Cybercriminals Buy Captcha-Codes for Pennies

Dennis Faas's picture

Security specialists who monitor the behavior of cybercriminals are now reporting a disturbing trend among online scammers: paying "captcha-breakers" to solve random blocks of text, to supersede anti-fraud and anti-spam measures.

Humans Versus Computer Programs

Catpcha stands for Completely Automated Public Turing test to tell Computers and Humans Apart. Captchas are most prevalent online blogs that require a user to enter a series of numbers or letters in order to post a comment online.

While sometimes an inconvenience, websites and online forms that require captchas are critical in the first line of defense against cybercriminals.

Since its inception in 2001, captchas have been able to reduce the number of computer viruses and malware used to extract pertinent information on actual computer users.

Captcha-Breakers Do the Dirty Work

There is no real way of detecting a captcha-breaker, though these people are believed to be operating anywhere from high-end Internet cafes to low-end sweatshops based out of China, India and Nigeria. (Source:

At least one known operation exists in rural Pakistan where bandwidth is accessible and labor runs cheap.

Cybercriminals pay captcha-breakers half of a cent to a penny for each solved captcha; decent pay in some of the third world countries where it is becoming a problem. This kind of information comes from actual recruitment ads posted on hacker forums all across the Internet. (Source:

Social Networks a Haven for Cybercriminals

There is little doubt that cybercriminals are lured to social networking sites like Facebook and Twitter. Facebook alone is claiming 200 million members -- a virtual goldmine for Internet deviants wishing to steal a few identities or just create some online mischief.

With the captcha line of defense removed, these social networking havens are left virtually unprotected from the misdirected clicks of honest users. This has led to the spread of infamous malware such as Koobface, Conficker and other dangerous viruses.

The information paints a disturbing portrait of our online safety standards. However, considering that captchas have continued to be used as an online security tool since 2001, the emergence of captcha-breakers was almost inevitable.

Still, it will be interesting to see what new security measures will be put in place to detract future online deviants. The only question is, how long will it be until these security measures are broken down as well?

Rate this article: 
No votes yet