Massive Rogue Telecom Threat Uncovered by the Secret Service in NYC

[PandaBear]

Im curious your thoughts on this. 100,000 sim cards (and growing) along with many locations surrounding NYC actively accessing a specific network.

Based on your last sentence it doesn't seem you know about the scope of what was discovered and multiple locations? ("...Armonk, New York; Greenwich, Connecticut; Queens, New York; and across the river in New Jersey – essentially forming a circle around New York City’s cellular network infrastructure, officials briefed on the investigation"), along with ties to false threats to our highest government officials which I believe is what started the investigation.

Its in links provided all through this thread, including the first post, along with video.
https://www.pbs.org/newshour/nation...d-near-the-un-could-collapse-telecom-networks

"Anthony J. Ferrante, the global head of the cybersecurity practice at FTI, an international consulting firm, said the photos show a very sophisticated and established SIM farm that could be used for any number of nefarious activities, including the potential to overwhelm cellular networks with millions of calls in just a few minutes."

Last I heard the NYC metro has like 20M people. If you want to blend in 100k fishy users you need to have a larger base. 100k / 20M is easier than 100k / 300k in a medium size city. I think we can agree on that.

On the other hand. If you want to attack by overwhelm a network, you want that 100k to target 300k as this is a 33% increase in size, vs 100k / 20M which is 0.5% increase in size. This is simple math, I think we can also agree on that.

Any system designed to handle 20M people is going to have easily another 0.5% safety margin. 0.5% increase can blend in, 33% increase can attack by overwhelm, I think we can agree with that. By deduction you can see that you can either blend in or attack, not both.

"Discovered in multiple locations" means they are distributing their traffic. It is very hard to overwhelm the core of the network as they are "on the cloud" and "on demand", which means, you are just renting equipments from cloud based on your traffic load. AWS is about 1/3 of our Internet in the US and your 100k users increase is tiny in comparison.

 

[alarmguy]

Last I heard the NYC metro has like 20M people. If you want to blend in 100k fishy users you need to have a larger base. 100k / 20M is easier than 100k / 300k in a medium size city. I think we can agree on that.

On the other hand. If you want to attack by overwhelm a network, you want that 100k to target 300k as this is a 33% increase in size, vs 100k / 20M which is 0.5% increase in size. This is simple math, I think we can also agree on that.

Any system designed to handle 20M people is going to have easily another 0.5% safety margin. 0.5% increase can blend in, 33% increase can attack by overwhelm, I think we can agree with that. By deduction you can see that you can either blend in or attack, not both.

"Discovered in multiple locations" means they are distributing their traffic. It is very hard to overwhelm the core of the network as they are "on the cloud" and "on demand", which means, you are just renting equipments from cloud based on your traffic load. AWS is about 1/3 of our Internet in the US and your 100k users increase is tiny in comparison.

Honestly, I have no position on it whatsoever. Just what I read. Because you mentioned 300 cell phones But it’s actually 100,000 SIM cards was the only reason for my post.

I can’t speculate on what the criminals were up to, nobody can but they are going through the SIM cards to see what’s been going on.
Also discovered can be a relative thing as to what they found so far.
I’m not sure if we know the workings of the 100,000 that we are talking of. Because they’re talking about the capability of millions of phone calls and or text messages almost instantly. I don’t understand that statement.

I’m just repeating what they say. I say that because of reference to “your 100,000”
I only asked because you mentioned 300

I do think on the surface it sounds far-fetched, but I don’t know the capabilities of whatever they are investigating. Actually I don’t know much about anything except what they’re saying. And some of them are well-versed in this type of thing.

One thought on my mind is could the calls and text messages be focused on one area of a network?

We do need to keep in mind. The reason this network was found is simply because of threats against our public officials was stretching the capabilities to protect them, even though they were not real threats.

Either way these networks are not exactly friendly, known to create havoc spreading propaganda in social media because so much of the population believes what they see in there

 

[alarmguy]

@PandaBear
Another thought on my mind is while I try to think of why they say millions of calls it something that I agree with your thinking and have thought about.
Keep in mind I am only using information provided in the media. So I enjoy conversations to figure out how, I'm not into conspiracy theories that this was just to Mae the Secret Service look good during this UN nations week.

There is mention using VOIP as well - "In addition to these calls, the Secret Service warned that such a network could have been used to attack the city's cellphone networks by overwhelming its towers with calls, utilizing their Voice Over Internet Protocol (VOIP) systems" (so this would remove any restriction mentioned about only SIM cards)
Read More: https://www.slashgear.com/1977923/new-york-city-cell-phone-network-attack/

What about simultaneous ring? Conference calling? Group texting?
Something along those lines?
Automated programs?
I’m also seeing something of ringing multiple phones using one phone number.

