US Disrupts Massive Cell Phone Array in New York

This is a weird story:

The US Secret Service disrupted a network of telecommunications devices that could have shut down cellular systems as leaders gather for the United Nations General Assembly in New York City.

The agency said on Tuesday that last month it found more than 300 SIM servers and 100,000 SIM cards that could have been used for telecom attacks within the area encompassing parts of New York, New Jersey and Connecticut.

“This network had the power to disable cell phone towers and essentially shut down the cellular network in New York City,” said special agent in charge Matt McCool.

The devices were discovered within 35 miles (56km) of the UN, where leaders are meeting this week.

McCool said the “well-organised and well-funded” scheme involved “nation-state threat actors and individuals that are known to federal law enforcement.”

The unidentified nation-state actors were sending encrypted messages to organised crime groups, cartels and terrorist organisations, he added.

The equipment was capable of texting the entire population of the US within 12 minutes, officials say. It could also have disabled mobile phone towers and launched distributed denial of service attacks that might have blocked emergency dispatch communications.

The devices were seized from SIM farms at abandoned apartment buildings across more than five sites. Officials did not specify the locations.

Wait; seriously? “Special agent in charge Matt McCool”? If I wanted to pick a fake-sounding name, I couldn’t do better than that.

Wired has some more information and a lot more speculation:

The phenomenon of SIM farms, even at the scale found in this instance around New York, is far from new. Cybercriminals have long used the massive collections of centrally operated SIM cards for everything from spam to swatting to fake account creation and fraudulent engagement with social media or advertising campaigns.

[…]

SIM farms allow “bulk messaging at a speed and volume that would be impossible for an individual user,” one telecoms industry source, who asked not to be named due to the sensitivity of the Secret Service’s investigation, told WIRED. “The technology behind these farms makes them highly flexible—SIMs can be rotated to bypass detection systems, traffic can be geographically masked, and accounts can be made to look like they’re coming from genuine users.”

Tags: , , , ,

Posted on September 24, 2025 at 7:09 AM23 Comments

Comments

Jason Sewell September 24, 2025 7:25 AM

How do farms like this work around the fact that they’re adding the pressure of thousands of devices to a single (or maybe a small handful) of cell towers? Seems like that would either be easily detected and blocked or that it would disable that single tower or backhaul. I don’t quite understand how this would cause widespread failures unless it was exploiting a flaw of some kind.

Winter September 24, 2025 7:39 AM

The most explosive subject in the United Nations General Assembly would be the plight of the Palestinians in Gaza and the West-Bank. In the General Assembly, the suffering of the Palestinians were expected to get a lot of attention.

The current administration of the US has block entrance to the US to all Palestinians, even to those carry non-Palestinian or Israeli passports.

This plot might very well linked to this subject.

Alan September 24, 2025 7:59 AM

The story is weird because it appears to be sensationalized. The key sentence is this:

“Following multiple telecommunications-related imminent threats directed towards senior U.S. government officials this spring, the U.S. Secret Service began a protective intelligence investigation to determine the extent and impact these threats could have on protective operations,” he said.

From that sentence, it looks like this is what actually happened:

  1. An SMS/telecom provider set up a SIM farm to rent to clients.
  2. One of the clients used the SIM farm to send threats to US officials.
  3. The Secret Service got involved and tracked down the SIM farm.
  4. The Secret Service closed the SIM farm down, seized the equipment, and then published an over-sensationalized story with lots of movie-plot scenarios about the huge threat that it averted.

Stephen September 24, 2025 8:08 AM

Have seen comments in other forums to the effect that these are effectively rental cloned or falsified phones that can be used in any number of scams. Essentially a turnkey solution when part of the opening of a short con requires SMS. Might this be a self-financing way to build dual-purpose infrastructure that can flex into DoS attacks by saturating available bandwidth? Sure, I guess so, but very doubtful that was the primary purpose.

One would hope that carriers have mitigation tactics to kick misbehaving endpoints off the network or at least throttle them. If that requires some cooperation or at least orderly behavior from the rogue device, there are very likely multiple ways to subvert expectations and jam up the network.

Again, that’s a side hustle. People deploy capital to make a return. The capacity to push out a lot of SMS traffic, seemingly from multiple points of origin is the most obvious application for this relatively unsophisticated setup. The carriers may turn a blind eye because each of the fake SIMs that route scammy traffic through that tower comes with a monthly check.

