Friday, April 25, 2008

Universal CAPTCHA Cracker: a new Deep Blue or "The Turk"?

According to some recent reports, there are cases when the toughest CAPTCHA puzzles are resolved in a matter of dozens of seconds.

The new automated bots were blamed in auto-registering Windows Live Hotmail, Windows Live Mail, Google's GMail, and Google's Blogger accounts, for SPAM/malware distribution and SEO poisoning attacks.

But what CAPTCHA-cracking engine stands behind these automated bots - a new Deep Blue endowed with AI, or the "The Turk"?

  • In 1997, Deep Blue has managed to convince the world champion Garry Kasparov that the machine had made a startling move only a human could conceive (he implied that the machine had cheated because the move seemed all too "human.").

  • On the other hand, we all know "The Turk" - a legendry chess-playing machine of the late 18th century, that appeared to be able to play a strong game of chess against a human opponent, but later explained as an elaborate hoax.

One website - - allows bot masters to log on and call its web service requesting it to crack CAPTCHA images "of any complexity" on-the-fly.

They charge 3 US cents for every CAPTCHA they crack and guarantee the response time to be less than 90 seconds.

CaptchaBot's "How it works" page contains this scheme:

As seen in the picture, the scheme implies that some mysterious brain stands behind the entire CAPTCHA cracking mechanism, and recognizes images by using OCR.

In the same time, there are some interesting web sites that allow the subscribers to make some cash by resolving CAPTCHA images ("in your spare time or while you work").

One such site - - is interesting in particular as on many forums people actually share their own experience with it.

Some users complain that while still advertises its service as an easy way to make $3 per hour, the real money is getting much less than that because its load is now balanced between a growing number of users, thus making them wait in the queue until they receive the next image to break.

Another site, challenges by doubling the money they pay for every manually resolved CAPTCHA.

One user claims he made $15 in 2 months, by resolving around 250 CAPTCHA images every day.

Now try to imagine a kiddo who managed to crack 15,000 CAPTCHAs in 2 months: