Head in the sand
The problems have been known about by technical staff and security staff in telcos for 20 years.
I remember discussions amongst engineers over a beer in the '90s about the minimum amount of effort that would be necessary to get an SS7 interconnect to BT (which BT could not legally refuse if you jumped through the right hoops). And more than one discussion with customers in the same sort of timeframe about SS7 firewalls. Not that I am aware of one ever being deployed! The telcos chose to ignore the problem.
Maybe the right business decision as it seems to have taken 20 years for the crims to catch up and actually exploit the weakness. To be honest I am very surprised it has taken so long: I had expected organised crime to create their own licensed telco in order to get this access by the year 2000. Just goes to show that we telecoms engineers are good guys at heart!
Biting the hand that feeds IT
