Word has it that spammers have started circumventing the CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) system used by Google’s email service, Gmail. It can be recalled that a similar issue happened with the Windows Live mail service a few weeks back.
The two attacks are pretty similar in terms of using bots to register new email accounts. However, the Gmail attack is considered more complicated since it uses two compromised hosts in its attempts to break into the Google CAPTCHA system. The first host attempts to extract a copy of the CAPTCHA image in bitmap format then attempts to break the code. In case it fails, a second host uses the same image, but breaks it down into segments then sends it as a portable image or graphic file. Segmentation is the only task where humans still outperform bots, but it is steadily gaining attention and focus among spammers and bot herders.
It is apparent in the mechanism above that Google CAPTCHAs are a lot harder to break than those from other email services—and it better be. Gmail provides a very wide window of opportunity for spammers in leveraging Google’s wide range of services for free. The popularity of Google makes it difficult to track spammers among the millions of users across the globe. This further makes Google’s domains highly unlikely to get blacklisted.
Although breaking the Google CAPTCHA is of a very low percentage as of yet, we cannot deny that it works. We can expect more innovations in the future, and far more effective and creative ways of dealing with bots should definitely be in the to-do lists of email service providers as well.