Boy, NBC sure swalloed that press release hook, line and sinker.
This week’s inter-agency meeting between FBI, SS, and NSA, are gonna be awkward
(NSA planted those)
SOP 303
Standard Operating Procedure 303 codifies “a shutdown and restoration process for use by commercial and private wireless networks during national crises.”
‘could be used to shut down cellphone network’
looks inside
uses sim cards (thus communicating via the cell network)
🤨
Text wall incoming, no offense taken for walking away:
People always talk about distributed denial of service attacks but this is not distributed. It’s concentrated in that one farm, and that informs the types of denial of service attacks it’s suited to carry out without help and influence the govt agencies which might give a shit. A simbox is a machine that can initiate one simultaneous call for each provisioned sim card in it, or whatever other cellular network operations the towers in range support. Look downstream of that for a second though, how many 911 operators are there for that area? Denying service can be more than knocking machines offline! Do I have enough sims to drown them in prerecorded panicked AI calls so they send all their firefighters to the wrong locations? Maybe I want to knife a guy and watch everyone on that block fail to reach 911 while he bleeds out. But they said ‘disable towers’ so let’s focus on denying telephony rather than the service telephony gets you to.
Bullshit scenario to illustrate a point:
Healthy customers operating a phone normally may call a variety of internal services once each until their session is established with the appropriate permissions, and then they’re allowed to make calls or touch websites. What if I pick one of those important steps and just hammer the dick off of it so nobody else can make new connections to the network for a period? If their security teams had the idea before me maybe they built some defenses, but maybe not, or maybe the simbox has sims from many carriers so they can get help. Does MobileX even agree that they carry the obligation to respond to this? Do they even know how since they don’t own all the network devices involved? Did they willfully put their thumb up their ass and ignore so they could continue to get money from the bad actor without caring about the consequences? No of course not companies always act morally!
Imagine my phone attaches to one of three towers in an area. Imagine there’s a back end process that lets a device tell a tower “I’m bcovertigo, so start me a session and look up my plan permissions, then report back with what I’m allowed to access” with a unique identity for the provisioned sim card. What happens when a phone starts that process but just ignores the response and never goes to the next step? What if I repeatedly chain together those half opened requests, and then 100 or so of those processes are just waiting on a response, still consuming resources. Do that for each of 32 sim cards in those pictured simboxes. Now give me a 300 strong swarm of those screaming hydras. 100/minute32sims300simboxes. Can your iphone ever get online if that critical step never completes to tell you your session is allowed to make calls and visit websites? We’re not even considering disruption of IoT security systems. Maybe they found some other flaw that lets them break existing network connections or exhaust something that’s needed for very specific functions to work. Through the magic of computing, anything can go wrong!
But enough about the attack itself. What are you going to do to stop all this?
Ban the identifiers of the sim bank? Fuck you they randomize it. Deprovision the sims as you see them used? Fuck you they have 100k of them as reserve ammo. No you have to physically find it and go there in person, which means plying some investigative govt agency for help.
This shit gets me so excited. I’m not educated on cellular security and possible situations, but mitigating issues and thinking about all the crazy hypothetical situations gets me all geeking out so hard.
Cool as fuck, thanks for sharing :)
DDoS…
Secret service ? Not the cops ?
Is this some cover for the administration to further infiltrate communication systems ?
We know them and how they operate…
So most likely, what they’ve already done just now is installed selective communication blackout system
so they can shut down cellphone and internet at particular location,
so their crimes are easier to sanitize after they’ve black bagged and disappeared the witnesses.They will be mass culling from the population whoever can see through their schemes and hasn’t become quiet already.
If you have political conviction the message is clear, stop running your mouth or you will be neutralized from interferingMost people know the Secret Service for their job of protecting the president, but they actually have a number of different jobs to do beyond that. Protecting civil infrastructure being one of them.
The NYPD surely isn’t going to uncover cyber threats.
Why wouldn’t the local police discover local criminal activity but a washington secret police would ?
Trump’s Secret Police probably put the jammers or whatever they were, just to claim to have found them and therefore justify their ability to enter places like this and spy and infiltrate households, organizations, factories and everywhere else that Dear Leader pleases.
The NYPD beat cops aren’t really trained to look for or discover cyber security threats. Additionally, the secret service agents that discovered these were not from Washington but from the local NYC field office, and it was most likely due to heightened security measures surrounding the UNGA visit specifically.
They weren’t jammers either, they were just sim farms, commonly used for spam calling and other general mid-level cybercrime like that. Think of them as “A bunch of phones”
The thing is, the importance of this whole event is just being exaggerated, likely to make the Trump admin look good. Like they said these could “take down NYCs cell infrastructure” but they said they only found 100,000 SIM cards total. If every one of those turned on at the same time and tried to overload local infrastructure, it would result in a 1% increase in cell network utilization inside NYC.
First the NYPD is a sophisticated military and intelligence organization more than capable and engaged in the daily labour of neutralizing humans on the daily. Just because they also have lots of fat ticket maids doesn’t mean they’re not full of competent vicious persons that will stop at nothing to imagine crimes and find them.
As for the compromised secret police, their motives are quite similar but on top of that they have an even more corrupt leadership let loose on mongering fear and paranoia for its own prestige and establishing causes for intervention by their benefactor, the Trump administration.
Absolutely nothing, no information at all coming from these organizations can be assumed to be true or straight, even statement is a piece of propaganda craft designed to empower AI driven power and electoral narratives.
“100’000 SIM cards” wow that’s really a big lot of nothing. A SIM card has not transmitter, you literally cannot do anything with it unless it were accepted by the network to begin with.
What they have is basically nothing more than 100’000 invalid login and passwords. And with eSIMs later are they going to claim to have stop a “potentially infinite” cyber attack ?
Their claims shouldn’t be evaluates on their merits but on what manipulation are their lies trying to accomplish. What narrative they are trying to craft.
All agreed, but the NYPD has a $10 billion budget. They’re far more than beat cops.
The USSS is under the Department of the Treasury. Their main job is rooting out counterfeiting. Serving the President is incidental.
This is what I’m thinking as well. This story is a flat-out fucking lie… The Secret Service are fully corrupt at this point. Meaning whatever they say is a god-damned lie or flagrant misdirection. Your idea that they installed some fascist-traitor shit makes perfect sense however.
Nice, now get the rest of them around the country.
