I spent a fair part of my life either working for telcos or for companies owned by telcos. The amount of ignorance to be found in such organizations is absolutely staggering. There probably were better times, when there were few telcos around and a lot of them were bureaucratic monopolies. The phone networks they were responsible for were mostly under control, the only people with meaningful access to those networks were the big telcos themselves.
It's not that, back in the old days, telco networks didn't have their fair share of security problems. Google around for 'blueboxing' and 'phreaking' to get a glimpse of that. These problems were mostly known, though, the telco's problems with mitigating them had little to do with a lack of understanding on their side, but more with the cost of upgrading infrastructure and the general slowness of the organization.
With the rise of SS7 and out-of-band signalling, telcos grew confident that they had their security problems tackled. All the historical efforts against security were geared towards rogue end users screwing things up from the short end of a circuit. The inner network was seen as a Black Box. Then telco deregulation and the internet came along and they never realized the gravity of their mistake.
Look at the inner LAN of any telco organization and you will find racks and racks of Sun and Cisco gear. Rolled in by bloated consultancy organizations and maintained by yet other bloated companies over fatass support contracts. These are immensely complex overengineered solutions and people understanding them in their entirety are far and between. Everybody else is scared to touch the network and gear unless if absolutely necessary and even then only if accompanied by a Change Request form filled in threefold. So Solaris never gets patched. IOS stays at the release it got when routers were installed. Only if actual outages occur because of an OS issue will you see any updates.
Management is done over telnet. The large support organizations doing the maintenance for the telco need to be able to do that without hassle, so generally there are root logins with tremendously simple passwords that are known throughout the entire company and they rarely change. You won't need to have taken classes in social engineering to get your hands on a lot of that kind of inside information. Security within telco networks is rotten to the core.
Add to this factor the rise of the multi-tier reseller business model that has risen out of the internet age and you have a recipe for disaster. More and more companies gain responsibility over a larger part of the traffic going towards end users than ever before. Instead of hundreds, there are now thousands and thousands of organizations that hook into the international SS7 signalling network, either directly or through a bigger telco. But guess what, the international telco network was never designed with the idea in mind that rogue organizations could tap into it directly. It is not at all clear to the telcos what kind of risks are associated with this loss of control they never anticipated.
![]](/web/20060107022712im_/http://www.kuro5hin.org/images/header/rt_edge3.gif){kind=small}
![[XML]](/web/20060107022712im_/http://www.kuro5hin.org/images/rssblue.gif){kind=small}
![[P]](/web/20060107022712im_/http://www.kuro5hin.org/images/print3.gif){kind=small}
