I never heard of SS7 and have actually no idea how the whole phone system communication works but that’s kinda scary…

SS7 and 1ESS are terribly insecure and were even before CALEA compliance was required. Folks compromising telephony routing systems was a thing back in the early 1990’s.

Story time. I worked as a telecom engineer for a while. One of ourasks was, whenever the telco would get a warrant a small team of us at the office were tasked with turning up the surveillance features of our infra (dupe all CDR logs off to another system for chain of custody, log all of the SIP traffic from the specified subscribers to a separate set of logs on the same box for the same reason, basically trap-and-trace and pen register functionality updated for the early 00’s (we had the capability of tapping and recording RTP traffic in realtime by abusing three way calling but were not asked to do it while I worked there)). About half the time we’d go into our back-end, and find taps already in place. A few times we took it to management, who kicked it up the food chain and were told flat out “Shut up, write up how you would have done it yourself, and just copy the data coming from what you found.” So, we did. Never did find out who did it and why.