SS7 Network — Trick or Treat?

By: By Lyman Horne - Guest columnist

I recall back in the 1980’s there was much discussion regarding the formation of the SS7 (signaling system No. 7) network. The main purpose of this network was to take the signaling component ‘out-of-band’ from the normal talking network for the telephone network. The concept was intriguing as it was supposed to make our networks much more efficient, however we will never go back to the old norm of signaling and will have to live with the consequences of our actions, both good and bad.

Prior to the implementation of the SS7 network you could pick up a telephone and let’s say, place a call to a number in California. If the number in California was busy, you received a busy signal from the switch in California as you had already established a call pathway between your local switch and the switch in California. In short, you signaled on the same path that you spoke over.

With the implementation of the new digital switches, it became possible to separate the signaling pathway from the voice pathway. All the switches were connected to the network and it, rather than the talk circuits, were used to establish calls as well as transfer call information necessary for billing, caller ID, etc. Using the scenario previously mentioned, the signal would have been sent to the serving switch in California via the SS7 network, and if the line was busy, the switch would immediately send a ‘line busy’ record back to the originating switch and you would get the busy signal from your local switch rather than tying up a complete circuit across country needlessly. Should the line not have been busy, the switches would have established a talk circuit and the call would have been completed.

The concept was fantastic as it allowed the switching information to follow a different ‘pathway’ and not creating the need for additional talk circuits. This was efficiency that was inherent by this simple change in the way we signaled. However, by taking the signaling, and moving it to a call setup record, it opened our networks, and our phones, up to vulnerabilities, and even the criminal element, that was never envisioned.

Fraudulent people and even some bad actors in the industry quickly figured out how to manipulate the call records. Unfortunately for our industry, an incomplete call record, or even a fraudulently populated call record, still may contain enough basic information to make the switches believe it is a valid call and make the connection. In addition, no one is policing these practices, and the people and companies tampering with call records can hide and probably never be discovered. Even our own regulatory body, the FCC stands idly by and lets this fraudulent activity continue.

If you can control the call record, you can make it look like you might be calling from anywhere by populating the originating number field any way you want. Or, perhaps just populate the originating number field with all zero’s, the call connection will still be made. That practice is called ‘spoofing’ and companies sell ‘spoofing services’ over the internet so the average person can do it. For carriers of telephone traffic, some just leave the carrier code blank, so that the company that has to handle and terminate the call has no idea how it got to them or who they should bill for handling that call.

Recently, I received a call from someone claiming to be a US Treasury agent and that I was in danger of prosecution if I did not return the call. The caller ID information indicated the call came from Myrtle Beach, SC. I returned the call, the person on the other end of the call had a heavy foreign accent and claimed the he was located in Washington, DC and that the call was being routed through a Myrtle Beach SC phone number. I informed the person on the other end of the call that what he was doing was criminal and his response was ‘I don’t care’ and that’s when I hung up. It was an obvious scam and knowing some things about our network I did not intend to play along. The real problem here is what if my 80-something year old mother gets that call and takes it seriously?

By the way, these practices can get the player around the marketing block list. Upon all this, throw in VOIP, call forwarding, remote call forwarding, local number portability, as well as some other techniques, our networks make us extremely vulnerable. Unless the call you receive is legitimate, even the professionals within our industry would be hard-pressed to say exactly who is calling you and where, exactly, the call came from. Be careful!!!!

By Lyman Horne

Guest columnist

Lyman Horne Horne