On Thursday the Federal Trade Commission (FTC) announced the winners of a robocall-defeating contest that the commission held at DefCon in early August. Three groups of contestants each won $3,133.70, and two runners-up each won $1,337 (for being just that elite). The FTC says it receives 150,000 robocall complaints each month, down from 200,000 per month one year ago.
The contest was called “Zapping Rachel,” for the well-known scam in which a pre-recorded woman's voice tells an unsuspecting phone answerer, “Hi this is Rachel at cardholder services." The FTC separated the contestants into Creator, Attacker, and Detective categories—Creator entrants were asked to build a honeypot to lure robocallers, Detective entrants were given the honeypot data and asked to analyze it, and Attacker entrants were tasked with finding honeypot vulnerabilities. Contestants were given between 24 and 48 hours to submit their entries, depending on the category they entered.
For the Creator category, Jon Olawski, who is a software engineering director for an Internet marketing company by day, won the prize. He built a honeypot that used “an audio captcha filter, call detail analysis, and recording and transcription analysis” to automatically rate an incoming call as to whether it came from a robocaller or not. In an e-mail to Ars, Olawski described his idea as “a 10-point 'strike' system,” and if a caller hits a certain number of strikes, that number is known to be a robocaller and can be placed on a blacklist.