before sundown. |
|
| |
| ▲ | CamperBob2 an hour ago | parent | prev | next [-] | | If even a fraction of those antennas are transmitting at any given time, which you can arrange simply by having the network poll them, all you need to do is wander up and down the hall with a TinySA or something similar. It will be almost ridiculously obvious where all the RF racket is coming from. Even before doing that, a handheld Yagi in the parking lot will easily narrow it down to a couple of floors in a specific quadrant of the building. | |
| ▲ | delfinom 5 hours ago | parent | prev [-] | | A portable spectrum analyzer. A high concentration of phones like this would light up the spectrum when used with a directional wand. Portable spectrum analyzers are regularly used to identify interference in urban environments. Even a damaged cable coax line on the street can interfere with cellular signals. |
| |
| ▲ | avianlyric 4 hours ago | parent | prev [-] | | Yeah modern cellular and WiFi modems use multiple antenna and beam forming to allow multiple same frequency connections to occur, without interference. But when people think of beam forming as “pointing a beam at a phone” that’s kinda thinking of the problem backwards. Modems beam form by looking at the various bits of signal delay coming down multiple antenna, and computing a transform function that will effectively result in the signal it sends mimicking those delays and thus forming a beam pointing in the opposite direction of the incoming signal. But the modem has no idea what physical direction that beam is pointing in, and doesn’t care. It just know how to analyse an incoming signal to effectively mask the inputs from different antenna in order to extract a very weak signal, by taking advantage of constructive interference between a signal received on multiple antenna, and in turn invert that function to create an equivalently strong constructive interference pattern at the source of the signal when replying. Most important the modem has no idea what the actual signal path was, it could have bounced of several buildings, been channeled by some random bit of metal acting as a wave guide, or any other manner of funky interference that literally any physical object creates. All it knows is that is a viable signal path must exist (because it received something), and it can compute a function to send a return signal back down the same path. But it’s very hard to turn that abstract signal path function the modem understands, into an actual physical direction. Not without doing a load of extra calibration and sampling work to understand exactly how all the antenna the modem uses interact with each other, which nobody does, because that information won’t improve the cell towers performance. |
| |
| ▲ | huflungdung 5 hours ago | parent | prev [-] | | “Triangulation is non trivial” Uh. No it isn’t. SNR between 5 or so masts gives you the exact location of any cell device. This is how $oldemployer used to track them | | |
| |
| ▲ | mschuster91 4 hours ago | parent | prev [-] | | > Since you seem to know about the subject, how are these not immediately found and shut down? Because - depending on cell tower coverage and the antennas installed on it - the degree of precision is far too low to be useful. In rural installations and the worst case, aka a tower with a dipole antenna on a mountaintop, at 900 MHz the coverage will be around 35 km. Segmented antennas just limit the section of the circle where the endpoints are. In suburban areas, coverage is usually 10-20 km, and urban areas it's 5km and less. Now you know which cell and cell section the user is in... but to actually pinpoint the user? That takes some more work. First, you need a few more towers that the user can reach for triangulation - the more the better - but if the operator of such a setup is even remotely clever and the hardware/firmware supports it, they will have locked the devices to only connect to a single tower (you can see a map at [1] that shows the IDs). If the operator didn't do that but the site is too remote to achieve triangulation, you might need to drive around in a van and use an IMSI catcher, aka a phone tower emulator, and hope that eventually the site's devices register at it. That, however, is a lot of awful work, and is often not legal for police authorities, only for secret services. Now you might ask yourself, what about 911, how can they locate callers precisely? The thing is... it depends. Landlines and VoIP lines are usually mapped to a specific address (which is why VoIP providers give you an explicit warning that, if you do not keep that record up to date, 911 calls will be misrouted!), so that's trivial. Mobile phone callers however, until a few years ago the degree of precision was exactly what I just described - it completely depended on celltower coverage, with the only caveat that a phone will connect to another operator if it shows a stronger signal for 911 calls. Only then, Android introduced Emergency Location Service [2] and Apple introduced Hybridized Emergency Location [3] - these work with the sensors on the phone, most notably GPS/GLONASS/Beidou, but also SSIDs of nearby WiFi APs and specific Bluetooth beacons. Downside of that is, of course, the 911 dispatch needs an integration with Apple and Google's services, users can disable it for privacy reasons, and older phones won't have anything - so in these cases, 911 dispatchers are straight out of luck and again reduced to the above range of precision. [1] https://opencellid.org/ [2] https://www.android.com/safety/emergency-help/emergency-loca... [3] https://www.apple.com/newsroom/2018/06/apple-ios-12-securely... |
| |
| ▲ | SanjayMehta 5 hours ago | parent | prev [-] | | There was at least one SIM farm which was installed in a delivery type van and driven around. This was to avoid being detected as a stationary device. | | |
| ▲ | jacquesm 5 hours ago | parent | next [-] | | Clever! Also far more risky because it would require near constant attention. | | |
| ▲ | pavel_lishin 4 hours ago | parent | next [-] | | Plus, you can leave an apartment unattended - a van being driven has a big weak link in the chain that has to push the gas and brake pedals. | | |
| ▲ | avianlyric 4 hours ago | parent | next [-] | | Nothing stopping you from parking the van and just moving it every few hours. Put a some plumbing decals on the side and nobody will look twice at it. | | |
| ▲ | pavel_lishin 3 hours ago | parent [-] | | Sure, but again - you gotta have one of your low-level chumps stop by the van every so often, and that raises the chances of that chump getting caught and squeezed by the cops until names start coming out. |
| |
| ▲ | mschuster91 4 hours ago | parent | prev [-] | | An unattended apartment can raise red flags. A van however, in most jurisdictions even if you end up in a police checkpoint, they may not force you to reveal what is in your van. | | |
| ▲ | pavel_lishin 3 hours ago | parent [-] | | > An unattended apartment can raise red flags. The last three places I've lived, I'd never seen the residents of fully half the apartments on my floor. They could have been jam packed with SIM farms, or abandoned tigers, or dead hookers in chest freezers for all I or anyone else in the building knew or cared about. An apartment where nobody bothers their neighbors or the super, but keeps the rent checks coming, is the absolute best case scenario for everyone involved. And again - if an unattended apartment is raided, there's nobody there to drop names. You lose the investment, but that's likely a lesser problem than worrying about what Kasim is going to tell the cops once the handcuffs go on. |
|
| |
| ▲ | toast0 3 hours ago | parent | prev [-] | | Put the sim farm stuff in a non-metalic box, wired to the 12v system, earn some extra money while driving a delivery job. Assuming you have carrier diversity on your sims, you could likely manage good enough backhaul over the sims for the control layer. At least for grey market SMS; grey market voip might need more consistent networking. Grey market VPN, eh... variable conditions might help customer traffic be considered mobile. |
| |
| ▲ | monerozcash 2 hours ago | parent | prev [-] | | Sim farm or SMS blaster? SMS blaster in van would make more sense, detecting a moving sim farm would be easier than a stationary one. |
|
|
|
| ▲ | pavel_lishin 4 hours ago | parent | prev | next [-] |
| > The discovery followed a monthslong investigation into what the agency described as anonymous “telephonic threats” made to three high-level U.S. government officials this spring — one official in the Secret Service and two who work at the White House, one of the officials said. > The agency did not provide details about the threats made to the three officials, but Mr. McCool described some as “fraudulent calls.” > Investigators have been going through the data on SIM cards that were part of the network, including calls, texts and browser history. Mr. McCool said they expected to find that other senior government officials had also been targeted in the operation. The article goes out of its way to imply a link between this farm and the threats, but doesn't actually explicitly make that link. The CNN article covering the same story does the same thing: https://www.cnn.com/2025/09/23/us/swatting-investigation-ser... The Secret Service statement, however, does make that claim explicitly in the first sentence: https://www.secretservice.gov/newsroom/releases/2025/09/us-s... |
|
| ▲ | easyat 6 hours ago | parent | prev | next [-] |
| What a bizarre story. They say it's an anonymous network. What does that mean when multiple locations with racks of tens of thousands of SIM cards and the supporting equipment are found around NYC area? In order to manage this hardware and the operations around this equipment it would take boots on the ground, at least occasionally, for repairs and maintenance. No mention of arrests or surveillance of any site to try and apprehend anyone related. |
| |
| ▲ | aesh2Xa1 6 hours ago | parent | next [-] | | The details are skimpy. In a CNN article we can see photos and mention that these were housed in apartment units and perhaps other rentals. https://www.cnn.com/2025/09/23/us/swatting-investigation-ser... EDIT: While the headline on NYT highlights an attack on the towers for disruption, the CNN piece gives more weight to two other uses: (1) criminal communication network and (2) swatting. I think those two make sense. The SIMs would probably hold US numbers and would appear authentic for accessing the US operators' networks. | | |
| ▲ | jacquesm 6 hours ago | parent [-] | | (2) is the thing that brought attention of LE on these, and likely was a very dumb move by one of the users of this system. If just (1) they could have kept it going for much longer, (2) is what brought it down. |
| |
| ▲ | Retr0id 6 hours ago | parent | prev | next [-] | | I don't see why you'd actually need any SIMs in the first place if you wanted to DoS a cell tower. My guess is that it's basically just a device farm for either sending spam or receiving activation codes for spam accounts elsewhere. By putting them in a populated area, the increase in traffic is less noticeable. | | |
| ▲ | jacquesm 6 hours ago | parent [-] | | It makes it much harder to nail down exactly where the farm is. You can't just go break down all the doors in a large high-rise and the reflections of the radio signals in the urban canyon will further hamper your ability to pin-point the devices. But you might be able to correlate power consumption or heat signature with activity. |
| |
| ▲ | bflesch 5 hours ago | parent | prev | next [-] | | Could be as simple as faking app downloads for the NYC area to raise the appstore ranking | |
| ▲ | Loudergood 5 hours ago | parent | prev | next [-] | | 100,000 sims connecting to a cell network in Vermont will crash things.
In midtown Manhattan that's a blip. | | |
| ▲ | jacquesm 5 hours ago | parent [-] | | That much capacity could easily overwhelm things that scale poorly. 911 service for instance. |
| |
| ▲ | trebligdivad 6 hours ago | parent | prev [-] | | Yeh very weird; I mean if it was just spammers then you wouldn't bothered putting it in somewhere expensive like NY would you? | | |
| ▲ | dvdkon 6 hours ago | parent [-] | | With that many devices, you'd need to have them in some place with very dense cell service. |
|
|
|
| ▲ | xnx 3 hours ago | parent | prev | next [-] |
| For reference, ~18 million people live within 35 miles of Manhattan. "In addition to jamming the cellular network, he said, such a large amount of equipment near the United Nations could be used for eavesdropping." How could a SIM farm be used for eavesdropping? |
| |
| ▲ | fiprisoner 2 hours ago | parent | next [-] | | It can’t, its a lie. | | | |
| ▲ | 2OEH8eoCRo0 3 hours ago | parent | prev [-] | | How could lots of cellular radios be used to capture data that's in the air? | | |
| ▲ | xnx 3 hours ago | parent [-] | | Yes, this is what I want to know. I didn't think a cell phone (or any number of cell phones) could intercept other phone calls/data. I know a fake cell tower has some capability for that. | | |
| ▲ | thenthenthen an hour ago | parent [-] | | Crash the tower (instead of jamming it) and then put up your own fake tower? | | |
| ▲ | 2OEH8eoCRo0 an hour ago | parent [-] | | It's wireless comms, can't anyone with a radio tune in? The problem is capturing all channels which can be accomplished with lots of radios How are cell signals different from any other radio comms? |
|
|
|
|
|
| ▲ | mmastrac 5 hours ago | parent | prev | next [-] |
| Hopefully this is a wakeup call for anyone thinking that phone number validation is sufficient to prevent botting and fraud. |
| |
| ▲ | tbrownaw 4 hours ago | parent [-] | | There's no such thing as (completely) "prevent", just substantially reduce by making it more expensive. |
|
|
| ▲ | comrade1234 6 hours ago | parent | prev | next [-] |
| I'm curious how this would work without being traced. Someone is paying rent on the apartments. For the simcards, I think they are all able to call 911 even if they don't have credit/dataplan. They're also able to connect to a tower and take up slots. So probably the only way to financially trace the simcards is the initial purchase. |
| |
| ▲ | jacquesm 6 hours ago | parent | next [-] | | SIM cards don't 'call 911', you can call 911 even if there is no SIM card at all, all you need is a working radio. | |
| ▲ | foobarian 5 hours ago | parent | prev | next [-] | | I wonder if all the cards in the photo are active at once, or only activated on some rotation. The latter would certainly make them a lot harder to detect | |
| ▲ | instagib 6 hours ago | parent | prev [-] | | Can also text 911 now which would overburden the texting protocol network so no one else’s texts will go through. It’s a cell tower jammer and terrorism multiplier. Can’t call or text. It will probably disturb internet service as well. Include a few radio jammers for local police and a few satellite antennas you could create an opportunity then a panic to cover your tracks getting out. | | |
| ▲ | iberator 5 hours ago | parent | next [-] | | Its relatively hard to jam modern BTS with LTE and 5G.
It's part of the design. PTP with fancy modulation helps :p | |
| ▲ | delfinom 3 hours ago | parent | prev [-] | | I would wager a huge majority of text messages in NYC will go through either RCS or iMessages which skips the SMS layer and instead goes direct to data. |
|
|
|
| ▲ | sandworm101 30 minutes ago | parent | prev | next [-] |
| Anyone else think the secret service may have just "busted" some sort of NSA program? |
|
| ▲ | MountDoom 3 hours ago | parent | prev | next [-] |
| I made this comment on another thread that ended up getting flagged as dupe, but this is probably not all that mysterious. These SIM boxes are a commercial product you can buy from China: https://cnetross.en.made-in-china.com/product/OSomfpPGJWUH/C... ...and their purpose is mostly to provide an IP-to-cell-phone-number gateway for SMS spam and phone scams. A real cell phone number is greatly preferable to VoIP phone numbers, which are blocked / flagged at a much higher rate. |
|
| ▲ | ls612 an hour ago | parent | prev | next [-] |
| This seems like at best (for the attackers) a DDoS risk to me? |
|
| ▲ | ofrzeta 3 hours ago | parent | prev | next [-] |
| Where/how do people get 100.000 SIM cards? |
| |
| ▲ | Steeeve 5 minutes ago | parent | next [-] | | Walmart | |
| ▲ | thenthenthen an hour ago | parent | prev [-] | | 100k Not sure. Good question! 100 is easy, in NL you can just grab boxes of them at certain phone shops, Lebara etc. These are free and anonymous. Sometimes they will stop you and say: these are only for clients, other times they are happy if you take the whole box of 100pcs. |
|
|
| ▲ | t1234s 4 hours ago | parent | prev | next [-] |
| Do those devices have any legitimate use at all? |
| |
| ▲ | Maxious 4 hours ago | parent | next [-] | | They have lots of illegitimate use that isn't about crashing the cell network like sending out spam https://www.cyberdaily.au/security/9949-sydney-man-arrested-... or allowing people to use in-network free call allowance to instead make voip international calls | |
| ▲ | gol706 2 hours ago | parent | prev | next [-] | | I think smaller ones might be useful for network quality testing and mapping. I think carriers drive around with boxes in vehicles to test their own networks reliability and map their competitors. | |
| ▲ | monerozcash 3 hours ago | parent | prev [-] | | They are mostly used for legal purposes, even if they might violate contracts with telcos. |
|
|
| ▲ | gnatman 5 hours ago | parent | prev | next [-] |
| “Cache of Devices Capable of Sending Millions of Spam Political Texts” |
|
| ▲ | xnx an hour ago | parent | prev | next [-] |
| Imagine how many guns there are "near" (i.e. 3800 sq. miles) the UN! |
|
| ▲ | MangoToupe 4 hours ago | parent | prev | next [-] |
| Why are these networks accessible without signing keys in 2025? |
| |
|
| ▲ | bparsons 4 hours ago | parent | prev | next [-] |
| The photos in the NY Post article make it look like they raided cell phone shops in normal retail locations. It looked more like an engagement/click fraud operation. |
|
| ▲ | lo_zamoyski 4 hours ago | parent | prev | next [-] |
| I wonder what kinds of techniques, if any, these virtual cell phones employ to evade being discovered. You would suspect that they could be discovered through triangulation. Two possibilities: 1. Most if not all of these virtual cell phones are connecting from the same location. 2. Some of these virtual cell phones are connecting from the same location, with the remainder in reserve. In the case of (1), you have both a fixed location and a high saturation that is unlikely. In the case of (2), you could imagine using certain numbers at certain times to simulate the work day or hours during which people are more likely to be at home. Randomization or round robin could produce unlikely patterns, but without them, these virtual phones would be underutilized, save for some kind of cyberattack that would compromise their location. Or the truth simply may be that they aren't doing anything, because no one is watching. |
|
| ▲ | theturtle 6 hours ago | parent | prev | next [-] |
| ICE is probably all "we want our stuff back!!!" |
|
| ▲ | xrd 5 hours ago | parent | prev | next [-] |
| Are there ways to prevent this kind of thing using GrapheneOS or FLX1s? Lots of interesting discussions about cell phone networks lately. Fake cell phone towers ICE is using to track people: https://www.forbes.com/sites/the-wiretap/2025/09/09/how-ice-... GrapheneOS (de-googled android) and FLX1s (pure Linux phone): https://news.ycombinator.com/item?id=45312326 My question is: are any of these alternatives helpful against these novel attacks? If you are on a phone using a network vanilla provider like tmobile or otherwise, is there any way to prevent your phone from trying to connect to a fake network? If I controlled the entire cell phone stack, like I would with FLX1s, then could I have something like the ssh initial connection signature: The authenticity of host '100.64.0.46 (100.64.0.46)' can't be established.
