This seems like a story that should have gotten a lot more attention than it has. “Secret Service Dismantles Weaponized SIM Farms Designed To ‘Shut Down’ NYC Cell Networks.”
Hours before President Donald Trump’s address to the United Nations General Assembly, the U.S. Secret Service announced that it had dismantled a massive, decentralized SIM farm network, just 35 miles from New York City, hidden inside five abandoned apartment buildings. The telecommunications stealth weapon was capable of paralyzing regional cell networks through denial-of-service attacks.
Key Details from the Secret Service Report:
Investigators seized 300 SIM servers and 100,000 SIM cards across multiple sites.
The devices enabled anonymous threats, encrypted communications, and could launch telecom attacks such as:
Disabling cell towers Denial-of-service attacks Secure communication for criminal enterprises
If you want secure communications networks, there are lots of cheaper ways to do it that don’t involve rooms of rackmountable servers full of SIM cards. This setup suggests a big planned infrastructure hit.
Early analysis shows links between nation-state actors and known criminals.
CBS News described the seizure as the largest of its kind, noting the network was scattered across abandoned apartment buildings at more than five sites, roughly 35 miles from New York City.
Pretty ballsy to just pick abandoned apartment buildings and go “Hey, let’s just move lots of really expensive equipment in here for a future attack. I’m sure no one will notice.”
“This network had the potential to disable cell phone towers and essentially shut down the cellular network in New York City,” Secret Service Special Agent in Charge Matt McCool stated in a video released in the report by the agency.
Beyond DDoS attacks, the SIM farms could also support psychological warfare operations such as:
Mass disinformation campaigns Emergency false alerts (e.g., fake evacuation texts) CBS, citing multiple officials briefed on the probe, reported that early findings suggest the network was used for communications between foreign governments and individuals already known to U.S. law enforcement.
In our view, the likelihood of this being part of a larger threat vector for potential physical terrorism appears elevated. Consider this: disrupting communications in tandem with a physical attack would be the playbook for foreign adversaries…
The Secret Service tweet shows an awful lot of specialized hardware:
The Secret Service dismantled a network of more than 300 SIM servers and 100,000 SIM cards in the New York-area that were capable of crippling telecom systems and carrying out anonymous telephonic attacks, disrupting the threat before world leaders arrived for the UN General… pic.twitter.com/sZKUeGqvGY
— U.S. Secret Service (@SecretService) September 23, 2025
The scale of the thing suggests a state actor behind the plot, most likely China or Russia.
A bigger concern is that such a telecom infrastructure attack probably wouldn’t be the main attack, but likely a secondary attack to slow response to or amplify the chaos of the primary attack. You don’t spend this much time and effort to annoy New Yorkers for a day or two before countermeasures can be deployed.
No, this was a supporting element for something much bigger.
So what was the primary attack supposed to be?
Tags: China, Crime, infrastructure, Military, New York City, Russia, Secret Service, SIM farm, technology, terrorism
Could this SIM farm have been just a spam phone call operation? Think that is what most SIM farms are designed to do.
I’m far from an expert, but you don’t need SIM farms to run a spamming operation, as multiplex lines in a data center are much cheaper. That many SIM cards to a box are obviously for spoofing/DDOS attacks.
Also, if you’re trying to make money, you don’t set up clandestine operations in an abandoned apartment buildings. Strip centers and industrial parks work just fine.
On the issue of abandoned buildings — actually a smart move.
If you put the SIM farms into a warehouse, office space, small retail strip mall, etc., you have to set up a lease. That’s paperwork, money trail, chance of identification, etc. You can’t just walk in.
Abandoned buildings have none of that. If I were doing this I’d bluff my way through it. I’d arrive/depart in vans made up like service vehicles of one kind or another, and different ones each time (exterminator would be a good one, no one would complain about seeing an exterminator in a marginal neighborhood). My co-conspirators would wear service ‘uniforms’ and hard hats (and paper masks to hide their faces, wouldn’t want to spread COVID, you know). They’d arrive/depart in business hours and be respectful of the neighborhood.
