Journey to the center of the PSTN: How I became a phone company, and why you should too.

Presented at DEF CON 33 (2025), Aug. 10, 2025, 11 a.m. (45 minutes).

Whether you access the phone network over your cell phone, an SIP trunk, or via an old-school POTS line, the PSTN is an essential part of your day-to-day life and is a longstanding interest of the hacker community. Despite this interest, the regulatory and technical structures underlying this network are poorly understood, deliberately opaque, and dominated by large corporations. This talk will demystify the network, starting with a brief overview of the history of the PSTN, followed by a deep dive into the inner functioning of the network. After this, the session will detail the regulatory structures that govern the network, and the technologies it employs. Next, the talk will continue with a practical guide detailing how anyone can form a full local exchange carrier to provide service to their community, covering the entire formation process through first-hand experience: regulatory approval, building interconnect with the PSTN, voice network design, and most importantly, user security and privacy. With this knowledge in hand, the talk will briefly cover a range of exploits in the network, detailing how STIR/SHAKEN can be trivially bypassed, numbers can be hijacked, and how telecom fraud is monetized. The talk will conclude with a discussion of the future of the PSTN, and potential future issues. References: - Alliance for Telecommunications Industry Solutions. (2022). Extending STIR/SHAKEN over TDM ATIS-1000095.v002. - Bluhm, P., & Lichtenberg, S. (2011). Fundamentals of Telecommunications Regulation: Markets, Jurisdiction, and Challenges. [link](https://pubs.naruc.org/pub/FA865BB5-EB2B-0226-8F9A-174F5AAA279A) - Coll, S. (2017). The deal of the century : the breakup of AT&T. Open Road Media. - Cruz, D. (2021). NPSTN Docs. Npstn.us. [link](https://web.archive.org/web/20220425145734/http://npstn.us/docs/) - Davis, V., Michael, E., & Clements. (1996). The National Regulatory Research Institute CONVERGENCE AND CONTROVERSY IN EARLY INTERCONNECTION AGREEMENTS. - Federal Communications Commission. (n.d.). Inter-Service Provider LNP Operations Flows -Narratives. Retrieved April 16, 2025, from [link](https://docs.fcc.gov/public/attachments/DOC-339536A1.pdf) - Federal Communications Commission. (2011, November 18). 2011 USF/ICC Transformation Order. [link](https://docs.fcc.gov/public/attachments/fcc-11-161a1.pdf) - Federal Communications Commission. (2023). Updating the Intercarrier Compensation Regime to Eliminate Access Arbitrage Second Report and Order. [link](https://docs.fcc.gov/public/attachments/FCC-23-31A1.pdf) - Frankel, D. (2021, April 22). Money: The Fuel Behind Illegal Robocalls - Legal Calls Only. Legal Calls Only. [link](https://rraptor.org/money-the-fuel-behind-illegal-robocalls/) - Lancaster, M. (2016). NARUC Nationwide Number Portability. - Maruzzelli, G. (2015). Load Balancing FreeSWITCHes. ClueCon. [link](https://www.voztovoice.org/sites/default/files/Load%20Balancing%20FreeSWITCHes.pdf) - Nick. (2024, March 11). SMS over Diameter for Roaming SMS. Nickvsnetworking.com. [link](https://nickvsnetworking.com/sms-over-diameter-for-roaming-sms/) - Telecommunications Act of 1996, (1996). [link](https://transition.fcc.gov/Reports/tcom1996.pdf) - PapaLegba2012. (2012). Afterburn: Results of Burning Man 2012 Test Network. Archive.org. [link](https://web.archive.org/web/20121006014836/http://papalegba2012.wikispaces.com/Results) - Saunders, M. (2022). SCAM ROBOCALLS: TELECOM PROVIDERS PROFIT (C. Frascella, Ed.). [link](https://www.nclc.org/wp-content/uploads/2023/02/Robocall-Rpt-23.pdf) - STI-GA. (2023). Secure Telephone Identity Governance Authority Policy Decision 002: Certificate Policy. - Stratton, N. (2000, October 4). How to become a CLEC. Robotics.net. [link](https://web.archive.org/web/20050512081550/http://www.robotics.net/papers/clechowto.html) - THE CAMPAIGN REGISTRY. (2025). THE CAMPAIGN REGISTRY CSP USER GUIDE. [link](https://www.campaignregistry.com/wp-content/uploads/CSP-User-Guide_April-2025-v3.pdf) - TransNexus. (2017). Introduction to telecom fraud. TransNexus. [link](https://transnexus.com/whitepapers/introduction-to-telecom-fraud/) - ZipDx. (2024, March 4). Robocall Radar - Legal Calls Only. Legal Calls Only. [link](https://rraptor.org/home/robocall-radar/)

Presenters:

• Enzo Damato - Founder at Rice Telecom Corporation
  Enzo Damato is a Rice University researcher and lifelong hacker with over 7 years of experience with telecommunications, network administration, and security. He founded Rice Telecom Corporation, a facilities-based CLEC, to further research telecommunications security and robocall mitigation. Enzo has also worked extensively with mainframe systems, winning a best session award at the SHARE conference for his presentation on DIY mainframe acquisition, installation, and configuration. Following this, he has developed and is currently teaching Rice University's first course on mainframe computing. In addition, Enzo manages AS25944, an IX-peered ASN providing connectivity for his extensive personal lab.

Similar Presentations:

• DEF CON 32 (2024) / Watchers being watched: Exploiting the Surveillance System and its supply chain
• DEF CON 32 (2024) / Laundering Money
• DEF CON 33 (2025) / Edge of Tomorrow: Foiling Large Supply Chain Attacks By Taking 5k Abandoned S3 Buckets from Malware and Benign Software