Interesting stuff, makes good conversation, but I won’t count on a full disclosure. Once our security officials understand what was taking place? However I still think there must be some validity in what they are saying, however the word "potential" is used. Either way I honestly do believe this is big, not in the sense of taking down a cell network. But an overall sense of criminal activity.

I hope we know more one day and can say, "yeah, I didn't think about that" When I went back to read is when I noticed the reference to VOIP something not discussed here. There seems to be multiple plays that might cause this threat they are talking about without providing details.

I just think there is something we are missing in our discussions here.
“This network could be used to overwhelm cell towers,” according to a law enforcement source familiar with the Secret Service’s investigation, who asked not to be named due to the sensitivity of the ongoing investigation. “To give you an idea of capacity for disruption, this network could be used to send approximately 30 million text messages per minute, meaning it could anonymously text the entire United States in around 12 minutes.”
https://www.wired.com/story/sim-farm-new-york-threatened-us-infrastructure-feds-say/

 

[PandaBear]

Honestly, I have no position on it whatsoever. Just what I read. Because you mentioned 300 cell phones But it’s actually 100,000 SIM cards was the only reason for my post.

I can’t speculate on what the criminals were up to, nobody can but they are going through the SIM cards to see what’s been going on.
Also discovered can be a relative thing as to what they found so far.
I’m not sure if we know the workings of the 100,000 that we are talking of. Because they’re talking about the capability of millions of phone calls and or text messages almost instantly. I don’t understand that statement.

I’m just repeating what they say. I say that because of reference to “your 100,000”
I only asked because you mentioned 300

I do think on the surface it sounds far-fetched, but I don’t know the capabilities of whatever they are investigating. Actually I don’t know much about anything except what they’re saying. And some of them are well-versed in this type of thing.

One thought on my mind is could the calls and text messages be focused on one area of a network?

We do need to keep in mind. The reason this network was found is simply because of threats against our public officials was stretching the capabilities to protect them, even though they were not real threats.

Either way these networks are not exactly friendly, known to create havoc spreading propaganda in social media because so much of the population believes what they see in there

I am equating phones and servers. Basically to me anything that uses a sim card to get on a network is considered a phone, but the media or law enforcement may consider them a "box", "server", "router", "modem", whatever. They serve the same purpose in networking using the cell network and sim card. To me they are phones.

Based on what I read: they have 300 or so servers connected together, and 100,000 cards (in storage, on table, etc, not actively connected to a wireless device onto the network over the air). I don't think they can easily connect 100,000 card all together at the same time, maybe they build a switch that turn on only 300 or so of them at a time and rotate among those 100,000. I don't know, but they are not going to find anything off the shelf that can connect 100,000 cards to the network at the same time without causing hardware limitation issue. It wouldn't be cheaper to build than a high end system only big phone companies can afford when they design and build phones. 300, is probably more realistic.

So, based on what I can tell from that, they are using those 300 "servers" or equipment to activate and test those cards, and then they would be sent out to the "users". How are those 300 "phones" connected? They are probably all connected wirelessly to the cell tower and then to each other with some method (wifi router? I don't know).

So if they do something like that, they can run a call from one place to a phone there, locally connected to another phone, and then go out again. This way there will be a missing link they can't trace without too much effort. It is like if you call a landline and then that landline talk to another landline using a walkie talkie, they won't be able to easily trace that. Or they are not really trying to run a network but just setting up sims for criminals.

No matter what, sim cards alone can't do much without an actual "phone" or equipment, and with that room full of phones (I think I read 300 servers), they can probably run a small local phone connection between people who don't want to be traced too quickly. Those phones probably have to be burner phones though or else sooner or later law enforcement will catch up with them.

 

[PandaBear]

@PandaBear
Another thought on my mind is while I try to think of why they say millions of calls it something that I agree with your thinking and have thought about.
Keep in mind I am only using information provided in the media. So I enjoy conversations to figure out how, I'm not into conspiracy theories that this was just to Mae the Secret Service look good during this UN nations week.

There is mention using VOIP as well - "In addition to these calls, the Secret Service warned that such a network could have been used to attack the city's cellphone networks by overwhelming its towers with calls, utilizing their Voice Over Internet Protocol (VOIP) systems" (so this would remove any restriction mentioned about only SIM cards)
Read More: https://www.slashgear.com/1977923/new-york-city-cell-phone-network-attack/

What about simultaneous ring? Conference calling? Group texting?
Something along those lines?
Automated programs?
I’m also seeing something of ringing multiple phones using one phone number.

