Spammers and hackers have been making news this month after getting through to the UK Cabinet Office’s web portal and closing down certain portions of its website.
The malicious attack was carried out by circumventing this office of the British government’s CAPTCHA security controls, a website identity technique that many of us may be aware of but not perhaps fully understand even in basic terms.
The term CAPTCHA actually stands for Completely Automated Public Turing test to tell Computers and Humans Apart.
The basic idea is to disguise a password or entry code with some over- or under-laid distorted graphics, background and other lines or squiggles to obscure the hidden characters. While the human brain is capable of contextual reasoning, association and logic, a computer of course relies almost completely on logic alone. The gap between these two points of intelligence leads us to be able to outsmart so-called computer “bots” which might try and use automated techniques to read a CAPTCHA.
So are CAPTCHAs safe then?
CAPTCHAs do represent an extremely valuable tried and trusted means of dealing with the threat of malicious Internet activity and they will continue to do so for the foreseeable future. But as hacking and spamming techniques become ever more sophisticated, our use of CAPTCHAs may also now have to evolve.
Technology industry commentators are now pointing to computer-assisted CAPTCHA reading tools based on Optical Character Recognition and Machine Learning technologies; and there has even been discussion of “crowdsourcing” human users with various rewards to help interpret CAPTCHAs — although the capabilities of these tools and methods does not outweigh the overall strength of the CAPTCHA technique as it stands today.
CAPTCHAs may now become just that little bit more sophisticated as they start to integrate simple riddles or more “contextual semantics” of language. The efforts may now be needed to push the CAPTCHA process further towards the human side of the equation, and away from the abilities of computers.
Users might now for example be shown six words and asked to only enter the second, third and fifth word. Users might even be given simple sums to calculate based on the CAPTCHA presented to take the interpretation element one step further away from a hackers computer’s ability to crack the code.
As we now use second and third generation CAPTCHA technology this anti-hacker technique is far from being written off. We should be and are freshening up and readying ourselves for future threat possibilities, and that always makes good sense.