No mention of arrests or surveillance of any site to try and apprehend anyone related.
https://www.cnn.com/2025/09/23/us/swatting-investigation-ser...
EDIT:
While the headline on NYT highlights an attack on the towers for disruption, the CNN piece gives more weight to two other uses: (1) criminal communication network and (2) swatting.
I think those two make sense. The SIMs would probably hold US numbers and would appear authentic for accessing the US operators' networks.
It’s a cell tower jammer and terrorism multiplier. Can’t call or text. It will probably disturb internet service as well. Include a few radio jammers for local police and a few satellite antennas you could create an opportunity then a panic to cover your tracks getting out.
The UK has criminalized possessing or using SIM farms or related gear in response to these popping up with some regularity. But the operators are pretty clever and know how to hide. I've been thinking about how easy it would be to detect these when you're a telco and I think the signature is unique enough that it should be possible to detect which SIMs are part of a farm, even if you don't know the exact location of the farm.
Whoever did this likely isn't all that happy that their carefully created infra was used to harass officials, which most likely is the single reason this operation got uncovered in the first place. If it would have just been used for low level crime who knows how long they could have continued to do this.
Note that these are not unique to NYC or even to the United States, they've been found in other countries as well, the UK has now criminalized possession or operation of these (but the fines are so low that I don't think it will make much difference).
Uh. No it isn’t. SNR between 5 or so masts gives you the exact location of any cell device. This is how $oldemployer used to track them
IIRC modern cell towers use cool tricks to send stuff for a particular phone to only where that phone is so they can send more total data. Can this not be turned into a precomputed map by taking a test phone everywhere and seeing what settings the tower picks to talk to it?
FYI: That was available back in 2022 as standard. Now it could be even better. :P
I'm not saying it can't be done, clearly it can be done otherwise this article wouldn't exist. But it is not quite as easy as pointing a magic wand (aka an antenna) at a highrise and saying '14th floor, apartment on the North-West corner', though that would obviously make for good cinema.
Subpoena the power, water & gas company, and look at apartments that have unusual power usage, coupled with almost zero water & gas usage. Especially look at apartments that don't have a spike in power usage in the morning & evening that corresponds to people having a regular commute.
I'm not sure how much power this equipment draws at idle - I'm assuming it's more idle at night, no need to send scammy SMS messages at 3am Eastern - but I'd wager you could track that.
Granted, it's not fast, but depending on how quickly the companies bend over backward for such a request & how good your interns are at using Excel, you might be able to get this done before sundown.
Portable spectrum analyzers are regularly used to identify interference in urban environments. Even a damaged cable coax line on the street can interfere with cellular signals.
Because - depending on cell tower coverage and the antennas installed on it - the degree of precision is far too low to be useful. In rural installations and the worst case, aka a tower with a dipole antenna on a mountaintop, at 900 MHz the coverage will be around 35 km. Segmented antennas just limit the section of the circle where the endpoints are. In suburban areas, coverage is usually 10-20 km, and urban areas it's 5km and less.
Now you know which cell and cell section the user is in... but to actually pinpoint the user? That takes some more work. First, you need a few more towers that the user can reach for triangulation - the more the better - but if the operator of such a setup is even remotely clever and the hardware/firmware supports it, they will have locked the devices to only connect to a single tower (you can see a map at [1] that shows the IDs). If the operator didn't do that but the site is too remote to achieve triangulation, you might need to drive around in a van and use an IMSI catcher, aka a phone tower emulator, and hope that eventually the site's devices register at it. That, however, is a lot of awful work, and is often not legal for police authorities, only for secret services.
Now you might ask yourself, what about 911, how can they locate callers precisely? The thing is... it depends. Landlines and VoIP lines are usually mapped to a specific address (which is why VoIP providers give you an explicit warning that, if you do not keep that record up to date, 911 calls will be misrouted!), so that's trivial. Mobile phone callers however, until a few years ago the degree of precision was exactly what I just described - it completely depended on celltower coverage, with the only caveat that a phone will connect to another operator if it shows a stronger signal for 911 calls. Only then, Android introduced Emergency Location Service [2] and Apple introduced Hybridized Emergency Location [3] - these work with the sensors on the phone, most notably GPS/GLONASS/Beidou, but also SSIDs of nearby WiFi APs and specific Bluetooth beacons. Downside of that is, of course, the 911 dispatch needs an integration with Apple and Google's services, users can disable it for privacy reasons, and older phones won't have anything - so in these cases, 911 dispatchers are straight out of luck and again reduced to the above range of precision.
[2] https://www.android.com/safety/emergency-help/emergency-loca...
[3] https://www.apple.com/newsroom/2018/06/apple-ios-12-securely...
> Investigators found the SIM cards and servers in August at several locations within a 35-mile radius of the United Nations headquarters. The discovery followed a monthslong investigation into what the agency described as anonymous “telephonic threats” made to three high-level U.S. government officials this spring — one official in the Secret Service and two who work at the White House, one of the officials said.
