CAPTCHA’s cracked

CAPTCHA is the nickname of the venerable (ok only a few years of veneration) technique of verifying if the person on the other side of the screen is actually a person not a computer. We’ve all seen them a million times: a very hard to read bit of text in a small box, with a request that you decipher it and type in the text into another box.

Well it seems that spammers have figured out a way to defeat them: yes, you guessed it, “Captcha Farms.” I first thought they were some exaggerated fear mongering but I suppose their commonplace enough that it’s being reported even in, the, g-u-l-p, New York Times:

“Sophisticated spammers are paying people in India, Bangladesh, China and other developing countries to tackle the simple tests known as captchas, which ask Web users to type in a string of semiobscured characters to prove they are human beings and not spam-generating robots.” (from Spammers Paying Others to Solve Captchas, from the NYT.)

Except I’ve heard of an even more subversive variation, where spammers put up what appear to be run of the mill porn sites, that, instead of asking you to pay with cash for access, ask you to solve a captcha for each image or video or whatever. (whatever?) Poor guy is not only solving it to gain access, they are also solving it, in real time, to help a spammer gain access to some site they are attacking. Creative.