Help
Click

MORE PROGRAMMES

Page last updated at 16:23 GMT, Friday, 29 May 2009 17:23 UK

A case of mind over technology?

Signing up for a webmail account or social networking site usually requires the user to decipher and re-type some scrambled letters first.

New captcha techniques being used to beat hackers

These text systems are called Captchas (Completely Automated Public Turing Test to tell Computers and Humans Apart).

Users are asked to fill out a captcha form to confirm they are a real person rather than a computer program.

Their purpose is to stop hackers creating programs that could automatically sign for thousands of accounts.

Scammers and spammers would then exploit these to send out more effective junk mail.

Spreading malware

A lot of spam messages are automatically caught and blocked by spam filters because the sender's address does not exist.

Messages sent from a real email account appear more genuine, and tend to get through spam filters.

Paul Wood from web security firm MessageLabs
Paul Wood said some net users are unwittingly helping hackers

But fake accounts on social networking sites open up even more possibilities.

For instance, hackers exploit the ability to share multimedia content to spread malware, said Paul Wood from web security firm MessageLabs.

"If you can encourage someone to click on a link, and that site is within a social networking environment, it's very difficult for the person to identify if it's genuine or not," he explained.

Some techniques are being used to make captchas harder, so software is less likely to identify the characters or remove any background noise.

"The most important technique to make a captcha difficult to crack is to make those characters either overlapped or connected," said Jeff Yan, a lecturer on computer security at Newcastle University.

"The second most important technique is to use all sorts of distortion techniques," he added.

Trickier tests

But crafty hackers are employing automated speech recognition software to break the audio alternative to captchas, which are meant for visually impaired users.

However, researchers are also working on alternatives to come up with increasingly tricky tests.

Moving monogram when signing up for an Opera mail account
An Opera mail account requires deciphering a moving monogram

For example, anyone registering for an Opera mail account has to make sense of a moving mangled monogram.

A test scheme from Microsoft known as Asirra (Animal Species Image Recognition for Restricting Access) has swapped the text for pictures.

Users are asked to identify whether animal pictures randomly selected from a pet adoption site contain cats or dogs.

A similar idea from Carnegie Mellon University requires the user to identify and trace a specific object from a selection.

Despite this proving much harder for computers and easier for humans, these kinds of tests have been criticised for not being proper captchas.

Also, the design of every single test needs the involvement of a person to decide on the right answer.

Captcha breaking

The human mind, as the ultimate deciphering tool, is available to hackers who employ people to break captchas.

"In India, for example, there are a number of businesses that specialise in this activity. They have 24/7 coverage, enable people to work from home, flexible working hours, and all they're doing is data processing. But that data processing is of course captcha breaking," said Mr Wood.

Recaptcha
Captchas are being used as part of a project to digitise old books

He added that many others do a hacker's work for them without being aware.

"For example, they may be trying to get access to an adult website, and in order to gain that access they have to solve a captcha - on behalf of the bad guys.

"Another technique, more recently, is where some malware may be infecting a machine, and it will pop up and say that if you don't solve this captcha within three minutes then your machine will shut down," he said.

Carnegie Mellon University in Pittsburgh has come up with the Recaptcha project that puts solved text to good use.

The project takes words from old books and newspapers that optical character reading software has marked as unreadable by computers.

By deciphering these words, users are helping to complete the conversion of old texts to digital form.



SEE ALSO
Spam weapon helps preserve books
02 Oct 07 |  Technology
Archives aided by anti-spam tools
18 Aug 08 |  Technology
PC stripper helps spam to spread
30 Oct 07 |  Technology

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites


FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


banner watch listen bbc sport Americas Africa Europe Middle East South Asia Asia Pacific