Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC Announces $50k In Prizes For Robocaller Trap Software

Posted by timothy on from the looking-at-your-karen-from-the-service-department dept.

crazyhorse44 that the Federal Trade Commission announced this week that it is launching two new robocall contests challenging the public to develop a crowd-source honeypot and better analyze data from an existing honeypot. A honeypot is an information system that may be used by government, private and academic partners to lure and analyze robocalls. The challenges are part of the FTC's long-term multi-pronged effort to combat illegal robocallers and contestants of one of the challenges will compete for $25,000 in a top prize. As part of Robocalls: Humanity Strikes Back, the FTC is asking contestants to create a technical solution for consumers that will identify unwanted robocalls received on landlines or mobile phones, and block and forward those calls to a honeypot. A qualifying phase [launched Wednesday] and runs through June 15, 2015 at 10:00 p.m. ET; and a second and final phase concludes at DEF CON 23 on Aug. 9, 2015.

50 of 79 comments (clear)

  1. Dial *666 by Macdude · · Score: 4, Interesting

    Have the phone companies implement a *666 system. After receiving a robocall the recipient hangs, then picks up and dials *666. The phone company keeps a count and reports numbers with some large number of *666 reports to drone death-squads.

    That last bit might be a tad extreme...

    --
    "Grab them by the pussy" -- President of the United States of America
    1. Re:Dial *666 by germansausage · · Score: 4, Funny

      "That last bit might be a tad extreme..."- Saturation kinetic bombardment from orbit, followed by mop-up squads with flamethrowers and nerve gas. It might cost a little more, but it sends a message.

    2. Re:Dial *666 by wiredlogic · · Score: 4, Insightful

      It would also help to have mandatory, accurate caller ID that can't be spoofed or monkeyed with.

      --
      I am becoming gerund, destroyer of verbs.
    3. Re:Dial *666 by Aighearach · · Score: 1

      The phone company already knows who is doing what and is complicit in the problem. That is why the effort is to build a honeypot. If you reply on the phone company, the software will "accidentally" have a lot of "bugs" and won't change anything.

      I'm not against the death squads necessarily, but in your scenario the phone company would probably fake the data to get their own enemies killed.

    4. Re:Dial *666 by penguinoid · · Score: 1

      Even then, it would be possible to anonymize calls by routing them through a third party. Of course, then if caller ID can't be spoofed from there, at least the wrath of the people can be aimed at one of the responsible parties (or such third parties could be blocked).

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    5. Re: Dial *666 by Anonymous Coward · · Score: 1

      Nuke from orbit. Only way to be sure.

    6. Re:Dial *666 by rhizome · · Score: 3, Insightful

      End-user billing information should be accessible to the called party. If someone wants to front for someone else, they can assume the liability too.

      --
      When I was a kid, we only had one Darth.
    7. Re: Dial *666 by eric_harris_76 · · Score: 1

      Even if they don't want it, that seems to be the bureaucratic mindset.

      Not only is is true that "If your only tool is a hammer, everything looks like a nail" but "employees of the Ministry of Hammers will always choose a hammer over any other tool".

      --
      There's no time like the present. Well, the past used to be.
  2. simple solutions are always the least popular. by nimbius · · Score: 5, Insightful

    The FTC's best solution is to investigate these robocalls with their own system of honeypots. order a product from the caller, set up a sting, and sentence a CEO and a few managers to some hard time in prison. but thats punishing success and in americas land of the fee and home of the paid, we're all about the invisible hand of the market.

    --
    Good people go to bed earlier.
    1. Re:simple solutions are always the least popular. by Anonymous Coward · · Score: 1

      Yeah, well, the prison thing is bullshit.

      Ahh, yes, another know-it-all on Slashdot who actually doesn't know shit.

      Obviously you've never been to prison.

      I have been to prison.

      And I can assure you that I now live in a manner which is calculated to
      make sure I never go to prison again.

      Long enough prison terms for those responsible for robocalls will get the
      message across to most people who would consider involvement in such
      schemes.

