Use your expertise to help vanquish robocallers

Share This Page


Are you attending DEF CON 22 or will you be in Las Vegas from Aug. 7-9? Do you hate robocalls from “Rachel at Cardholder Services” and her countless robot clones and minions? If you answered “yes” to any of these questions or know someone who might, please keep reading!

The FTC is excited to release the official rules for Zapping Rachel, its first challenge to the hacker community, with $17,000 in total cash prizes. Contestants will help zap Rachel and her fellow robocallers by creating a next-generation robocall honeypot. A robocall honeypot is an information system designed to attract robocallers, which can help researchers and investigators understand and combat illegal calls.

The Zapping Rachel contest has three phases. Contestants may participate in one, two, or all three phases.

  1. CREATOR - The first phase is a honeypot building contest. Contestants will build honeypots that can identify inaccurate information in the calls they receive, such as spoofed caller IDs. The honeypots should also catalog calls and identify those that are likely robocalls. Deadline: 12:00 p.m. PDT, Aug. 8, 2014.
  2. ATTACKER - The second phase is a honeypot circumvention challenge. Contestants will develop methods to prevent honeypots from collecting accurate data about calls they place to the honeypot – essentially disabling the honeypot from fulfilling its purpose. Deadline: 12:00 p.m. PDT, Aug. 9, 2014.
  3. DETECTIVE - The third phase is a data analysis challenge. Contestants will review data from an existing honeypot provided at DEF CON 22 and develop algorithms to predict which calls are likely to be robocalls. Deadline: 7:00 p.m. PDT, Aug. 9, 2014.

For more information, visit the official contest website at Also check out our after-hours Twitter chat on Thursday night. We’ll answer questions about the contest as well as the technological issues with illegal robocalls. Follow @FTC and tweet your questions with #DEFCON22.

The FTC receives more than one million consumer complaints about robocalls every year. Most of these complaints are against Rachel at Cardholder Services or one of her robotic minions — Anne from Account Services, Bob from Home Security, or Jenny from Bahama Cruise Vacations. The pitches vary but the punch line is always the same: “Press One to Learn More!” Of course, the problem of telephone spam is more than a mere annoyance, as fraudsters do succeed in pilfering private information — and money — from innocent people. At the same time, the related menace of telephone Denial of Service attacks is on the rise.

Rachel and her ilk are nothing but scam-artists who hide behind a pre-recorded message and sophisticated technology. And while the messages may often sound familiar, there have been many clones of Rachels across the U.S. and around the world. That’s why law enforcement alone isn’t enough to solve the problem, and the FTC is investing in technical solutions that can help a growing community of experts do battle with robocallers. We hope to see you at DEF CON. If you can’t make it, please help us by spreading the word to your smartest hacker friends.

The author’s views are his or her own, and do not necessarily represent the views of the Commission or any Commissioner.


Rachel is gone; now it's Carmine. I'm getting between 4 and 6 robocalls per day from at least 4 different companies, all offering to lower my credit card interest rates. It's to the point that I don't answer my phone any more. I don't understand why these calls can't be traced. I have no doubt that if the calls were related to a threat to national security, they would be traced within minutes.

Hi Winona, we continue to work on this issue. Please keep an eye on for updates. Thank you.

We get up to half a dozen calls per day, now from Bridgette at Card Member Services. They torment my mom, who suffers from Alzheimer's. The federal government sucks up trillions of dollars a year in taxes, issues millions of pages per year of regulations, employs hundreds of thousands of people, and yet cannot catch these few professional criminals, stop their operations, and put them in prison. A contest at a convention with a little prize money is not enough. You should be recruiting at DEFCON22 to hire dozens of talented hackers to work full-time on this problem. The feds found Osama bin Laden. The feds eavesdrop on the phone calls of heads of state. Now how about getting serious about robocall scammers?

1. It should be illegal to spoof a phone number you do not own in the caller ID (there are legitimate cases where you do want to specify a calling id that is not the originating number, when you want the caller to call you back at that alternate number - but in that case you do own the spoofed number).

2. Not knowing the details of how VOIP calls get routed to the PSTN, but there must be some way of identifying the original un-spoofed originating phone number and identifying how many calls are being made from that number in a given span of time and blocking calls from those numbers.

3. Doing a reverse phone lookup on the caller id of the robocalls I receive, every single time, the number is unlisted. So one possible solution is to have the PSTN limit the number of calls that an unlisted number can make in a given time period.

4. Certainly the PSTN companies can determine how many calls from different phone numbers are originating from the same IP address???

5. I bet the NSA could use their billion bytes of phone metadata to identify the source of all these robocalls in less than 10 minutes.


Add new comment

Comment Policy

Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system (PDF), and user names also are part of the FTC’s computer user records system (PDF). We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.