Interesting stuff, makes good conversation, but I won’t count on a full disclosure. Once our security officials understand what was taking place? However I still think there must be some validity in what they are saying, however the word "potential" is used. Either way I honestly do believe this is big, not in the sense of taking down a cell network. But an overall sense of criminal activity.

I hope we know more one day and can say, "yeah, I didn't think about that" When I went back to read is when I noticed the reference to VOIP something not discussed here. There seems to be multiple plays that might cause this threat they are talking about without providing details.

I just think there is something we are missing in our discussions here.
“This network could be used to overwhelm cell towers,” according to a law enforcement source familiar with the Secret Service’s investigation, who asked not to be named due to the sensitivity of the ongoing investigation. “To give you an idea of capacity for disruption, this network could be used to send approximately 30 million text messages per minute, meaning it could anonymously text the entire United States in around 12 minutes.”
https://www.wired.com/story/sim-farm-new-york-threatened-us-infrastructure-feds-say/

In theory in the lab yes those are possible. However those are commercial network in NYC and they have been traffic issues that the carriers have dealt with and have solutions for. All it take is a new year's eve countdown or Time Square to saturate the network these days. I'm sure the real life traffic is already much bigger than this busted operation.

One thing I want to emphasized is, that the VoLTE and above network we have today are basically all running with very low bandwidth need for a voice call. It is not like you have to run a call back in the 3G and earlier days, that takes up a lot of bandwidth whether you talk or not, because the internet data would be using the same bandwidth as voice call and nothing goes to waste with different traffic priority (that's what we call QoS or quality of service). Voice call takes up less traffic than real internet data and you can handle a lot of voice call these days. All the analog data get digitized and directly go to the data center to be processed, so as long as you have the same amount of antenna the amount of data over the fiber to the carrier would be the same. The "switching office" is all running what they called "software defined network" (basically Xilinx or Altera FPGA running on Intel Xeon server) these days and they can rent just the right amount of servers from Amazon / Microsoft / Google etc based on demand, and other than hurting their finance it won't overwhelm them.

Another thing about NYC is due to the density, they can and will run a lot of higher frequency wider bands in 5G, and due to the shorter range, they will repeat them way more than the longer range band with less bandwidth. If they want to bring down a network with saturation (DDoS), they can only bring down a smaller cell area, and there are more bandwidth to saturate requiring more equipment, etc. You can bring things down much easier using a radio jammer, much cheaper than using a real network. Instead of million dollar worth of equipment just a cheap $200 jammer is probably good enough.

Also VoIP: you don't need a cell phone for that, just run a fiber optic line or one fast internet then go through a commercial VPN. It is a waste of effort using so many sim cards. Can they do all that with a million dollar worth of equipment? Yes, but they can do that with $200 worth of equipment too.

What I think they are doing is to setup a legit network without having to buildout many cell tower like they did in Latin America. The cartels there use a lot of burner phones and if they can just use one time sim to a "central office" they can call each other without an easy way to trace them. This would likely be what they are trying to do.

 

[PandaBear]

View attachment 301821

Just my guess on what they are trying to build based on the size of the operation in photo, not any scientific proof other than size.

So, based on this photo here. I see they probably can have trays with rows and columns of antennas and cards. There are probably 300 of these "tray looking equipment", however I don't think they look like having 100,000 "phones" "modems". The mechanism looks like a few phones are connected to sim cards on rotation. Maybe the "server" send messages out and the target has to reply within a given time before they switch the sim. Maybe once they got the reply that would be routed to another sim and send out to someone else, then replace the sim after a while again.

 

[alarmguy]

Just my guess on what they are trying to build based on the size of the operation in photo, not any scientific proof other than size.

So, based on this photo here. I see they probably can have trays with rows and columns of antennas and cards. There are probably 300 of these "tray looking equipment", however I don't think they look like having 100,000 "phones" "modems". The mechanism looks like a few phones are connected to sim cards on rotation. Maybe the "server" send messages out and the target has to reply within a given time before they switch the sim. Maybe once they got the reply that would be routed to another sim and send out to someone else, then replace the sim after a while again.

I read all three of your posts, good info. I guess we wont know all the details unless it gets released and analyzed by 3rd parties.
Much speculation but we need facts if we are going to call our intelligence community liars. However I suspect we will never find out everything they know.

The mention of Voip by me since they mentioned it made me curious are they talking about two methods. Cell and Voip.
Also my other thought is, I am not so sure anyone was suggesting taking down the entire NYC cell network but maybe more so specific targets. I do agree, in the back of my mind I did wonder and know that 100,000 Simm cards out of millions isnt much however I have no clue at the structure behind it and how that suggestion could be made by them. But then I noticed the mention of Voip. I imagined a system of DoS attacks.

