🚨📰 In the news… while nearly 150 world leaders were preparing to arrive in Manhattan for the U.N. General Assembly, the U.S. Secret Service discreetly dismantled a massive, concealed telecom network across the New York area. This is a tangible cyber threat that you can physically touch. Why should the average citizen be concerned about “SIM Farms?” This one was large and it could have had a regional/national impact (one report I read said it could replicate/mimic over 300,000 cell phone devices). https://apnews.com/article/unga-threat-telecom-service-sim-93734f76578bc9ca22d93a8e91fd9c76

🚔 In the last year two major security incidents show the threat to mobile communications is real and actively exploited. in July Middle East actors where able to a SIM exploit to bypass geolocation consent and track user locations, and in May another SIM exploit was used to gather information about other users through the targeted SIM card.

📲This system is much more dangerous. The one intercepted by the USG on the 23rd could:

• create a widespread loss of mobile communications, emergency communication, navigation, banking, and more.
• shut down emergency, public safety, first responders, and emergency alert systems.
• interrupt commerce and business operations that rely on mobile communications and mobile data.
• shutdown security & surveillance systems which can be combined with disinformation, espionage, or worse—e.g. using fake SIMs or clones to intercept data or impersonate persons.
• Fraudulent SIMs mean risk of identity theft, being impersonated, or your communications being accessed by malicious actors.

🆘 So what do you do to protect yourself?

• Use forms of 2-factor authentication that don’t depend on SMS (e.g. authenticator apps, hardware tokens)
• Monitor your number: if your phone loses service randomly or you get unexpected “SIM change” messages — investigate
• Be wary of phishing/social engineering attempts asking for info that could be used for identity proof
• Use strong device security (lock screen, updates)

I’ll await the final report before making public conclusions, but funding, engineering, location and scope can really only mean few things…and none are good.

Stay Safe people. Stay vigilant.