[ale] Tres amusant

[Ron]

DJPfulio--- via Ale wrote on 2026-06-10 11:40:
> We all hate spam calls/texts that try to defraud us and our parents. 
> Also the use of these devices for other criminal purposes is a 
> concern, but is surveilling 150M Americans really the best answer to 
> address 100K spammers and criminals?

This is the crux of the problem - balancing privacy with anti-crime, and 
it's tricky. These new SIM boxes¹ are kinda scary.


> Certainly there must be better options 

Had the telco companies put effort into stemming the influx of VoIP scam 
calls in the past couple decades, maybe we wouldn't have gotten to this 
place. Not that they care, of course.


¹ Now there are SIM card boxes - think server racks - for nefarious 
purposes. Would requiring ID for SIMs prevent these from their malicious 
intent? Would a couple locations containing ten thousand or more active 
SIM cards each be enough to enable a DoS attack on the mobile network, 
even if unattached to a valid ID?


The following story is quite shocking - just the photos of "boxes" of 
16² SIM cards per box stacked on racks... Yikes.

Photo of SIM boxes in a room

arstechnica.com

US uncovers 100,000 SIM cards that could have “shut down” NYC cell 
network <#>

A "nation-state" is said to be involved.

🔗 
https://arstechnica.com/security/2025/09/us-uncovers-100000-sim-cards-that-could-have-shut-down-nyc-cell-network/ 
<https://arstechnica.com/security/2025/09/us-uncovers-100000-sim-cards-that-could-have-shut-down-nyc-cell-network/> 



> Seems the easy answer would be to only require registration for phones 
> used to call more than 25 or 50 different numbers in a month.

I like the idea but I wonder how easy it would be to implement, and how 
effective when someone has 10,000 SIM cards and can distribute the calls 
across those in high-value attacks?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20260610/7da348b8/attachment.htm>