My other comment is your mention of a million dollars of equipment and mention of a location. Just wanted to make sure you knew they speak of millions of equipment and this stuff has been found in multiple locations (4 I think) though my opinion is that the photo of the big room wasnt in every location of the 4 or so locations mentioned. Meaning the other locations may have been smaller, at least one of them possibly massively smaller.

Anyway, great conversation and appreciate your thoughts and knowledge. Another thing we need to remember so we dont lose focus is the targeting the cell network to disrupt NYC communications was not the end all of the purpose of the "farms"
They were discovered because it was traced to false threats to government officials which they found concerning because threats do need resources to make sure they are only threats and potently was stretching their resources to protect the people they protect.

Also references to secure criminal communications and traces to non friendly countries.
More of less I took that as pretty much a criminal communications network and one that can be used to other purposes.
They did mention that they wanted to take it down before this weeks of UN activities. Maybe an abundance of caution?

Interesting stuff. It was the biggest they ever found. Maybe over zealous in what that video states in post number one from the Secret Service? I dont know. I did get in some hearty debates with some in here because I do not believe that agent in the video was manufacturing a false conspiracy to make the intelligence community look good.

 

[The_Eric]

Bizarre, but IMO authorities could easily find the smoking gun for something of this magnitude. Instead, all they say is that they found it. It's all part of the plan. Instill fear upon the public.

Scott

And use that fear to justify and expand their power and capabilities, you know, for everyone's safety and security.

 

[Vil_Riker]

It would be funny if it was a secret NYPD operation

 

[PandaBear]

And use that fear to justify and expand their power and capabilities, you know, for everyone's safety and security.

Not sure about power and capabilities but officials have to show their meaningfulness to get votes and promotions. This is a good opportunities and a legit bust, and since not everyone knows how cell networks are build and designed they probably just believe in what is possible instead of what is probable, or what is already addressed today vs 20 years ago.

 

[PandaBear]

I read all three of your posts, good info. I guess we wont know all the details unless it gets released and analyzed by 3rd parties.
Much speculation but we need facts if we are going to call our intelligence community liars. However I suspect we will never find out everything they know.

The mention of Voip by me since they mentioned it made me curious are they talking about two methods. Cell and Voip.
Also my other thought is, I am not so sure anyone was suggesting taking down the entire NYC cell network but maybe more so specific targets. I do agree, in the back of my mind I did wonder and know that 100,000 Simm cards out of millions isnt much however I have no clue at the structure behind it and how that suggestion could be made by them. But then I noticed the mention of Voip. I imagined a system of DoS attacks.

My other comment is your mention of a million dollars of equipment and mention of a location. Just wanted to make sure you knew they speak of millions of equipment and this stuff has been found in multiple locations (4 I think) though my opinion is that the photo of the big room wasnt in every location of the 4 or so locations mentioned. Meaning the other locations may have been smaller, at least one of them possibly massively smaller.

Anyway, great conversation and appreciate your thoughts and knowledge. Another thing we need to remember so we dont lose focus is the targeting the cell network to disrupt NYC communications was not the end all of the purpose of the "farms"
They were discovered because it was traced to false threats to government officials which they found concerning because threats do need resources to make sure they are only threats and potently was stretching their resources to protect the people they protect.

Also references to secure criminal communications and traces to non friendly countries.
More of less I took that as pretty much a criminal communications network and one that can be used to other purposes.
They did mention that they wanted to take it down before this weeks of UN activities. Maybe an abundance of caution?

Interesting stuff. It was the biggest they ever found. Maybe over zealous in what that video states in post number one from the Secret Service? I dont know. I did get in some hearty debates with some in here because I do not believe that agent in the video was manufacturing a false conspiracy to make the intelligence community look good.

I've worked with large production volume before. Million units of equipment would not fit in that room without problem. Your electricity use, your data access, your cooling need, your packaging, your human involvement in and out, your delivery trucks, your scaling up takes time, your real estate size, etc, all would be the size of a factory taking 10000 sqft easily, not something you can easily hide in a commercial or residential neighborhood.

Now million dollars worth of equipment / 300 = $1M / 300 = $33,000 per unit. That's more achievable and in theory can fit in there if they are really cramped, still a lot but would be relatively ok. If they have 100,000 cards that's definitely more like $1M worth of equipment ($30 per card after overhead).

It is not a good use of money as a jammer, but a way to communicate by blending into an existing network, probably the only reasonable explanation. It is like a pop up VPN they use once, before getting caught eventually.

 

[fdcg27]

Thanks to those who have posted here with real vocational expertise.
It appears that this was more of a black VPN setup than one capable of bringing down an entire cell network.
I have a question, though:
What is the crime here?
Is there a crime?