Google not sure if Gmail's captcha has been broken, could just be hired guns doing the cracking


Google doesn’t believe that Gmail’s captcha, those little picture things you have to fill out before signing up for a service, have been cracked just yet. There’s been whispers here and there recently suggesting that hackers may have figured out the algorithm used by Gmail, which would ultimately lead to a hell of a lot of spam coming from automatically created Gmail accounts. That’s a particularly big problem because, as Bits points out, anti-spam filters typically white list all Gmail traffic. In other words, spam with origins in Gmail would be free to spread around the Internet unfettered.

Google says it isn’t sure if the captcha has been cracked per se, but does recognize an uptick in Gmail spam. This could be because professional spammers have hired humans to manually create account—one Russian firm reportedly pays such worker about $3 per day for such labor.

Even if Google’s captcha wasn’t cracked, some security experts (you know, such as myself) believe it could just be a matter of time. Every time an account is created, hackers can note the correct code and use it to gain an understanding of the relevant algorithm.

Breaking Google Captchas for $3 a Day [Bits New York Times Blog]