CAPTCHAs are dead – new research from Dancho Danchev confirms itby Steve Ragan - Aug 31 2008, 00:44
Booming business in India leads to death of CAPTCHA. (IMG:J.Anderson)
CAPTCHA has long been a standard used in the online account-creation process. However, a booming Indian economy has taken aim at the security measure, paying a mere $2 USD per 1000 broken to break as many as 700,000 per day from systems like Google, MySpace, Yahoo and others.
Completely Automated Public Turing test to tell Computers and Humans Apart (or CAPTCHA), is a challenge response to ensure a user is entering the information requested.
However, scripting advances and teams working to record the CAPTCHAs used on various sites have all-but ruined this security system. This leads to fake accounts, created to spread Spam and, in some cases, Malware from GMail, Yahoo, MySpace, Facebook and other popular sites.
CAPTCHA is a dead art, it worked well for a few years, but the criminal element has caught up to the technology, and there has been little change in the CAPTCHA standard to match it.
Dancho Danchev has posted an article on ZDnet with some insight and research into the CAPTCHA economy in India. The business of “data processing” is growing, paying obscenely low wages to freelancers with high WPM typing counts.
“Let’s analyze the shady data processing economy of India, discuss exclusive photos of Indian workers breaking MySpace and Google CAPTCHAs, and take a tour inside the web applications of several Bangladesh based franchises, whose team of almost 1,000 international workers is actively soliciting deals for breaking Craigslist, Gmail, Yahoo, MySpace, YouTube and Facebook’s CAPTCHA, promising to deliver 250k solved CAPTCHAs per day on a “$2 for a 1000 solved CAPTCHAs” rate,” Danchev wrote.
His research looks at the hundreds of franchises operated by India’s larger data processing firms. Moreover, Danchev managed to get several great shots of the tools used, and some of the marketing deployed online. The recruiting flips from “breaking” to “solving,” making the job offers and outsourcing look like a challenge for some speed typists instead of the harvesting and collection of CAPTCHA keys for later illegal use.
Some examples of marketing that Danchev discovered include:
“I have 40 PCs and 55 Persons working in my office for data entry work. As 1 person can do 800 captcha entry per hour. We can deliver you good quantity with quality”
“We having more then 10 teams,we are operating 24/7 data entry works and delivering 700k/day captchas daily”
“Dear Sir I am an expert in account creation, will provide you the accounts as per your requirements.I ensure the guaranteed satisfaction always. I charge only $40/1000”
So what do you think? Has CAPTCHA gone the way of the Dodo?