At the end of September 2025, the U.S. Secret Service dismantled a SIM farm comprising a cluster of nearly 300 servers and and 100,000 SIM cards across multiple sites. Investigators concluded that, if activated, the system could have crippled New York City’s cellular network. The devices obtained had already been used “to conduct multiple telecommunications-related threats directed towards senior US government officials”, the Secret Service alleged.
It wasn’t an isolated hacker working in the shadows, it was a professionally built infrastructure. That discovery reveals an uncomfortable truth: what are known as SIM farms are potentially no longer obscure tools of scammers housed on kitchen tables, they are industrial-scale cyber weapons that can hide in plain sight inside data centre colocation environments.
What is a SIM Farm?
A SIM farm is, at its core, a collection of SIM cards wired into servers through specialised hardware. Instead of one person with one phone, a SIM farm might control thousands of SIMs simultaneously, sending texts, making calls, or interacting with mobile networks at industrial scale.
There are legitimate reasons to build something like this. Carriers use them to test networks. Businesses with large fleets of IoT devices sometimes need to manage SIMs in bulk. But the same setup is just as attractive to criminals, who use them to push spam, post false or phishing messages on social media, evade two-factor authentication systems, commit fraud, or in extreme cases, overwhelm parts of the phone network itself.
Why criminals love them
What makes SIM farms particularly dangerous is their flexibility. With a single rack of gear, an operator can impersonate thousands of identities, launch large-scale text or voice campaigns, and disappear behind prepaid or stolen SIM cards that make attribution difficult. These aren’t one-off scams, but repeatable, scalable operations. And because the farms are effectively miniature telecom hubs, they can be turned from tools of fraud into weapons of disruption. In New York, investigators found the SIM farm had the capacity to flood cell (mobile network) towers with so much traffic that 911 calls might not connect while police, fire, and EMS struggled to coordinate.
As CNN law enforcement analyst and former Secret Service agent Jonathan Wackrow explained:
“That is not just an inconvenience. It can be a matter of life and death. And the threat does not stop at phones. Hospitals depend on cellular links for patient monitoring and emergency communications. Transportation systems use it to track trains, buses, and logistics. Power grids, water systems, and even financial networks are tied into connected devices that quietly run in the background. If those links fail, the ripple effect is immediate and severe. That’s why this bust is a warning shot. We can’t only prepare for hackers breaking in through code. We must prepare for attackers overwhelming the systems themselves.”
This is the shift colocation providers need to recognise: SIM farms are not just tools of fraud, they are attack platforms with city-wide impact.
Why data centre operators should care
Most SIM farms don’t operate from spare bedrooms or garages. They thrive inside colocation data centres, where they enjoy reliable power, redundant connectivity, and the cover of being just another tenant. The irony is striking: facilities designed to guarantee uptime and security are also perfect hiding spots for criminal infrastructure.
For data centre and colocation operators, the risks are profound. Hosting illicit SIM farms exposes providers to potential legal inquiries and law enforcement action. It threatens reputational damage if a facility becomes known as a safe haven for cybercriminals. And it creates operational risk, as raids or seizures could disrupt legitimate customers who share the same space.
From IT hygiene to National Security
What’s especially sobering is that SIM farms now pose risks far beyond fraud. The possibility that a single installation could disrupt communications across an entire metropolitan area shifts the conversation into the realm of national security. Telecom networks underpin everything from emergency response to finance. Allowing these systems to be undermined from inside commercial hosting facilities is no longer a niche problem, it’s a critical infrastructure concern.
Governments are beginning to recognise this. In April 2025, the UK Home Office announced that the country would become the first in Europe to ban the possession and supply of SIM farms, making them illegal except for narrow legitimate uses.
The move was driven by data showing that financial fraud rose 19% last year, now accounting for over 40% of reported crime in England and Wales. Under the new law, offenders face unlimited fines in England and Wales, and a £5,000 fine in Scotland and Northern Ireland.
UK telecoms operators welcomed the decision, pointing out that SIM farms have helped criminals send billions of scam messages in recent years. As an industry, it is estimated that more than a 1 billion suspected scam messages have been blocked since 2023.The National Crime Agency described the UK Government’s proposed ban as a “vital tool” in dismantling the infrastructure of large-scale fraud.
The ban will come into effect 6 months after the Crime and Policing Bill receives Royal Assent.
The UK’s action underscores a broader point: SIM farms are no longer a grey area. They are recognised as critical enablers of crime, and regulators are moving decisively to shut them down.
What needs to change
For a data centre services provider, SIM Farm awareness is the first step. Stronger vetting of new tenants, smarter monitoring for unusual racks filled with GSM gateway equipment, and closer relationships with carriers and investigators all make a difference. Some operators are also beginning to build cyber-physical audits into their processes, looking beyond the usual power and cooling checks to spot anomalies that could signal illicit use.
The bottom line
SIM farms represent a new frontier of cybercrime infrastructure, built with professional-grade reliability but deployed for profoundly destructive purposes. They blend into the same racks and cages as legitimate servers, which makes them easy to overlook until it’s too late.
For colocation providers, the message is clear: this isn’t simply about preventing bad actors from leasing space. It’s about helping to defend the integrity of the digital economy, and in some cases, the stability of entire city networks.
For companies seeking data centre space and wishing to stay ahead of these risks, partnering with a trusted infrastructure and security partner is critical. Companies like vXtream specialize in secure, compliant data centre solutions designed to detect anomalous activity, enforce strong tenant vetting, and ensure critical infrastructure remains protected. By combining physical security, robust monitoring, and expert guidance, organisations can reduce the risk of inadvertently hosting malicious SIM farms or other high impact cybercrime infrastructure. Talk to us today.
Image © U.S. Secret Service Media Relations September 2025
Comments are closed.