I made 50k calls to explore the telephone network

> I was very surprised to hear this bizarre message about the end of the world and a zombie apocalypse when listening to the recordings.

So that's the reason someone called, we thought zombie apocalypse had already started...is what I would like to say, but reality is a bit more boring. It's one of our test numbers that we used for integration testing one of our call center integrations for our WebRTC monitoring platform (https://www.callstats.io) and someone decided to have a bit of fun with call flow :)

If you had pressed 1, you would have got a message about choosing to be rescued and that the agents take long tea breaks.

(disclaimer: I work at 8x8 on the callstats product)

I am the author of WarVOX (a mostly dead project these days). Some useful links:

- WarVOX 2.0 Presentation: https://speakerdeck.com/hdm/derbycon-2011-acoustic-intrusion... - WarVOX Source: https://github.com/rapid7/warvox

The US legal restrictions on wardialing are complicated and changes to the law made it difficult to continue the project.

For fans of ToneLoc, I implemented the data format and visualization with my latest project (Rumble Network Discovery): - https://www.rumble.run/blog/subnet-grid-report/

The author says that lots of measures were taken not to wake people up in the middle of the night, but that despite those efforts 3 people were. Wouldn't the most obvious method have been not to dial numbers at night local time?

>There was a single response that was present in 1074 answered calls (91% of all interesting answers) and that waits for the caller to interact with itself. It says “Tervetuloa palveluun” (Welcome to the service) followed by repeating “Anna tunnusluku” (Please give access code). The machine does not give any hint of what kind of service it is.

I wonder whats that about.

  Call the number __________________________
   You will hear the bulletin “Welcome to the service”
   You will hear the message “Enter the passcode”

>As there are no Shodan-like search engines for the telephone network, I needed to do the exploration myself.

in the 2000's there was a massive telephone search engine hosted at bellsmind.net. You could find brief descriptions of hundreds of thousands of phone numbers. You could just run down a list of 800 numbers and call the ones that looked interesting. Some presented you with a new dialtone. Some played weird little jingles. Some lead you to a real person. A few were set up by phone hobbyists and let you play games.

At some point the law caught up with BellsMind and the database was taken down. The whole site is gone now - even the blog.

You can see remnants of that database here (just skip through time to see new stuff - the rest is mostly broken): https://web.archive.org/web/20041015131435/http://bellsmind....

EDIT: This is the page for "The 944 Project", which was a crawl of the entire 800-944-XXXX space. Easily the best list at the time. Some stuff might still be there. https://web.archive.org/web/20050125030027/http://bellsmind....

Dunno what I said the last time a call violated the do-not-call list and woke me. They actually called back later to tell me how shook up they were, and that they'd been discussing my response with their lawyers.

I don't see a difference between kidnapping one person for a week, and taking ten seconds away from 56,874 people. I'd support similar penalties.

I decided to fix this problem.

Phone.com is aimed at small businesses; if you have three extensions in your house they default to ringing separately like cubicles. However, any HN reader will have no trouble customizing their service.

I have one service spanning homes on both coasts. The phone number I give out has a white list, or answers with a recorded message to press 7. Apparently this is enough to evade all robocalls. Successful callers ring the extensions where I'm scheduled to be, and the Phone.com app on my cell phone.

My cell phone is otherwise set to "Do Not Disturb" so it only rings if you're in that address book. The Phone.com app is a bit clumsy (it doesn't track switching to AirPods once the call starts, for example) but for answering calls it works.

Some legitimate businesses robodial numbers before putting on a human. They don't get through. Life goes on. They should know better than to appear to be a robocall.

The "unknown machine" sounds like dtmf tones + pulse tones. It's anyone's guess what the actual meaning of the numbers are, but the tone+pulse encoding suggests a super legacy, perhaps proprietary automated system that you'd call up to get the status of something - maybe factory machinery or a power plant, but really it's anyone's guess. Pulse dialing was still somewhat common until the mid 80s so this system is potentially upwards of 40 years old.

That reminds me of this talk I heard a while back (I think this is it: https://youtu.be/Hk-21p2m8YY)

The guys working on nmap scanned the entire Internet. That set off some serious alarms because on the target side, it looked like they were aware of the existence of the relationship between IPs/assets that were classified. If memory serves some dudes in black suits showed up at their door lol

> To avoid listening to all recordings myself, used Google Cloud Speech-to-Text to transcribe the recordings, and then used the transcriptions

... That's a lot of trust to place in google. Do all this work to gather data, then throw it away and analyze what google did to the data instead.

