What does the Troll farm look like in an apartment in Ukraine, connected by 3000 SIM cards to promote Russia

Discovered by the Ukrainian secret services, the installation put into operation using equipment brought from Russia was used for the purpose of spreading misinformation and creating panic among the population, using no less than 18,000 accounts registered on the main social platforms.

According to the press release published on the page of the Ukrainian Security Service (SSU), the operation was administered with only two people in different apartments. Extremely compact, the GSM Gateway devices housed about 3,000 SIM cards connected directly to the mobile internet networks in Ukraine, with the aim of intermediating the operation administered in Russia. Making it difficult to detect, local connections allowed the robotic Troll army to post widely on social media pages, misinforming and spreading panic. The tactics used include the announcement of fake bombings and terrorist acts, some posts being redistributed to viralization on social media platforms, adding to the general panic.

Very popular with professional hackers, GSM Gateway devices work as ad-hoc VPN servers, easy to set up, hard to detect and completely under the control of those who carry out the operation. Although it involves some complications with the purchase of equipment and the organization of a physical presence in the targeted area, the operation is not difficult to implement for an attacker who enjoys the virtually unlimited support of a nation. Purchasing prepaid SIM cards for internet access is also not very difficult. As in Romania, such cards can be purchased and activated without going through a complicated process of identity validation, the only restrictions applied by Ukraine being the blocking of certain Internet services that can be connected directly to Russian-run companies, such as the search engine Yandex and the e-mail service Mail.ru.

Unfortunately for Ukraine, the success of the operation for the confiscation of connection equipment does not automatically imply the blocking of online misinformation operations initiated by Russia, and there may be other connection nodes that remain undetected in the country.