The new Maslow’s hierarchy for cybersecurity bad actors seems to be greed > sloth > stupidity > malice.

Vesselin Bontchev September 24, 2025 8:13 AM

“This network had the power to disable cell phone towers and essentially shut down the cellular network in New York City,” said special agent in charge Matt McCool.

As Marcus Hutchins pointed on BlueSky, this is equivalent to

Secret Service: Arrests local coke dealer

Secret Service: “We stopped a potential terrorist in possession of enough chemicals to kill the entire UN General Assembly”

Basically, the story is bogus, overhyped, and mindlessly parroted by the media outlets who obviously have no clue on such matters.

See also Ron Graham’s “That Secret Service SIM farm story is bogus”.

Tom September 24, 2025 8:22 AM

Seems like that would be easily either detected and blocked

You’re talking about 100k devices in New York City. 100k is a lot, but it’s around 1% of the population of New York. An LTE cell can handle a fair few devices if they’re individually not pushing a lot of traffic.

What seems weirder to me is that for a SIM to do something useful, it has to successfully register with a network, so that’s someone maintaining 100k cell phone subscriptions. Even on the absolute cheapest plan, that’s half a million dollars a month. Okay, for a state actor maybe that’s not all that much, but it’s sort of difficult to see where the return on it is. But maybe that’s why I’m not a master criminal.

Who? September 24, 2025 9:03 AM

Wait; seriously? “Special agent in charge Matt McCool”? If I wanted to pick a fake-sounding name, I couldn’t do better than that.

Me neither.

signed: special agent Johnson.

Seriously, I cannot understand this history either. A nation-state setting up so huge network near UN general assembly, and contacting with the worst of the underground from here? Why?

I would like to ask one question now: what is a SIM server? It does not sound like the class of device someone will install on a random Internet network port. It looks like something that must run inside a service provider network.

Winter September 24, 2025 9:39 AM

From the OP

It could also have disabled mobile phone towers and launched distributed denial of service attacks that might have blocked emergency dispatch communications.

Translated:

This is a setup able to DDOS the phone system in central NYC during the UN General Assembly.

The setup required large resources in finances, materials, and personel. I have not yet seen a suggested financial profitable crime using this setup given the investment.

And why do this concentrated in central NYC? Targeting the UN? Wall Street? Trump during his visit?

KC September 24, 2025 10:42 AM

If you haven’t watched the testimony/remarks of Agent McCool, you should.

McCool: “Forensic examinations of the equivalent of 100,000 cell phones worth of data is underway.”

The NYTimes on the cache of devices:

The conference draws more than 100 foreign leaders and their staffs and has been described as the Super Bowl of spy games.

If the agency was on the trail, was there a credible reason to interdict now?

Wired: … the agency got onto the trail of the New York area SIM farm after it was used in a pair of swatting incidents around Christmas Day in 2023 [targeting two identified Rep congresspeople]

NYTimes: … The discovery followed a monthslong investigation into what the agency described as anonymous “telephonic threats” made to three high-level U.S. government officials this spring …

The agency did not provide details about the threats made to the three officials, but Mr. McCool described some as “fraudulent calls.”

goodjob September 24, 2025 12:12 PM

@Who

Quote:

SIM servers are systems that use multiple SIM cards to make calls, send texts, or transmit data. Legitimate telecom companies use them under controlled settings.

But when placed in the wrong hands, these SIM servers become tools for crimes—like wiretapping, sending mass scam messages, rerouting calls, or intercepting private communication. In large illegal networks, these setups can also mimic the operations of trusted cellular companies, tricking even the most secure systems.

source: http s://digital chew.com/2025/09/24/why-did-the-secret-service-shut-down-a-telecom-network/

Clive Robonson September 24, 2025 12:37 PM

@ ALL,

I’ve already made some technical points on this story,

https://www.schneier.com/blog/archives/2025/09/friday-squid-blogging-giant-squid-vs-blue-whale.html/#comment-448185

But there is more to say.

First off the Network Operator can block/turn-off any phone from connecting for all but “911 Calls”.

Secondly if the SIM is supplied as part of their network they have the master keys to download “Over The Air”(OTA) Updates. Thus disabling the SIMs is a matter of a few milliseconds each.

As I noted in my earlier post I’ve linked to above, this is a “chicken little” type OMG threat, story. And no the sky is not going to fall in with every Trumpian 400lb blob bashing away trying to be an army of one on his bed or in Mommies hole under the floor next to the hot water cylinder.

