FTC To Trap Robocallers With Open Source Software 125
coondoggie writes: The Federal Trade Commission today announced the rules for its second robocall exterminating challenge, known this time as Zapping Rachel Robocall Contest. 'Rachel From Cardholder Services,' was a large robocall scam the agency took out in 2012. The agency will be hosting a contest at next month's DEF CON security conference to build open-source methods to lure robocallers into honeypots and to predict which calls are robocalls. They'll be awarding cash prizes for the top solutions.
They should also go after... (Score:5, Interesting)
Re: (Score:1)
Or the ones that keep calling my great-uncle about the computer virus on the his PC.
It's hilarious to hear him tell how he strings along the callers for a few minutes before telling them that he doesn't own a computer.
Re: (Score:2, Interesting)
I've gotten lots of those calls, and I don't think "on the his pc" is a typo. The speech patterns are definitely "lccnglish". (Pidgen english spoken by phone workers from a Least Cost Country.)
"Hello we are from the microsoft (or sometimes, "the internet") and we are calling you because that we have noticed your pc is infested with the viruses."
What's chilling is that they used to start in on their spiel to the first person to answer (daughter would listen a few seconds hand it to me "it's for you"....gee
Re: (Score:2)
Re:The machine I let "Microsoft Repair" hack (Score:3)
It's a virtual machine. Running Linux. Firefox instead of Internet Exploder (Sorry, it's a work machine, the IT department installs Firefox instead of IE.) With NoScript and AdBlockPlus. Amazing how much stuff just "didn't work" when I tried it - I'd go to their web pages, and I'd hit the Download button and nothing would happen, or I'd run the installer and it wouldn't work. (I wanted to see all the different things they were trying - most of them were different Remote Login or Remote Execution progra
Re: (Score:2)
Actually, scrub the last bit. While it'd be amusing, we all know in general what they're trying to do.
List of the domains / ISPs they host their malware on and of the exploits they tried? Just for shits'n'giggles.
Re: (Score:2)
It was too long ago, and I didn't save them. I think one was named something like "Login123". Basically all of their "repair" tools were remote login tools, probably run by entirely different companies that they were just customers of, and they'd load the actual attacks after they got in.
Re: (Score:2)
Why Whitelisting Fails (Score:2)
First of all, Caller ID is trivially easy to fake, and the scammers all do it. For now, most of them pick random or fake numbers to avoid getting blacklisted, but if whitelists were common, they'd start forging real numbers to get through.
But many people (ok, me, at least) get lots of calls from numbers I don't recognize, and robocalls that I want that might not come from the number I recognize for somebody. Most of the robocalls are the pharmacy saying I've got something to pick up, or the dentist's offi
Really? (Score:5, Interesting)
'Rachel From Cardholder Services,' was a large robocall scam the agency took out in 2012.
Are you sure about that? Because I still get calls from Rachel and friends several times per week.
Re: (Score:3)
Re: (Score:1)
Summary appears inaccurate. The contest actually says it's to help "zap" Rachel, and other robocalls. A quick search on google doesn't show the FTC claiming to have stopped them, just them naming them as their #1 enemy. And, that they had busted some scammers using the recording.
Re: (Score:2)
Does 'zap' mean stopping them? Maybe they're actually trying to help Rachel.
Re:Really? (Score:5, Interesting)
Ditto. That bitch is still around. Maybe the FTC is losing hard-drives too.
Same here. I always press "1", which transfers to a live operator, and then I play along for a few minutes. Then I ask her what color underwear she is wearing. Most hang up at that point. but a few continue the conversation. If we all waste a little of their time, then these business will no longer be viable.
What would be really nice is a CAPTCHA for phones. So if someone calls me, they get a message that says "press seven if you are a human", and my phone only rings if they pass the test. It would also need to have a whitelist, since I get legitimate robo-calls from my kids' school.
