70 comments

[ 3.4 ms ] story [ 68.7 ms ] thread
What a bizarre story. They say it's an anonymous network. What does that mean when multiple locations with racks of tens of thousands of SIM cards and the supporting equipment are found around NYC area? In order to manage this hardware and the operations around this equipment it would take boots on the ground, at least occasionally, for repairs and maintenance.

No mention of arrests or surveillance of any site to try and apprehend anyone related.

ICE is probably all "we want our stuff back!!!"
I'm curious how this would work without being traced. Someone is paying rent on the apartments. For the simcards, I think they are all able to call 911 even if they don't have credit/dataplan. They're also able to connect to a tower and take up slots. So probably the only way to financially trace the simcards is the initial purchase.
So that's the tip. Makes you really wonder about the iceberg, this raises many more questions than it answers.

The UK has criminalized possessing or using SIM farms or related gear in response to these popping up with some regularity. But the operators are pretty clever and know how to hide. I've been thinking about how easy it would be to detect these when you're a telco and I think the signature is unique enough that it should be possible to detect which SIMs are part of a farm, even if you don't know the exact location of the farm.

> Officials said the anonymous communications network, which included more than 100,000 SIM cards and 300 servers, could interfere with emergency response services and could be used to conduct encrypted communication. One official said the network was capable of sending 30 million text messages per minute, anonymously. The official said the agency had never before seen such an extensive operation.

> Investigators found the SIM cards and servers in August at several locations within a 35-mile radius of the United Nations headquarters. The discovery followed a monthslong investigation into what the agency described as anonymous “telephonic threats” made to three high-level U.S. government officials this spring — one official in the Secret Service and two who work at the White House, one of the officials said.

So 100k SIM cards scattered around the middle of New York City.

Probably an egress point for scammers and bot farms, and the speculation about local disruptions isn't grounded in anything other than scale?

Is there a less clickbait-y source? There's no tangible link to the United Nations described in the article; that seems to be a gratuitous flourish.

> "several locations within a 35-mile radius of the United Nations headquarters"

That's the entirety of New York City!

edit to add: This very weird part was actually lifted from the USSS press release,

> "These devices were concentrated within 35 miles of the global meeting of the United Nations General Assembly now underway in New York City."

https://www.secretservice.gov/newsroom/releases/2025/09/us-s... ("U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area")

Oh lol, this is a scam site. Yes, there are potential other uses for a sim box but mostly they are used for VoIP purposes. It's honestly so hard reading quotes from the US government these days. Cartels, drugs, guns. They make it sound like they interrupted the staging of an assault on the UN when the article actually says that the locations were within 35 miles of the UN headquarters in NYC. This is a significant distance as it covers beyond the 5 boroughs, it's the "tri state area". Like 20M people live in that circle. I highly doubt this is for anything other than VoIP scams.
why did the voip scammers need guns and cocaine?
The article really should have put that map front and center, because that map alone is enough to show how ridiculously overhyped the government claims are.

I'm presuming this discovery was near the outer perimiter of that circle, because otherwise presumably they'd have quoted a smaller, scarier number.

“Cache of Devices Capable of Sending Millions of Spam Political Texts”
Hopefully this is a wakeup call for anyone thinking that phone number validation is sufficient to prevent botting and fraud.
Well, that is news.

The pictures of the confiscated equipment is every phone phreaks orgiastic wet dreams.

It is interesting that these sorts of things are going on in the first world, and until discovered anyone vocalizing suspicions of such a thing would be regarded as a paranoid delusional crackpot.

Are there ways to prevent this kind of thing using GrapheneOS or FLX1s?

Lots of interesting discussions about cell phone networks lately.

Fake cell phone towers ICE is using to track people:

https://www.forbes.com/sites/the-wiretap/2025/09/09/how-ice-...

GrapheneOS (de-googled android) and FLX1s (pure Linux phone):

https://news.ycombinator.com/item?id=45312326

My question is: are any of these alternatives helpful against these novel attacks? If you are on a phone using a network vanilla provider like tmobile or otherwise, is there any way to prevent your phone from trying to connect to a fake network?

If I controlled the entire cell phone stack, like I would with FLX1s, then could I have something like the ssh initial connection signature:

  The authenticity of host '100.64.0.46 (100.64.0.46)' can't be established.
  ED25519 key fingerprint is SHA256:yE4jh7gROroduLqbIFcInlUXrpDy8JIpJPc+XvtIpWs.
  This key is not known by any other names.
  Are you sure you want to continue connecting (yes/no/[fingerprint])?
Once I accept that sshd endpoint, I know my ssh client will protect me if the sshd changes and I'm experiencing a MITM.

