Thread: Another scam to beware of
View Single Post
  #14  
Old 16-11-2021, 02:32 PM
multiweb's Avatar
multiweb (Marc)
ze frogginator

multiweb is offline 		 
Join Date: Oct 2007
Location: Sydney
Posts: 22,079
Quote:
Originally Posted by gary View Post
Hi Robert,

The world's public switched telephone network is built upon a set of
legacy protocols called "Signalling System 7", or SS7 for short.

SS7 arose in the 1970's and is a set of International Telecommunications
Union standards.

There are two components to a telephone call. The first is the familiar
voice component itself. The second are the machine to machine
messages that set up and tear down the call. This second component
is the domain of the SS7 suite of protocols. SS7 also provides for a bag
of tricks such as Caller ID, conference calling, call forwarding, call back
on busy and so on.

The beauty of SS7 being a standard is that it means someone can pick
up a phone in Iceland and dial a number in New Zealand and the pieces
of equipment at either end know what to do.

SS7 takes place "out of band", that is, it communicates over a network
that is separate but parallel to the voice link.

Back in the day before VOIP, access to the SS7 backbone was essentially
limited to telcos. For example, we were contracted by a large,
well-known telephone company some years back as part of a bigger
project to expand their SS7 feature set. The powerful computers that
added the feature set had hardware interfaces directly into this telco's
SS7 backbone. So unless you had physical access to the telco's exchange
with physical keys and swipe cards, hooking into the SS7 network
was not easy.

Fast forward to today and many VOIP providers are piggybacked into
the telcos SS7 backbone. This then has enabled them to spoof the caller
ID's that go over SS7 and appear on your phone. This is particularly
prevalent in dodgy, corrupt countries such as India and Russia.
However it has reached a point where the average joe anywhere in the
world can do it from home.

So it has become almost trivial for professional scam call centres using
software to look at the target victim number they are about to call and
then generate a spoofed caller ID that is, say, one off from the target number.
What a mess. This keeps getting better. Time for some serious legislation over telcos. It should be quite easy to implement geoblocks for non compliance.
Reply With Quote