Re:Really? (Score:5, Interesting)
If you're the type willing to spend time messing with them, consider adding this to your arsenal:
If you have Callcentric or another VOIP provider, you then have the option to create call treatments for forwarding a good percentage of telemarketing calls to any number you want, including the telemarketers themselves.
For example, one of the ways I get target numbers to forward to, is by responding to the Google SEO guys then pretend to be cut off mid conversation. When they call back since they think they have a good lead, the caller ID (surprisingly) is almost always a valid number to the call center. That's the target number. Even just faking an emergency and asking for their number so you can call them back usually works. Once you have that, Bob's your uncle since there's not much reason for them to change their block of unpublished incoming numbers.
Then it's simply a matter of going into the dashboard, creating a forwarding treatment of all obvious caller ids (i.e. any 800*, anonymous, +1, etc.) to the target number and voila, the call center gets hit with all my forwarded telemarketing calls transparently. And of course forward the target number back to itself, or even better, another target.
The best way is if you can whitelist your incoming calls and simply forward any non-matching numbers, especially since most telemarketing calls these days use a random out-of-area code caller id number. Not realistic if you're running a business but for personal lines you can whitelist the area codes you might expect valid calls to come from.
Obviously this doesn't work all the time. But when it does, it's pretty satisfying to check the online report at the end of the week to see all the forwarded calls that transparently went to Raj and Rachel. My way of paying forward the opportunity to lower their interest rates.
Re: (Score:2)
Re: (Score:3)
Heh, you're more devious than me. No, there's no limit but I suspect there will be some blowback if you start doing that. I just wanted a simple way of breaching their defenses, winning a battle vs. the war so to speak. Like the last act of defiance. Most people see the fake caller id, put a post on 800notes, and figure there's nothing they can do.
And it should be noted that this really only works against business services like merchant processing and SEO, getting past Rachel's defenses is probably diff
Honeypot Credit Card Numbers (Score:2)
Tracing the phone calls hasn't worked very well, but the way to go is to follow the money. Flooding them with honeypot credit card numbers would generate a trail that might be followable (e.g. have an FTC web page that'll generate a credit card number and billing name/address, and have Visa track the merchant information for anybody trying to process a charge against those numbers; the risk is that you have to make sure those numbers don't get used for fraud, even if they're set up to always reject charge
Re: (Score:3)
Same here. I always press "1", which transfers to a live operator, and then I play along for a few minutes. Then I ask her what color underwear she is wearing. Most hang up at that point. but a few continue the conversation. If we all waste a little of their time, then these business will no longer be viable.
Or if you don't want to be stuck talking to them, just play along until they ask you for your credit card number, tell them, "oh, I have to find my wallet" -- and then set the phone down and do something else.
I once got one of them to waste fifteen minutes on me by picking up the phone every few minutes and making some new excuse.
Re: (Score:3)
Re: (Score:2)
Or just plain whitelist: if the calling number is on my phonebook, the call gets accepted and the phone rings, otherwise it's silently ignored.
Re: (Score:2)
Rachel never calls my cellphone; she's only called my wife's cellphone once or twice. Her robot army calls my kitchen landline phone a couple of times a day.
Re: (Score:2)
I don't do that to them, though I have occasionally called them a bunch of names (besides crook and scammer.) Sometimes I'll ask how their family feels about them being criminals, or how they feel about working for criminals, or asking why I should trust them with my information now when they've a bunch of lying crooks, or I'll tell them "just a sec" and put the phone down.
Lately I've been telling them that the last time they called, I got cut off, and asking what notes they have on their computer screen
Re: (Score:1)
Re:She's baaaaaack (Score:2)
They really did go away for a while, or at least slow down a lot, when one of the big "Rachel from Cardholder Services" gangs got busted and shut down. But it's such an easily replicable scam, and probably multiple sets of it are being run independently. I'm pretty sure the call center end is independent contractors or else shady call-centers (I know some are in Canada, and I suspect some are run by prison-labor call centers and some are in the Caribbean.)
Re: (Score:2)
Are you sure about that? Because I still get calls from Rachel and friends several times per day.