It would be a bit of a pain to accept a new cell tower when I'm in a new city, but I could imagine syncing a whitelisted trusted set of cell phone towers (ha, when I think of that the whole idea of "trusted" is laughable). But, at least I would have more insight into when I am getting surveilled. And, I could say "not today ICE!" or "tmobile, idk, please give me my HN fix, I don't even care if you know I'm aware my government is tracking me as I pay the service fee!" I bet a whitelist hosted on github would be faster to update than tmobile installing new cell phone towers so privacy enthusiasts could enable their own safety.

> Are there ways to prevent this kind of thing using GrapheneOS or FLX1s?

Prevent what exactly?

> If you are on a phone using a network vanilla provider like tmobile or otherwise, is there any way to prevent your phone from trying to connect to a fake network?

LTE and beyond have mutual authentication. Your phone will attach to any network for an emergency call, but attachment to LTE requires the network trusts your sim and your sim trusts the network. [1] No trust on first use necessary, because the SIM includes its private keys and public keys for the network.

[1] https://www.sharetechnote.com/html/Handbook_LTE_Authenticati...

So they didn’t find the people running it or funding it?
The photos in the NY Post article make it look like they raided cell phone shops in normal retail locations. It looked more like an engagement/click fraud operation.
The thing that caught my eye is the power plug needed an adapter to use the US socket. This suggests the hardware was shipped in from overseas.
> The discovery followed a monthslong investigation into what the agency described as anonymous “telephonic threats” made to three high-level U.S. government officials this spring — one official in the Secret Service and two who work at the White House, one of the officials said.

> The agency did not provide details about the threats made to the three officials, but Mr. McCool described some as “fraudulent calls.”

> Investigators have been going through the data on SIM cards that were part of the network, including calls, texts and browser history. Mr. McCool said they expected to find that other senior government officials had also been targeted in the operation.

The article goes out of its way to imply a link between this farm and the threats, but doesn't actually explicitly make that link.

The CNN article covering the same story does the same thing: https://www.cnn.com/2025/09/23/us/swatting-investigation-ser...

The Secret Service statement, however, does make that claim explicitly in the first sentence: https://www.secretservice.gov/newsroom/releases/2025/09/us-s...

Both this article and the NYT one strongly implies a link between these farms & the threats to government officials without actually outright stating so.
Do those devices have any legitimate use at all?
Why are these networks accessible without signing keys in 2025?
This is presented as if it's part of something like a terror plot, but my money is on it being related to your car warranty expiring.
Wait. What? My car warrant is expiring? If only there were some way to get more information and perhaps extend it ...
> While forensic examination of these devices is ongoing, early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.

> These devices were concentrated within 35 miles of the global meeting of the United Nations General Assembly now underway in New York City. Given the timing, location and potential for significant disruption to New York telecommunications posed by these devices, the agency moved quickly to disrupt this network.

"It could have overwhelmed cell towers, toppling New York City’s cell service and preventing every Manhattan resident from accessing Google Maps."

Seems odd that the most important use they can highlight for cell service in NYC is accessing Google Maps. Not accessing 911, not some other vital use of cell service, but Google Maps.

NYC is full of free Wifi all over the place. So many McDs, Starbucks, and other restaurants and sites you can get Google Maps anywhere.

I’ve lived through enough cellular downtimes to have Google offline maps
Looking at the original press release (https://www.secretservice.gov/newsroom/releases/2025/09/us-s...) and the attached high-resolution photographs, there are things that probably leap out at a Hacker News readership:

The Bad Guys are neat with their cable ties, and number their gateway boxes.

The Bad Guys went with simple heavy-duty metal garage shelving rather than real racking, seemingly vastly overengineered for the weight of the equipment, as that sort of shelving can hold up to a Mg per shelf UDL. The "WallOfSimBoxes" kit does not sport any rack mounting brackets.

The Bad Guys don't use redundant power supplies, or battery backup.

I wonder what kinds of techniques, if any, these virtual cell phones employ to evade being discovered. You would suspect that they could be discovered through triangulation.

Two possibilities:

1. Most if not all of these virtual cell phones are connecting from the same location.

2. Some of these virtual cell phones are connecting from the same location, with the remainder in reserve.

In the case of (1), you have both a fixed location and a high saturation that is unlikely.

In the case of (2), you could imagine using certain numbers at certain times to simulate the work day or hours during which people are more likely to be at home. Randomization or round robin could produce unlikely patterns, but without them, these virtual phones would be underutilized, save for some kind of cyberattack that would compromise their location.

Or the truth simply may be that they aren't doing anything, because no one is watching.

Not sure why, but I find that an astonishingly professional setup. The sim servers clearly haven't really got a legit use at that size - yet they come built with a very professional steel case. Setups even have color coded uplink vs downlink cat5 cables. I mean just very neat and tidy.