This protective intelligence investigation led to the discovery of more than 300 co-located SIM servers and 100,000 SIM cards across multiple sites.
They found a phone farm.
It’s pretty unlikely they were using actual cellphones for this setup.
They have images in the link. They sure don’t look like actual phones. I hope more information comes out about what was being used and where they were sourced. Were they devices that have a legitimate use as well or something more custom for nefarious purposes? They don’t look like they take a lot of room, so this might not be the last time we hear of something using this or similar equipment. Doesn’t seem like it would be hard to put these all over the world.
Why? Not disagreeing, just curious if there’s something to base this off of. It’s a whole lot of phones, but old phones are still perfectly functional and cheap as dirt in bulk. You can get 100-phone management racks off alibaba for not too much, so while this setup would be damned large, it’s for sure not impossible to set up for a dedicated enough actor.
And that said it’d be a pain in the ass. Could you replicate the functionality with a broadband radio and a server, maybe?
There are images in the link; they’re not actual phones.
You don’t need phones. They are emulated. Better to call it a SIM farm but phone farm is good enough a term colloquially.
But a phone farm doesn’t necessarily use whole cellphones. All it really needs is the network chip and a sim unit for network authentication, and the hub would then power and control it all. The pictures in the article look like a phone farm of this sort, and I believe they’re correct in their assessment of its danger.
The laissez faire attitude most tech companies, non tech companies, and people, have towards cyber security is a ticking fucking time bomb.
This isn’t 1990. Everything relies on technology. I can’t help but feel that we are headed towards a clusterfuck the likes of which has never been seen before.
When I was a kid I wondered what would happen if someone set off an EMP in NYC, specifically about whether it would wipe out the data on Wall Street.
I decided they wouldn’t be dumb enough to not have backups in a safe location.
As an adult, I no longer trust that assumption.
I remember there being a tiny earthquake in NYC and that fucked up the calls because everyone was just panic calling. The subway was nearby so it covered up the vibrations. My mother thought I messed up her phone somehow and blamed me for it lmfao. (“subway” was above ground so it wasn’t a reception problem)
Nothing would actually be wiped out.
It’s why that part in Dark Knight Returns is really fucking stupid.
The majority of finance institutions will have multiple live servers in two places. Eg. new Jersey and as far away as Virginia. Some have three.
The data itself will be in even more locations as backups, but might take a while to recover if multiple sites were attacked at once.
And they’d never do anything stupid and self destructive to make the line go up just because nothing bad has happened yet, and the collapse of a single company that did something stupid like that would never set off a national or global economic crisis.
I’ve seen too many articles saying China/Russia is balls deep in our infrastructure to believe we’ll have any reliable communication if WW3 breaks out.
especially since DOGE gave everyone backdoor access, I would not rely on any critical infrastructure in the US
I’m told it’s not hard to get your ham operators license
Pretty much. There’s a flashcard app for $4 (hamstudy) with all the questions. I went through it for 30 minutes a night for two months, and I passed the Tech license no problem. I ought to do the same for General and Extra. Granted, Extra doesn’t give you that much more, but you do get a piece of paper from the government declaring you Extra.
It was a little easy for me because I was already familiar with electronics symbols, and those are one chunk of the Tech exam. Flashcards will get you through it, though.
My opinion is mixed. On one hand, cyber security is leagues ahead of the 90s. OTOH, while the common threats has been dialed in, the consequences of a major strike are far more dire. Didn’t state that well, know what I mean?
Anyway, as a sysadmin, this shit has kept me up a night. I mean that most literally. Falling asleep, “Shit! I don’t have that covered!”
You’re looking at it from a business perspective which is valid but the resources available to the average person to prevent and / or mitigate a realm threat are virtually nonexistent.
Up until now it’s made no sense to target Joe Schmoe or his neighbours what happens when a state sponsored threat actor decides to burn it all down, or someone decides to start targeting the average person rn Massé with malicious ai?
It’s not a big deal on a case by case basis but almost no cybersecurity company will help out an individual unless they’re rich, the police are brain dead.
Yeah, maybe the emergency services for New York fucking City shouldn’t be on cellular infrastructure. Seems like a recipe for disaster.
Wired magazine wrote it up in more detail. It will also reduce spam (which the Secret Service announcement ignores).
Spam seems to be it’s primary purpose. The “could take down the whole NYC cell phone network” is fear mongering. They wanted to make money in ethically bankrupt ways, and that’s all.
Wired has generally been better at journalism than a lot of more “official” outlets, and here we are again.
Russia? Russia.
Russia is inside the house lmao
Seems like swatting attacks would be better served against the Geriatric Old Party. Send some to the SCRotUS
While forensic examination of these devices is ongoing, early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.
I have read elsewhere that this is likely an older service, used for a long time, which was used in domestic crime. It was tracked down by the secret service because it was providing help in forgery of fake currency.
It makes sense why the secret service, which deals in counterfeiting, was involved.
But it was spun by the White House for other reasons
Why does one need so many virtual phones for swat threats?
The implication is that it’s operating as a general purpose mobile botnet of sorts, and there is likely someone out there selling services on it. It seems like someone was using it for swatting (which is how they found it), and others may have been using it for spam and forum bots. The narrative that it was specifically a tool for attacking cellular infrastructure is a bit misleading. It might have been useful for that but as far as well know it was never used that way.
deleted by creator
So each of these is in theory connected to several towers and microcells. Assuming they all connect to the same provider, how in the hell does it not raise eyebrows that a 1000+ phones are sitting powered on 24/7 at one location? I’d assume that many towers could provide location data down to a couple of feet accuracy. Seems like someone was purposely ignoring this farm.
The U.S. Secret Service’s Advanced Threat Interdiction Unit, a new section of the agency dedicated to disrupting the most significant and imminent threats to our protectees
I wonder who those
protecteesare…The secret service is pretty clear who their protectees are, not sure what you’re implying here
