Crisis Averted: The Nation-State Plot To Black Out NYC’s Cell Service!
Also - the time a group of teenage hackers owned 130 high-profile Twitter accounts.
Three digital security crises exposed the vulnerability of our everyday lives this week.
The Secret Service dismantled a plot to black out NYC’s cell towers during the UN General Assembly, a verified Steam game drained a cancer patient’s treatment fund live on stream, and Britain announced mandatory digital IDs for all adults.
Here’s what happened and why your digital habits just got riskier.
Crisis Averted: The Nation-State Plot To Black Out NYC’s Cell Service
The Secret Service quietly dismantled a massive telecommunications threat network across New York just hours before President Trump addressed the UN General Assembly this week. Authorities seized more than 300 SIM servers and 100,000 SIM cards across multiple sites, in what officials described as an imminent threat to protective operations. This massive server farm could have easily overloaded cell towers, disrupted 911 calls, and caused communications problems across Manhattan during the world’s largest diplomatic gathering.
Key Insights:
Initial analysis indicates that the network was utilized for communication between foreign governments and unnamed individuals identified by U.S. law enforcement. The sophisticated setup wasn’t just about making anonymous phone calls or swatting government employees. These devices could conduct a wide range of telecommunications attacks, giving bad actors the power to create their own shadow phone network while potentially shutting down and “flooding” legitimate services.
Why This Matters For You:
You’re now living in a cybersecurity warzone - whether you know it or not. This incident highlights how easily malicious actors can establish invisible networks that can disrupt the communications you rely on daily. When 911 systems and cell towers become targets, personal safety depends on cybersecurity authorities staying one step ahead of increasingly sophisticated digital threats.
Read More on The Associated Press.
When Gaming Gets Dangerous: Steam Game Scam Drains Cancer Fund Live On Stream
A Latvian streamer battling stage 4 cancer lost over $32,000 in cryptocurrency donations after downloading a seemingly legitimate game from Steam called BlockBlasters. The theft happened live on stream when a viewer suggested he try the game, which secretly installed malware that drained his crypto wallet within minutes. The incident was just one piece of a larger attack that affected hundreds of players, with hackers stealing a total of at least $150,000 from users across the Steam platform.
Key Insights:
BlockBlasters had been hiding malware for three weeks before Steam finally removed it. The game looked completely normal, a simple 2D platformer that passed Steam’s verification process. While players were gaming, the malware quietly harvested crypto wallet data, browser passwords, and login credentials from their computers. The sophistication demonstrates how cybercriminals are becoming increasingly adept at exploiting trust in major platforms.
Why This Matters For You:
Your gaming habits just became a financial security risk! Steam hosts over 50,000 games, and this attack demonstrates that even verified titles can conceal malicious code. The next time you download any software, remember that malware doesn’t always look suspicious. It can arrive disguised as entertainment, targeting the moments when you’re most relaxed and least suspicious.
Read More on Bleeping Computer.
Papers, Please: UK’s New Digital ID Just Became Mandatory
Britain is rolling out a mandatory digital ID card for every adult, with Prime Minister Keir Starmer expected to announce the “BritCard” scheme later today, on September 26th, 2025. All UK adults will be required to carry the digital identification as part of new government plans to tackle illegal immigration. Every adult would need to “show” their card when taking up a new job or renting a property, with the app automatically checking work rights against government records.
Key Insights:
This proposed mandate marks Britain’s first mandatory ID system since World War II rationing cards, joining countries like China, Singapore, and India that already require digital IDs. The system creates a “mandatory national digital identity” issued to all individuals with the right to live or work in the UK. While the EU, Canada, and Japan offer voluntary digital IDs, Britain’s mandatory approach mirrors more authoritarian models used in countries with extensive digital surveillance.
Why This Matters For You:
Are you a British (or UK) citizen? Your phone just became your passport to daily life. Getting a job, renting an apartment, or accessing government services will soon require digital verification through your device. The shift transforms smartphones from convenience tools into essential documents that unlock access to necessities in modern Britain. (But privacy advocates warn of serious concerns!)
Read More on The Times.
🐦 The Day Twitter Broke: How Teens Used Social Engineering To Own Verification (July 2020)
In the summer of 2020, a handful of inexperienced (but clever) teenage hackers executed a highly effective social engineering attack. They didn’t breach firewalls or launch any fancy scripts. Instead, they used phone phishing (vishing) to trick multiple Twitter employees into granting them access.
With this access, they compromised Twitter’s internal administrative tools, allowing them to take control of 130 high-profile, verified accounts. Including those of Bill Gates, Elon Musk, Barack Obama, and Apple! They then used those accounts to run a simple but devastating Bitcoin scam.
The Harsh Lesson: This attack demonstrated that, despite top-tier technical defenses, an organization’s most critical point of failure remains the human element. The weakest link is not always the code, but the employee on the other end of the phone.
😎 More From Me
Please read my two newsletters:
# 1 - Pithy Cyborg - AI news in a no-fluff format. Timely insights into how AI is changing the world around us. Plus, a fun and battle-tested AI prompt in each issue.
# 2 - Pithy Security - Useful cybersecurity news without fear-mongering. Simple security that lets you spot scams and stay safe without needing to become an expert.
PS: Do you have questions? Reply to this email!
Thanks for reading. More cutting-edge cybersecurity insights coming soon.
Newsletter Disclaimers
You’re receiving this because you subscribed at PithySecurity.Substack.com. You can unsubscribe at any time using the link below. This newsletter reflects my personal opinions, not professional or legal advice. I may earn commissions from recommended tools. Thanks for your support!