FTC Announces $50k In Prizes For Robocaller Trap Software 79
crazyhorse44 that the Federal Trade Commission announced this week that it is launching two new robocall contests challenging the public to develop a crowd-source honeypot and better analyze data from an existing honeypot. A honeypot is an information system that may be used by government, private and academic partners to lure and analyze robocalls. The challenges are part of the FTC's long-term multi-pronged effort to combat illegal robocallers and contestants of one of the challenges will compete for $25,000 in a top prize. As part of Robocalls: Humanity Strikes Back, the FTC is asking contestants to create a technical solution for consumers that will identify unwanted robocalls received on landlines or mobile phones, and block and forward those calls to a honeypot. A qualifying phase [launched Wednesday] and runs through June 15, 2015 at 10:00 p.m. ET; and a second and final phase concludes at DEF CON 23 on Aug. 9, 2015.
Dial *666 (Score:5, Interesting)
Have the phone companies implement a *666 system. After receiving a robocall the recipient hangs, then picks up and dials *666. The phone company keeps a count and reports numbers with some large number of *666 reports to drone death-squads.
That last bit might be a tad extreme...
Re:Dial *666 (Score:5, Funny)
"That last bit might be a tad extreme..."- Saturation kinetic bombardment from orbit, followed by mop-up squads with flamethrowers and nerve gas. It might cost a little more, but it sends a message.
Re: Dial *666 (Score:1)
Nuke from orbit. Only way to be sure.
Re: (Score:1)
Even if they don't want it, that seems to be the bureaucratic mindset.
Not only is is true that "If your only tool is a hammer, everything looks like a nail" but "employees of the Ministry of Hammers will always choose a hammer over any other tool".
Not a good idea. (Score:3)
Robo-calls come from ever-changing numbers that eventually make it back into the pool. The result of a system like this will be that, like SPAM IP addresses, large swaths of numbers will forever be blacklisted even long after the robo-caller has moved on, forever useless to any other user.
Blacklisting in this way has been shown not to have any effect at all on SPAM / robo-callers, and only inconveniences everyone else.
Re: (Score:1)
If a large number of robocall reports were being made in real time, wouldn't that help identify the physical source?
First, phone numbers can and are often "spoffed".
Second, just like with Intertube Spam, I can bust out 100,000's of robo-calls in one day from a disposable phone number (MagicJack and the like), and than move on untraced.
Re: (Score:3)
If a large number of robocall reports were being made in real time, wouldn't that help identify the physical source?
First, phone numbers can and are often "spoffed".
Second, just like with Intertube Spam, I can bust out 100,000's of robo-calls in one day from a disposable phone number (MagicJack and the like), and than move on untraced.
The phone companies know where the call is coming from. They just don't know it's a "bad call" when it is actually happening. You are very very confused if you think what the phone companies and guys running the switches can see is the caller ID number that shows up on the phone. (Caller ID can be spoofed.)
On the other hand, a system of rapid reporting can make those numbers useless after an hour of robo calling, rather than a day.
Who the hell picks up the phone now days anyway? I just let it ring or si
Re: (Score:2)
Blacklisting in this way has been shown not to have any effect at all on SPAM / robo-callers, and only inconveniences everyone else.
Blacklisting is indeed worthless. Whitelisting, where only numbers you allow get through, all others go to message.
Re: (Score:3)
Re: (Score:2, Interesting)
At one point these numbers are owned by some company.
Phone numbers are passed around like pocket change. Who has control today is not who has control tommorow.
But beyond that, if I buy a MagickJack today and send out 1,000,000 spams and 100,000 robo dials tomorow, how can the "owner" of that number be held responsible? Of course common sense says they cam't.
Unless, of course, you are willing to accept an invasive personal background check whenever you want to get a phone or chnge your phone number.
Is that what you want? Background checks to get phone numbers?
Re:Not a good idea. (Score:4, Funny)
The policy on Belize was modeled on Nigerian law, which requires membership in a royal family to get email addresses.
Re:Not a good idea. (Score:4, Insightful)
Phone numbers move far less than you think - when you port your phone number, it takes several hours for the change to happen. In the meantime, a call can ring one phone, the other phone, both, or none as the switching tables are updated. But in the meantime, the phone number is still owned by someone at that time. All you need to do is log when and who.
As for your magicjack? Well, at some point they have to interconnect to the phone system. If you can't trace beyond the phone system, then the interconnection is liable, to whom they'd probably be more than happy to send the bill to MagicJack to pay.
Basically, to make a phone call, you have the originating number. The thing is, your phone company providing you service actually knows the originating phone number that's not spoofed or anything - the originating phone number is sent as data to the called party's phone company. And logged. So your phone company knows who made the call and who's responsible.
If it goes through a third party call forwarding service, well, guess who holds liability now?
POTS is not like the Internet. POTS actually has verifiable sources - you cannot spoof the call as everyone exchanges connection information. Sure VoIP may make the real caller hard to find, but at some point the call had to enter the POTS network, and the gateway provider can be held responsible. And I'm sure for billing purposes they know who used that outgoing line - maybe not the subscriber, but the company that they contract POTS interconnection for.