FTFY. It is important that I contact her, but she never leaves a number. Press 3 to tell them they've reached a valid number and try again. And they've started using forged numbers for caller id that are just a few digits off my own number.
Re: (Score:3)
'Rachel From Cardholder Services,' was a large robocall scam the agency took out in 2012
to dinner and a show. And she still didn't put out.
Re: (Score:2)
I am surprised of an agency like FTC actually doing something that can benefit us little people on th
Re: (Score:3)
At work you can hear them ratchet through the phone numbers allocated to the local prairie dog colony, excuse me, cubicle farm. RingHelloClick... RingHelloClick... RingHelloClick... and eventually me... Ring Hello "Congratulations! You have just won a free..." click.
I've read that some collection agencies will harass phone numbers that had been associated with the debtor in the past. You might be getting collection calls for someone who previously had your phone number. Good luck getting them to stop.
E
Re: (Score:2)
My mom gets collection calls for people we have never heard of. She has had the same phone number for 40 years. The collections weasels not only call the numbers associated with the alleged debtor, they call all numbers of anyone with the same or similar last name. Then they refuse to believe that you have never heard of the person they try to reach. Occasionally I have gotten wrong number collectors to stop by daring them to sue.
Re: (Score:1)
Re: (Score:2)
I never admitted such a thing. I dared them to sue [insert name they called for].
She called me 6x / hour -- This is what worked: (Score:2, Interesting)
Or at least she was as of two weeks ago... After a while, I got tired of constantly dropping what I'm doing to run to the phone to see if my kids had gotten hurt (again) only to see it was rachel from cardholder services. So I started having fun.
The name of the game is keep the human on the phone for as long as possible. While it is ever so satisfying to answer their question of "Do you have at least $2000 in debt?" with "No, I don't have any debt.", the real goal is to stall them for as long as you can.
Re: (Score:3)
Don't worry, you're just dealing with the part that hasn't yet been automated. Haven't you noticed the increasing automation of the calls? At the current rate I expect them to start trying to get your credit card number before you reach a person within the next two years.
Didn't work for me (Score:2)
I work from home most days, and Rachel and her robot army usually call a couple of times a day. I've tried anything from stringing them along to yelling at them for being criminals to putting the phone down, and they still call back. (The one serious thing I haven't tried is the combination of reorder tone and a "The number you are calling has been disconnected" announcement, which I should just have as a handy .wav to play at them.)
I wonder where they get their labor - some of it sounds like Canadian or
Re: (Score:3)
Rachel? really? I thought she was doing pretty well for herself financially. Joey on the other hand.. After the show ended, his career went no where.. One would think he'd have saved enough to avoid having to do telemarketing.. but alas..
Re: (Score:2)
Re: (Score:2)
Taken out in 2012? (Score:2)
In the old days (Score:1)
In the long, long ago when telemarketers were humans and more often known as telephone solictors, I listed my phone number under a high school nickname, Heimdallr the Watcher., or Watcher, H.T.
That made it easy to sort out the telemarketers, it was a legit call if they asked from "the Watcher," but a dead giveaway if they asked for Mrs. Watcher.
So the standard rap would be, "Sorry, Mrs. Watcher is here but she can't speak to you."
Sometimes they would bite and ask "Why?"
"Well, you see, Mrs. Watcher used to b
Go after Comcast etc... (Score:1)
Re: (Score:2)
Comcast etc sell their customers phone numbers to illicit third parties. I ended up having to throw together an Asterix system with a simple "no solicitations, press one to continue" message to filter out all the robo-calls I got when I was forced to switch services over to Comcast.
Why stick with Comcast then? Why continue to give them your business if they just stab you behind your back? Their VOIP offerings are hilariously overpriced. Get an OBIHai or Cisco SIP gateway, sign up for any of the dozens of SIP providers, and roll your own. My SIP provider even has voice menus you can set up on their system.
