TL;DR: A New York SIM farm raid showed how a setup with 300 SIM boxes and about 100,000 SIM cards could, at relatively low cost, overwhelm towers or emergency communications if used offensively, according to Swarmnetics. The real lesson is that scale, rotation, and residential concealment can turn ordinary telecom abuse into critical infrastructure risk.
NHIMG editorial — based on content published by Swarmnetics covering the New York SIM farm raid: NYC SIM Farm Bust Demonstrates Major Threat to Mobile Networks
By the numbers:
- The NYC SIM farm used 300 SIM boxes running about 100,000 SIM cards.
Questions worth separating out
Q: What breaks when telecom abuse is treated as only a fraud problem?
A: Teams miss the resilience and public-safety dimension.
Q: Why do rotating subscriber identities make detection harder?
A: Rotation reduces the usefulness of simple thresholds because each identity looks low volume on its own.
Q: What do security teams get wrong about SIM farms?
A: They often assume the threat is limited to fraud or nuisance calling.
Practitioner guidance
- Build cross-domain telecom identity inventories Track SIM cards, boxes, rental sites, and carrier accounts in one correlation view so rotating identities cannot hide behind physical fragmentation.
- Flag high-turnover subscriber patterns Detect rapid reuse, unusual rotation density, and coordinated traffic bursts across many numbers rather than relying on single-number thresholds.
- Link fraud telemetry to resilience planning Include swatting, mass calling, and emergency communications disruption scenarios in business continuity and public-safety playbooks.
What's in the full analysis
Swarmnetics' full article covers the operational detail this post intentionally leaves for the source:
- The site-by-site breakdown of how the SIM farm was distributed across five residential locations.
- The investigative detail behind the swatting calls that led the Secret Service to the operation.
- The equipment smuggling and concealment methods that helped the operators avoid attention.
- The specific law-enforcement and criminal indicators found at the sites, including related activity and seized material.
👉 Read Swarmnetics' analysis of the New York SIM farm and mobile network risk →
SIM farms and mobile network disruption: what practitioners need to know?
Explore further
SIM farm abuse is an identity lifecycle problem disguised as telecom fraud. The core governance failure is not just the presence of many SIM cards, but the absence of strong issuance, attribution, and offboarding controls across large pools of disposable identities. When device identities can be cycled faster than defenders can correlate them, the abuse surface behaves like unmanaged non-human identity sprawl. Practitioners should treat telecom abuse as lifecycle governance, not only network monitoring.
A few things that frame the scale:
- The NYC SIM farm used 300 SIM boxes running about 100,000 SIM cards, according to LLMjacking: How Attackers Hijack AI Using Compromised NHIs.
- Our research shows that when AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes, and as quickly as 9 minutes in some cases.
A question worth separating out:
Q: Who is accountable when telecom saturation threatens emergency communications?
A: Accountability should sit with the owners of the infrastructure, the operators who can activate it, and the resilience function that tests the failure scenario. If third parties can provision the assets, contractual offboarding and emergency disablement rights also need clear responsibility.
👉 Read our full editorial: SIM farms expose a low-cost path to mobile network disruption