This is because of the sums of money involved. Even the article admits this towards the bottom.

Depending on who you credit this is as described upwards of $250k and could be more than $1.5M when you include equipment, SIMs and importantly rental on space all over the city.

And that all over the city is the important part…

Cell sites back in 2G and 3G days used to be very large and not capable of handling many calls at a time. The Advent of the Internet and LTE ment the size of cells has shrunk from high tens of square kM down to in some cases less than 0.5kM and their capacity risen significantly.

4G without LTE is effectively the last generation of GSM where being able to block all the cells in even a town by using phone simulators –SIM Boxes– will work…

My feeling based on the little that has been said is that it’s a “Level III” attacker, ie State Level or large corporate or other entity with those sort of resources.

So far as far as I’m aware the only people who have done similar was the Russians as they invaded the Ukraine to use as secondary command communications. As a plan it failed the Russians as they were very rapidly detected and the traffic monitored for valuable intel. When it had been “milked enough” it was turned off bit by bit and the Russian’s had to use other much less useful ways to make command communications. Though the Ukrainians left many Russian troops to “phone home” as they were basically a very useful way of countering Russian political “Black Propaganda” from Putin and his cronies. In effect the Russian soldiers were freelance “White propaganda” as the lived and died in misery under brutal oppressive conditions the soldiers truthfully relayed back home to their families…

Also consider this is at best a “One Shot” for what the story is claiming. Who would waste a $1M on such an excercise?

Look at it another way, to be worth while the pay back in half a day would have to be in excess of $100M…

Where would that money come from?

And how would it tie up with NYC?

My guess is it’s not the UN, or nearly every other place in NYC, with the exception of say a financial institution…

If “a run” of sufficient severity starts, then cutting down the cell networks –if it can be done– might turn a run into a rout. And in theory bring down the US economy into another major financial crisis at a time when much of the world would be happy to let the US sink or be forced into trade deals that Uncle McDonut would be most upset about.

After all “leverage is leverage” and the McDonut is loosing it rapidly and back pedling vigorously. This recent H1B and India idiocy might well have indicated to many that

“The McChicken is ready for plucking” then maybe roasting or flattened into a tasteless pattie to be trod on after being yacked onto the side walk.”

The number of fun “chicken little” conspiracies we can come up with are almost endless.

The actual truth is that if the report is true in basic information, there appears from the report to be more than $1M invested in this plan. And we like those supposedly investigating have absolutely no information as to why or what the plan for that investment might be.

I propose the comfy chair and several large bowls of popcorn and watch the sports or reality channel with a cool drink and just wait for either it to just disappear or more information to be issued.

Clive Robinson September 24, 2025 12:57 PM

@ Bruce, ALL,

Remember the “Greek Olympics” wiretapping of mobile phones probably by the NSA/CIA?

Well it appears that it’s happened again, this time a little more “home grown” with the assistance of the Israelis who are now on trial…

For “misdimenors”, under a very junior judge etc. And yes people are getting quite upset about the illegal activity of the time,

https://www.bbc.co.uk/news/articles/ced56p5l2wwo

Especially as those who were probably in cahoots if not incharge changed the law to make such spying legal…

So more fun and games.

Who? September 24, 2025 1:47 PM

@ goodjob

Thank you, it is now clear to me what a SIM server does. It is not what I would have expected and, indeed, a server with a few hundred SIMs can be a nightmare to track.

Thanks, too, for the update about this network.

Alan September 24, 2025 2:00 PM

If someone wanted to DOS the cell network, they would just setup a cheap transmitter to jam/interfere with the radio signals, they don’t need a SIM farm.

Similarly, taking down this SIM farm did nothing to address vulnerabilities in the cell network. It could still be easily jammed with a relatively inexpensive radio transmitter.

goodjob September 24, 2025 3:00 PM

organized crime and more than one foreign gov

from WaPo:

htt ps://www.washington post.com/national-security/2025/09/23/secret-service-cellular-device-network/

An early analysis of the devices indicated that they were used in communication between foreign governments and people “known to federal law enforcement,” the service said. The service declined to say which foreign governments may be involved. Officials briefed on the investigation said drug cartels, groups linked to human trafficking and other criminal organizations had used the network.

and something else:

The devices were set up in such a way that they could allow anonymous, encrypted communications among participants in criminal enterprises, officials said.

lurker September 24, 2025 3:02 PM

I’m with @Vesselin Bontchev and Ron Graham. What criminal enterprise would have a useful rate of return on this investment? International phone calls. Very few US citizens make international calls, but there is in the US a signicant diaspora from all over the planet who make and receive calls from home. I’ve often wondered how those “cheap international calls” sims work that you see for sale in the markets all over Africa and Asia (& probably S.America too, but I haven’t been there to look).