ED25519 key fingerprint is SHA256:yE4jh7gROroduLqbIFcInlUXrpDy8JIpJPc+XvtIpWs.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Once I accept that sshd endpoint, I know my ssh client will protect me if the sshd changes and I'm experiencing a MITM.It would be a bit of a pain to accept a new cell tower when I'm in a new city, but I could imagine syncing a whitelisted trusted set of cell phone towers (ha, when I think of that the whole idea of "trusted" is laughable). But, at least I would have more insight into when I am getting surveilled. And, I could say "not today ICE!" or "tmobile, idk, please give me my HN fix, I don't even care if you know I'm aware my government is tracking me as I pay the service fee!" I bet a whitelist hosted on github would be faster to update than tmobile installing new cell phone towers so privacy enthusiasts could enable their own safety. |
|
| ▲ | perihelions 6 hours ago | parent | prev [-] |
| Is there a less clickbait-y source? There's no tangible link to the United Nations described in the article; that seems to be a gratuitous flourish. > "several locations within a 35-mile radius of the United Nations headquarters" That's the entirety of New York City! edit to add: This very weird part was actually lifted from the USSS press release, > "These devices were concentrated within 35 miles of the global meeting of the United Nations General Assembly now underway in New York City." https://www.secretservice.gov/newsroom/releases/2025/09/us-s... ("U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area") |
| |
| ▲ | dang an hour ago | parent | next [-] | | We've taken the UN out of the title now. | |
| ▲ | JdeBP 5 hours ago | parent | prev | next [-] | | It does seem like the sort of PR-rewrite for a press release that results in distances measured in football fields. Looking at a map, a 35 mile as-the-crow-flies (and as the cell network signal flies) radius of the U.N. Secretariat building almost gets one to Lake Hopatcong, New Jersey, in one direction and past Stamford, Connecticut, in another. | |
| ▲ | tbrownaw 6 hours ago | parent | prev | next [-] | | It reminds me of those "how to promote yourself" things about say turning "did routine performance optimizations on the website" into "saved the company $ZZZ million" and such. | |
| ▲ | kylecazar 4 hours ago | parent | prev | next [-] | | I read they were in Armonk, Greenwich, Jersey and Queens. A perimeter around Manhattan. The article: https://www.cnn.com/2025/09/23/us/swatting-investigation-ser... | | |
| ▲ | macNchz 3 hours ago | parent [-] | | Armonk and Greenwich don't really make sense if the idea was to create a perimeter around Manhattan. | | |
| ▲ | kylecazar 3 hours ago | parent [-] | | The idea being there were caches to the West (Jersey), North (Armonk and Greenwich) and East (Queens). The article mentions a "circle around NYC's cellular network infrastructure". |
|
| |
| ▲ | AlanYx 5 hours ago | parent | prev | next [-] | | It's worth highlighting that that link suggests this may be linked to foreign states rather than just garden-variety organized crime ("...early analysis indicates cellular communications between nation-state threat actors..."). | | |
| ▲ | agwa 5 hours ago | parent [-] | | That probably just means that some foreign states were among the customers of these SIM farms. |
| |
| ▲ | ghostpepper 3 hours ago | parent | prev | next [-] | | Not a lot more detail but a better source in general https://therecord.media/secret-service-cellular-network-disr... | |
| ▲ | formerly_proven 4 hours ago | parent | prev | next [-] | | "Concentrated within this 10000 km² area" sounds not nearly as impressive. Granted, "concentrated within 35 miles" sounds already rather dilute when talking about mobile phones. | |
| ▲ | wildzzz 5 hours ago | parent | prev | next [-] | | That quote comes directly from the Secret service press release lol | | |
| ▲ | kentm 4 hours ago | parent [-] | | News organizations should not uncritically repeat press releases like these. It is an ethical failure to do so. |
| |
| ▲ | pyuser583 5 hours ago | parent | prev [-] | | Sorry to be nitpicky, but the US Secret Service really, really prefers the acronym "USSS" over "SS." | | |
|