Re: (Score:2)
Re:competitors to Comcast for data services. (Score:2)
At least in most states, DSL service from the main telco can not only carry telco-provided ISP services, but also competitive ISPs, such as Sonic and Speakeasy and whatever Megapath and Covad are called these days. The competitors tend to cost a bit more, but also offer things like static IP addresses at more reasonable prices, and usually don't have usage caps or "no servers at home" policies. They may be renting just the wire from the telco, or maybe the wire and the DSLAM, and usually also some regiona
From what I have seen... (Score:2)
*WAS* a scam? (Score:1)
Re: (Score:2)
She doesn't call me near as much as FOGHORN! This is your captain speaking.
Re: (Score:2)
I've already had four calls from Cardholder Services today! I wish they had been taken out!!!!!!!!
Ah, how adorable... (Score:5, Insightful)
Surely the network level is where robocallers stand out most dramatically, unless the caller has spoofing good enough to disguise the origin and frequency of their calls from the telco carrying them (which would also likely allow theft of service and thus be the sort of thing that would actually get fixed, unlike the pitiful state of caller ID), and we know that those logs exist.
Is it just considered polite to pretend that the telephone system can't be so scrutinized, or are robocallers customers who are just too reliable to hunt down and exterminate?
Re: (Score:2)
Why do you think it takes that much hacking?
Setting up a robo dialler takes less than an hour and "spoofing" your number is equally simple. You just sign up with Anveo or any service like that and you are good to go - go through a proxy in eastern Europe and chances are no one can do squat about it.
NSA weakness (Score:1)
So, either the NSA knows exactly who these people are and are not helping the FTC.
OR the Robocallers have found a weakness in the NSA surveillance.
So now, Achmed the terrorist will just robocall his associates for an attack?
We'll keel them!
Re: (Score:3)
Don't you get it? The robocallers have been classified as terrorist organizations by the NSA so anyone that they contact can now be classified as "persons of interest" and can now legally have their data snooped, er I mean "collected".
Seriously though, this isn't the movies; tracing a call is instantaneous. The telco can relatively easily follow it back to whoever is paying for the trunk. The problem being that someone is actually paying, which means that someone has a vested interest in keeping a paying
Re: (Score:3)
Interestingly at least AT&T (and probably other telcos as well) will refuse to provide the ANI logs for calls like this. They act confused when you ask then ask a supervisor and say its against policy to give customers the ANI info for incoming calls. It's almost like they want to protect the robocallers.
Pink contract [wikipedia.org], anyone?
Re: (Score:2)
I've never understood this tact either, but for a different reason.
Follow the money.
About exactly one FTC investigator should be able to sign up for some card member servicing...
Re: (Score:2)
I've always wondered why there weren't honeypot IDs. Fake SS#, card numbers, etc, that would serve as a red flag of fraudulent activity. While the calls may be untraceable, most payloads should not be.
Re: (Score:1)
Banks providing "canary" credit card numbers to customers for use when they suspect attempted scamming would kill a lot of the activity. Think of it as a form of duress code.
If the scammers know that numbers they're given might well result in them being red-flagged and traced quickly, they might give up.
Re: (Score:3)
To this day I still do not understand what makes this such a difficult and complex issue to tackle.
I don't see why it can't be as simple as:
Spam call comes in, I dial a report number, telecom system flags the call and the origin. After 10 reports, 100 reports, that number is blocked. Further outgoing calls from the number are directed to a message to contact a fraud line to get the number reinstated. The longer a number has belonged to a legitimate company, the more immu
Re: (Score:2)
To this day I still do not understand what makes this such a difficult and complex issue to tackle.
I don't see why it can't be as simple as: Spam call comes in, I dial a report number, telecom system flags the call and the origin. After 10 reports, 100 reports, that number is blocked. Further outgoing calls from the number are directed to a message to contact a fraud line to get the number reinstated. The longer a number has belonged to a legitimate company, the more immunity it is granted by the system to prevent abuses from angry consumers. The shorter the number has been in service, the more scrunity it is under.
