Such a cool write-up, I enjoyed the screenshots of the admin interfaces ... which look exactly as bad as I'd hoped
Sad to see Mobile-X MVNO as the preferred SIM in the photos shown, but I wonder if an MVNO has local-level data to detect a situation like this when hundreds of phones are in one area and don't move. Postpaid carriers running their own network might easily connect the dots between SIM/accounts/phone towers... but the piggyback nature of MVNO network management probably makes even detecting this behavior even harder.
Maybe weird hardware, but easily available on aliexpress. Y’all need to explore more. Appears to be scrubbed off now but used to be more available.
Tbh, contraptions like this have a long history for gray-market VoIP call termination, but usually in countries where governments charge a lot for incoming international calls as means of fund-raising (or inefficient telecoms) but domestic rates are low.
At what point does an article shift from giving insights -> giving a step by step to start your own spam farm?
Praising the device and stating how cool it is? Highlighting how inexpensive it is? Screenshots of how it works? Saying where you can buy it from?
The line is blurry but this article has all of that. Here's to responsible journalism and being inundated with more spam on my phone so that a newsletter gets more clicks.
oh that's why google have been silently banning all corporations using gvoice unless they email support for each number to be manually checked for compliance.
it's been a few interesting couple months at work, as google being google there was never an announcement or anything.
The Secret Service is being overly alarmist, but to a hammer, everything looks like a nail.
“We need to do forensics on 100,000 cell phones, essentially all the phone calls, all the text messages, anything to do with communications, see where those numbers end up,” "You can’t text message, you can’t use your cell phone. And if you coupled that with some sort of other event associated with UNGA, you know, use your imagination there, it could be catastrophic to the city."
So until we do our jobs, imagine the worst case scenario. Thanks guys.
Could be rent US a number service, data roaming, VOIP or SMS termination, account registration (google, tiktok, whatsapp).
There are data roaming services that use 5G GSM modems to transfer the SIMs tower connection to pocket wifi devices for tourists who need data.
It's like a multi-SIM phone, taken to the next level. Seeing this comment recently about ultra-cheap 4G LTE modems, I do wonder if one could make something cheaper with a bunch of those connected to a PC: https://news.ycombinator.com/item?id=45250676
The reason for NYC is probably deploying it in a crowded network area to avoid detection. Deploying it in a suburban space would immediately show red flags.
This is only tangentially relevant, and a violation of the Guidelines, but I looked up the MVNO brand in the Secret Service photo (MobileX) and holy moly every single button on their website just opens a "scan to download the app" modal (or on mobile, takes you directly to the App/Play Store). It also asked for location permissions half a dozen times in as many seconds until I told Firefox to remember my refusal. MobileX, I am not under any circumstances going to install your app.
Why is it exactly, that mobile providers can’t catch this…?
Just like with SMS fraud. It might cost them a few cents per subscriber to do effective anti-spam measures, but now society has to pay the cost
Just want to say: Thanks! I was waiting for this article.
Thanks to Ernie Smith, to tedium.co, to HN, to community.
This is the kind of curious and intelligent response to FUD that I want to find whenever major news outlets start an insane new spin-cycle (as increasingly is the way of things in the world).
I’ll let the HN comment thread spin out (as it must), but amidst that, I just want to say that this right here is the reason I still keep coming back to this place and read all of it. So, thanks!
I had an inkling these things existed (I’ve been in telco for a few decades), but the last ones I saw had nowhere near this scale. The amount of manual labor to put in the SIMs _and_ configure/remove the PIN codes must be staggering unless they get a bulk manifest of some sort (which you do get if you order batches of SIM cards for IoT applications), so expect these things to have a CSV import of some kind…
Plus I’m wondering what exactly are the radio capabilities of these things with so many antennae close to each other. Anyway, anyone doing network planning would hardly notice a few dozen registered subscribers unless they started generating traffic heavily (in which case they’d probably saturate one sector of a cell, but not with SMS and LTE…)
What a delightfully arcane rabbit hole to get into today, I’m going to do some research…
no idea if its accurate. the replies appear to be disagreeing with it
>>>
It’s a Telecom Bypass Scam Using SIM Farms…Grey-routing is when international calls are re-routed through SIM farms like the one in those photos, instead of going through legitimate telecom carrier infrastructure.
Someone overseas makes a call to a U.S. number
Let’s say someone in Nigeria calls a U.S. bank or friend.
Normally, the call would be routed through official international telecom carriers, and each leg of that call would cost money.
The person calling (or their carrier) pays international calling fees to reach the U.S. phone network.
Scammers hijack the call and reroute it through their SIM farm
Instead of going through legit U.S. carrier infrastructure like AT&T or Verizon, the call:
Enters a VoIP (internet call) gateway.
Is then re-routed to one of the SIM cards in the SIM farm, which is sitting on U.S. soil and connected to a local mobile network (like T-Mobile or Boost).
This SIM answers and makes the call look like a local one like it’s just a guy in Houston calling a local pizza shop.
The call completes, but the real telecom carriers get screwed
The call appears as a local mobile call on U.S. networks, not international traffic.
For the record, someone may find this interesting.
The scammers avoid all the expensive international “termination” fees.
The telcos (Verizon, AT&T, etc.) get paid nothing, because it looks like local traffic.
Meanwhile, the grey-router charges the VoIP client a discounted rate, pockets the cash, and repeats the process at scale.
So they find some SIM boxes and assume terrorism? It's the way calling card services offer cheap rates to various countries. They suck from a cell planning POV but they're hardly nefarious.
25 comments
[ 4.4 ms ] story [ 43.6 ms ] threadSad to see Mobile-X MVNO as the preferred SIM in the photos shown, but I wonder if an MVNO has local-level data to detect a situation like this when hundreds of phones are in one area and don't move. Postpaid carriers running their own network might easily connect the dots between SIM/accounts/phone towers... but the piggyback nature of MVNO network management probably makes even detecting this behavior even harder.
Tbh, contraptions like this have a long history for gray-market VoIP call termination, but usually in countries where governments charge a lot for incoming international calls as means of fund-raising (or inefficient telecoms) but domestic rates are low.
Merge with https://news.ycombinator.com/item?id=45353925 ?
Praising the device and stating how cool it is? Highlighting how inexpensive it is? Screenshots of how it works? Saying where you can buy it from?
The line is blurry but this article has all of that. Here's to responsible journalism and being inundated with more spam on my phone so that a newsletter gets more clicks.
https://x.com/ErrataRob/status/1970586083374112784
I think this explains why the spam texts I receive never show up as an iMessage or rcs. This thing-a-ma-hugger doesn’t support it.
Cache of devices capable of crashing cell network is found in NYC (263 points, 251 comments)
https://news.ycombinator.com/item?id=45345514
it's been a few interesting couple months at work, as google being google there was never an announcement or anything.
it's mostly used to spam SMS and make fraud calls
“We need to do forensics on 100,000 cell phones, essentially all the phone calls, all the text messages, anything to do with communications, see where those numbers end up,” "You can’t text message, you can’t use your cell phone. And if you coupled that with some sort of other event associated with UNGA, you know, use your imagination there, it could be catastrophic to the city."
So until we do our jobs, imagine the worst case scenario. Thanks guys.
Could be rent US a number service, data roaming, VOIP or SMS termination, account registration (google, tiktok, whatsapp).
There are data roaming services that use 5G GSM modems to transfer the SIMs tower connection to pocket wifi devices for tourists who need data.
My machine was for...spamming text sms. We would put it on our vehicle and drive around the city to spam sms message.
We stop doing that now since it's not really effective anymore.
But our machine having same form factor does not mean they have same functionality.
Thanks to Ernie Smith, to tedium.co, to HN, to community.
This is the kind of curious and intelligent response to FUD that I want to find whenever major news outlets start an insane new spin-cycle (as increasingly is the way of things in the world).
I’ll let the HN comment thread spin out (as it must), but amidst that, I just want to say that this right here is the reason I still keep coming back to this place and read all of it. So, thanks!
Great post/read!
Plus I’m wondering what exactly are the radio capabilities of these things with so many antennae close to each other. Anyway, anyone doing network planning would hardly notice a few dozen registered subscribers unless they started generating traffic heavily (in which case they’d probably saturate one sector of a cell, but not with SMS and LTE…)
What a delightfully arcane rabbit hole to get into today, I’m going to do some research…
I’d have assumed the way to spam SMS is having some sort of dodgy SS7 connection somewhere?
Wild that the radio interface is the way to connect to the network for this.
And spoofing caller id is easy you shouldn’t need local SIMs?
no idea if its accurate. the replies appear to be disagreeing with it
>>>
It’s a Telecom Bypass Scam Using SIM Farms…Grey-routing is when international calls are re-routed through SIM farms like the one in those photos, instead of going through legitimate telecom carrier infrastructure.
Someone overseas makes a call to a U.S. number Let’s say someone in Nigeria calls a U.S. bank or friend.
Normally, the call would be routed through official international telecom carriers, and each leg of that call would cost money.
The person calling (or their carrier) pays international calling fees to reach the U.S. phone network.
Scammers hijack the call and reroute it through their SIM farm
Instead of going through legit U.S. carrier infrastructure like AT&T or Verizon, the call:
Enters a VoIP (internet call) gateway.
Is then re-routed to one of the SIM cards in the SIM farm, which is sitting on U.S. soil and connected to a local mobile network (like T-Mobile or Boost).
This SIM answers and makes the call look like a local one like it’s just a guy in Houston calling a local pizza shop.
The call completes, but the real telecom carriers get screwed
The call appears as a local mobile call on U.S. networks, not international traffic. For the record, someone may find this interesting.
The scammers avoid all the expensive international “termination” fees.
The telcos (Verizon, AT&T, etc.) get paid nothing, because it looks like local traffic.
Meanwhile, the grey-router charges the VoIP client a discounted rate, pockets the cash, and repeats the process at scale.