Wednesday, February 09, 2005
To break a CAPTCHA there are basically two options. Either come up with some fancy algorithm that does with image analysis and character recognition or simply show the CAPTCHA to a human, and have him/her tell you what the mangled text in the CAPTCHA really is. It seems that spammers prefer the latter option which is not only simpler to implement but also offers better reliability. Here is an example of what they do:
- Spammer creates a free porn site with the only catch being that users have to enter the text off a CAPTCHA before they can view images.
- That CAPTCHA is fetched from sites like Yahoo and displayed inline on their porn site.
- The moment a user keys in the sequence of characters, they programmatically feed it to the CAPTCHA entry box on the free email provider's site and open a new email account. The interesting thing to note here is that spammers dont have any way to really know whether the user entered the correct word or not.
The seemingly trivial task of identifying the mangled text in an image, is very difficult for computers. Apart from spammers, some CAPTCHA crackers are also scientists . Breaking a CAPTCHA programmatically has important implications in the field of artificial intelligence and optical character recognition.
However difficult the generated CAPTCHA image, if you involve humans to solve the problem under false pretense (as in the above example) then it can be always defeated.
Copyright Anand Jain 2004, 2005. All rights