New attack puts a dent on Google's reCAPTCHA

A security researcher has claimed that using a combination of optical character recognition and other techniques allowed him to successfully break reCAPTCHA's CAPTCHA service, which is popular and widely used. CAPTCHA, or "Completely Automated Public Turing test to Tell Computers and Humans Apart" is a security measure where users solve puzzles that cannot be easily answered by machines.

The security tool's use ranges from the creation of new email accounts to the posting of comments on blogs and forums. The attack was described on a white paper, with Jonathan Wilkins of iSEC Partners pegging a success rate of 17.5 percent of the technique against reCAPTCHA.

According to The Register, Wilkins noted that "Even a modest-sized network of 10,000 infected machines with a success rate of 0.01 percent would yield 10 successes every second. That could translate into 864,000 new accounts every day." With this taken into consideration, the 17.5 percent success rate starts looking very impressive--and scary--indeed.

Defending the system, a Google spokesman pointed out that data in the report was collected early last year, and was pitched against older technology. The conclusion, "Therefore, this study does not reflect the effectiveness of reCAPTCHA's current technology against machine solvers." Google acquired reCAPTCHA in September. 

It is clear that defending against the exploitation of resources by spammers abusing free accounts, continues to be of paramount importance to providers such as Google. With spammers working in overdrive to crack the system, it is not clear whether the technology can continue to stay one step ahead without severely unconvincing legitimate users.

For more on this story:
- check out this article at The Register

Related Articles:
Botnets won't be going away anytime soon
United States named biggest spam producer in the world
Survey: One in six consumers respond to spam
Get ready for cell phone spam
Who's responsible for spam and malware?