The reference to “fraudulent calls” to high-level US govrnment officials just shows the operators of the scheme couldn’t control who used their system for what.

not important September 24, 2025 6:17 PM

@Alan said ‘If someone wanted to DOS the cell network, they would just setup a cheap transmitter to jam/interfere with the radio signals.’

Unfortunately, as I know (not sworn statement),in US this I option for government only and will worked indiscriminately.
Do you know when some jerk (he/she) is very loudly talking over the phone in a public transportation for long time, it is very good to jam his bleeping phone with jammer. But in US you can get in trouble with authority.
Fortunately, in EU (correct me if I am wrong) when You have own business like restaurant you may post sign at the entrance that ALL cell phone calls would be blocked inside, then it is up to customer to decide go or not go in. Free access to a land line phone for emergency call will be provide anyway. But in US, that is also illegal even within private business. Make you own conclusions.

Lars Skovlund September 25, 2025 1:36 AM

As for the name McCool, it’s of course Irish. Gaelic names tend to look quite different when anglicized. I am told by Wikipedia that there is a mythological figure named Fionn mac Cumhaill (aka “Finn McCool”).

Clive Robinson September 25, 2025 3:31 AM

@ not important,

With regards “deliberate interference in the RF spectrum” or “intentional jamming” or the many other names people use. Different jurisdictions have different legislation, regulation, rules and much more.

However oddly perhaps the US bans the devices where ever they are used (including in laboratories).

Many other places do not care about use of jammers and for the good reason they are only interested in what it does to others. Thus what you do at home and stays in your home is between you and other people “who have a right” to be “on the property”. The same with mostly all other property.

That is the us “bans the equipment” other places “address the harms”. In the case of all radiated energy banning the “equipment” is actually a legal nightmare, where as “stopping the harms” is relatively easy legally.

Oh for those thinking that intentional jamming cell service via a CW or similar jammer is something that can be done over a wide area with GSM… that kind of ended when LTE became more common. And as 5G and 6G replace 4G and earlier it will be fairly pointless to try except over a very tiny area.

For those that want to know why it’s down to ‘Eb/N0’ or “energy per bit over noise density”

https://ensatellite.com/ebn0/

In the case of jamming the noise density is actually that from nature plus the jamming signal.

Now consider your jammer is a swept VCO unmodulated system. Your CW signal is narrow band which means at any point in time only a very very small part of the spectrum has energy from your jammer on it.

Low Probability of Intercept (LPI) modulation and modern data systems can be viewed as sending data in parallel across very wide bandwidths and with error correction.

Thus across very wide bandwidths you have to have more energy/Hz than the mobile phone handsets that in effect have all their energy in a very narrow frequency band that rapidly moves. Look up Spread Spectrum systems and jamming to see the problems involved.

Your only hope is high power close to the cell receiver…

Then there is the fact that GSM systems now use “phased array” antennas that can be thought of like telescopes that can point past an interference source by looking in it’s direction but in the direction of the handset signal.

Thus general unmodulated or CW jamming is not effective with newer data systems designed to deal with general interference.

So the only trick left is to occupy all the “baseband” channels… Which is a little difficult to explain these days.

So over simplistically, a cell site has a “backhaul” into the datacoms network backbone and has in theory a finite number of user connections at any given quality. Back in the days of ISDN and “circuit connect” this used fix amounts of data bandwidth regardless of actual data use. Well ISDN and similar are in effect gone, and many backhauls are “IP on Ethernet” or similar and are “packet switched” not “circuit switched”. This means more effective bandwidth utilisation by “average” not “peek”. To get around all users wanting peek use briefly quality is “degraded to fit”… This means that 100 no-voice calls take up about as much bandwidth as just a couple of voiced calls with peek use modulation.

To generate peak use voiced modulation continuously is actually quite hard. Thus your jammer would have an extraordinarily complicated modulation system that would require some “quite interesting” development work to put it politely.

