The recent discovery of a sprawling SIM farm operation in the New York City area has revealed how these facilities, typically used by cybercriminals to flood phones with spam calls and texts, have grown large enough that the US government is warning it could have been used not just for crime, but large-scale disruption of critical infrastructure.
On Tuesday morning, the US Secret Service revealed that it had found a collection of facilities across the “New York tristate area” holding more than 100,000 SIM cards housed in “SIM servers,” devices that allow them to be managed and operated simultaneously. Due to the sheer scale of the infrastructure of this single SIM farm—and the fact that it reportedly came onto the Secret Service’s radar after it was exploited in “swatting” attacks that targeted US members of Congress around Christmas of 2023—the agency has warned that the operation, which has been at least partially dismantled, posed a serious threat of a disruptive attack on cellular service.
Given the number of SIM cards all under the control of a single operation, it could have “disabled cell phone towers and essentially shut down the cell phone network in New York City,” according to Matt McCool, the special agent in charge of the Secret Service New York field office.
“This network could be used to overwhelm cell towers,” according to a law enforcement source familiar with the Secret Service’s investigation, who asked not to be named due to the sensitivity of the ongoing investigation. “To give you an idea of capacity for disruption, this network could be used to send approximately 30 million text messages per minute, meaning it could anonymously text the entire United States in around 12 minutes.”
The source tells WIRED that the Secret Service has confirmed that the SIM farm was used by organized crime, nation-state threat actors, and other individuals known to law enforcement.