Secret Service Dismantles Massive SIM Farm Network Threatening NYC During UN General Assembly

Nation-State Actors and Criminal Networks Targeted in Largest Telecommunications Threat Takedown in U.S. History

Bottom Line: The U.S. Secret Service has disrupted what officials describe as the most extensive telecommunications threat ever discovered on American soil—a network of over 300 SIM servers containing 100,000 SIM cards capable of crippling New York City's cellular infrastructure during the UN General Assembly. Early analysis reveals the operation involved nation-state actors coordinating with criminal organizations including cartels and human trafficking rings.

In a sweeping operation concluded just hours before President Donald Trump's address to the United Nations General Assembly, the U.S. Secret Service announced Tuesday the dismantling of a sophisticated telecommunications network that posed an unprecedented threat to New York City's communications infrastructure.

The massive takedown, described by officials as the largest seizure of its kind, uncovered a sprawling network of more than 300 co-located SIM servers housing over 100,000 active SIM cards across multiple sites within a 35-mile radius of the United Nations headquarters in Manhattan.

The Scale of the Threat

The network represented far more than a typical cybersecurity concern. According to U.S. Secret Service Special Agent in Charge Matt McCool, the system had the capability to "essentially shut down the cellular network in New York City" and could send up to 30 million text messages per minute anonymously.

"The potential for disruption to our country's telecommunications posed by this network of devices cannot be overstated," said U.S. Secret Service Director Sean Curran. The timing and location of the discovery—coinciding with approximately 150 world leaders gathering in Manhattan for the 80th UN General Assembly—elevated the operation to a matter of national security.

The Hidden Network: How Chinese Intelligence Operations Target American Privacy Through Infrastructure Infiltration

From Secret Police Stations to SIM Farms - A Pattern of Systematic Surveillance Emerges Bottom Line: The recent Secret Service takedown of a massive SIM farm network near the UN General Assembly represents just the tip of the iceberg in a sophisticated Chinese intelligence operation that has systematically embedded surveillance

My Privacy BlogMy Privacy Blog

Sophisticated Criminal Infrastructure

Investigators discovered the network hidden within abandoned apartment buildings across more than five sites in the New York tri-state area. The equipment was found within 35 miles of the United Nations, ahead of the U.N. General Assembly. The sophisticated setup included rows of servers and shelves stacked with SIM cards, with evidence suggesting operators were preparing to double or even triple the network's capacity.

"We need to do forensics on 100,000 cell phones, essentially all the phone calls, all the text messages, anything to do with communications, see where those numbers end up," McCool said, noting that the process will take time.

The operation's capabilities extended beyond mere communication disruption:

• Denial-of-service attacks capable of disabling cell phone towers
• Anonymous encrypted communication between threat actors and criminal enterprises
• Mass telecommunications attacks overwhelming emergency services including EMS and police dispatch
• Sophisticated masking of criminal communications through rapidly changing phone numbers

Nation-State Connections and Criminal Networks

Perhaps most alarming was the discovery of the network's users and purpose. Early analysis shows the network was used for communication between foreign governments and individuals known to U.S. law enforcement, including members of known organized crime gangs, drug cartels and human trafficking rings.

Agents believe nation-state actors — perpetrators from particular countries — used the system to send encrypted messages to organized crime groups, cartels and terrorist organizations, McCool said. While authorities have not disclosed specific countries or criminal groups involved, the investigation has revealed ties to at least one foreign nation.

The discovery aligns with broader intelligence assessments identifying sophisticated cyber capabilities among key U.S. adversaries. Many countries, including the United States, United Kingdom, Russia, China, Israel, Iran, and North Korea, have active cyber capabilities for offensive and defensive operations.

A Well-Funded, Professional Operation

The scope and sophistication of the network indicated significant financial backing and technical expertise. McCool described it as "a well-funded, highly organized enterprise, one that cost millions of dollars in hardware and SIM cards alone."

Officials emphasized this was not a amateur operation. "This isn't a group of people in a basement playing a video game and trying to play a prank," one official said. "This was well organized and well funded."

Beyond the telecommunications equipment, investigators also discovered:

• 80 grams of cocaine
• Illegal firearms
• Computers and phones
• Evidence of additional SIM cards ready for deployment

The Investigation and Response

The takedown was the result of a monthlong investigation conducted by the Secret Service's newly formed Advanced Threat Interdiction Unit, specifically created to disrupt the most significant and imminent threats to the agency's protectees. The unit began tracking telecommunications-related threats directed toward senior U.S. government officials, which led them to uncover this much larger network.

The investigation involved extensive collaboration between federal agencies:

• Department of Homeland Security's Homeland Security Investigations
• Department of Justice
• Office of the Director of National Intelligence
• New York Police Department
• Various state and local law enforcement partners

The Advanced Threat Interdiction Unit, along with a flurry of other law enforcement agencies – the Department of Homeland Security, the Office of the Director of National Intelligence, the New York Police Department, and other state and local law enforcement – began unraveling the web.

Broader Implications and Ongoing Threats

The discovery highlights a new frontier of national security threats targeting critical communications infrastructure. Officials say the takedown highlights a new frontier of risk: plots aimed at the invisible infrastructure that keeps a modern city connected.

McCool warned that this may not be an isolated incident. "It would be unwise to think that there's not other networks across the country," he cautioned. The Secret Service unit is now working to identify other similar networks across the United States.

The timing of the operation, just as world leaders gathered for one of the year's most significant diplomatic events, underscored the potential for catastrophic disruption. Officials compared the potential impact to cellular blackouts following major disasters like September 11 or the Boston Marathon bombing—except attackers would have been able to force such shutdowns at will.

No Arrests Yet, Investigation Continues

Despite the massive scope of the operation, no arrests have been made as of the announcement. However, officials indicated that arrests could come as the forensic analysis of the 100,000 SIM cards progresses. Homeland Security Investigations is leading the criminal investigation into individuals involved in coordinating this large scheme, while the U.S. Secret Service is running down threats tied back to its protectees.

Officials said, "there could be arrests down the road," adding that "from an operational perspective, we want those behind the network to know that the Secret Service is aware and that we're kind of coming for them."

A New Era of Infrastructure Threats

The SIM farm discovery represents what cybersecurity experts see as an evolution in threats against critical infrastructure. Unlike traditional cyber attacks targeting computer networks, this operation threatened the fundamental communications backbone that modern cities depend on for everything from daily commerce to emergency response.

The network's capability to conduct "swatting" operations—false emergency calls designed to trigger heavy law enforcement responses—against senior government officials was likely just one component of its broader threatening capabilities. The system's ability to operate anonymously while maintaining massive scale made it particularly dangerous.

Conclusion

The Secret Service's successful dismantling of this telecommunications threat network prevented what could have been a catastrophic disruption to New York City's communications infrastructure during a critical international gathering. However, the discovery raises serious questions about similar networks that may exist elsewhere and the evolving nature of threats targeting America's critical infrastructure.

As forensic analysis continues on the 100,000 seized SIM cards, investigators expect to uncover additional details about the extent of coordination between nation-state actors and criminal networks. The operation serves as a stark reminder that in an increasingly connected world, the invisible infrastructure supporting modern life has become a prime target for America's adversaries.

The success of this operation demonstrates the importance of the Secret Service's new Advanced Threat Interdiction Unit and highlights the need for continued vigilance against sophisticated threats that blur the lines between cybersecurity, telecommunications security, and traditional physical security concerns.

This developing story will be updated as more information becomes available from the ongoing investigation.