So 100k SIM cards scattered around the middle of New York City.
Probably an egress point for scammers and bot farms, and the speculation about local disruptions isn't grounded in anything other than scale?
I've used hardware a decent amount larger than what's pictured in the OP for work. But what I was using wasn't just for SMS. So I needed more sophisticated modems. What they're using looks like a bunch of 64 port modem banks exclusively for SMS.
(Oh wait if you mean the devices for what's in the article you linked, then yea, those I'm sure are much smaller and quite different.)
> "several locations within a 35-mile radius of the United Nations headquarters"
That's the entirety of New York City!
edit to add: This very weird part was actually lifted from the USSS press release,
> "These devices were concentrated within 35 miles of the global meeting of the United Nations General Assembly now underway in New York City."
https://www.secretservice.gov/newsroom/releases/2025/09/us-s... ("U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area")
This looks exactly like a "SIM farm" operation, which rents out access to real mobile numbers, usually for the purpose of spamming or fraud. Yet there's no mention of this possibility.
There are stories of these SIM farms all the time, here is an example with very similar gear: https://www.vice.com/en/article/video-ukraine-busts-alleged-...
These stories are always sensationalized when their primary purpose by enlarge is probably just spam.
Looking at a map, a 35 mile as-the-crow-flies (and as the cell network signal flies) radius of the U.N. Secretariat building almost gets one to Lake Hopatcong, New Jersey, in one direction and past Stamford, Connecticut, in another.
The article:
https://www.cnn.com/2025/09/23/us/swatting-investigation-ser...
The SIM cards come from cheap MVNOs that have dealer arrangements for cheap or free first month activations, then they just set up a handful of SIM boxes and a residential Internet connection back to the mothership (like they did at the captured house with the white Verizon 5G Home router just casually sitting on the floor next to the units).
Similarly, I’ve had some friends on US MVNOs themselves that have access to “free” international calling, yet every time they call (the same) international number the receiving party gets a wildly different caller ID from a wildly different country each time (Poland, Moldova, etc). Also dodgy SIM boxes!
Lots of interesting discussions about cell phone networks lately.
Fake cell phone towers ICE is using to track people:
https://www.forbes.com/sites/the-wiretap/2025/09/09/how-ice-...
GrapheneOS (de-googled android) and FLX1s (pure Linux phone):
https://news.ycombinator.com/item?id=45312326
My question is: are any of these alternatives helpful against these novel attacks? If you are on a phone using a network vanilla provider like tmobile or otherwise, is there any way to prevent your phone from trying to connect to a fake network?
If I controlled the entire cell phone stack, like I would with FLX1s, then could I have something like the ssh initial connection signature:
The authenticity of host '100.64.0.46 (100.64.0.46)' can't be established.
ED25519 key fingerprint is SHA256:yE4jh7gROroduLqbIFcInlUXrpDy8JIpJPc+XvtIpWs.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
It would be a bit of a pain to accept a new cell tower when I'm in a new city, but I could imagine syncing a whitelisted trusted set of cell phone towers (ha, when I think of that the whole idea of "trusted" is laughable). But, at least I would have more insight into when I am getting surveilled. And, I could say "not today ICE!" or "tmobile, idk, please give me my HN fix, I don't even care if you know I'm aware my government is tracking me as I pay the service fee!" I bet a whitelist hosted on github would be faster to update than tmobile installing new cell phone towers so privacy enthusiasts could enable their own safety.
> The agency did not provide details about the threats made to the three officials, but Mr. McCool described some as “fraudulent calls.”
> Investigators have been going through the data on SIM cards that were part of the network, including calls, texts and browser history. Mr. McCool said they expected to find that other senior government officials had also been targeted in the operation.
The article goes out of its way to imply a link between this farm and the threats, but doesn't actually explicitly make that link.
The CNN article covering the same story does the same thing: https://www.cnn.com/2025/09/23/us/swatting-investigation-ser...
The Secret Service statement, however, does make that claim explicitly in the first sentence: https://www.secretservice.gov/newsroom/releases/2025/09/us-s...
The Bad Guys are neat with their cable ties, and number their gateway boxes.
The Bad Guys went with simple heavy-duty metal garage shelving rather than real racking, seemingly vastly overengineered for the weight of the equipment, as that sort of shelving can hold up to a Mg per shelf UDL. The "WallOfSimBoxes" kit does not sport any rack mounting brackets.
The Bad Guys don't use redundant power supplies, or battery backup.
Two possibilities:
1. Most if not all of these virtual cell phones are connecting from the same location.
2. Some of these virtual cell phones are connecting from the same location, with the remainder in reserve.
In the case of (1), you have both a fixed location and a high saturation that is unlikely.
In the case of (2), you could imagine using certain numbers at certain times to simulate the work day or hours during which people are more likely to be at home. Randomization or round robin could produce unlikely patterns, but without them, these virtual phones would be underutilized, save for some kind of cyberattack that would compromise their location.
Or the truth simply may be that they aren't doing anything, because no one is watching.
belter•2h ago