FTC Announces Winners of “Zapping Rachel” Robocall Contest

The Federal Trade Commission today announced the winners of its “Zapping Rachel” robocall contest held at the DEF CON 22 hacking conference in Las Vegas Aug. 7-10.

Zapping Rachel marks the latest step in the FTC’s ongoing campaign to combat illegal, pre-recorded telemarketing calls known as robocalls. The contest challenged participants to design a robocall honeypot which is an information system designed to attract robocallers, and help law enforcement authorities, researchers, and others gain enhanced insights into robocallers’ tactics.

A total of 60 teams and individuals registered for one or more of the contest’s three phases and the agency received 13 total submissions. A panel of expert judges selected the winning entries for each of the three phases, along with two honorable mentions for the final phase.

“Congratulations to all the winners and honorable mentions of our Zapping Rachel contest,” said Jessica Rich, director, FTC’s Bureau of Consumer Protection. “We were thrilled with the level of interest and participation, particularly from DEF CON attendees. We look forward to furthering our dialogue with this community on the development of robocall honeypots, and any other tools that can help win the fight against illegal robocalls.”

The winners are:

The Creator Phase: Jon Olawski will receive $3,133.70 for his winning honeypot. Phase 1 challenged contestants to build a honeypot that identifies inaccurate information in incoming calls, such as spoofed caller IDs, or determines which calls are likely robocalls. Jon’s honeypot uses a combination of an audio captcha filter, call detail analysis, and recording and transcription analysis to determine, on a sliding scale, the likelihood that an incoming call was a robocall.

The Attacker Phase: Jan Volzke will receive $3,133.70 for his winning solution, Droid Rachel. Phase 2 challenged contestants to circumvent an existing honeypot and prevent it from collecting information on incoming calls. Droid Rachel circumvents the existing honeypot by employing a four-step targeting process that screens out phone numbers potentially connected to a honeypot, and optimizes Droid Rachel’s ability to send robocalls using unsuspecting consumers’ Android phones.

The Detective Phase: The winning team is Yang Yang and Jens Fischer, and they will share $3,133.70. Phase 3 challenged participants to analyze call data from an existing honeypot and develop algorithms that predict which calls are likely robocalls. The judges also selected two honorable mentions – Sean Beck and DarkTyphoon – and each will receive $1,337. The winning solution focused on metrics such as the number of calls made, whether the number called was a toll-free number, and the time of the call to identify likely robocalls. Sean’s solution focused on time of call and number of calls made, while DarkTyphoon’s solution utilized additional metrics such as the area code and exchange numbers called.

Judges scored submissions based on functionality and accuracy, as well as innovation and creativity. To be eligible for prizes, contestants had to satisfy the eligibility requirements specified in the Official Rules. Complete rules and judging criteria are available on the contest webpage. The winning solutions include open-source code and are designed to assist in the battle against robocallers, and the FTC will post additional information about the submissions online in the coming weeks.

The FTC will continue its efforts to engage information security experts in its ongoing battle against robocalls. Please continue to check FTC.gov/ZapRachel for updates.