Perhaps an auto-attendant might be an interesting way to solve the problem using grey listing - the autoattendant looks for familiar numbers, and if it's on the list, passes it through. If not, it answers the phone and walks through a script, asking the caller for their name, company and other details. It then asks the caller to hold, and rings the inside line, who passes the information onwards and you can decide if you want to take the call, black l ist, tar pit, or reject. Rejected calls get a simple "the party does not wish to speak with you, do you want to l eave a message?" while tarpitted calls get the "please wait" response every 30 seconds.
Re:Dial *666 (Score:5, Insightful)
It would also help to have mandatory, accurate caller ID that can't be spoofed or monkeyed with.
Re: (Score:1)
Even then, it would be possible to anonymize calls by routing them through a third party. Of course, then if caller ID can't be spoofed from there, at least the wrath of the people can be aimed at one of the responsible parties (or such third parties could be blocked).
Re:Dial *666 (Score:4, Insightful)
End-user billing information should be accessible to the called party. If someone wants to front for someone else, they can assume the liability too.
Re: (Score:2)
The phone company already knows who is doing what and is complicit in the problem. That is why the effort is to build a honeypot. If you reply on the phone company, the software will "accidentally" have a lot of "bugs" and won't change anything.
I'm not against the death squads necessarily, but in your scenario the phone company would probably fake the data to get their own enemies killed.
Comment removed (Score:5, Insightful)
Re: (Score:1)
Yeah, well, the prison thing is bullshit.
Ahh, yes, another know-it-all on Slashdot who actually doesn't know shit.
Obviously you've never been to prison.
I have been to prison.
And I can assure you that I now live in a manner which is calculated to
make sure I never go to prison again.
Long enough prison terms for those responsible for robocalls will get the
message across to most people who would consider involvement in such
schemes.
my solution (Score:5, Funny)
Re: (Score:1)
Re: (Score:2)
Re:my solution (Score:5, Interesting)
My solution is also me. I answer all robocalls (even the pre-recorded ones) with "Hello. This call is being recorded". I've quickly gone from around 3 or 4 a day to almost zero. Guess they're scared of the fines, and it looks like they share information on who's after them.
Re: (Score:1)
My solution is also me. I answer all robocalls (even the pre-recorded ones) with "Hello. This call is being recorded". I've quickly gone from around 3 or 4 a day to almost zero. Guess they're scared of the fines, and it looks like they share information on who's after them.
I wonder how this works when robo fax calls ring you up.
Re: (Score:2)
I've learned to whistle the exact frequency that will fax them 100 pages of solid black paper.
Comment removed (Score:4, Informative)
Private Caller is the biggest issue (Score:1)
The private caller feature is the biggest issue. Get rid of that and you can filter out spammer in a similar way Google filters spam. Once a number is detected, it goes on a global block list shared by all phones, similar to SpamHaus or something like that.
The problem with this is it can be easily abused. There needs to be a way to get off the list if incorrectly added.
I guess the do-not-call registry failed? I would guess because lack of enforcement.
Re: (Score:2)
The US federal "do not call" list was wildly successful - for telemarketers who wanted a list of guaranteed good phone numbers to call. I'm sure the decent ones use the list the way it was intended. The others use it as their calling rolodex.
I was stupid enough to list my home phone number on the "do not call" list. Before I did so, I almost never received unsolicited marketing calls. I put my number on the list "just to be sure" I never would. However, once I did so, the calls never stopped. All ha
Re: (Score:3)
I only ever answer if it's a known number, and only if I feel like talking. The phone has no power over you, take back control of that relationship.
Re: (Score:2)
I do not feel compelled to answer a ringing phone, and often ignore it. If a strange number comes up on my Caller ID, I often let it go to voicemail. My voicemail messages tells people that are a) asking for money, b) claiming that my computer is signaling them, or c) saying they are from a government agency to bugger off. If the caller doesn't leave a message, then I know they didn't really want to get in touch with me.
There are still several reasons why I would rather fix the problem than ignore it.
1
Been there, done that (Score:1)
Re: (Score:1)
Golly! Why didn't I think of that?
Probably because I don't know of a way to do it.
So tell us, AC, "How is this accomplished?"
You may want to read other messages in this thread to learn of some practical difficulties involved that others have not been able to easily figure out how to overcome.
Fix Caller ID and monitor exchanges (Score:5, Insightful)
Re:Fix Caller ID and monitor exchanges (Score:4, Informative)
There already is a feature for that, ANI [wikipedia.org], where the information is sent by the phone company rather than by the caller themselves over the "voice" portion of the call. It costs more than caller ID, and I'm not sure you can even get the phone company to offer it to you as an individual, but many business use this feature. Probably the spam callers themselves are using it to avoid receiving unwanted calls...
Re: (Score:2)
First off, fix Caller ID so people can't spoof their phone numbers. Even if people use the private number feature, the phone company knows who made the call.
