Dumping an open source Honeypot on Rachel: FTC reloads on liquidating robocallers

The Federal Trade Commission today announced the rules for its second robocall exterminating challenge, known this time as Zapping Rachel Robocall Contest. "Rachel From Cardholder Services," was a large robocall scam the agency took out in 2012.

The Zapping Rachel contest will take place at DEF CON 22 in Las Vegas Aug. 7-10, and offers partakers $17,000 in cash prizes for developing open-source packages that could be used to build an advance robocall honeypot, circumvent or trick a honeypot, or analyze data from an existing honeypot, the FTC said.

+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2014 (so far!)+

The FTC said a robocall honeypot is an information system designed to attract robocalls and gather information about them, which can help researchers and investigators combat these illegal, prerecorded messages.

According to the FTC Zapping Rachel will consist of three stand-alone phases:

1. A "Creator" phase where contestants will build honeypots that can recognize inaccurate information in the calls they receive, such as spoofed caller IDs, and identify calls that are likely robocalls. In designing the honeypot, competitors may not include any feature that requires ongoing manual processing.

2. The "Attacker" phase will get contestants to think like robocallers and attempt to circumvent or trick a honeypot created for the contest. Each contestant will receive a list of 25 phone numbers that belong to a robocall honeypot set up on the Twilio platform. Contestants will also have free access to a Twilio account with $15 of credit, which could equate to 200 calls to any of the 25 numbers. The credit may also be applied toward other Twilio features. Contestants will attempt to circumvent the robocall honeypot. Merely spoofing the caller ID information (i.e., providing inaccurate or missing Caller ID data) will not be counted as circumvention of the robocall honeypot.

3. The third "Detective" phase asks contestants to analyze data and develop an algorithm to predict which calls from an existing honeypot are likely robocalls. Judges will score submissions based on functionality and accuracy, as well as innovation and creativity. Each phase 3 contender will receive two sets of call data from an existing robocall honeypot. The Sponsor will provide this data at the FTC's "Zapping Rachel" booth at DEF CON 22, beginning at 9:00 am (PDT) on August 7, 2014

The first data set will identify calls that, based on real-world information, are likely to have been a robocall (a call delivering a prerecorded message). Based on information provided in the first data set, Contestants will develop an algorithm and will predict which of the calls in the second data set are likely to be robocalls. In addition to submitting these predictions, each Contestant will submit all source code and a written description of the algorithm consisting of fewer than 250 words.

In order to participate, contestants must be present at DEF CON, register in person and meet the eligibility criteria. Contestants can register as an individual or a team, and can compete in one, two, or all three phases of the contest, the FTC stated.

The judges for Zapping Rachel will be Dr. Mustaque Ahamad, Dr. Matthew Blaze, and Jonathan Curtis. Ahamad is a professor of computer science at the Georgia Institute of Technology, and a global professor of engineering at New York University Abu Dhabi. Blaze is a professor of computer science at the University of Pennsylvania School of Engineering and Applied Science. Curtis is the director of Solutions and Intelligence within the Compliance and Enforcement Sector at the Canadian Radio-television and Telecommunications Commission, according to the FTC.

Check out these other hot stories:

Cisco counterfeiter gets 37 months in prison, forfeits $700,000

DARPA initiates reusable, aircraft-like spaceship development

Delaware whacks $1B data center/power supply project

On Twitter, FaceBook and Lady Gaga DARPA social media research stirs a murky pot

Scammers want to wreck your business, vacation travel

Could a quadcopter land rovers on Mars?

DARPA demos lightweight, 94GHz silicon system on a chip

FBI warns businesses "Man-in-the-E-Mail" scam escalating

Carnegie Mellon system lets you get to the good parts of video, fast

100Mb/sec Ethernet coming to a car near you?

Join the CSO newsletter!

Error: Please check your email address.

Tags robocallsFederal Trade CommissionRobocall Chsecurityftc

More about BlazeCiscoCreatorFBIFederal Trade CommissionFTCGeorgia Institute of TechnologyMellonTechnologyYork University

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Cooney

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts