Cary, North Carolina, USA, December 4th, 2025, CyberNewsWire Cybersecurity and IT training platform maintains Leader and Momentum Leader positions while expanding regional excellence INE has been recognized with seven G2 Winter 2026 badges, underscoring its continued leadership in online course delivery, technical skills development, and cybersecurity education. This seasonβs awards include Leader status in the [β¦]
New technological developments in recent years has made it possible to build a private cellular network at very low cost. This can be useful to many organizations who place their privacy at a premium such as firms engaged in research and development of intellectual property (IP) or law firms, to name but a few.. You can read here how the Mexican drug cartels built their own private cellular network to evade both law enforcement and competitors snooping.
This article was written by one of our most advanced students, Astra. Astra is an ardent supporter of Ukraineβs freedom and an advanced student of low cost cellular networks.
If you want to learn more about setting up a private 4G LTE network, enroll in our SDR for Hackers: Building a Private 4G Network!
In this article, he will demonstrate how to build your own 4G LTE network!
LTE Networks
The concept of private LTE itself is not new. There are ready-made solutions that allow you to lease frequencies and deploy such network at your enterprise. But, of course, all this equipment is not suitable for a one-time testing experience, so we will launch a network based on SDR.
If in the world of open-source stacks GSM is ruled by Osmocom, then here in 4G LTE the undoubted leader isΒ srsRAN. This is a completely open-source software that with minimum configuration allows us launching this kind of network.
srsRAN can be built from source, but I recommend using DragonOS, which has already been mentioned many times by OTW, where this software is already included in the distribution.
There is also another similar project which is LibreCellular that uses slightly different hardware, but the key concept is the same of srsRAN.
How LTE works
Β
Letβs understand how this network (RAN, Radio Access Network) works.
It is a network that utilizes frequencies more efficiently and provides much faster performance compared to GSM and 3G.
It consists of three key components:
EPC (Evolved Packet Core)
This the operatorβs core network. Its main component is the MME (Mobility Management Unit), through which all signaling traffic from UEs (User Equipment) passes. This node is responsible for service transfer, calling, authentication and many other operations. Its other parts are the billing service and gateways (service and packet), which provide data exchange between parts of the network and other networks. Connected to the core network is the HSS (Home Subscriber Server), a secure database where encryption keys and subscriber information are stored. In a GSM network, the role of this node is played by the home register (HLR).
eNBs (eNodeB).
These are the base stations. LTE operates in a wide range of frequencies, from 450 to 2600 MHz. Their use varies from country to country, as some of these frequencies are already reserved for something else. Like GSM, there are channel numbers here too β the E-UTRA Absolute Radio Frequency Channel Number (EARFCN).
The whole spectrum of frequencies is divided into broad sections (LTE bands), the choice of which differs from country to country.
UE (User Equipment).
These are the devices that connect to the network such as phones and modems.
What does it take to get your own LTE network up and running?
In order to reproduce everything that I will be describing below, you will require some specific hardware and specific configuration.
For this test you will need:
1)Β Β Β Β Β A linux and a windows machine.
2)Β Β Β Β Β A full duplex SDR with proper antennas. B210, BladeRF, and LimeSDR are suitable.
3)Β Β Β Β Β A sim card reader
4)Β Β Β Β Β Programmable LTE USIM cards
5)Β Β Β Β Β An android smartphone
Letβs startΒ
Boot into DragonOS and plug in the SDR.
Navigate to the /etc/srsran folder.
dragonos> cd /etc/srsan
Youβll find the configuration files there.
dragonos > ls -l
In the enb.conf file we will modify two parameters: MCC and MNC
These parameters are identical to those used in GSM networks β they are country code and network code. Normally, we should use some arbitrary values, but the problem is that most phones refuse to work when they see strange values for network. Thatβs why we need to specify the MCC of the country we live in or use the 999 which is the value for private enterprise networks. With regards the network code (MNC) make sure to set one that doesnβt belong to any operator working in your country.