Traditional wardialing was almost always looking for modems, but it sounds like the particular number ranges that this researcher selected didn't contain any modems at all?

I'm sure there are still plenty of modems connected to landlines, not just for ISPs still offering dialup service, but also for SCADA systems and stuff.

As a pre-teen in the early 90s, I spent hundreds of hours wardialing most of the free-to-dial exchanges. I was lucky enough to have a US Robotics modem that reported the extended result status codes to detect voice, continuous tone, and fax lines.

The results were typically for every exchange that 1% of the numbers were modems, 1% were fax machines, 70% were non-intercept recordings or humans, 0.3% were continuous tones and test numbers, and the rest were primarily unallocated or just did not complete.

The "exception" music example isn't really an exception. It's Passages by Kenny G which is about as hold music as it gets, it's just heavily modulated.

Maple confirmation message for Clevercrossing sounds a lot like "Mobile confirmation message for global crossing..."

> Ensured that any recording of private individuals did not end up outside the EU, being saved by third parties, or used to train machine learning models

is incompatible with

> To avoid listening to all recordings myself, used Google Cloud Speech-to-Text to transcribe the recordings

Regarding: "Maple confirmation message for Clevercrossing."

It sounds like they are saying "Global Crossing" which was a telecom company

https://en.wikipedia.org/wiki/Global_Crossing

I am pretty sure I recognize the hold music. I believe it is from uberconference.com. You likely found one of their teleconference lines. Each paid UC user gets their own local number. When a conference is active, dialing it will connect you immediately to the conference. (Of course, the host can chose to require a PIN, but I never had any unknown drop ins.) It is SO much better than Zoom’s system.

That’s a huge amount of people who didn’t answer. Phones are basically worthless to get ahold of people — I called about 40 students last spring for interviews and got only one answer, myself.

I would like to know more about the zombie apocalypse number

See also, /r/weirdnumbers and, if you're into that sort of thing (that is, exploring the phone network), /r/phreaking

Old-skool phreaking[0] (eg, using blue boxes and red boxes) is mostly dead (at least in the US and most "first world" countries. Maybe there is some vestige of in-band signaling left somewhere else) but there is still some fun to be had exploring phones and phone networks.

Modern day phreaking is more about GSM sniffing[1], messing with the SS7 network[2][3][4], using SCTP[5]/SIGTRAN stuff[6], etc. etc. But, at least for the land-line / PSTN network, even some of the old "colored boxes"[7] still do useful things. You can always beige-box a landline phone, violet-boxes should still work, I think a gold-box would still work, etc.

If you want to dig deeper into how the PSTN works, a good, fun book is Understanding Telephone Electronics[8] by Carr, Winder, and Bigelow. Another interesting one is Digital Telephony[9] by Bellamy. Another "oldie but goodie" is Voice and Data Communications Handbook[10] by Bates and Gregory.

Also, don't ask me how or why I know any of this stuff... :-)

[0]: https://en.wikipedia.org/wiki/Phreaking

[1]: https://www.youtube.com/watch?v=wzyuioto4y8

[2]: https://www.youtube.com/watch?v=0JCusqL-Gdk

[3]: https://www.youtube.com/watch?v=-wu_pO5Z7Pk

[4]: https://en.wikipedia.org/wiki/Signalling_System_No._7

[5]: https://en.wikipedia.org/wiki/Stream_Control_Transmission_Pr...

[6]: https://en.wikipedia.org/wiki/SIGTRAN

[7]: https://en.wikipedia.org/wiki/Phreaking_box

[8]: https://www.amazon.com/Understanding-Telephone-Electronics-J...

[9]: https://www.amazon.com/Digital-Telephony-Telecommunications-...

[10]: https://www.amazon.com/Voice-Communications-Handbook-McGraw-...

  > don't ask me how or why I know any of this stuff...

I'm surprised they found no modems. I don't see any listed. I'm sure there are still modems on the telco system for things like maintenance lines. I've seen them before in data centers to get into the networking hardware if everything else is down, for SCADA systems, to support really old credit card terminals, etc.