Are the robocallers really able to shield their call origins from the telecoms? That just seems like such a ridiculous concept.
Let me help you out a bit with this. The thing is, those same telecoms that should be able to put a stop to this? They make money on every call. They have absolutely no incentive to do a damn thing about it except sell you caller id (for an extra fee) and the telemarketers the ability to fake their caller id (for an extra fee).
When in doubt, follow the money. Ask yourself who profits if something is done about a situation and who loses.
Re: (Score:2)
Thing is, there is no trust in the chain of connections. While my telco can tell where the call came in to their system, it would have to trust that the next link is being honest. Eventually, your options are to block all calls from entire countries, or do nothing, since it's all spoofed.
Now, I am OK with blocking all calls that originate in another country, but many would not be.
Re: (Score:1)
Anyway, this is to illustrate that scammers who have enormous lists of numbers
Re: (Score:1)
"Surely the network level is where robocallers stand out most dramatically, unless the caller has spoofing good enough to disguise the origin and frequency of their calls from the telco carrying them"
Unfortunately, the ANI spoofing IS good enough to defraud the telcos. The entire global phone routing system works not much differently than BGP4, but with far lower levels of protection (on the basis that access to the networks is by "trusted" entities.)
This means that a good chunk of this stuff is done via co
Can't you just solve it by government? (Score:1)
Here in Sweden we as a community got tired to telemarketers etc, so there were talks about limiting telemarketing by law (politicians working for you).. but before that happened all the telemarketers got together then and announced a common opt-out list you can sign up for (to prevent a more limiting law)..
I have not received any telemarketing phone calls in 10 years now - problem solved.
As for all this robo-calling and faking caller-id stuff etc, can't the telephone companies just police their own customer
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Several countries do _exactly_ this. Hitting the canary traps results in fairly intense attention.
I have to say, I am surprised that enterprising DAs in the USA haven't setup a few dozen lines for exactly this purpose.
Re: (Score:2)
I'm trying to imagine a country where all telemarketers abide by an opt-out list. Must be nice. (In the US it's called the "do not call list", and is actually used by scammers and the more slimy of telemarketers as a known list of working numbers to call...)
So... how does Sweden enforce the opt-out list? For that matter, how would they enforce a law against telemarketing? Robocalls can originate from anywhere, including self storage units, and be moved rapidly from location to location. In this day of
Re: (Score:1)
Wish I had mod points; this post should be scored as 4 or 5. The poster evidently lives in a country where the politicians and government actually do work for the people rather than the corporations, not like here in Canada or apparently in our big neighbour (Canadian spelling) to the south.
Re: (Score:2)
We have a do-not-call list and the requisite legal structure to make it work well. What we don't have is a government agency to enforce it, so it's a joke at this point. Worse yet is that the scammers are brazen enough at this point that they're apparently using the do-not-call list as a calling list.
I actually called the FTC once to inquire about the status of their investigation into one company that was doing this a few years ago - one which I was able to mostly track down. The response from the lady
Re: (Score:1)
"can't the telephone companies just police their own customers, and weed out illegitimate phone companies who allow such customers and refuse to forward their calls.. how hard can it be?"
Not very.
It's trivial to set your caller-ID to anything you want on ISDN lines. British Telecom added filters about 7 years ago which only allow callerIDs that are in the ranges allocated to the ISDN connection.
As with spam, filtering OUTBOUND is far more effective than filtering inbound (think of it as fitting chimney scru
Stop these fsckers (Score:1)
Re: (Score:1)
Did he actually pronounce it that way?
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Was anyone sent to prison? (Score:4, Insightful)
Sure, the "Rachel" didn't kill anyone. Probably. But with the number of calls placed, the overall damage — even if spread among millions of people — certainly exceeded that of a serious bodily injury or even death of one person.
Was any of the scammers sent to prison? I mean, I'd recommend impalement, but prison would've been good enough. Did it happen?
