The Technium

Spammer AI

What if spammers come up with an artificial intelligence before Google does? 

An early warning signal has been detected. The Washington Post reports that spammers may have control of computers that can decypher those letter puzzles on websites called CAPTCHAs. CAPTCHAs are designed to be solved only by humans, since — at least until now — only humans could unravel distorted, distressed lettering. The problem with making CAPTCHAs more difficult is that humans have trouble solving them.

Captcha Banner

The computer scientists can’t tell yet whether spammer bots or spammer-paid humans are solving the CAPTCHAs. That is the definition of passing the Turing test — if humans can’t tell.

  • I figured out a way one could do it which is not completely automated, but which could not be be thwarted if CAPTCHAs remain human-readable. A computer submits requests for new blogs, email addresses, etc. These requests are served CAPTCHA images. The computer copies and forwards these CAPTCHA images to the spammer or one of his low-paid employees, who types and returns the CAPTHCA alphanumeric codes as quickly as possible (which, with practice, could be typed very, very fast). All the spammer or employee has to do is read and type. The computer does the rest.

  • Captcha’s are already too hard judging by my experience. For example, I had to try four times to get my last comment entered! I hope this one is easier :-)

  • Michael Morisy

    Scary indeed, but passing the Turing test?

    Type math problems into a chat client and I bet you couldn’t tell if the answers come from a human or AI either, though no one would argue that a chat calculator is passing a Turing test.

  • Josh S.

    Interesting. Are you suggesting that this counts as passing the Turing test? I thought that the Turing test requires a conversation.

    If this is true, then it is probably just an improved OCR method. Already a normal person wouldn’t be able to tell if a computer or a person typed out a page, but that doesn’t mean the computer is smart or passes the Turing test.

  • Phil

    Your comparison does seem a little out of proportion. As everyone is pointing out, these captcha-bots would make lousy conversationalists. They’ve got about as much in common with general AI as does a high-end barcode scanner.

  • Ted

    My $ is on low paid workers in developing countries.

  • stiz

    One well known blackhat SEO tactic is to collect captcha images from a target site via a bot, index them, then re-use them as captcha security on the spammer’s own myriad of spamblogs/spamforums/spamsites: every time an unsuspecting user of a spammer-owned site solves a stolen captcha in order to do whatever it is they’re trying to accomplish, the captcha solution is indexed with the captcha image. This process is comletely automated, preplanned, and it has the added benefit of unsuspecting human users providing the work. For blackhats with an extensive portfolio of sites and blogs, this method can quickly solve every captcha image in use for a particular site. It’s fascinating because it’s like a trojan that can hijack wetware (humans).

    • @stiz: Wow, that’s cool — and scary. I had no idea that captchas were recycled. I had just assumed there was an infinite pool of them – that they were generated on the fly. Why would anyone reuse one?