720-891-1663

Alerts, Best Practices, Hacks, Safety

Secret Service Takes Down Sim Farms in NY

Leave a comment

First question you probably have is what the hell is a SIM farm.

Most of you (if you do) know the term from the little card that goes into your phone that gives it it’s identity. Either your carrier gives it to you for free or charges you a couple of bucks for it. Either way, without it, your phone is not a phone.

BUT, what if you bought tens of thousands of SIMs (you would think that would make the carriers suspicious, but what the hell, the check cleared). You certainly don’t want to have to buy tens of thousands of phones for your nefarious operation. Enter SIM farms. See the pictures below.

The first thing you probably notice is that it doesn’t take a lot of space. You can also see that there is an antenna for each “virtual cellphone”. In the top photo you can see yellow ethernet (Internet) cables going into each box. That is what causes the magic.

With an Internet address you can connect to that virtual cell phone unnoticed from anywhere in the world. Russia? Sure. North Korea? Yup. China? Why not.

That allows miscreants to make phone calls and send SMS text messages that look like they came from New York City (because, technically, they did) from anywhere.

According to the Secret Service, this batch was targeting government officials before they were caught. They are not saying who, not even which government. Remember the UN is in session this week.

They are not saying if the social engineering attacks were successful, but probably some were.

What they are saying is that they could have taken the cell network down. That seems a bit hyperbolic. Clearly they could throw a lot of traffic at the network but it could easily be contained with minor fallout. They are not saying where these SIM servers were other than within a 35 mile radius of the UN, but they did say the tri-state (NY/NJ/CT) area. Was that a bit of disinformation? Probably. I assume they were centralized around the UN given all of the dignitaries that are there this week. Maybe not, you could do a lot of damage from, say, Camden, NJ.

But if I was a cell carrier and I saw 100x the normal traffic from a cell site, I would take that cell site offline. The traffic would try to move to a neighboring site so you take that one offline too. In general, the distance these radios can reach is relatively small. If your network operations center has their act together you could bounce sites on and off line quickly enough to damage the attackers. If it is next to the UN you probably would not want to take that cell down, but if it is seeing 100x normal traffic, it is probably useless as a cell site anyway. If it is Camden, NJ (sorry, Camden), just take it down. Who cares?

Could this cause a regional or national outage?

I CERTAINLY HOPE NOT. IF IT COULD, THERE ARE A LOT OF FOLKS THAT NEED TO WAKE UP. This is a very normal day in the life of the Internet and these carriers – like AT&T and Verizon, among others, have to deal with this every day on the Internet carrier side of the house. Surely they have thought about an attack of that nature on the cell network.

This is not to take anything away from the Secret Service. Sounds like they did a good job in shutting this down. Will it have any long term impact? I doubt it. It cost these hackers some money for lost hardware. Assuming they didn’t buy it with stolen credit cards!! But in the grand scheme of nation state attacks, this was only a test. Could they replicate this in a couple of days to a week? Absolutely. Are there other farms already set up elsewhere? If you were a nation – except maybe Russia; they don’t seem to have figured this out with the Ukraine war – would you put ALL of your weapons in a couple of easily identified locations? Well, Russia has done that and Ukraine has made them suffer for that. Maybe the hackers watch the news and learn.

Was this really a threat to national security? Well, I suppose, if the wrong people fell for the phishing attacks, sure. Unfortunately, dignitaries are probably not the best at detecting scams, but I suspect that at least some of them get attacked constantly, so maybe they are good at detecting them.

Bottom line, this is a good training exercise for everyone around this. Hopefully they learn for next time.

Credit: AP News and The Register and The Hacker News

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2026 CyberCecurity, All rights reserved. Privacy Policy