  3. my solution by slashmydots · · Score: 4, Funny

    Way ahead of you there. My spam call trap is called me. When I answer, suddenly I go from Wisconsin suburban turbo-white computer repair to solomente hablamos en espanol. Then when they apologize and transfer me to their spanish department, suddenly, I only speak english.

    1. Re:my solution by tresho · · Score: 1

      "my spam trap is called me" Every moment I spend handling junk calls is a complete waste of my time.

    2. Re:my solution by slashmydots · · Score: 1

      I do typically have better things to do but I am submitting myself for the prize, lol. By the way, the new thing is to call from wherever and then use a VOIP relay from the state you're calling so it looks like a local area code. They should go after these relay companies and shut them down or pressure them to cut off customers that make millions of calls constantly on that one relay. That or at least look into what the business does before selling services to them.

    3. Re:my solution by Checkered+Daemon · · Score: 5, Interesting

      My solution is also me. I answer all robocalls (even the pre-recorded ones) with "Hello. This call is being recorded". I've quickly gone from around 3 or 4 a day to almost zero. Guess they're scared of the fines, and it looks like they share information on who's after them.

    4. Re:my solution by tresho · · Score: 1

      My solution is also me. I answer all robocalls (even the pre-recorded ones) with "Hello. This call is being recorded". I've quickly gone from around 3 or 4 a day to almost zero. Guess they're scared of the fines, and it looks like they share information on who's after them.

      I wonder how this works when robo fax calls ring you up.

    5. Re:my solution by houghi · · Score: 3, Informative

      The anti-call script script

      --
      Don't fight for your country, if your country does not fight for you.
    6. Re:my solution by Applehu+Akbar · · Score: 1

      I've learned to whistle the exact frequency that will fax them 100 pages of solid black paper.

  4. Private Caller is the biggest issue by Anonymous Coward · · Score: 1

    The private caller feature is the biggest issue. Get rid of that and you can filter out spammer in a similar way Google filters spam. Once a number is detected, it goes on a global block list shared by all phones, similar to SpamHaus or something like that.

    The problem with this is it can be easily abused. There needs to be a way to get off the list if incorrectly added.

    I guess the do-not-call registry failed? I would guess because lack of enforcement.

    1. Re:Private Caller is the biggest issue by anegg · · Score: 1

      The US federal "do not call" list was wildly successful - for telemarketers who wanted a list of guaranteed good phone numbers to call. I'm sure the decent ones use the list the way it was intended. The others use it as their calling rolodex.

      I was stupid enough to list my home phone number on the "do not call" list. Before I did so, I almost never received unsolicited marketing calls. I put my number on the list "just to be sure" I never would. However, once I did so, the calls never stopped. All have spoofed caller ID, so reporting the call to the feds doesn't do too much good.

      Its not that the feds don't want to enforce it. It's that they can't... I can file a complaint, but the only number I can provide is the spoofed one from caller ID. The telemarketers are too clever to provide anything like a company name or contact information unless you actually give them a credit card number to purchase whatever scam they are slinging, and even then I bet it's a throw-away corporate identity that won't get traced back to anyone that can be fined.

    2. Re:Private Caller is the biggest issue by Jack+Griffin · · Score: 2

      Why do you even answer your phone? It beats me why people feel the compelling need to answer a ringing phone. I'll be in the middle of a conversation and the phone rings and I ignore it (mute it). The other person says "aren't you going to answer that"? Why? What culture have we been brought up when it seems impolite to not answer a ringing phone?
      I only ever answer if it's a known number, and only if I feel like talking. The phone has no power over you, take back control of that relationship.

    3. Re:Private Caller is the biggest issue by anegg · · Score: 1

      I do not feel compelled to answer a ringing phone, and often ignore it. If a strange number comes up on my Caller ID, I often let it go to voicemail. My voicemail messages tells people that are a) asking for money, b) claiming that my computer is signaling them, or c) saying they are from a government agency to bugger off. If the caller doesn't leave a message, then I know they didn't really want to get in touch with me.

      There are still several reasons why I would rather fix the problem than ignore it.