You figure that someone in Pakistan or some other country will give a damn?
Secondly, monitor exchanges for both high outgoing volume and high incoming volume (and especially sequential dialing) to find potential robocallers and telemarketers.
Once again, th eportability of numbers and the non-US locations might mean they can be monitored, but what are we going to do - declare war on them?
Problem solved.
aaaaanndd no. I like iPhone's method. I only allow calls from my contact list, unless aomeone calles a couple times within 3 minutes. Now that solves the problem.
Re: (Score:2)
They do it with the SWIFT system for banks, surely phones are simpler.
Re: (Score:2)
Yes! Fix the caller ID information that is received on normal residential phone lines so that it shows the actual subscriber origin of the call, whether within the US or outside of the US. The phone companies in the US should no longer be allowed to let a company provide their own caller ID information just because they have a digital switch; some kind of certification regarding the business and its trustworthiness might be in order. As soon as the cloak of anonymity is removed, the existing penalties fo
Re: (Score:2)
How would this work with VoIP? SIP? What if the phone number is pure virtual? By definition it's "spoofed".
And in the small print... (Score:1)
As you might guess:
By entering a Submission to this Contest, Contestant grants to the Sponsor, and any third parties acting on behalf of the Sponsor, a non-exclusive, irrevocable, royalty-free and worldwide license to use the Submission...
I hope your time and effort are worth the $25k first prize because that's about all you will *ever* get for it.
Re: (Score:2)
As you might guess:
By entering a Submission to this Contest, Contestant grants to the Sponsor, and any third parties acting on behalf of the Sponsor, a non-exclusive, irrevocable, royalty-free and worldwide license to use the Submission...
I hope your time and effort are worth the $25k first prize because that's about all you will *ever* get for it.
Uhm, yeah, if you have no use for it yourself, you'd only get the 25k from this one buyer, and you'd need to move on to another product. Nothing lasts forever. The only reason you need to keep making money off of it is if you're still trying to put it to some other commercial use. The part where it says, "non-exclusive," that means you can also sell it elsewhere.
You're obviously not a software developer, so it is entirely academic to you anyways.
What spam calls? (Score:2)
If your number is not in my contacts list, I don't even hear it. If it is not important enough to leave a voicemail of who you are and what number to call you back at, it is not important enough for me to care.
Caller ID is a great invention! (Score:2)
Why is it necessary to write software or invent something that already exists? It is caller ID. When we get any phone call from anyone, we look at the caller ID. In fact our phone ANNOUNCES the caller ID information. Anyone we do not recognize can only talk to the phone company’s computer, the one that runs voicemail. Most Robo callers do not leave any message and the few that do are easily erased. The legitimate calls that get routed to voicemail are then replied to in the appropriate manner.
Re: (Score:2)
Caller ID spoofing makes no difference. The caller would have to use the name and number of someone on our white list. Everything else including unknown calls goes to voicemail. So far this system has worked 100% perfectly well for us.
Re: (Score:1)
That's good, and I'm glad it works for you. A whitelist system doesn't work at all for a lot of people.
It doesn't work for most businesses, either. A business doesn't know in advance who its customers might be, so unless you're Comcast and already have a monopoly, you can't just send everyone to voicemail. I've sat at work and listened as a robo-dialer hit all 30 extensions in my department, (mostly) incrementally over the course of 10 minutes... And then hit them all again an hour later. During the interve
That's Easy (Score:2)
the FTC is asking contestants to create a technical solution for consumers that will identify unwanted robocalls
That's easy. All of them.
How do I collect my prize?
Solution: $5 wrench and the phone company's CEO (Score:4, Funny)
And why does the phone company do this? Because the spammers pay them decent money, and most people don't realize that the phone company's involved, so they get mad at the spammers and not AT&T or Verizon.
So, the solution is to send a burly man with a wrench to the CEO's office and ask him politely to stop letting companies specify different caller ID numbers, if he would like his kneecaps to remain intact.
Re: (Score:2)
He can probably afford to escalate his security detail farther than you can escalate your attack. Especially since the company pays for it.
If you want to scare him into compliance, you'd need some regulation to make paperwork scarier, and a lawyer to deliver it.
The pen is mightier than the sword, unless you have the mightiest sword on the field.
Re: (Score:2)
The pen is mightier than the sword, unless you have the mightiest sword on the field.
That's 1990's thinking. If we've learnt anything form Al Qaeda, ISIS etc it's that even a small sword can be quite effective if directed appropriately.
Remove the profit to be made from this (Score:2)
Big problem, easy solution: they make those calls because there is money to be made. Remove that incentive: make a law that all contracts due to robocalls do not require payment, the customer does not have to pay. The other side has to keep delivering for free as long as the contract.
Only $50K? (Score:2)
Puhleeze.... With all the money they government takes in in legal settlements for violation of the do-not-call list, they can surely afford a few million dollars.
Easy fix for spoofing.... (Score:1)
I'd incorporate some kind of audio captcha (Score:2)