In the aftermath of Donald Trump's presidential victory claim in November, a disturbing wave of racist text messages swept across the United States, targeting Black, Hispanic, and LGBTQ communities. The messages, which contained hateful content directing recipients to fictional plantations and deportation centers, managed to partially circumvent existing spam protection systems, raising serious concerns about messaging security.
Industry experts revealed that 15-20 different phone numbers flooded the SMS ecosystem with these messages, specifically targeting young Americans and students. The perpetrators attempted to use multiple mass-texting services before successfully breaking through some barriers, indicating a calculated and coordinated attack rather than random acts.
The incident exposed vulnerabilities in the SMS messaging infrastructure, which consists of various interconnected entities including carriers like Verizon and AT&T, messaging facilitators, and direct connect aggregators. While the industry has implemented protective measures over recent years, including the Campaign Registry established in 2020, some messages still managed to slip through.
"What seemed to happen is that there was a determined, thought-out attack on multiple people's systems to see where a chink in the armor was," explained an industry source who requested anonymity due to ongoing investigations.
The attack particularly impacted college campuses. At the University of North Carolina in Chapel Hill, members of the Black Student Movement received personalized racist messages from unknown numbers. Similar incidents occurred at historically black universities, including Claflin University in South Carolina, where students were left shocked and confused by the threatening content.
The incident has drawn parallels to previous coordinated messaging attacks, such as the fake SMS campaign during Russia's invasion of Ukraine that aimed to create panic about ATM availability. Industry experts worry this recent attack could be a probe testing system vulnerabilities for future, more damaging campaigns.
While many victims have moved past the immediate shock, investigations continue at both local and federal levels. The incident has prompted the messaging industry to reassess its security measures and exposed the ongoing challenge of balancing accessibility with protection against malicious actors.
Brad Herrmann, CEO of Text-Em-All, noted that while current systems are generally effective, this incident revealed a security gap: "When I heard about [the racist] message getting out, I was like, you know, there's an open door and someone's going to get in big trouble for having that door be open still."
The case highlights the persistent challenge of securing mass communication systems while maintaining their utility for legitimate purposes, from marketing to emergency notifications. As investigations continue, the industry faces pressure to strengthen its defenses against similar coordinated attacks in the future.