Hackers have helped the FTC come up with a way to study ‘Rachel from cardholder services.’There is a wide swath of America beyond tired of hearing from “Rachel from Cardholder Services.” On the other hand, the Federal Trade Commission is happy to hear from Rachel time and time again.
Earlier this month, the FTC, along with the help of DEF CON attendees, created ways to attract and gather data on “Rachel” — a notorious automated telemarketing scheme known as a “robocall” — so law enforcement and researchers can figure out what makes robocalling still so prevalent despite the existence of a national “Do Not Call” list.
The FTC announced the winners of its “Zapping Rachel” challenge Thursday, which saw 13 different submissions spread out over three phases aimed at creating a next-generation “honeypot” that gathers data for law enforcement and researchers to analyze.
“Instead of trying to block the calls, we actually welcome them,” said Patricia Hsue, staff attorney for the FTC’s Bureau of Consumer Protection. “We want the calls to come in because we want more information about who is making these calls, how often they call, what numbers are they calling. The more we know about robocallers and how they operate and what tactics they use, the more we are going to be able to tailor our law enforcement and other policies to attack the problem.”
Phase 1 winner, Ape Security CEO Jon Olawski, was awarded a $3,133.70 prize for constructing the winning honeypot, using a combination of an audio captcha filter, call detail analysis, and recording and transcription analysis to determine incoming robocalls.
Phase 2 was geared more toward learning how robocallers avoid calling honeypots. The winning entry, created by Jan Voltzke, CEO of mobile security company Numbercop, created a four-step process that not only avoided calling a honeypot, but optimized the way to perpetuate robocalls on unsuspecting consumers. Voltzke also won $3,133.70.
The Phase 3 winner was a two-person team consisting of a data scientist from video game company Blizzard Entertainment, which built an algorithm that measured the number of robocalls made, whether the number called was toll-free and the time of the call, which helped identify likely robocalls. The FTC also declared two honorable mentions, which also worked in average length of call and whether the robocall was searching for toll-free numbers. The winning team split $3,133.70 while each honorable mention received $1,337.
Hsue said the FTC does not plan to use the winning solutions in its own practices but hopes they serve as a catalyst for products that can abusive and fraudulent behavior brought on by robocalls.
“Our hope is that people already working on the problem will take the ideas were generated from this contest and be able to implement it into their own design” Hsue said “If the winners want to go ahead and continue working on the problem, that would be fantastic. If other people that are already working on the problem could improve upon the products they already have or generate new products, that would be fantastic, too.”
The winning entries are all open source, with the FTC expected to post at least parts of the winning submissions in the future. However, Phase 3 looks to already be online via the winner’s GitHub page.
