Thwarted Plot To Cripple Cell Service In NY Was Bigger Than First Thought

Last month, federal investigators said they dismantled a China-linked plot that aimed to cripple New York City's telecommunications system by overloading cell towers, jamming 911 calls, and disrupting communications. According to law enforcement sources, the plot was even bigger than first thought. "Agents from Homeland Security Investigations found an additional 200,000 SIM cards at a location in New Jersey," according to ABC News. "That's double the 100,000 SIM cards, along with hundreds of servers, that were recently seized at five other vacant offices and apartments in and around the city." From the report: Investigators secured each of those locations, seized the electronics, and are now trying to track down who rented the spaces and filled them with shelves full of gear capable of sending 30 million anonymous text messages every minute, overloading communications and blacking out cellular service in a city that relies on it for emergency response and counterterrorism.

According to sources, the investigation began after several high-level people, including at least one with direct access to President Donald Trump, were targeted not only by swatters but also with actual threats received on their private phones. "The potential threat these data centers pose to the public could include shutting down critical resources that the public needs, like the 911 system, or potentially impacting the public's ability to communicate everything, including business transactions," said Don Mihalek, an ABC News contributor who was formerly with the Secret Service.

Worried about 911?

[ebunga]

We just found out recently that across two states, the physical network used to handle the routing for 911 calls was not shovel-redundant. Probably someone stuffing MPLS-over-MPLS again.

Re:

[Revek]

You mean their ring was a straight line.

Would be a weird plot

[Casandro]

First of all, if you have so many devices at one spot, you'd essentially just overload a few cells. Second mobile networks are used to operating at 100% utilization, priorities are normal, particularly for things like emergency calls.
Besides if you wanted to DoS cells you could just use normal jamming, or if you want to be fancy and less easy to detect, just request a channel for authentication. You wouldn't need a SIM-card for that.

What seems more likely is that they build some sort of in official network

Re:Would be a weird plot

[thegarbz]

Actually you'd be wrong. You're focus is on the wrong part of the chain, the goal here isn't to overload the individual cells, it's to overload the routing computer which registers all devices and tracks across which cell system they reside in. For cellular systems SMS and traditional calls aren't just another network packet. There's a reason calls don't drop and SMSes still work even when towers are overloaded to the point where no one can even read a tweet. Routing for those is done by the same system which tracks where devices are on the network. Overload that system and it all goes down without even so much as a youtube's video worth of bandwidth.

I guarantee you the cellular system of any large city is not remotely designed for that completely unforeseeable level of traffic in that part of a protocol. Ironically though those SMSes could all be handled by a single 5G connection if it were just another IP protocol.

Re:

[Casandro]

Well half of the team I work at handles exactly those things, and while in the past this was an issue as it was handled via individual 64k TDM links... this now goes via Ethernet... and even though part of the software we use is written in Java, it's essentially just idling. Before there is even a noticable load on the signaling, the radio channel certainly will already be congested beyond being useful.

Re:

[thegarbz]

Which is precisely why this operation was diverse. I agree with you it wouldn't have remotely worked with all devices in one location. But in the world of both 5G (which had the primary goal of increasing subscriber numbers per tower, despite the constant news about how fast it can download a Netflix movie), and radio towers being spread out to a density of multiple per city block, the air interface is hardly a limitation.

Also that's another technical issue here why they would use SMS. It presents a signif

Re:

[GrumpySteen]

As the summary says, the previous 100k sims were in 5 vacant offices and apartments in and around the city. It's highly unlikely that the 200k they seized this time were in one location.

Re:

[Anonymous Coward]

This is the same setup that ruzzia has used throughout Europe to drive their bots on social media. They create and dump thousands of new accounts daily then feed a "message of the day" out to a world ready to gobble down angry posts.

Create a culture war and they will come!

Re:

[korgitser]

If the NY cell network can handle New Year's Eve without crashing, 200k sim cards won't do anything to it.

The whole thing is just a bunch of woulda coulda. Capable of sending 30M text messages... Imagine what all the phones in NY together would be capable of. And the cars I see parked outside are capable of killing thousands of pedestrians, too. The horror!

They don't know what this is for, and they don't know to whom it belongs. But most people obviously have never seen a lot of tech together in one place,

Re: Would be a weird plot

[Jeslijar]

I donâ(TM)t know much about cellular infrastructure, but on the day of the Boston Bombing there was basically no cell service in a huge area from everyone trying to reach everyone.

It worked out of the city, but in the city near back bay and even beyond it nothing worked.

I suspect in a future emergency that makes the news, combined with normal user phones, the same thing could happen regardless of how much improvements have been made.