Thus using a SIM-box that takes VoIP or other data source and sends it to the equivalent of 16 or more handsets can less expensively hardware wise jam just the same amount as 16 ordinary handsets with the same audio or data.

This is just one of the reasons the various defence planners around the world are closely looking at GSM systems to replace military radios for “Boots on the ground” as are Emergency Responder organisations.

Walkie Talkie “Private Mobile Radio”(PMR) is likewise undergoing significant change because it’s mostly a waste of spectrum resources by entities that really do not need them.

Part of this “transition” is “Push-to-Talk over Cellular”(POC) systems sometimes called “Global 2 Way” basically they were originally just cell phones that you don’t dial and have been around for nearly four decades.

Later as VoIP and data -IP over GSM became practical they moved into virtual networking. Then as WiFi / Bluetooth chips became inexpensive thay got added (see Zello and the like).

However POC are mostly still not true replacements for PMR and similar FM/AM/SSB voice based radio systems. Which is why now some POC handsets running Android also contain FM VHF or/and UHF two way radio modules covering the same range as the very inexpensive Chinese 2Way handsets like the UV5 etc. This is because they use the same “cheep as chips” radio modules.

In fact you can now buy modules yourself that stick on the back of any modernish Android phone so you can make your own POC+PMR/Ham for a lot lot less.

But even Amateur/ham is going digital in a slightly different way… Look up “Ham Hotspots” and Ham-VoIP systems. They use a traditional Ham Radio to work using low power to what is a combined “Software Defined Radio”(SDR) and Gumstick style “Single Board Computer”(SBC) to then work using VoIP and similar across the Internet and through satellites etc.

So the days of Mobile Phones and Walkie Talkies as distinct objects are coming to an end for “wide area use”. Nano, Pico, and Femto cell operation using GSM is one future path with personal HotSpots based on WiFi and similar being another. Thus the differentiation between Off Grid and On Grid communications will be very blured.

Which makes “effective EM jamming” not just difficult but near impossible except very very locally. Which means that in non battle field locations those desiring to jam individuals communications will, where they can, resort to knocking entities off at the backhaul or network backbone level.

The point is that “local communications” has become too diverse for traditional jamming in even military warfare. With well over 100MHz of bandwidth available for 4G and above with phased array antennas standard, effective jamming will require as much if not more radiated power as a radar unit. Which means the chances of getting a HARM missile as a greeting present winging in at near Mach 3 or a few 155mm artillery shells dropping in at upto Mach 2 is really quite high.

[] To find out more about HotSpots the easiest way is to read a “HowTo” build your based own on a common SBC

https://hagensieker.com/2024/04/13/best-dmr-hotspot/

[] Fun fact, we’ve all heard about “jam proof drones” that use fiber optics, and many have also heard of military “field telephones”. What killed of field telephones was putting the wire down as it was slow and dangerous work. Well someone has developed a low cost light weight field telephone that uses the same fiber optic cable as the drones do. So now the fiber and phone can be deployed by drone in just moments. Also someone has developed a very inexpensive optical fiber interface to the very inexpensive VHF and UHF radio and LoRa modules. Thus making shelling DF’d TX locations a waste of expensive ammunition (properly used RX only locations are difficult to find unless you literally trip over them as they can be smaller than trail-cameras or boxes of matches).

Michael Humphrey September 26, 2025 12:51 PM

@Winter
“And why do this concentrated in central NYC?”
Well, if this is a commercial spam operation, @Tom already quoted a good reason – “100k is a lot, but it’s around 1% of the population of New York”. 100k phones connecting to a tower in some one-horse town in the middle of nowhere will stick out like a sore thumb. Where can you put those 100k phones without them standing out? In the middle of the biggest metropolis in the USA, where the millions of legit phones will provide cover.

B October 6, 2025 9:43 PM

If [the rapid cycling of 100 to 300k SIM cards crashes a 5G network ] or [ worse yet crashes half a countries telecom network ] then [someone better review their detailed design documents] and [ ensure they have set aside enough internal contingency to address the financial and political blowback]

JTC October 15, 2025 10:09 AM

Are we to believe the representatives of the most powerful nations on earth are using cellphones at the UN? I am sure the UN has plenty of secure VPN internet connections and perhaps encrypted VOIP phones. I believe the UN was inserted into this story to make it more “newsworthy.”

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.