and 100,000 SIM cards that could have been used for telecom attacks within the
area encompassing parts of New York, New Jersey and Connecticut.

"This network had the power to disable cell phone towers and essentially shut
down the cellular network in New York City," said special agent in charge Matt
McCool.

The devices were discovered within 35 miles (56km) of the UN, where leaders are
meeting this week.

McCool said the "well-organised and well-funded" scheme involved "nation-state
threat actors and individuals that are known to federal law enforcement."

The unidentified nation-state actors were sending encrypted messages to
organised crime groups, cartels and terrorist organisations, he added.

The equipment was capable of texting the entire population of the US within 12
minutes, officials say. It could also have disabled mobile phone towers and
launched distributed denial of service attacks that might have blocked emergency
dispatch communications.

The devices were seized from SIM farms at abandoned apartment buildings across
more than five sites. Officials did not specify the locations.

Wait; seriously? "Special agent in charge Matt McCool"? If I wanted to pick a
fake-sounding name, I couldn't do better than that.

Wired has some more information and a lot more speculation:

The phenomenon of SIM farms, even at the scale found in this instance around New
York, is far from new. Cybercriminals have long used the massive collections of
centrally operated SIM cards for everything from spam to swatting to fake
account creation and fraudulent engagement with social media or advertising
campaigns.

[...]

SIM farms allow "bulk messaging at a speed and volume that would be impossible
for an individual user," one telecoms industry source, who asked not to be named
due to the sensitivity of the Secret Service's investigation, told WIRED. "The
technology behind these farms makes them highly flexible -- SIMs can be rotated
to bypass detection systems, traffic can be geographically masked, and accounts
can be made to look like they're coming from genuine users."

** *** ***** ******* *********** *************

Malicious-Looking URL Creation Service

[2025.09.25] This site turns your URL into something sketchy-looking.

For example, www.schneier.com becomes

https://cheap-bitcoin.online/firewall-snatche...
_tool.html?form=inject&host=spoof&id=bb1bc121?meter=inject&payload=%28function%
28%29%7B+return+%27+hi+%27.trim%28%29%3B+%7D%29%28%29%3B&port=spoof.

Found on Boing Boing.

** *** ***** ******* *********** *************

Digital Threat Modeling Under Authoritarianism

[2025.09.26] Today's world requires us to make complex and nuanced decisions
about our digital security. Evaluating when to use a secure messaging app like
Signal or WhatsApp, which passwords to store on your smartphone, or what to
share on social media requires us to assess risks and make judgments
accordingly. Arriving at any conclusion is an exercise in threat modeling.

In security, threat modeling is the process of determining what security
measures make sense in your particular situation. It's a way to think about
potential risks, possible defenses, and the costs of both. It's how experts
avoid being distracted by irrelevant risks or overburdened by undue costs.

We threat model all the time. We might decide to walk down one street instead of
another, or use an internet VPN when browsing dubious sites. Perhaps we
understand the risks in detail, but more likely we are relying on intuition or
some trusted authority. But in the U.S. and elsewhere, the average person's
threat model is changing -- specifically involving how we protect our personal
information. Previously, most concern centered on corporate surveillance;
companies like Google and Facebook engaging in digital surveillance to maximize
their profit. Increasingly, however, many people are worried about government
surveillance and how the government could weaponize personal data.

Since the beginning of this year, the Trump administration's actions in this
area have raised alarm bells: The Department of Government Efficiency (DOGE)
took data from federal agencies, Palantir combined disparate streams of
government data into a single system, and Immigration and Customs Enforcement
(ICE) used social media posts as a reason to deny someone entry into the U.S.

These threats, and others posed by a techno-authoritarian regime, are vastly
different from those presented by a corporate monopolistic regime -- and
different yet again in a society where both are working together. Contending
with these new threats requires a different approach to personal digital
devices, cloud services, social media, and data in general.

What Data Does the Government Already Have?

For years, most public attention has centered on the risks of tech companies
gathering behavioral data. This is an enormous amount of data, generally used to
predict and influence consumers' future behavior -- rather than as a means of
uncovering our past. Although commercial data is highly intimate -- such as
knowledge of your precise location over the course of a year, or the contents of
every Facebook post you have ever created -- it's not the same thing as tax
returns, police records, unemployment insurance applications, or medical
history.

The U.S. government holds extensive data about everyone living inside its
borders, some of it very sensitive -- and there's not much that can be done
about it. This information consists largely of facts that people are legally
obligated to tell the government. The IRS has a lot of very sensitive data about
personal finances. The Treasury Department has data about any money received
from the government. The Office of Personnel Management has an enormous amount
of detailed information about government employees -- including the very
personal form required to get a security clearance. The Census Bureau possesses
vast data about everyone living in the U.S., including, for example, a database
of real estate ownership in the country. The Department of Defense and the
Bureau of Veterans Affairs have data about present and former members of the
military, the Department of Homeland Security has travel information, and
various agencies possess health records. And so on.

It is safe to assume that the government has -- or will soon have -- access to
all of this government data. This sounds like a tautology, but in the past, the
U.S. government largely followed the many laws limiting how those databases were
used, especially regarding how they were shared, combined, and correlated. Under
the second Trump administration, this no longer seems to be the case.

Augmenting Government Data with Corporate Data

The mechanisms of corporate surveillance haven't gone away. Compute technology
is constantly spying on its users -- and that data is being used to influence
us. Companies like Google and Meta are vast surveillance machines, and they use
that data to fuel advertising. A smartphone is a portable surveillance device,
constantly recording things like location and communication. Cars, and many
other Inter

--- BBBS/LiR v4.10 Toy-7
 * Origin: TCOB1: https/binkd/telnet binkd.rima.ie (618:500/1)