CAPTCHA Cracking: Nice Work, If You Can Get It

This story in The New York Times about people being paid to fill in CAPTCHAs is as much about IT security, as it is about working conditions in the developing world. According to the article, people in India, China and Bangladesh, among other developing countries, are being paid between the equivalent of 80 cents and US$1.20 for each 1,000 deciphered boxes.

CAPTCHAs are those funny sets of numbers and letters set every which way and embedded in an image in a box at the base of some e-mail, and login pages, to prevent automated bots and scripts from signing into accounts. The idea is that only humans should be able to recognize and enter the text from the embedded images.

That is, unless, the humans themselves are deliberately entering the text, opening the e-mail accounts, for example, and passing them along to spammers. Apparently, thousands of people in Asia, most part of sophisticated operations, are in on the act. And projects are even bid out online, and most employees have no idea who is hiring them.

The reaction of Google, one of the targets of these CAPTCHA crackers, glosses over the issue. Macduff Hughes, an engineering director at Google, said “Our goal is to make mass account creation less attractive to spammers, and the fact that spammers have to pay people to solve captchas proves that the tool is working.”