Cracking Captchas

November 11, 2007

One of the most popular ways to stop spammers these days is with the use of captchas (those times when you have to type in the warped letters in a box in order to enter a site). Robots can’t read the things, so only humans can enter these sites, keeping bad people from using robots to create multiple site registrations or harvest personal information from a site.  Needless to say, a barrier to entry becomes a challenge to hackers and the captcha is no exception. Until recently, this has involved developing screen readers capable of reading the letters in the box, leading to the use of increasing distorted letters.  The most recent way of breaking these things, however, is a true example of what makes an innovative idea.  One could engage in an endless battle to create ever more advanced screen readers, while security people make more and more complicated captchas.  A smart hacker realizes, on the other hand, that what really reads captchas well is a human and the best way to beat captchas is by harnessing human brain power.

So, recently a new hack appeared in many people’s mailboxes.  One would receive the opportunity to watch a woman disrobe … all you had to do was solve the captcha provided.  These captchas had been scraped from websites using them for security by robots, who then mailed them out to people to solve.  Having been mailed back, the resulting answer would then be plugged into the solution box on the web page in question, and the robot would continue on it’s merry way.   While truly lame and pathetic (in terms of what it says about human nature), this is a truly brilliant social hack, because of the ease of production (no technological battles with site developers), ans the fact that it uses exactly the right tools to accomplish its task with maximum efficiency (the very human brains that captchas are designed to work well with).  Sad, but cool.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: