FTC Awards Five Winners from #DEFCON22 Robocall Honeypot Challenge

Honey dipper and pot

The Federal Trade Commission (FTC) had such great success with their first robocall challenge competition that the agency decided to take a different angle this year—targeting the skilled hackers at DEF CON 22, the annual defense conference in Las Vegas in early August.

Five winners earned cash prizes and bragging rights for their creative technical solutions around building and hacking “honeypots” that spoofed illegal robocall experiences. Some details from the program managers:

The FTC announced the winners of its Zapping Rachel robocall contest that we held at DEF CON 22, one of the oldest hacker conferences in the U.S. This was our second robocall challenge and first contest at DEF CON. Our contest consisted of three phases all focused on robocall honeypots, an information system designed to attract robocallers and help law enforcement, researchers, and others understand robocaller tactics. Phase 1 challenged contestants to build a honeypot, phase 2 challenged contestants to circumvent a honeypot, and phase 3 challenged contestants to analyze data from an existing robocall honeypot.

Sixty teams and individuals participated in one or more of three phases. We are excited about the results of the contest and the level of interest that the DEF CON community expressed in learning more about the robocall problem. And we hope to continue engaging this community on this issue in the future. For additional information on the contest or about the robocall problem, please visit the contest website or the robocall website.

The winners are:

The Creator Phase: Jon Olawski will receive $3,133.70 for his winning honeypot. Phase 1 challenged contestants to build a honeypot that identifies inaccurate information in incoming calls, such as spoofed caller IDs, or determines which calls are likely robocalls. Jon’s honeypot uses a combination of an audio captcha filter, call detail analysis, and recording and transcription analysis to determine, on a sliding scale, the likelihood that an incoming call was a robocall.

The Attacker Phase: Jan Volzke will receive $3,133.70 for his winning solution, Droid Rachel. Phase 2 challenged contestants to circumvent an existing honeypot and prevent it from collecting information on incoming calls. Droid Rachel circumvents the existing honeypot by employing a four-step targeting process that screens out phone numbers potentially connected to a honeypot, and optimizes Droid Rachel’s ability to send robocalls using unsuspecting consumers’ Android phones.

The Detective Phase: The winning team is Yang Yang and Jens Fischer, and they will share $3,133.70. Phase 3 challenged participants to analyze call data from an existing honeypot and develop algorithms that predict which calls are likely robocalls.

The judges also selected two honorable mentions—Sean Beck and DarkTyphoon—and each will receive $1,337. The winning solution focused on metrics such as the number of calls made, whether the number called was a toll-free number, and the time of the call to identify likely robocalls. Sean’s solution focused on time of call and number of calls made, while DarkTyphoon’s solution utilized additional metrics such as the area code and exchange numbers called.

Interested in learning more about Challenge and Prize Competitions? Check out our Get Started Guide.