Re: Would be a weird plot

[ToasterMonkey]

It's almost like there's a concerted effort to hide that this was a bot network for hire at this point.

Re:

[AntronArgaiv]

Couple of things I noticed...
The number of SIM cards seems to be greater than the number of cellular transmitters in some of these boxes.
The setups seem to be quite professionally installed (except for the one on the apratment floor) kinda odd for a one-shot DDOS campaign?
A lot of time, effort and money went into building these setups. How do the Feds know they're inteded for DDOS as opposed to robocalls and spam SMS (given that the latter is profitable, while the former is a one-shot deal)?

I'm not convinced this SIM farm was special

[ffkom]

We have seen so many SIM farms before, some with even more SIMs operated in parallel, being used by mundane criminals, like SPAMmers, SCAMmers, advertisers. So far I have not read about evidence these New York SIM farms were anything different from those criminal operations - even if some people rented some of their capacity to harass politicians... which appears to be the only reason why this was investigated by the Secret Service, which otherwise does not give a shit whether ordinary people are SPAMmed or SCAMmed.

Re: I'm not convinced this SIM farm was special

[jddj]

Worth your read:

https://cybersect.substack.com... [substack.com]

Re:

[cusco]

Thanks for that, I suspected this was the case from the beginning. Gotta beat those war drums louder, people aren't enthusiastic enough yet to go kill people who never did anything to them.

Re:

[Anonymous Coward]

Please everyone stop spending on defense. Putin promises he won't mess with your country if you just surrender first.

Re:

[Samuel Silverstein]

I'm skeptical that NYT would just collude with the Trump admin like that. It seems like the last thing they'd ever want to do.

Moreover, lately this site seems to do a 180 at the drop of a hat.

https://news.slashdot.org/stor... [slashdot.org]

Re: I'm not convinced this SIM farm was special

[jddj]

Not the first time the NYT has been accused of colluding with the US Government. See: non-existent WMDs greasing the skids for a war based on a lie:

https://en.m.wikipedia.org/wik... [wikipedia.org]

Re:

[buck-yar]

Usually the NYTimes pushes liberal agendas. That's pretty much the only time I've seen them assist "right wingers" though I use that in quotes because GWBush in retrospect looks like central/left authoritarian rather than traditional small govt conservative Republican. At the time the pitch for invading Iraq was being made, Bush had a 60, 70, even 90% approval rating, and for a brief (scary) period, both parties were on the same page. So there's additional information that makes the statement "NY times has

Re: I'm not convinced this SIM farm was special

[jddj]

The single thing that could make Bush 43 look "centrist" is that the current administration has drained the mental institutions and Aryan safe-houses to get its crew of wingnuts and thugs.

It stops being meaningful to talk of "left" and "right". More like "left" and "the greatest generation fought WWII to bring guys like this to Nuremberg".

Re: I'm not convinced this SIM farm was special

[ToasterMonkey]

It's not necessarily collusion, they're being played by leaks that aren't leaks. Half of /. couldn't spot this for what it is too. Read the comments the last two times this was posted. You guys that can figure it out, or have technical knowledge of cellular networks, writing honest emails to journalists and offering insight into how this is likely bullshit, that is how they'll come around. It's not like there's really a reason to retract anything, but if there's enough to write a follow up they'd have a be

Re:

[DimeCadmium]

It's not a leak because the SS put out a literal press release that the news articles all quoted from. https://www.secretservice.gov/... [secretservice.gov]

Re:

[DimeCadmium]

It's not necessarily collusion. NYT has printed dumber crap, and that's coming from someone who even still has a subscription (mostly for the crossword admittedly). Hanlon's razor.

Re:

[arglebargle_xiv]

Yup, so the headline should really read "Secret Service gets called on its bullshit story, doubles down with yet more bullshit".

Re:I'm not convinced this SIM farm was special

[taustin]

Technically, they Secret Service has jurisdiction over crimes committed with computers. They don't normally do much with it, and when they do, they have a history of not doing it well [sjgames.com], but legally, they certainly can.

In this case, I'm sure you're right, they got involved because of threats to public officials, which is something they do a lot of (along with chasing counterfeit money).

Re:

[sound+vision]

Seems like in 2025 they're more about ignoring threats to public officials, and producing counterfeit money.

Actually that second part might be delegated to other parts of the executive branch. But they're definitely stepping back protection of public officials whose names don't start with T and end with rump. Because, you know, they're so concerned about political violence.

Re: I'm not convinced this SIM farm was special

[bradley13]

Yup. Years ago, when I was a college Freshman or maybe sophomore, my cousin-in-law (who was Secret Service) asked me to pull credit card numbers off a computer they had confiscated. "Here, have at it, they're hidden somewhere".

