According to Brian Krebs of the Krebs on Security newswire, by using Captcha technology and the Cyrillic alphabet, it is now very difficult to pass the Turing test if you are not a native Russian language speaker.
As previously reported, Captcha – an automated test to verify the person is a human – is a challenge-response test used in computing as an attempt to ensure that the response is generated by a person.
The process usually involves one computer (a server) asking a user to complete a simple test, which the computer is able to generate and grade.
Because other computers are assumed to be unable to solve the Captcha, any user entering a correct solution is presumed to be human. This processing is sometimes described as a reverse Turing test, because it is administered by a machine and targeted to a human, in contrast to the standard Turing test that is typically administered by a human and targeted to a machine.
Krebs – who has visited Russia many times – says that he has now managed to verify himself on key Russian-language forums dedicated to internet scammers of all types, despite the forum using Russian Captcha technology to keep out casual lurkers and law enforcement officials from outside Russian.
“Although these cultural Captcha’s will not stop those determined to break them, cultural [tests] are an interesting approach to blocking unawanted users. Most Captcha systems can be trivially broken because they merely require users to repeat numbers and letters. Some Captchas ask the visitor to solve math or logic puzzles, but these questions can be answered by anyone with a grade school grasp of mathematics”, he explained in his latest security posting.
Krebs went on to say that spammers are now tending to rely on commercial, human-powered Captcha solving services, which automate the solving of these tests with the help of low-paid workers in China, India and Eastern Europe who earn pennies per hour deciphering the puzzles.
“In many ways, cultural Captchas seem to be uniquely suited for small, homogeneous and restricted online communities. I would not be surprised to see their use, variety and complexity increase throughout the criminal underground, which is constantly trying to combat the leakage of forum data that results when authorised members have their passwords lost or stolen”, he noted.