Cracking the Captcha
Speaking as someone who detests having to try to decipher those drunken spider scrawls and type in the characters to prove I am human every time I try to login to Hotmail, I took some interest in reading that spammers are industrialising the cracking of captchas.
In the middle of June, the Cabinet Office had to close parts of the UK Open Data website after spammers found a way to circumvent the Captcha system and heavily spam the comments boards. Elsewhere, security researchers have reported that it isn't just spammers who are looking at ways to automatically solve Captchas. Criminals are also using circumvention techniques to deal with Captchas in attacks designed to harvest identity and financial data.
There are three techniques being used to beat the Captcha. The first is Optical Character Recognition which just gets better and better. The underlying belief of captchas is that it is a puzzle that a human can solve easily but a machine cannot crack. Well as computers get faster and cheaper, they get better at cracking these puzzles, and as I get older, my eyes find it more and more difficult to decipher them.
The second technique is outsourcing. Captcha-solving is outsourced to 21st century third-world sweatshops where workers are paid to sit in front of a screen solving the captchas at a pittance piecemeal rate. Even that can be too expensive for spammers and the third technique is a development of this, crowd sourcing. Typically porn sites are used to lure in the crowd and periodically the visitor is asked to solve a captcha puzzle in order to continue viewing. The solution they provide can then be used to post a message on a comment board, sign up for a webmail account which can be used to send spam, or used in an attempt to break into someone else's logon.
30th June 2012