I have no more knowledge of this kind of skullduggery than my reading of silly novels, but that’s what I’d do.
And yes, this seems like a lot of work for a primary attack. This was in support of whatever the primary was.
Hm – I would have thought apartment rentals were so expensive in NYC that the phrase “abandoned apartment buildings” would be rare there. Are there Middle-Kingdom-scale abandoned buildings piling up in Manhattan?
And do abandoned buildings get free power or something? No pirate power cables are visible in the images – just stuff plugged into wall outlets. Is electricity free there?
As to purpose, the hints at the end are that this was a parallel network for secure relay comms, which also had an intrinsic capability to generate large scale attacks on the cell network if the direct action folks in the big apple were to get a green light. I wonder if it might also be able to mimic the LE “Stingray” systems to spoof itself as cell towers to intercept calls.
If this was a Chinese or Russian(or Iranian) operation it would probably qualify as…what is that quaint old phrase?… oh, yeah, ‘Act of War’. I hope it’s treated accordingly.
This arrangement is too crude to be the work of a foreign government, unless it is being directed a third-rate foreign adversary,, such as Venezuela.
It is most likely battlefield preparation by a domestic group having access to Middle East funding. Given its proximity to NYC, it may it could be that the responsible party is hoping to use the chaos resulting from a Mayor Mandami administration to leverage additional mayhem.
In short, NYC realizes a crisis resulting from. Mandami’s maladministration, response to the crisis is hamstrung through Denial of Service attacks. Extortion demands are made in exchange for the restoration of communication links.
This is way better than highjacking an airliner iand using your hostages as bargaining chips.
Mr White my big issue with that is power. Electric companies are pretty good about turning off electricity to abandonded buildings as 1) its an attractive nuisance to squatters. 2) it costs them money and 3) emergency services don’t want to have to contact Electric services in case of fire. I wonder if they also found some largish generators (or lots of little ones). Truthfully, this is darned weird, and yeah this doesn’t look like the primary attack; something else was planned. this makes me quite uneasy. I wonder which National actors were involved. That’s seriously a lot of money for that hardware.
35 miles from NYC is Jersey or even CT. Why Secret Service? Wonder how they were discovered? Volume spike? Calling it “State Actor” is a first class ticket to Gitmo for anyone vaguely involved. Did they get any people?
Per Hannibal999 in the comments:
It’s a Telecom Bypass Scam Using SIM Farms…Grey-routing is when international calls are re-routed through SIM farms like the one in those photos, instead of going through legitimate telecom carrier infrastructure.
Someone overseas makes a call to a U.S. number
Let’s say someone in Nigeria calls a U.S. bank or friend.
Normally, the call would be routed through official international telecom carriers, and each leg of that call would cost money.
The person calling (or their carrier) pays international calling fees to reach the U.S. phone network.
Scammers hijack the call and reroute it through their SIM farm
Instead of going through legit U.S. carrier infrastructure like AT&T or Verizon, the call:
Enters a VoIP (internet call) gateway.
Is then re-routed to one of the SIM cards in the SIM farm, which is sitting on U.S. soil and connected to a local mobile network (like T-Mobile or Boost).
This SIM answers and makes the call look like a local one like it’s just a guy in Houston calling a local pizza shop.
The call completes, but the real telecom carriers get screwed
The call appears as a local mobile call on U.S. networks, not international traffic.
The scammers avoid all the expensive international “termination” fees.
The telcos (Verizon, AT&T, etc.) get paid nothing, because it looks like local traffic.
Meanwhile, the grey-router charges the VoIP client a discounted rate, pockets the cash, and repeats the process at scale.
From the pictures on the SS site, I did a little digging. The racks appear to be 72 units of 256 SIM multiplexers. I found something close here:
https://ejointech.shop/products/ejoin-256-ports-simbank-256-simpool
Retails for $3k, so that one picture is $250k. Across the rest of the pictures, probably north of $1M. Not out of reach for a scammer, but not a small op.
[…] Remember the story from 10 days ago or so about the SIM farm that looked poised for a telecom infrastructure attack on New York City? […]