      1. I don't want the interruption of a phone ringing, as minute and inconsequential as that interruption might be. I can tell people who ring my doorbell to go away, or just not answer the door, too; but I would rather they not signal me in that fashion unless they have cause. Since these interruptions are coming from people who are already committing fraud (hiding their true identity, using Robocalls that are already illegal), I don't want them to be able to waste my time even in such a tiny fashion.

      2. Older people, such as my mother, are more likely to answer the phone, and are more likely to fall for the scams of the people who are already trying to mask themselves. I want our society to have as few opportunities for people to be scammed as possible, especially since people's vulnerability to such scams varies. Fraudulent telemarketers need to be terminated.

      3. The calls that I receive have CallerID information from all over the US. Occasionally the source is from an area in which I have someone with whom I want to keep in touch, from whom I may not have heard in a while. Since I avoid providing personal information in the outgoing message of my voicemail, someone I haven't heard from in a while may try to get in touch with me, but feel not inclined to leave their personal information in what may be a stranger's voicemail box. I would like to be able to answer these calls without having to deal with a telemarketer, especially since answering one telemarketer by human voice instead of voicemail seems to be a good way to get more telemarketing calls. My telephone is supposed to be there to benefit me and serve my needs, not those of fraudulent telemarketers.

      4. I have a non-local aging parent who has recently been in very poor health. I have communications coming in from multiple sources (hospitals, insurance, care providers) that I do not want to have to go through a cycle of call/voicemail/listen to voicemail/call back because it makes an already frustrating situation that much more frustrating both for me and for the people who are trying to get in touch with me. Again, I want the phone service that I pay for to serve my needs, not those of fraudulent telemarketers/scammers.

  5. Been there, done that by Curmudgeon420 · · Score: 1

    My iPhone has been a honeypot for years.

  6. Fix Caller ID and monitor exchanges by buckfeta2014 · · Score: 5, Insightful

    First off, fix Caller ID so people can't spoof their phone numbers. Even if people use the private number feature, the phone company knows who made the call. Secondly, monitor exchanges for both high outgoing volume and high incoming volume (and especially sequential dialing) to find potential robocallers and telemarketers. Problem solved.

    --
    Buck Feta. You know what to do.
    1. Re:Fix Caller ID and monitor exchanges by zippthorne · · Score: 3, Informative

      There already is a feature for that, ANI, where the information is sent by the phone company rather than by the caller themselves over the "voice" portion of the call. It costs more than caller ID, and I'm not sure you can even get the phone company to offer it to you as an individual, but many business use this feature. Probably the spam callers themselves are using it to avoid receiving unwanted calls...

      --
      Can you be Even More Awesome?!
    2. Re:Fix Caller ID and monitor exchanges by Ol+Olsoc · · Score: 1

      First off, fix Caller ID so people can't spoof their phone numbers. Even if people use the private number feature, the phone company knows who made the call.

      You figure that someone in Pakistan or some other country will give a damn?

      Secondly, monitor exchanges for both high outgoing volume and high incoming volume (and especially sequential dialing) to find potential robocallers and telemarketers.

      Once again, th eportability of numbers and the non-US locations might mean they can be monitored, but what are we going to do - declare war on them?

      Problem solved.

      aaaaanndd no. I like iPhone's method. I only allow calls from my contact list, unless aomeone calles a couple times within 3 minutes. Now that solves the problem.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    3. Re:Fix Caller ID and monitor exchanges by anegg · · Score: 1

      Yes! Fix the caller ID information that is received on normal residential phone lines so that it shows the actual subscriber origin of the call, whether within the US or outside of the US. The phone companies in the US should no longer be allowed to let a company provide their own caller ID information just because they have a digital switch; some kind of certification regarding the business and its trustworthiness might be in order. As soon as the cloak of anonymity is removed, the existing penalties for robocalls and calling people on the "do not call" list will become meaningful and should work to substantially reduce such abuse. For those calls that originate from outside of the United States, they can just be ignored by most people when the Caller ID clearly shows the foreign origin of the call.

      Substantial inroads against this problem can be made by placing the proper controls in the system.

    4. Re:Fix Caller ID and monitor exchanges by rhizome · · Score: 1

      They do it with the SWIFT system for banks, surely phones are simpler.