Β
Β
[enb]
enb_id = 0x19B
mcc = 999
mnc = 01
mme_addr = 127.0.1.100
gtp_bind_addr = 127.0.1.1
s1c_bind_addr = 127.0.1.1
s1c_bind_port = 0
n_prb = 50
#tm = 4
#nof_ports = 2
Β
Β
Modify the epc.conf file in the same way:
Β
[mme]
mme_code = 0x1a
mme_group = 0x0001
tac = 0x0007
mcc = 999
mnc = 01
mme_bind_addr = 127.0.1.100
apn = srsapn
dns_addr = 8.8.8.8
encryption_algo = EEA0
integrity_algo = EIA1
paging_timer = 2
request_imeisv = false
lac = 0x0006
full_net_name = astra00011
short_net_name = astra00011
Β
Now in two separate terminal run first sudo srsepc and then sudo srsenb.
Now take your phone and go to search for networks manually. If we are lucky weβll see a network, depending on which values you set, starting with 99913. If we try to connect to this network, we will surely fail β the phone will connect a bit and then give a sad βNo serviceβ.
Itβs all about authentication. That is what we are going to deal with now.
Β
Fire up a windows machine and plug in the sim card reader. Insert a blank sim into the reader.
I am using a non open source software to read/write on sims. There are other options such as pysim.
Once the sim card is read, we can proceed writing the required parameters.
The key parameters required by srsRAN are the IMSI, KI and OPC.
The first field to fill in is to write value for ICCID. The ICCID number should be a unique 19 digit identifier for the SIM card itself. It should composed by the following:
Β
Field
Description
Example
Major Industry Identifier
Always set 89 for telecommunication purposes
89
Country Code
2 or 3 digit country code as defined by byΒ ITU-TΒ recommendationΒ E.164.
Account identifier (usually the same as the one in the ICCID but chopped here to stay in the 15 digit limit)
0000000001
Next step is to generate the KI value (subscriber key), which is known only by the subscriber and network and used to authenticate the device on the network. We also need to generate a OPC (operator code derived) value.
I used the following script to generate 128-bit values for both Ki and OPC:
Then fill in the last parameters which consists in:
PLMNwAct: A user-managed list of preferred Public Land Mobile Networks (PLMNs) ranked by priority, along with the corresponding access technologies (2G/3G/4G/5G, etc.).
Β
OPLMNwAct: An operator-controlled version of the user-preferred PLMN list mentioned above.
Β
HPLMNwAct: The Home PLMN, including the specified access technology, identifies the network associated with the subscriberβs identity, represented as a combination of Mobile Country Code (MCC) and Mobile Network Code (MNC) with the access technology included.
Β
EHPLMN: A list of Equivalent Home PLMNs. Networks in this list are treated as equivalent to the home network, meaning the device wonβt consider itself roaming when connected to them. This field can be useful, for example, when operators merge, allowing each to include the otherβs
Β
PLMNΒ in this list (though the original source for this suggestion could not be verified).
Β
FPLMN: A list of forbidden PLMNs that the device should not automatically attempt to register with. This can be used to avoid all specified localΒ public mobile networks.
If everything was correctly set up, once you insert your programmed sim card in your smartphone, you should be able to see something like this in the network parameters:
Notice that we still donβt have any mobile connection (top right corner icon)
Lastly, we need to choose the radio frequency for transmission and reception, which is conveniently represented by an EARFCN (Evolved-UTRA Absolute Radio Frequency Number). srsRAN supports exclusively FDD (Frequency Division Duplexing), where the mobile deviceβs downlink and uplink operate on separate frequencies. By specifying the downlink EARFCN, srsRAN can determine the corresponding downlink frequency. This can be done in the /etc/srsran configuration folder in the rr.conf file.
The final step to complete the whole configuration is edit the user_data.csv file. This file includes the SIM card identity that we previously configured. This file is utilized by the Home Subscriber Service (HSS). The information programmed into the SIM cards is now necessary for operation.
Keep in mind that srsRAN does not support calls and SMS, only internet connectivity. Calls are possible with VoLTE but this involves additional components such as the IP Multimedia Subsystem (IMS) that srsRAN does not natively include.
Nowβs the time to raise our 4G LTE network:
In two separate terminals type:
>sudo srsepc
followed by
sudo srsenb
Success! We have our own private 4G LTE network!
Summary
It is now possible to create your own 4G LTE network with low cost components and a bit of expertise! These networks can be invaluable to those who place a high priority upon privacy and confidentiality. This is key in a era where competitors or nation state actors may be inside your mobile carrierβs system.
To learn more about SDR (Signals Intelligence), join our SDR (Signals Intelligence) program or our Subscriber Pro training package.
Securonix Threat Research details the complex JS#SMUGGLER campaign, a three-step web attack using obfuscated JavaScript and hidden HTA files to install the NetSupport RAT on user Windows desktops, granting hackers full remote control and persistent access.
Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named NetSupport RAT.
The attack chain, analyzed by Securonix, involves three main moving parts: An obfuscated JavaScript loader injected into a website, an HTML Application (HTA) that runs encrypted
ReliaQuest warns that the cybercriminal collective βScattered Lapsus$ Huntersβ appears to be using social engineering attacks to target organizationsβ Zendesk instances.
Space Bears ransowmare claims it obtained Comcast files through a breach at Quasar Inc, with threats to publish the data and separate leaks promised from Quasar itself.
In the second installment of the βAdvent of Configuration Extractionβ series, security researchers have unwrapped QuasarRAT, a widely-deployed .NET remote access trojan (RAT), revealing sophisticated techniques for extracting its encrypted configuration from both clean and obfuscated binary samples. The analysis demonstrates a reproducible methodology using Jupyter Notebook, pythonnet, and dnSpy, providing cybersecurity professionals with practical [β¦]
NVIDIA and Lakera AI have introduced a groundbreaking unified security and safety framework designed to address the emerging challenges posed by autonomous AI agents in enterprise environments. This collaborative effort represents a significant step forward in making agentic systems AI systems capable of independent planning, tool use, and multi-step task execution safer and more secure [β¦]
Indiaβs government is considering a controversial proposal that could require smartphone manufacturers to enable satellite location tracking on all devices permanently. The plan has sparked significant backlash from major tech companies, including Apple, Google, and Samsung, who argue the measure poses serious privacy and security risks. The proposal originates in Indiaβs telecom industry, specifically the [β¦]
Adex, the anti-fraud and traffic-quality platform operating under AdTech Holding, has successfully identified and neutralized a sophisticated, multi-year malware operation linked to the infamous Triada Trojan. This campaign, which has persistently targeted the mobile advertising ecosystem, underscores the evolving dangers of supply-chain attacks in the digital ad space. According to industry data released alongside the [β¦]
Global cybercrime is accelerating toward a projected cost of 15.63 trillion dollars by 2029, up from an estimated 10.5 trillion dollars today, as criminals exploit new technologies faster than businesses can defend against them. Yet 59% of organisations say they suffered at least one successful cyber attack in the past 12 months, and one in [β¦]
A critical security vulnerability has been discovered affecting billions of WhatsApp and Signal users worldwide. Researchers found that hackers can exploit delivery receipts to secretly monitor user activity, track daily routines, and drain battery life, all without leaving any visible trace.β The attack, calledΒ βCareless Whisper,βΒ uses the delivery receipt feature that confirms when messages reach their [β¦]
A new platform known as the βkittenβ project has emerged as a coordination hub for hacktivist campaigns targeting Israel, operating at the intersection of cyber activism and state-aligned influence. While the operators publicly deny direct ties to Iran, technical evidence and infrastructure traces indicate a close relationship with an Iranian cybersecurity ecosystem and pro-Iranian hacktivist [β¦]
Itβs been a week of chaos in code and calm in headlines. A bug that broke the internetβs favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking cyberattacks β all within days. If you blink, youβll miss how fast the threat map is changing.
New flaws are being found, published, and exploited in hours instead of weeks. AI-powered tools meant to help developers
The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak shopping events, especially the weeks around Black Friday and Christmas.Β
Why holiday peaks
Hello, aspiring Cyber Forensic Investigators. In our previous blogpost, you learnt in detail about Computer Forensics. In this article, you will learn about dd forensic tool, and evidence acquisition tool which made a guest entry in the above-mentioned blogpost. Despite the rapid evolution of digital forensics tools, one command-line utility has remained a trusted backbone [β¦]
Login