Re:Was anyone sent to prison? (Score:5, Insightful)
Re:Was anyone sent to prison? (Score:4, Funny)
How horrifying it would be to wake in the hospital, and find out that you survived a terrible car crash, but they had to patch you up with a new liver, and now you are (scare chord) 10% TELEMARKETER!
Re: (Score:1)
50% call reduction (Score:2)
Cage match between Rachel from Cardholder Services and Sharron my Google Specialist, Only one gets out of the cage alive!
Sorry if I actually know anyone named Sharon...I rarely get past "This is Sharron " anymore :/
The MS scammers are sure getting lazy lately. Can't even check the area codes they are calling...even Grandma would find it unlikely MS would call at 6:45am!
Re: (Score:2)
Re: (Score:1)
"Was any of the scammers sent to prison? I mean, I'd recommend impalement"
Preferably vertically, on a pole outside of the snoking ruins of the call centre they use.
A $3133.70 prize for first place? (Score:1)
My eyes are rolling so hard at this.
Alternative solution (Score:2)
Death penalty for people who set them up.
Seriously, if a person is willing to violate a just law, the punishment clearly is insufficient.
Re: (Score:2)
Ship them out to gitmo. They aren't wearing a military uniform, and are causing damage to American infrastructure. That should be enough by the Cheney/Bush standard to call them terrorists.
Maybe we can combine our ideas. Give convicted robocallers Bush's and Cheney's private phone numbers.
Rude telemarketer call (Score:2)
I got a really rude telemarketer call from a "government grants agency" wanting to give me money. I played along for a while but the guy caught on and ended the call with a sexist racist slur.
Took out Rachel? (Score:3)
LOL! She's still around, now joined by Bridgette and Carmen. I get called twice a day on my cell phone (which is on the "Do-Not-Call list) from them.
They need to get serious about that as people are apparently still willing to give out their credit card numbers.
Are your carpets dirty? (Score:1)
Not getting any "Rachel from Cardholder Services" calls here lately..
In other words, they offer no employee benefits. (Score:2)
Late breaking news? (Score:2)
Leave it to /. to give us the article so we can be ahead of the... 8/8?!? I can't even get a land line installed by then.
Creator: Build a robocall honeypot by Friday, 8/8, at noon PDT :P
Tellecrapper 2000 (Score:2)
I want a Telecrapper 2000
http://www.youtube.com/watch?v... [youtube.com]
So easy to avoid... (Score:2)
Just put a captcha on your phone calls. Then only a human is getting through to your actual phone line.
Re: (Score:2)
I'll take my chances. Any robo dialer that gets through a phone based captcha might just be interesting enough to listen to if only for the novelty. I've never heard of a robodialer that had advanced speech to text and AI to penetrate a phone based captcha.
I'm sure they could be made but I've never heard of them being implemented.
Simply starting with a message that says "To avoid robo calls, can you please tell me the sum of 1+1?"
I'm pretty sure that would filter 99.99 percent of robot calls right there.
Just Another Layer of TCP (Score:3)
Real Time ANI (Score:2)
The FTC needs to set up Honey pots with actual SS7 ANI feeds. Real time query the calling number and provider. The dirty secret here is the telemarketers need VOIP providers to work. Usually ones that are willing to turn a blind eye and willing to let them advertise the outgoing number as anything they want. The FTC needs to put the pressure on them and their upstream connection into the phone system (most likely a CLEC of some sort).
Re: (Score:1)
There are virtually no CLECs left in the USA anymore, thanks to the Borg all but completely reassembling itself over the last 30 years without the "universal service" shackles (even GTE is gone)
Thanks to the interconnectedness of the world, I pay nothing extra to make calls from my house in europe to most of the planet's population. Those call centres and robodiallers could be anywhere - and the principals behind them are probably sitting well out of reach of US extradition treaties.
Re: (Score:2)
I suggest beta testing on politicians.
Re: (Score:2)
Re: (Score:2, Insightful)
You are a libtard fuckwit.
Re: (Score:2)
ITT: Idiots who give their real phone number with their voter registration.