Monday Mystery: Anthonette Cayedito

The 1986 disappearance of 9-year-old Anthonette Cayedito from her home in Gallup, New Mexico, is a sad and in many ways strange story. There is an excellent summary with links here on Reddit, but the gist is that Anthonette Cayedito answered the door to someone claiming to be a relative at 3 in the morning(!) and never came home again. There have been a couple of sightings, one of which was a waitress who claims to have had contact with her and found a secret note begging her to call police.

The other interesting point of contact was a phone call that the Gallup Police Department received from someone who claimed to be Anthonette in 1987. The police could not pinpoint where the call originated, because it was "too short to trace". One of the commenters, whom I am guessing is in their twenties at best, complains that this must be either lies or incompetence, because tracing phone calls takes no time at all -- once the call is completed, all the information is right there!

This is true today, especially on digital cell networks. Data on cell networks is routed just like data on the internet: the signal is split into packets, and each packet has a header on it that says "I came from X and I'm going to Y." The packet enters the network at node A, which looks at the header and calculates the shortest path between itself and Y. The first stop on that path is node B, so A throws the packet to B. Node B looks at the header, calculates the shortest path between itself and Y, sees that the next closest stop is node C, etc, etc, etc. Phone calls are instantly traceable now, because none of the intervening stops matter -- each chunk is labeled with its origin, which is the thing you're trying to find.

There are ways to lie to the routers about what X is, but their utility is limited. Even phones with illegally cloned SIMs don't lie about it. (Your billing is tied to a unique serial number on your SIM card. That's why when you upgrade your phone, you just move the SIM card over and the phone company magically knows the new phone belongs to you. Cloned SIMs are used to make calls that get billed to the unsuspecting owner of the original, legitimate SIM that has that serial number) The phone at Y reads and generally trusts the packet headers, and so will try to send all of its reply packets to X, where the header says you are, rather than to Z, where your phone actually is. You can broadcast but you can't receive, which means this is really only useful for people with espionage-grade paranoia, with specially modified equipment, who only need to call out. I don't even know that a commercial handset will complete a call if it can't handshake with the destination phone.

Phones did not work like this in 1987. The reason it took five minutes/ninety seconds/thirty seconds/whatever your dramatic cop show said to trace a call is that back then, the intervening hops did matter. Phone networks in the mid-late 1980s were analog in nature. Signals were routed in discrete hops, but they went from exchange to exchange via a path determined by a set lookup table. If a call came into the network at Podunk, IL, and said, "I'm headed for Boca Raton, FL," the lookup table in Podunk would say, "that's not in our area, try asking around at Chicago, they probably know how to get to Florida from there." So the signal would be routed to Chicago, where the lookup table would go, "Well, Florida is southeast of here, so try asking Lexington, KT maybe?" Lexington's lookup table would know that Miami was in Florida, so they'd throw the call to the main exchange in Miami. Miami would go, "Oh, yeah, I know where Boca Raton is, let me connect you to them." And eventually your call would slither its way through the network until it hit the exchange in Boca Raton, which would know all about the local Boca Raton number you were trying to get, and put you through to the customer in question.

This iterative method worked pretty well, and with some alternate routing written into the tables ("Lexington isn't answering? Check Nashville.") was actually pretty robust. The disadvantage for trackers was that no one exchange ever knew anything about your call except which exchange it had personally gotten the signal from, because that was all the information it needed to get your answer back to you. Boca Raton only knew you came from Miami; Miami only knew you came from Lexington; Lexington only knew you came from Chicago; and only Chicago knew your call was originally from Podunk.

By the 1980s most of the network had electronic controllers, so you could remotely query each switch to find out where it was getting the signal from, but you had to know which switches to ask: you literally had to go backwards, hop by hop, until you found the origin of the call. Amusingly, tracing phone calls got harder when computer-controlled switches were first introduced. A lot of hackers took advantage of the change by poking at the computers directly and forcing their call to be routed through a lot of unnecessary (and usually very distant) switches, which bought them extra time in which they could hang up before anyone figured out where they physically were. You actually couldn't spoof like that prior to the advent of computerized switching equipment that could itself be tinkered with remotely via the phone lines. Tracing a call in the days of fully-mechanical exchanges involved scrambling someone from the phone company to go down into the equipment room and physically look at the switches to tell you which bits were linked up where while the call was still connected. And prior to that, you traced phone calls by raising the operator lady on another line and getting her to tell you what her plugboard looked like.

Gallup. NM, seems to count as a city by New Mexico standards, but to anyone outside the desert, it frankly looks pretty rural. The regional phone company -- U S West at the time, née one of the many tentacles of AT&T -- would not have been in a terrible hurry to upgrade the switching equipment anywhere that wasn't Albuquerque (or Los Alamos Labs/White Sands Missile Range, because the branches of the government that like to kerplode things can get really pushy). They may have still been using electromechanical or straight mechanical switching equipment out there at the far end even as late as 1987. If any part of that trace involved getting an engineer to go personally eyeball a giant clanking rack of wires, then it would have taken at best several minutes, and that's if it went through at a time when there was someone already physically present in the office.

This is also an answer to the question of "if the call to Gallup police was Anthonette, why did she call the local police number rather than 911?" The 911 emergency number is a special directory service, and relies on the switching equipment recognizing '911' as a special sequence and automatically routing to the closest dispatch center. There are other special directory services (411, for instance, is Directory Assistance), but none of the other ones need to be routed with any geographic precision -- they can just get kicked to whatever exchange is considered the big hub for that customer's region, even if the offices housing another hub are physically closer. It was slow to roll out in rural areas, because it required a switch upgrade, and as mentioned above nobody was anxious to go replace equipment that served only a few thousand people and wasn't broken yet out in the middle of the goddamn desert.

Routing 911 calls is a much more complicated headache than you think, and in fact the service has been breaking down in recent years. Cell towers are basically radio towers, whose service area is affected not just by distance as the crow flies, but also by the height and elevation of the tower, the power rating, and what kind of intervening crap the signal might be bouncing off of. Your call doesn't necessarily connect to the nearest tower, but to the one that comes in the strongest, and that one doesn't even necessarily belong to your own cell provider -- most of them have some sort of reciprocal agreement with the other major companies. (There are also such things as signal boosters, which catch and amplify all cell signals to enable them to break out of an area where there would otherwise be terrible or no reception. The MBTA has them down in most of the subway tunnels now, so your calls and data won't drop out even when the train is underground. Those are indiscriminate; my AT&T Kindle and my T-Mobile phone both get 5/5 bars even when five stories below ground level at Porter. I don't know for certain, but I suspect if someone were to try to locate me while I was down there, the signal would physically track back to the location of the repeater, rather than the train I was on.) There is a way to triangulate the source of a cell signal the same as you can with any radio broadcast, but it relies on your phone pinging more than one tower, which often it doesn't. GPS depends on the phone having line of sight to one or more of the satellites, and even if you get close enough to a window to make it work, won't register what floor of a building you're in.

Comments

  1. An excellent writeup of telephony switching! Mind if I circulate this link a bit?

    ReplyDelete
    Replies

    1. Arabella FlynnJune 28, 2016 at 8:26 PM
      That's not an excellent writeup of telephony switching, that's a SHORT writeup of telephony switching. I know far too much about this for someone who's never actually bothered to do any phreaking. Feel free to circulate it as a primer, though. :) I figure anything I post is public and will end up in the strangest of places, given enough time.

      Delete

Post a Comment