20.5k unique visitors in the last 3 days

Regulator’s Research Shows Telcos Are Hiding the Truth about Global Title Leasing

Zero telcos have volunteered to comply with the GSMA's code of conduct for GT leasing.

The UK’s comms regulator, Ofcom, has proposed new rules to tackle the abuse of Global Titles (GTs). They are needed. GTs allow bad actors to unlock SS7 signaling and then do some very bad things, as Ofcom explains:

  • spy on individuals;
  • access personal communications; and
  • compromise security measures (such as SMS security codes) to gain access to other services such as social media accounts and bank accounts.

The US Federal Communications Commission (FCC) has also talked about stiffening the rules surrounding Global Title but Ofcom is proposing to go further and faster than any national regulator before. This will upset some people. I have often used Commsrisk to criticize heavy-handed regulation, but not this time. The abuse of GT is a danger to everyone. You, your spouse or your child could be hurt by somebody on the far side of the planet, and you would never know they did it by exploiting GT. Risk managers weigh both probability and severity when determining the need for mitigation. The severity of these risks, with at least one known murder tied to the tracking of the victim’s location through the abuse of GT, justifies a more urgent tightening of the loopholes surrounding GT than we have seen so far.

My conviction was strengthened by research conducted on Ofcom’s behalf. Put simply, they showed that the information supplied to them by UK businesses does not cover all of the use being made of UK GTs in practice. So there are people who are choosing to be secretive about GTs despite being legally obliged to share information that was requested by Ofcom. Much can be gained through industry self-regulation, but not when there are some businesses that consciously choose to hide what they are doing.

The cost of abiding by Ofcom’s new rules, including prohibitions on leasing GT, may negatively impact the profits of some businesses that hold UK number ranges. A sensitive person may warn that increasing the costs to these businesses will not solve the problem of GTs relating to other number ranges being abused. Perhaps that explains why the GSMA’s Code of Conduct on GT Leasing has literally no signatories at the time of writing. It is a possible explanation, but not a justification. I feel shame at the communications industry’s lackluster response to the GSMA’s voluntary code. If businesses do not choose to act in the public’s interest then it is right for regulators to intervene.

The GSMA has never done me a favor, although they did screw me once. That makes me typically loathe to help them. However, the GSMA’s Code of Conduct on GT Leasing has been written by people who understand the topic and who are sincere in seeking needed change. Petty rivalries need to be set aside in such circumstances. Protecting the public from harm is more important than petty oneupmanship in business.

My relationship with Stephen Ornadel, editor of the code, has sometimes been fractious, stemming from the time we worked together at T‑Mobile UK. Back then, I once described Ornadel as a ‘monster’, whilst simultaneously arguing for him to receive a bonus in recognition of how much he contributed to the team. People should not always need to like each other in order to get things done. Only a monster possessing the size and determination of Ornadel could have convinced the GSMA to adopt this Code of Conduct. Ornadel was joined on stage by Deutsche Telekom at this year’s Mobile World Congress as he made the case for worldwide endorsement of the code. But not even Ornadel’s monstrous proportions and dogged advocacy has been enough. Deutsche Telekom is still not yet a signatory, and there are only two nominal ‘supporters’ of the code: Omantel and Sky UK. The latter is now home to another monster of this industry that I have occasionally fought with: Andy Mayo, former Deputy Chair of the GSMA’s Fraud and Security Group. It does not surprise me that change may be led by individuals with the biggest personalities, who are least afraid of stepping ahead of the majority. What disappoints in this instance is that so few have followed.

Recently I stated I would stop publishing Commsrisk because it was not accomplishing its goals.

This enterprise began with specific goals, and I must reluctantly conclude they will never be realized through this medium. The evidence has been piling up more rapidly in recent years, in parallel with the accelerating growth of this website’s readership. That is why I am sure that accumulating an even larger audience will still not influence the changes that are sorely and urgently needed to protect the public from harm, that are needed to drive increased investment in securing the integrity of comms services, and that are needed to defend the jobs of experienced risk professionals who have been made redundant in larger numbers each year.

The heartfelt response of many readers, coupled with the reaction of the Mobile Ecosystem Forum, persuaded me that I was wrong. Please do not make a fool of me. If readers of this website believe we are doing anything of value, we must seek to stop the abuse of Global Titles. Two of the biggest monsters of fraud prevention are in agreement; let us not be afraid to back their frontal assault on crime. You can become a signatory or supporter of the GSMA GT Leasing Code of Conduct by clicking here.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email