While the variety of alternative ways to bypass CAPTCHA faster and more efficiently has grown in recent years, the original human click farm solution remains most accessible and popular. CAPTCHAs come in many forms including those shown in Figures 1 and 2. CAPTCHAs were first implemented in the late 1990s 1 as a rudimentary reverse Turing test to help websites filter out growing volumes of problematic bot traffic.
CAPTCHA is a backronym for Completely Automated Public Turing test to tell Computers and Humans Apart. What are CAPTCHAs?īefore diving into the details, let’s take a moment to review what CAPTCHAs are and how they work. This is what I found when I went to work for a CAPTCHA-solving click farm. One key service that cybercriminals use is CAPTCHA bypass. As head of the Shape Intelligence Center, I continue to watch our adversaries evolve, and I like to see for myself how common tools and services used against our customers operate, when I can. In my past life as a law enforcement and intelligence officer, I was often surprised by the innovation and maturity of the 'businesses' and services that cybercrime entrepreneurs develop. In our recent 2021 Credential Stuffing Report, we talked about the prevalence of credential stuffing attacks and the bot technology that attackers use.