I did find them, along with the people's details. It was only in retrospect that I realized: No backups. Hand the computer to a student with no training in evidence handling. Honestly, incompetence at the highest level.

On the other hand, flashing his SS badge in bars got him laid,

Re:

[wwphx]

Back in the '90s I worked for a major police department as a civilian in IT. They set up their first computer investigation unit while I was there. They were quite meticulous about custody of seized hard drives and how they were examined, and the attorneys of whoever owned that computer could have easily gotten that evidence, if not the whole case, thrown out over how they had you examine it.

Re:

[The MAZZTer]

I was watching a video that pointed out the devices these SIM cards were in could only use a small number of the cards simultaneously. And even if you ignore this, 100,000 sim cards is a small fraction of the total number of legitimate devices in NYC, so simultaneous usage would not have had much effect. So they are probably just used for mass-spamming and similar campaigns.

It’s for spamming

[ArchieBunker]

It’s for spamming sms and advertising click fraud. It was only investigated because politicians received threats. Otherwise it would still be spamming away.

Re:

[sinkskinkshrieks]

I'm thinking this is the most likely scenario too. Another organized crime fraud operation rather than little yellow men twirling their mustachios out to defile our precious bodily fluids.

Re:

[Valgrus Thunderaxe]

Why not use an internet SMS gateway?

Re:

[darkain]

Because there are essentially only 2 or 3 SMS gateways, which all have really damn good filtering at scale.

Not talked about much, but the backhaul SMS network (known as "aggregators") is similar to the internet in that there are large backhaul providers and then "last mile" providers (such as cell carriers, or companies like apple / google / twilio) that all run through the same aggregators.

The aggregators are pretty damn good at processing / filtering spam. Also, when you see text messages that say you can

Re: It’s for spamming

[paul_engr]

They probably tried or did until they were detected breaking the provider's AUP and were booted from the network. It would be much easier to masquerade as consumer end users on prepaid sims because then you're literally plain old traffic accessing via the normal vector to the mobile network in a way that does not present any obvious signs of abuse like having hundreds of thousands of numbers on one mobile over ip provider, who would probably be instantly suspicious of such an abnormal scenario

China linked?

[dwater]

So, why "China linked"?

Re:

[Required Snark]

They don't know so they make shit up.

It's a post-truth government. Shut up or you'll be silenced, maybe permanently.

Re: China linked?

[paul_engr]

The physical gear was made in china, most likely

Why?

[Gabest]

For the lulz? It makes no sense.

I don't buy any of this

[paul_engr]

Having not been familiar with sim servers, i took the two minutes to search for them on the internet and read a couple of sales pages from manufacturers of said equipment. These are for either proxying calls from IP to cellular to circumvent international fees or some shit, or they're for spam. This seems like it was just a plain old endpoint for a spam calling or texting operation and none of the danger danger end of the world warnings proclaimed by the "investigators" make any fucking sense at all

The real question

[paul_engr]

Who tracks spam calls and how did the call volume trend before and after this facility was shut down? I have to assume that spam call traffic had an instantaneous unit step decline when this operation was shut down. I don't know the relative size of this outfit vs the whole industry, but I would assume this is a drop in the ocean.

Wrong numbers

[bill_mcgonigle]

See Seyonic's Youtube video.

The 512-SIM racks can only addreses 64 at a time. This comports with what people noticed about the antenna count.

8x is nearly an order of magnitude difference and chaged my mind about the likely purpose.

Presumably the spammers expect the SIM's to get blacklisted and move on?

But WHO is provisioning a quarter million cards at a time without tripping flags?

Re:

[DimeCadmium]

Presumably not all purchased at once, likely not all by the same person, how many places sell SIM cards in NYC? At that scale likely pretend to (or actually) run a few different chains of corner stores and be doing a hopping business with all the drug dealers who live nearby or whatever...

"Potential", "could"...

[BytePusher]

It could also be used to send scammy marketing text messages as a service. Why would China fuck around, at a state level, with something like this? This is FUD and the FBI fluffing itself in public. I want to know what actual law was broken, because there are "potential" threats all over the place that are legal(for example, everyone who owns a car or a kitchen knife).

Re:

[hdyoung]

This is probably a plain Jane Chinese scam gang, operating in one of the densest US cities where the pickings are richest. It probably got taken down because they accidentally targeted a few important people. The “FBI saved the city from the Chinese gubberminet” shtick is theatre that plays well on right wing media. Nowadays basically every piece of media from the federal government is designed to play well to maga hat wearers, trigger the libs or, preferably, both.