Were any devices, accounts, or IP addresses seized or traced in the Towles investigation?

1. What was seized: a vast SIM infrastructure, not just a few phones

Law enforcement described the operation as the dismantling of a large-scale telecommunications threat—more than 300 co-located SIM servers and about 100,000 SIM cards were uncovered across multiple sites, equipment the Secret Service says could have disrupted networks and supported large-scale spoofing, interception or denial-of-service activity ^{[3] [1]}. The Secret Service framed the discovery as an “imminent threat” to its protective mission, prompting rapid disruption of the network ^[3].

2. Did authorities seize devices that could be forensically traced?

Agencies reported seizing electronic hardware and other illicit materials and said forensic teams are analyzing those materials; the Secret Service is working with the NYPD, Homeland Security Investigations and other partners on forensic analysis, which the agency said has already revealed involvement by at least one foreign nation and some “bad actors” previously known to law enforcement ^{[2] [3]}. Reporting repeatedly notes that forensic investigation is underway but provides no public, detailed forensic findings in the cited stories ^{[2] [1]}.

3. Were accounts or IP addresses publicly disclosed as seized or traced?

Available reporting and the official Secret Service release mention seized hardware (SIM servers, SIM cards) and that forensic analysis is ongoing, but they do not list specific user accounts, phone numbers, or IP addresses that were seized or publicly traced to actors in the probe ^{[3] [1]}. The coverage also does not publish any named suspects tied to particular accounts or IP infrastructure in these sources ^{[2] [1]}.

4. How agencies describe attribution and tracing so far

Secret Service officials told reporters forensic work has shown involvement by “at least one foreign nation” and connections to known criminal actors, suggesting investigators are using technical traces from seized equipment to develop attribution and leads ^[2]. Reuters and other outlets relay agency statements that the probe began months earlier and culminated in coordinated seizures—indicating a tracing and operational tracking effort but stopping short of public technical detail ^[1].

5. What the public still doesn’t know from current reporting

The public record in these sources lacks specific technical indicators: there are no published IP addresses, domain names, telephone accounts, or exact device serials linked publicly to the investigation in the cited material ^{[3] [1] [2]}. Available sources do not mention whether subpoenas to carriers produced call-detail records or whether international mutual‑legal‑assistance produced identified IPs or server logs ^{[3] [2]}.

6. Two interpretations of silence: operational necessity vs. incomplete reporting

One plausible explanation for limited public detail is operational security—agencies often withhold technical indicators and identified accounts while investigations remain active or while revealing them would jeopardize ongoing operations or intelligence sources ^[3]. An alternative is that journalists are reporting early-stage statements from the Secret Service and that detailed forensic results, including specific traced IPs or accounts, simply had not been released by the time of these stories ^{[2] [1]}.

7. What to watch next for confirmation or more detail

Expect agencies to publish more specifics only after forensic analysis and legal steps (charges, warrants or indictments) are ready; follow-up reporting from the Secret Service, DOJ, NYPD, or Reuters/NPR-style outlets for named defendants, carrier confirmations or disclosed IP/device indicators would be the likely path to public confirmation ^{[3] [1]}. Until then, the publicly available sources confirm large-scale device seizures and ongoing forensic tracing but do not provide the granular account/IP details the original question asks about ^{[2] [1]}.