The discovery of a cache of malicious networking equipment in New York City over the weekend could represent a significant development in the ongoing evolution of hybrid warfare.

What Was Found?

The cache contained 300 servers with over 100,000 SIM cards installed. A typical setup like this would be able to spoof phone numbers and accounts and send text messages en masse, with one official noting that the NYC equipment would be able to send 30 million text messages per minute. According to one source cited by the New York Times, the Secret Service also found 80 grams of cocaine, illegal firearms, computers, and cellphones at the apartment.

What Was the Objective?

Early reporting has focused on the setup’s potential to overwhelm local cellular towers with spam text messages, taking local mobile service offline. The timing of the discovery also hinted at an intent to disrupt the UN General Assembly. Yet this timing could easily be a coincidence and, absent an external crisis, the payoff from this nuclear option is murky given the inevitable local backlash and increased political and policing attention it would produce. Moreover, if the goal was to crash cellular networks in NYC and possibly other US cities at some critical juncture in the future, logic dictates that you would minimize the potential for discovery by remaining dormant in the meantime. This was not the case.

A different purpose is more likely, one where the setup serves as a mass phishing operation to turn up actionable leads over time. Further insights will come to light as investigators work through the data on the SIM cards and discover where the calls were going. High-level US officials seem to have been targeted by fraudulent calls earlier in the year, triggering the investigation in the first place. This would suggest state-sponsored espionage, mirroring recent operations like China’s Salt Typhoon, which broached major US telecommunications networks to compromise ‘a small number of individuals of foreign intelligence interest.’ But that doesn’t necessarily mean the NYC setup was exclusively targeting political figures. It is not uncommon to see some overlap between state and criminal interests, where state-linked operators ‘freelance’ to either enrich themselves or mitigate costs otherwise borne by the state. Consequently, the setup could have been phishing for marks in the business world or elsewhere in addition to US officials.

Who Is Behind the New York SIM Network?

Herein lies the interesting part of the discovery. The sophistication of the setup suggests a state actor, as does the potential targeting of US officials. The drugs and firearms found on site indicate a criminal network, as does the operational necessity of having a ground-level presence to purchase, set up, and maintain the equipment. The truth could be a combination of the two, and it wouldn’t be the first time. Past Chinese operations like Brass Typhoon have blurred the line between state-backed and criminal cybercrime outfits, where the latter is incentivized to pursue state interests and individual hackers move seamlessly between the two worlds. Moreover, encrypted/extra-state communication mediums and cryptocurrency are facilitating international criminal cooperation where once it would have been unthinkable; for example, Mexican cartel drug trafficking transactions being laundered by Chinese banking networks via WeChat. It’s possible that there is some novel constellation of state- and non-state actors behind the NYC network where, for example, state interests piggyback on criminal ones or even facilitate freelance cybercrime in exchange for a cut of the proceeds.

Hybrid Warfare in NYC?

The state and/or criminal actors behind the NYC setup could soon come to light as investigators pore over the SIM data. However, the early takeaway here is one of ongoing escalation of hybrid warfare in our current moment, broadly driven by: 1) mounting great power competition; and 2) the lack of any serious consequences for states perpetrating it. Consider a few major incidents from the past few years: European arson attacks and package bombs that nearly detonated on an airplane mid-flight; the severing of numerous underseas data cables in the Baltic; cyberattacks against US critical infrastructure; a breach of the US agency responsible for storing and maintaining the nuclear stockpile; and just this week, a coordinated drone incursion across Danish airports and military installations. Global geopolitics is increasingly contentious and the conflicts are playing out in the gray zone. At least for now.