The SIM Farm That Nearly Blacked Out NYC — and Why It’s Not a One-Off

The US Secret Service just pulled the plug on a sprawling network of SIM “farms” scattered around the New York tri-state area — hardware stacks with more than 300 co-located SIM servers and 100,000 SIM cards, many already active. Investigators say the setup, found within 35 miles of the UN as world leaders arrived for the General Assembly, could have knocked out cell service, overwhelmed 911, and flooded the city’s networks with junk traffic.

“The potential for disruption… cannot be overstated,” Secret Service Director Sean Curran said.

“It can take down cell towers… it could be catastrophic to the city,” added Matt McCool, who runs the agency’s New York field office.

Officials say the system was capable of 30 million text messages per minute, anonymous and encrypted — the kind of tool that can coordinate organized crime or smother cell towers with a tsunami of calls and texts. For context, experts compared the potential impact to the post-9/11 and Boston Marathon choke-ups, when networks cratered under demand.

No arrests yet, and motives remain murky. But early analysis points to use by foreign governments, cartels, human-trafficking groups, and people already “known to federal law enforcement.” Searches also turned up illegal firearms, cocaine, computers, and phones. The network, officials say, was also tied to threats and swatting calls against senior US officials.

SIM farms are boxes that hold dozens or hundreds of SIM cards from different carriers. Paired with VoIP tools, they can:

• Blast mass texts/calls at industrial scale (think: spam, scams, or a targeted communications DDoS).
• Mask identities and route encrypted communications for criminal groups.
• Potentially intercept/eavesdrop or even clone devices, especially near high-value targets like the UN, cybersecurity veteran Anthony J. Ferrante noted. The photos, he said, showed a “very sophisticated and established” operation.

While SIM farms started as a cheaper way to handle international calls, they’ve become a backbone for phishing, spoofed caller ID, and robocall swarms, said Eva Velasquez of the Identity Theft Resource Center.

MobileX, whose SIMs appeared among the seized gear, said it’s cooperating:

“Like all wireless providers, we occasionally see bad actors attempt to misuse our services,” CEO Peter Adderton said.

The scale is what’s alarming.

“I’ve never heard of somebody putting 100,000 SIM cards together in such a coordinated way,” said Kevin Butler, who directs the Florida Institute for Cybersecurity Research.

Typical fraud operations might use a few thousand cards, tops. This looked well-funded and organized — possibly nation-state or a very capable non-state group. Some analysts told reporters only a handful of countries could field something this sophisticated.

This takedown isn’t a one-off. It lands amid a run of critical-infrastructure hits:

• Telecoms: A Chinese campaign dubbed “Salt Typhoon” probed at least nine US carriers (including Verizon and AT&T), reportedly to learn how they work with law enforcement.
• Airports: In Europe, a ransomware hit on automated check-in systems disrupted some of the continent’s biggest hubs.
• Cities: Paul declared an emergency in July after a coordinated cyberattack.
• Water: American Water Works was forced to pause billing for millions after a 2024 breach.
• Pipelines: Colonial Pipeline ransomware (2021) froze fuel flows for five days, emptied gas stations, and triggered panic buying.

“These attacks keep showing how complex systems invite attack,” Butler said. “From water to the electric grid to cell networks — with enough resources, bad actors can turn off the lights.”

Timing and geography matter. The devices sat inside vacant apartments and properties clustered around the UN — a high-value target week for spies, protesters, and world-class chaos agents. The Secret Service says its new Advanced Threat Interdiction Unit moved fast to remove an “imminent threat” to protectees and the city. Expect more seizures elsewhere as agents sift through those SIMs — each card is essentially a phone’s worth of data.

Multiple agencies are on it: NYPD, DOJ, Homeland Security Investigations, ODNI, and the Secret Service.

What this means for the rest of us

1. Cell networks are resilient — but not invincible. At enough scale, junk traffic can starve emergency channels.
2. Low-tech + high scale = high impact. This wasn’t zero-day wizardry; it was commodity gear used cleverly and massively.
3. Defense has to get boring and thorough. Carriers and agencies will keep adding anomaly detection, rate-limiting, and traffic scrubbing — the telecom version of floodgates — but it’s a moving target.

The system is down now; the questions aren’t. Who funded it? Who controlled it? And how many more SIM barns are hiding in plain sight, waiting for a big news week to flip the switch?

With input from USA Today, AP, the Independent, the Washington Post.