      --
      When I was a kid, we only had one Darth.
    5. Re:Fix Caller ID and monitor exchanges by cant_get_a_good_nick · · Score: 1

      How would this work with VoIP? SIP? What if the phone number is pure virtual? By definition it's "spoofed".

  7. And in the small print... by Anonymous Coward · · Score: 1

    As you might guess:

    By entering a Submission to this Contest, Contestant grants to the Sponsor, and any third parties acting on behalf of the Sponsor, a non-exclusive, irrevocable, royalty-free and worldwide license to use the Submission...

    I hope your time and effort are worth the $25k first prize because that's about all you will *ever* get for it.

    1. Re:And in the small print... by Aighearach · · Score: 1

      As you might guess:

      By entering a Submission to this Contest, Contestant grants to the Sponsor, and any third parties acting on behalf of the Sponsor, a non-exclusive, irrevocable, royalty-free and worldwide license to use the Submission...

      I hope your time and effort are worth the $25k first prize because that's about all you will *ever* get for it.

      Uhm, yeah, if you have no use for it yourself, you'd only get the 25k from this one buyer, and you'd need to move on to another product. Nothing lasts forever. The only reason you need to keep making money off of it is if you're still trying to put it to some other commercial use. The part where it says, "non-exclusive," that means you can also sell it elsewhere.

      You're obviously not a software developer, so it is entirely academic to you anyways.

  8. What spam calls? by bdcrazy · · Score: 1

    If your number is not in my contacts list, I don't even hear it. If it is not important enough to leave a voicemail of who you are and what number to call you back at, it is not important enough for me to care.

    --
    Tonights forecast: Dark. Continued dark throughout most of the evening, with some widely-scattered light towards morning
  9. Not a good idea. by Frosty+Piss · · Score: 2

    Robo-calls come from ever-changing numbers that eventually make it back into the pool. The result of a system like this will be that, like SPAM IP addresses, large swaths of numbers will forever be blacklisted even long after the robo-caller has moved on, forever useless to any other user.

    Blacklisting in this way has been shown not to have any effect at all on SPAM / robo-callers, and only inconveniences everyone else.

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Not a good idea. by Ol+Olsoc · · Score: 1

      Blacklisting in this way has been shown not to have any effect at all on SPAM / robo-callers, and only inconveniences everyone else.

      Blacklisting is indeed worthless. Whitelisting, where only numbers you allow get through, all others go to message.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    2. Re:Not a good idea. by houghi · · Score: 2

      At one point these numbers are owned by some company. That company is owned by somebody. It has assets that can be taken away.
      So unless they hack peoples phonelines (like they do with IP adresses) there is somebody to go after.

      Now if you are completely unable to go after the people, hold the phone companies responsible and ask them (ok, force them) to pay the fine. I assure you that within a week they suddenly will be able to identify these robotcallers and it will stop.

      Obviously this wil only work as long as they use US numbers. The moment they start using VoIP, they could just block the VoIP company alltogether. Those will then see that things will stop.

      Now if there is no reason for the phone company to change anything, why should they?

      --
      Don't fight for your country, if your country does not fight for you.
    3. Re:Not a good idea. by Frosty+Piss · · Score: 1, Interesting

      At one point these numbers are owned by some company.

      Phone numbers are passed around like pocket change. Who has control today is not who has control tommorow.

      But beyond that, if I buy a MagickJack today and send out 1,000,000 spams and 100,000 robo dials tomorow, how can the "owner" of that number be held responsible? Of course common sense says they cam't.

      Unless, of course, you are willing to accept an invasive personal background check whenever you want to get a phone or chnge your phone number.

      Is that what you want? Background checks to get phone numbers?

      --
      If you want news from today, you have to come back tomorrow.
    4. Re:Not a good idea. by Applehu+Akbar · · Score: 3, Funny

      The policy on Belize was modeled on Nigerian law, which requires membership in a royal family to get email addresses.

    5. Re:Not a good idea. by tlhIngan · · Score: 3, Insightful

      Phone numbers are passed around like pocket change. Who has control today is not who has control tommorow.

