Author here. Thanks for reading.

I didn't want to explain that in the article because I don't think it adds value.

I suggest you read up on the SMS protocol, basically anyone on the network, if able to inject any arbitrary packet into it, can.

If you don't even want to buy equipment or even code, take a look at AWS SNS or (i believe) Twilio too.

Neither SNS nor Twilio support arbitrary Sender ID's for US destinations, that's why I was asking... I wasn't aware that anyone actually allowed this anymore. Companies that used to allow sending fake messages without authorization, like Sakari and Beetexting, no longer do. CTIA even made a statement that "no carrier has been able to replicate" this kind of attack, according to a VICE article.