CAPTCHA-Solving Tools Are Facilitating Russian CybercrimeLeave a Comment
We like to joke that CAPTCHA provides a criminally bad user experience, but here’s a report about insecure CAPTCHAs enabling actual crime. From security researcher Dancho Danchev at the Webroot Threat Blog:
Just how challenged are cybercriminals when they’re being exposed to CAPTCHAs in 2013? Not even bothering to “solve the problem” by themselves anymore, thanks to…an automatic registration tool which undermines the credibility of Russia’s major free email service providers by allowing cybercriminals to register tens of thousands of bogus email accounts.
Danchev goes on to explain how this easily-available tool uses a relay attack, in which each CAPTCHA’s image is passed along to a human solver, to enable Russian cybercriminals to register thousands of fraudulent accounts. They can then use those accounts to send spam or register malicious domains.
Screenshot of one CAPTCHA-solving tool
This is just one more area in which PlayThru puts CAPTCHA to shame. Unlike traditional text CAPTCHAs, PlayThru isn’t just a test that’s looking for a correct answer. Our games require direct user interaction, so they can’t be passed off over the internet for someone else to “solve” via a relay attack.
Read more on the Webroot Threat Blog.