A New York City SIM farm recently seized by the Secret Service was being put to use in a variety of criminal activities and had the capability of disrupting local communications networks, according to officials. The primary use of the network seems to have been trafficking of illicit goods and anonymously communicating threats against senior U.S. officials, but had the operators desired it had the potential to take out the NYC mobile phone network for an extended period.
The Secret Service continues to investigate the SIM farm and has not yet named a culprit, but has said that the operation was “well-funded and well-organized.” Similar SIM farms have previously been used by drug cartels and professional “swatting” organizations, one of the purposes that this particular operation was put to use for.
Swatting calls on officials sparked Secret Service investigation
Pursuit of the SIM farm began with swatting calls on Congress members Marjorie Taylor Greene and Rick Scott in late 2023. Other calls throughout 2024 and 2025 included numerous members of the present Trump administration’s transition team, the federal judge appointed to Donald Trump’s election subversion case, and former presidential candidate Nikki Haley.
The Secret Service’s Advanced Threat Interdiction Unit began an investigation into common links between these incidents earlier this year, assisted by the Department of Homeland Security, the Office of the Director of National Intelligence, and the New York Police Department. The trail ultimately led to an apartment just outside of New York City that was unoccupied by residents, but populated with numerous SIM servers hosting thousands of SIM cards.
More safe houses with similar SIM farms were subsequently located not far away in Armonk and Queens, in New Jersey, and in Connecticut. The SIM farms were used for an assortment of criminal activities including anonymized swatting calls, but also collectively commanded the capability to disable regional phone towers and overwhelm the New York City mobile network. In total the five locations collectively had about 300 SIM servers and 100,000 SIM cards in operation. In total the scheme was thought to have cost millions of dollars to set up, and is the largest seizure yet of such equipment in the US.
SIM farms quietly pose a serious infrastructure threat
Though the Secret Service has not named perpetrators as of yet, it has linked the initial 2023 swatting calls to a pair of Romanian nationals named Thomasz Szabo and Nemanja Radovanovic. The two men are known associates of notorious swatter-for-hire Alan Filion, perhaps better known as “Torswats,” who was behind a wave of fake messages about school shootings and bomb threats that took place from 2022 to 2024. Filion is currently in federal prison, sentenced to a four-year term in early 2025.
Filion did a lot to publicize commercial swatting and professional operations of this nature, but SIM farms have existed for many years and are more common in other countries. They are relatively hard to set up in the US due to bans on SIM boxes, which must be smuggled in; the Secret Service believes the ones used in the New York operation were brought in from China disguised as audio equipment. Use of them for swatting or attacks on critical infrastructure is far less common than use in fraud or in misinformation campaigns on social media.
In this case the perpetrators appeared to be involved in other criminal operations that made use of the sites as storage at the minimum. At the sites of the SIM farms, Secret Service agents report discovering 80 grams of cocaine as well as illegal firearms. However, terrorism does not appear to have been one of the focuses of this operation. The SIM farms were situated within 35 miles of the United Nations, but there was no indication of plans to disrupt the recent General Assembly. The Secret Service says that there are no other credible threats of this sort.
Still, the incident demonstrates what level of damage SIM farms can do with the relatively low expense and trouble of a few million dollars and renting some small and unassuming apartments. Investigators estimate the New York setup was able to blast out a text message to every American phone number once every few minutes. In addition to being enough to take out New York City’s mobile towers, the system could be directed as a massive DDoS attack to take out EMS and police communications during an emergency. The system could also be used more stealthily as a private and encrypted communications network to coordinate an attack.
Andy Thomspon, Offensive Cybersecurity Research Evangelist at CyberArk, expands on the destructive possibility: “The problem is that covert telecom infrastructure is almost impossible to detect in real time. A SIM farm doesn’t wave a red flag; it looks like thousands of ordinary phones doing ordinary things. These operators distributed equipment across apartments, constantly rotated SIMs, and routed traffic through legitimate carriers, making the network nearly invisible. Our biggest blind spot is that we assume the infrastructure itself is trustworthy. We monitor for hackers breaking into databases, but we don’t monitor for rogue phone companies hiding in plain sight. Criminals built their own parallel network under our noses. If that network had been activated during a major event, the real nightmare is a combined operation where a telecom blackout is paired with a kinetic attack to amplify confusion, delay first-responders, and turn panic into catastrophe. Flooding towers and jamming 911 at the exact moment something physical happens multiplies the harm thousandfold. SMS and bulk SIM abuse remain the Wild West, so attackers have a cheap way to create mass chaos without touching a single server. Make friends with a ham radio operator now – they might be the person who gets you a message through when everything else is screaming into the void.”
Jeremy Turner, VP of Threat Intelligence and Research at Security Scorecard, notes that nation-state actors are definitely eyeing the possibilities of SIM farms: “We know of nation state actors such as Volt Typhoon that are constantly working on getting their hands on edge devices, including home routers, to create massive networks under their control. While exact intentions in this case are not known at this time, we have seen this type of network used for fraud, such as the recent use of cell phone farms to send text messages for toll payment scams.”
