FTC Asking DEF CON to Help Catch Robocallers

FTC software scam

The FTC is seeking help from hackers at DEF CON to help lure and identify the perpetrators of illegal robocalling scams, whether they are criminal or corporate.

The United States Federal Trade Commission is sick and tired of illegal robocalling, and it’s hosting a contest this year at the DEF CON hacker conference in Las Vegas in an attempt to do something about it.

The consumer protection agency’s weariness likely stems from the more than 150,000 complaints it receives about automated telephone calls each month. The contest, known as “Zapping Rachel,” calls on DEF CON attendees to develop honeypot systems designed to attract and identify the perpetrators of illegal automated calling schemes.

The FTC says that technological advances such as auto-dialers are fueling an increase in malicious robocalls. Not only can criminals fire off thousands of calls every minute with less money and computer resources, but they can also easily obfuscate themselves and their locations by spoofing caller identification information.

“The FTC and our law enforcement partners are particularly interested in the development of robust, cutting-edge robocall honeypots (an information system designed to attract robocallers), which can help experts and authorities understand and combat illegal calls”, wrote Lois Greisman, the associate director of the FTC’s marketing practices division.

She goes onto explain that there are robust security products and technologies available to fight Web-borne spam but that there are a serious lack of such solutions protecting users from telephone spam.

“Unfortunately, the technical distinctions between a telephone call and an email have made it difficult to use internet security tactics in the battle against robocalls,” Greisman writes. “We hope to change that by inspiring DEF CON exp0381-robocalls-infographicerts to apply their knowledge and creativity on behalf of the millions of people frustrated by these illegal calls.”

The FTC clearly doesn’t see robocalling as a mere nuisance. They claim the practice invades user privacy, peddles costly scams, and , in extreme cases, poses serious threats to critical infrastructure by enabling telephone denial of service attacks.

To this point, the FTC has primarily fought telephone spam in the courtroom. However, in 2012, the commission hosted a similar contest offering $50,000 to anyone who could develop a means of mitigating robocalls. A new business emerged among the winners of that contest – called Nomorobo – who has commercialized an anti-robocalling product that it clams has blocked more than four million automated calls.

An FTC spokesperson confirmed in a phone interview with Threatpost that there will be a cash prize for the winners of the contest. The specific rules and payout will be posted on the FTC website at a later time.

“You’ve probably gotten robocalls about candidates running for office, or charities asking for donations. These robocalls are allowed,” the FTC explains on a robocalling fact sheet. “But if the recording is a sales message and you haven’t given your written permission to get calls from the company on the other end, the call is illegal. In addition to the phone calls being illegal, their pitch most likely is a scam.”

In the same fact sheet, the commission explains that purely informational calls are perfectly legal. This could include automated calls about flight cancellations, appointment reminders, delayed school openings and more. However, the business behind the call is not allowed to promote the sale of any goods or services. Prerecorded messages from a business that is contacting you to collect a debt also are permitted, but messages offering to sell you services to reduce your debt are barred.

“Other exceptions include political calls and calls from certain health care providers. For example, pharmacies are permitted to use prerecorded messages to provide prescription refill reminders. Prerecorded messages from banks, telephone carriers and charities also are exempt from these rules if the banks, carriers or charities make the calls themselves.”

Suggested articles