      But beyond that, if I buy a MagickJack today and send out 1,000,000 spams and 100,000 robo dials tomorow, how can the "owner" of that number be held responsible? Of course common sense says they cam't.

      Phone numbers move far less than you think - when you port your phone number, it takes several hours for the change to happen. In the meantime, a call can ring one phone, the other phone, both, or none as the switching tables are updated. But in the meantime, the phone number is still owned by someone at that time. All you need to do is log when and who.

      As for your magicjack? Well, at some point they have to interconnect to the phone system. If you can't trace beyond the phone system, then the interconnection is liable, to whom they'd probably be more than happy to send the bill to MagicJack to pay.

      Basically, to make a phone call, you have the originating number. The thing is, your phone company providing you service actually knows the originating phone number that's not spoofed or anything - the originating phone number is sent as data to the called party's phone company. And logged. So your phone company knows who made the call and who's responsible.

      If it goes through a third party call forwarding service, well, guess who holds liability now?

      POTS is not like the Internet. POTS actually has verifiable sources - you cannot spoof the call as everyone exchanges connection information. Sure VoIP may make the real caller hard to find, but at some point the call had to enter the POTS network, and the gateway provider can be held responsible. And I'm sure for billing purposes they know who used that outgoing line - maybe not the subscriber, but the company that they contract POTS interconnection for.

      Perhaps an auto-attendant might be an interesting way to solve the problem using grey listing - the autoattendant looks for familiar numbers, and if it's on the list, passes it through. If not, it answers the phone and walks through a script, asking the caller for their name, company and other details. It then asks the caller to hold, and rings the inside line, who passes the information onwards and you can decide if you want to take the call, black l ist, tar pit, or reject. Rejected calls get a simple "the party does not wish to speak with you, do you want to l eave a message?" while tarpitted calls get the "please wait" response every 30 seconds.

    6. Re:Not a good idea. by jafiwam · · Score: 2

      If a large number of robocall reports were being made in real time, wouldn't that help identify the physical source?

      First, phone numbers can and are often "spoffed".

      Second, just like with Intertube Spam, I can bust out 100,000's of robo-calls in one day from a disposable phone number (MagicJack and the like), and than move on untraced.

      The phone companies know where the call is coming from. They just don't know it's a "bad call" when it is actually happening. You are very very confused if you think what the phone companies and guys running the switches can see is the caller ID number that shows up on the phone. (Caller ID can be spoofed.)

      On the other hand, a system of rapid reporting can make those numbers useless after an hour of robo calling, rather than a day.

      Who the hell picks up the phone now days anyway? I just let it ring or silence it. It's incredibly megalomaniac to think the call is actually important on any account. They can leave a voice mail, they can email, text, or find me on Facebook. If I don't know them, they are trying to sell / scam something and they can fuck off.

  10. Caller ID is a great invention! by grantspassalan · · Score: 1

    Why is it necessary to write software or invent something that already exists? It is caller ID. When we get any phone call from anyone, we look at the caller ID. In fact our phone ANNOUNCES the caller ID information. Anyone we do not recognize can only talk to the phone company’s computer, the one that runs voicemail. Most Robo callers do not leave any message and the few that do are easily erased. The legitimate calls that get routed to voicemail are then replied to in the appropriate manner.

    --
    A sufficiently advanced simulation is indistinguishable from reality.
    1. Re:Caller ID is a great invention! by grantspassalan · · Score: 1

      Caller ID spoofing makes no difference. The caller would have to use the name and number of someone on our white list. Everything else including unknown calls goes to voicemail. So far this system has worked 100% perfectly well for us.

      --
      A sufficiently advanced simulation is indistinguishable from reality.
    2. Re:Caller ID is a great invention! by Anonymous Coward · · Score: 1

      That's good, and I'm glad it works for you. A whitelist system doesn't work at all for a lot of people.

      It doesn't work for most businesses, either. A business doesn't know in advance who its customers might be, so unless you're Comcast and already have a monopoly, you can't just send everyone to voicemail. I've sat at work and listened as a robo-dialer hit all 30 extensions in my department, (mostly) incrementally over the course of 10 minutes... And then hit them all again an hour later. During the intervening hour they were dialing the rest of the company.

      The fact of the matter is, this shit is illegal. You're correct on one point, the technology to solve the problem is already in place. The telcos know exactly who's doing this shit. The government knows exactly who's doing this shit. The NSA knows when the owner of each phone spam company last *took* a shit. But the telcos have no interest in cutting off the robocallers because they're paying customers, and the government has no interest in truly pursuing them because they make campaign contributions.

  11. That's Easy by nukenerd · · Score: 1

    the FTC is asking contestants to create a technical solution for consumers that will identify unwanted robocalls

    That's easy. All of them.

    How do I collect my prize?

  12. Solution: $5 wrench and the phone company's CEO by Theaetetus · · Score: 3, Funny
    As per the XKCD comic, the solution is a social one, not a technical one. Spam callers spoof their numbers, which is why they're so difficult to block, but caller ID spoofing is explicitly allowed by the phone companies, who let the spammers specify a "calling from" number to be included in the caller ID data. However, the phone company knows exactly where the real call is coming from and who is making it - that's how they bill the company for the 20,000 phone calls they make every month.

    And why does the phone company do this? Because the spammers pay them decent money, and most people don't realize that the phone company's involved, so they get mad at the spammers and not AT&T or Verizon.

    So, the solution is to send a burly man with a wrench to the CEO's office and ask him politely to stop letting companies specify different caller ID numbers, if he would like his kneecaps to remain intact.

    1. Re:Solution: $5 wrench and the phone company's CEO by Aighearach · · Score: 1

      He can probably afford to escalate his security detail farther than you can escalate your attack. Especially since the company pays for it.

      If you want to scare him into compliance, you'd need some regulation to make paperwork scarier, and a lawyer to deliver it.

      The pen is mightier than the sword, unless you have the mightiest sword on the field.

    2. Re:Solution: $5 wrench and the phone company's CEO by Jack+Griffin · · Score: 1

      The pen is mightier than the sword, unless you have the mightiest sword on the field.

      That's 1990's thinking. If we've learnt anything form Al Qaeda, ISIS etc it's that even a small sword can be quite effective if directed appropriately.

  13. Remove the profit to be made from this by johanw · · Score: 1

    Big problem, easy solution: they make those calls because there is money to be made. Remove that incentive: make a law that all contracts due to robocalls do not require payment, the customer does not have to pay. The other side has to keep delivering for free as long as the contract.

  14. Only $50K? by RogueWarrior65 · · Score: 1

    Puhleeze.... With all the money they government takes in in legal settlements for violation of the do-not-call list, they can surely afford a few million dollars.

  15. Easy fix for spoofing.... by Jeepster77 · · Score: 1

    Very simple fix - when a call is placed, the phone co compares actual source number and displayed source number. If they don't match, the call doesn't go through. Since this hasn't been implemented, obviously the phone companies have no interest in stopping this illegal activity, and should be charged as accomplices when the call results in fraud, wire theft, or whatever else Rachel from Card Services cons some gullible senior citizen into.

  16. I'd incorporate some kind of audio captcha by chaosdivine69 · · Score: 1

    This isn't a completely proper solution, but it could be useful: An audio captcha could be handy here as part of a phone answering machine/program/filter app. "Six plus five equals what?" Don't press the right answer number on the telephone dial-pad, call hangs up or goes directly to voice mail. Or make them press a certain number sequence...just randomize the captcha questions and corresponding answer. Not only that, if a call comes through as "unknown caller" via caller ID, then it automatically gets dropped or goes directly to VM but make sure the auto answer message they get says something so these unknown callers get the message "Your call has been filtered since you're blocking caller ID - GOODBYE" click. These things are fairly trivial to program...some inexpensive Arduino type kit (or less powerful and less expensive) could be programmed to do this type of thing fairly easily.

  17. Re:waste of time and money by eric_harris_76 · · Score: 1

    Golly! Why didn't I think of that?

    Probably because I don't know of a way to do it.

    So tell us, AC, "How is this accomplished?"

    You may want to read other messages in this thread to learn of some practical difficulties involved that others have not been able to easily figure out how to overcome.

    --
    There's no time like the present. Well, the past used to be.