The U.S. Secret Service just uncovered what might be the most dangerous cybersecurity threat to American infrastructure this year. Federal agents discovered a massive SIM farm operation across the New York area containing over 100,000 SIM cards and 300 servers. This wasn’t just any cybercrime setup – experts say it had enough power to completely disable cell phone service for all of New York City.
Scale of the operation was unprecedented
The numbers behind this operation are staggering. Investigators found equipment spread across multiple locations within a 35-mile radius of UN headquarters in Manhattan. The setup included more than 300 co-located SIM servers housing over 100,000 active SIM cards.
This network could send approximately 30 million text messages per minute. To put that in perspective, law enforcement officials said it “could anonymously text the entire United States in around 12 minutes”. That’s enough messaging power to overwhelm cellular networks across the entire Northeast region.
Matt McCool, the special agent in charge of the Secret Service’s New York field office, explained the potential impact. “This network had the potential to disable cell phone towers and essentially shut down the cellular network in New York City”. He compared the potential disruption to the cellular outages experienced after the September 11 attacks.
Professional operation with serious backing
This wasn’t some amateur cybercrime setup run from a basement. Photos released by the Secret Service show rows of professionally installed equipment with neat cable management and numbered components. Each SIM box could hold up to 256 SIM cards with corresponding modems.
Secret Service officials described the operation as “well-organized and well-funded”. The equipment alone would have cost millions of dollars, not counting the ongoing expenses for thousands of SIM cards and multiple facility locations.
The devices were found in abandoned apartment buildings across at least five different sites. This distributed approach made the operation harder to detect and more resilient against law enforcement action.
Connected to swatting attacks on Congress members
The investigation that led to this discovery started with something much smaller but equally dangerous. The Secret Service began tracking this network after it was used in swatting attacks against U.S. lawmakers during Christmas 2023.
The swatting incidents targeted Congresswoman Marjorie Taylor Greene and U.S. Senator Rick Scott. These fake emergency calls were linked to two Romanian criminals, Thomasz Szabo and Nemanja Radovanovic, working with American swatter Alan Filion, known as “Torswats”.
All three men have since been convicted on swatting charges. However, the investigation revealed that the SIM farm infrastructure they used was far more extensive than initially realized.
Nation-state actors and organized crime involved
Early forensic analysis indicates the network was used for “cellular communications between nation-state threat actors and individuals that are known to federal law enforcement”. While officials haven’t named specific countries, the scale and sophistication suggest state-level resources.
The network facilitated encrypted communications between organized crime groups, cartels, and terrorist organizations. This allowed criminal enterprises to operate undetected while coordinating activities across international borders.
Ben Coon, who leads intelligence at cybersecurity firm Unit 221b, believes the operation was primarily profit-driven. “My gut tells me there’s some kind of fraud component here”. However, he acknowledged that such infrastructure could easily be repurposed for more serious attacks.
Timing raised UN security concerns
The discovery’s timing couldn’t have been more concerning. Agents dismantled the network just as nearly 150 world leaders gathered in New York for the UN General Assembly. The equipment was located within 35 miles of UN headquarters where these high-profile meetings were taking place.
Secret Service Director Sean Curran emphasized the potential impact: “The potential for disruption to our country’s telecommunications posed by this network of devices cannot be overstated”. The agency moved quickly to prevent any possible exploitation during the international gathering.
While there was no evidence of a specific plot to disrupt the UN meetings, the capability existed. Such an attack could have blocked emergency communications, disabled 911 services, and created chaos during a major international event.
MobileX cards found in the operation
Among the seized equipment, investigators found SIM cards from various providers, including MobileX, a budget carrier founded by Peter Adderton. MobileX CEO Peter Adderton acknowledged that his company’s cards were recovered during the federal investigation.
“Like all wireless providers, we occasionally see bad actors attempt to misuse our services”, Adderton said in a statement. He emphasized that MobileX was designed for ease of use and cost-effectiveness, qualities that unfortunately attract criminal users.
Adderton confirmed that MobileX is cooperating fully with law enforcement and has measures in place to shut down suspicious activities. The company’s involvement appears to be as an unwitting victim rather than a willing participant.
How SIM farms threaten infrastructure
SIM farms are devices that can hold hundreds or thousands of SIM cards from different cellular providers. Originally designed for legitimate bulk messaging and international calling, they’ve become a favorite tool of cybercriminals.
These devices use Voice over Internet Protocol (VoIP) technology to send massive volumes of calls and texts simultaneously. Unlike individual phones, SIM farms can coordinate thousands of communications at once, overwhelming networks with traffic.
The threat extends beyond simple spam calls. These networks can disable cell towers, launch distributed denial-of-service attacks, and interfere with emergency services communications. During a crisis, such disruption could prevent first responders from coordinating rescue efforts.
Equipment likely smuggled from China
SIM boxes are illegal in the United States, meaning the hundreds of devices must have been smuggled into the country. Ben Coon from Unit 221b explained that in previous cases, such equipment was shipped from China disguised as audio amplifiers.
The professional installation and organization suggest the operators had significant technical expertise. Cathal Mc Daid from telecom security firm Enea noted: “This looks more professional than many of the SIM farms you see”.
This level of sophistication indicates the operation required substantial planning, resources, and international coordination. Such capabilities typically point to either highly organized criminal groups or state-sponsored actors.
Investigation continues with no arrests yet
Despite dismantling the equipment, no arrests have been made. The Secret Service is conducting forensic analysis on what amounts to 100,000 digital devices. Matt McCool explained the challenge: “We have to do forensic analysis on 100,000 cell phones, basically looking at all the communications—calls, texts, anything—to trace back where those numbers go”.
This forensic work will take considerable time but could reveal the full scope of the criminal network. Investigators are analyzing calling and texting logs to identify the operators and their international connections.
The investigation involves multiple agencies, including the Department of Homeland Security, Department of Justice, Office of the Director of National Intelligence, and NYPD. This multi-agency approach reflects the serious national security implications of the discovery.
Broader implications for cybersecurity
This discovery highlights growing vulnerabilities in America’s telecommunications infrastructure. Criminal and adversarial groups are exploiting legal telecom tools at industrial scale. What started as technology for legitimate business use has become a weapon against critical infrastructure.
The incident has triggered renewed scrutiny of telecom policy and security oversight. Regulators are grappling with how such extensive infrastructure operated undetected for so long.
Kevin Butler from the Florida Institute for Cybersecurity Research warns this represents a broader trend. “What we’re seeing is targeting of different pieces of critical infrastructure through cyber attacks, and in ways that are quite impactful”. This includes targeting water systems, power grids, and now cellular networks.
The New York SIM farm bust serves as a wake-up call about the evolving nature of cyber threats. Today’s cybercriminals have the resources and sophistication to threaten not just individual victims, but entire cities and critical national infrastructure.
