Captcha can getcha too

Sometimes figuring out what those squiggly characters are is tricky and that’s the point. Captchas were designed to require some thinking. Typing in those letters and numbers that appear in the little colorful box is supposed to be a challenge and task that only humans carry out. Online criminals can’t use their bots (and botnets) to distinguish letters and numbers that have been altered beyond their automated recognition capabilities.

Enter human ingenuity. Cybercrooks have quickly worked around the captcha technology by putting humans to work. Like any other outsourced jobs, captcha-solvers can be set up anywhere PCs can be connected to the Internet. Byron Acohido’s “Cybergangs use cheap labor to break codes on social site” at usatoday.com points out that networking sites like Facebook and MySpace are vulnerable because they provide the criminals with large concentrations of potential victims who have the same mindset. "Social-networking sites are a viral marketer's dream," says Paul Wood, analyst at Message Labs-Symantec, an Internet security firm. "The potential to tap into a huge community of like-minded individuals is enormous."

The popularity of social networking sites has drawn the attention not only of marketers and legitimate advertisers, but unfortunately, criminals, too. But criminals can’t get access to social networks’ protected Web pages via their bots because they have to get past the captchas to create accounts and send private messages (including Web links). By using humans, the criminals can sidestep these protections. Says Acohido, “ Without the emergence of for-hire captcha-breakers, a particularly destructive worm that plagued the Internet in May — known as Koobface — would not have been possible.”

While social networking sites scramble to stay a step ahead of criminals prowling the Internet, the crooks do all they can to keep up. As long as they can retain cheap hired help, the battle will continue.