20.5k unique visitors in the last 3 days

US Secret Service Finds 300 Simboxes in New York

100,000 SIM cards were also seized.

The following article is based on a press release from the US Secret Service. That means healthy skepticism should be applied to any of the claims they make, and especially this one:

The potential for disruption to our country’s telecommunications posed by this network of devices cannot be overstated

Err… but that is exactly what Secret Service Director Sean Curran did. 300 simboxes is a lot to find. 100,000 SIM cards is a lot to find. A significant criminal operation has been uncovered by law enforcement across multiple locations in the New York metropolis, and the Secret Service deserves credit for its work, along with the other agencies that assisted them. However, the potential disruption that may be caused by 300 simboxes can be overstated. Over 8 million people live in New York City; 20 million live in the metropolitan area. Using simboxes to overload mobile networks within New York would be an implausible strategy for cyberterrorists. The Secret Service implied this was a possible intention.

In addition to carrying out anonymous telephonic threats, these devices could be used to conduct a wide range of telecommunications attacks. This includes disabling cell phone towers, enabling denial of services attacks and facilitating anonymous, encrypted communication between potential threat actors and criminal enterprises.

‘In addition’ is forced to do a lot of work at the beginning of that paragraph. These devices almost certainly were used for ‘anonymous’ scam communications. That does not mean these scam communications cannot be traced. Mobile operators know about the SIMs used to originate calls on their own networks. The US telecoms industry has also been eagerly telling the public, and the US government, that they are doing a magnificent job of tracing scams while playing down how many scam calls originate on simboxes connected to domestic mobile networks.

Photographs of some of the SIM cards seized by the Secret Service show them to be from MobileX, an MVNO headquartered in California that uses Verizon’s network. MobileX sells its SIMs direct to consumers through its website and also through Walmart stores across the USA. An interview with MobileX CEO Peter Adderton claimed they ran out of physical SIMs after adding 30,000 new subscribers during April 2025. If so, it would be interesting to discover how many of the 100,000 SIMs seized by the Secret Service were sourced from MobileX.

You do not need to find the actual simbox to realize that calls were made using a simbox. The global telecoms sector has a lot of experience of identifying simboxes by analyzing data. Just owning or importing a simbox has long been illegal in many other countries, and it is also common for telcos in those countries to methodically identify simboxes on an ongoing basis so the relevant SIMs can be swiftly deactivated. The USA needs to take stronger measures to tackle simboxes. US industry insiders have told me there is a known problem with simboxes being used for scam calls and messages.

It is not possible for the risk posed by simboxes to be the minor and manageable inconvenience that US telcos want to pretend it is, and for simboxes to be an urgent threat to national security at the same time. But I doubt anyone working in the US mainstream media will draw attention to the inconsistencies between the way the Secret Service has just described the threat posed by these particular simboxes, and the way US telcos have been describing the risks created by simboxes in general. The coverage of this case by US mainstream media has been woeful so far, with many uncritically echoing the Secret Service intimation that communications in New York could have been paralyzed. They have not considered the enormous number of ordinary handsets which are connected to base stations in New York, nor the speed with which a competent telco should be able to deactivate SIMs. There is a genuine need to ramp up the protection of phone users, but it is needed because of the extent of scams that plague all Americans, not just those in New York.

Amateurs tend to step up when professionals let society down, and there are some amateur detectives who are deeply conscious of the scale of simbox crime in the USA. Earlier this year, a group of volunteers called Demurrage did compelling research into the criminal exploitation of prepaid SIMs supplied by T‑Mobile US. It is clear that a lot of SIMs are being put into simboxes and used to propagate scams. The threat analysis in Demurrage’s report was much more believable than the account given yesterday by the Secret Service because the amateurs provided a straightforward account of the crimes being committed while the Secret Service only made unsupported insinuations about potential uses of the simboxes they found.

The U.S. Secret Service dismantled a network of electronic devices located throughout the New York tristate area that were used to conduct multiple telecommunications-related threats directed towards senior U.S. government officials, which represented an imminent threat to the agency’s protective operations.

What exactly is the threat to government officials? That somebody unpleasant is attempting to call them? That somebody will send a message which is unkind or untrue? 300 million other Americans face the same threat every day. No information was given about the specific threat to these unspecified government officials, or why they would have been targeted using simboxes. If anything, I would assume the threat posed to government officials falls as the official rises in seniority, because the more senior somebody becomes, the greater the likelihood that somebody junior is answering their phone.

While forensic examination of these devices is ongoing, early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.

Here is another blizzard of words that will grab a naive audience’s attention although the meaning remains obscure. Does “cellular communications between nation-state threat actors” mean “bad people were calling each other”? If so, how does this relate to the simboxes that were found? Perhaps it means that these simboxes were systematically used for the second leg of two-legged communications where the first leg originated inside a scam compound within a foreign country. Such scam compounds could be sponsored by nation states, or might just be linked to corrupt politicians in those countries. But if this is the case, the Secret Service could speak more plainly. The average member of the American public may not know about these things, but Commsrisk has thousands of readers with a firm grasp of how the internet and simboxes are used for transnational crime. Risk professionals in the comms sector also appreciate that these crimes are far from new. There will be details that cannot be revealed by the Secret Service but that is not an excuse to be unnecessarily mysterious about the intentions of the criminals who procured all these simboxes and all these SIMs.

These devices were concentrated within 35 miles of the global meeting of the United Nations General Assembly now underway in New York City. Given the timing, location and potential for significant disruption to New York telecommunications posed by these devices, the agency moved quickly to disrupt this network.

How is that for mystery? On the face of it, the Secret Service is saying this criminal enterprise could have disrupted the United Nations. But if that was the case, why would locating a simbox 35 miles away from a meeting be any more indicative of the intended target than placing the simbox 350 miles from the meeting? The United Nations Headquarters is in the heart of Manhattan. More than 20 million people live within a 35 mile radius of Manhattan. Very few places in the USA will have as many base stations that are as densely concentrated. No phones in the UN Headquarters will connect to the same base station as a simbox located 35 miles away. So what actual reason is there to suppose these simboxes pose a threat to the United Nations? Are they situated around the places where UN delegates eat and sleep? Even if they are, why assume there is a connection to the UN as opposed to thousands of other potential targets that also frequent New York, such as Wall Street bankers or some of the most influential journalists in the USA?

This is an ongoing investigation.

Perhaps some useful information will be provided when the investigation is over. For now, the press release only really told us three things: 300 simboxes and 100,000 simboxes were found around New York, and the Secret Service wanted to be praised for this operation. They also shared some photographs, which are reproduced below. The press release is here, and there is even a YouTube video. However, the information fed to the media by the Secret Service looks to me like an exercise in misdirecting the public so they draw the wrong conclusions about how these simboxes were being used, and why the private sector had not already deactivated the SIMs found inside these simboxes.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email