By on March 14, 2008

Google’s Gmail Captchas Hacked? Not L1kELy!

19



Some spammers are claiming to have cracked Gmail’s captchas–the mix of letters and numbers that only humans are supposed to recognize. If true, email spammers could create thousands of Gmail accounts and use them to send those annoying Viagra and “enlargement” offers.

Not so fast, says Google!

Brad Taylor, a Google software engineer known informally as the company’s spam czar, says that internal evidence shows that the rise in spam originating from Gmail accounts stems not from captcha-busting programs. Instead, he said, spammers are using the old-fashioned “mechanical turk” trick—an operation where low-paid laborers in third-world countries are enlisted to solve the puzzles, one by one.

“You can see it is clearly done by humans,” Mr. Taylor said. “There are patterns in the rate we find bogus accounts, like at night time and when people get off work,” in certain parts of the world.

I’m leaning towards believing Taylor on this one. I have a hard enough time getting captcha letters correct, so I doubt spammers have created software that does any better.

More likely, spammers are provide free porn, in exchange for humans helping them crack the captchas.


Similar Stories in: Search News | Forward: Email This Post

Similar posts you may like...

19 comments on “Google’s Gmail Captchas Hacked? Not L1kELy!”

  1. PS3 Says:

    March 14th, 2008 at 4:22 am

    I have to admit that I struggle with Captcha full stop. I agree with the concept but it is so fiddly.

    My aged mother (bless her) has a Google account and has given out her mail address to just half a dozen people, yet gets 150 unwanted mails a day.

    I’ve told her just to get a new address but I think she quite likes some of the content if the truth be known !

  2. Zen Says:

    March 14th, 2008 at 7:04 am

    From my personal experience, I started receiving spam when I signed up for those sites like bux.to and similar. It was notorious: as soon as I gave them my mail, the spamming commenced. I didn’t get a single spam mail before that. Goes to show… even the legit looking ones sell your mail accounts.

  3. Xianhong Says:

    March 14th, 2008 at 7:47 am

    Yes, I can get some spam emails from gmail. something like:
    ——-
    Want to shave a few pounds?
    You must know this secret!
    Look attached details or visit out site (LINK IS IN ATTACHED DETAILS)
    ——-
    also a zip file attached, the file is html file.

  4. SEO guy Says:

    March 14th, 2008 at 8:22 am

    Don’t mean to disappoint you but the other week there was a newly developed gmail mass address creator circulating in some blackhat circles that does actually bypass the captcha.

  5. Marcy Says:

    March 14th, 2008 at 10:23 am

    I get some spam emails from gmail, too. How can i can stop this?

  6. Futon-Matt Says:

    March 14th, 2008 at 10:52 am

    Wow, I’d be impressed if someone actually hacked anything Google does. Though, I don’t really know how long the hack would last.

  7. SEO guy Says:

    March 14th, 2008 at 11:23 am

    @ Marcy

    From Gmail or into your Gmail?

  8. Andy Beal Says:

    March 14th, 2008 at 12:30 pm

    @SEO guy – any proof that it worked? Without any human input at all??

  9. Don Draper Says:

    March 14th, 2008 at 1:59 pm

    Having worked in image processing in a previous lifetime, I don’t find it unbelievable that several types of captchas have been cracked. If software can spot a tank in the woods from a satellite picture, then figuring out some letters that have been twisted around a bit shouldn’t be so hard. It’s not something the script kiddies are going to figure out, but it’s easier than what the russian computer science PhDs used to be working on.

  10. Paul Says:

    March 14th, 2008 at 4:17 pm

    This is a hell of a coincidence because as of the last week and a half I have received quit a number of viagra sals pitches, and when i say quite a number i mean 8 to 10 a day to my junk folder.Prior to last week nil…zero…nothing and when i block them 99% are gmail accounts.

  11. Frank Says:

    March 14th, 2008 at 5:14 pm

    Interesting that one of the competitive message security providers of Google’s Postini services, couldn’t help themselves in suggesting this may have happened.

  12. SEO guy Says:

    March 14th, 2008 at 6:01 pm

    Andy Beal

    Yep, it is fully automated. I personally know two guys who now use it for all sorts of sneaky spam. I did not test it myself however. I’m allergic to spam. Besides, it costs over $400.

  13. jen Says:

    March 14th, 2008 at 7:25 pm

    I dont think gmail’s captcha is any better than anyone elses and there are programs that can read them.
    jenlovee1@gmail.com
    spam away….haha…jk

  14. Mobile guy Says:

    March 15th, 2008 at 5:30 pm

    In the meantime Google has slightly changed its CAPTCHA.

  15. Piper Says:

    March 16th, 2008 at 12:51 am

    Until recently, I don’t remember getting much Gmail spam. Lately, though, it seems like about a fourth of the spam letters I get are coming from Gmail addresses. I even got one last week that said it was a death threat from a hitman hired to kill me unless I give him $12,000. Easily the funniest spam I’ve seen in a while.

  16. SEO guy Says:

    March 16th, 2008 at 11:25 am

    Piper,

    Well, be careful just in case he he

  17. Dieter Says:

    March 16th, 2008 at 6:11 pm

    spammers are provide free porn, isn`t it nice?

  18. Nicole Says:

    March 17th, 2008 at 10:52 am

    Providing porn in the form of a woman progressively undressing with each captcha answer is something the spammers are doing, or so I too read somewhere a few months back. Its brilliant on the part of the spammers if they have indeed gotten a code to do it.

  19. Sue Says:

    March 19th, 2008 at 3:57 pm

    Very interesting. I didn t know that bevor. I think google need need more security programs