Paid Advertising
web application security lab

CAPTCHA Breaking Game

As mentioned on Ronald’s blog and a rather suspicious digg entry linking to a referral code (indicating that the person who dugg this is somehow related to the site) there is a CAPTCHA breaking service located at decodetowin. The site claims to be running a sweepstakes and the only way to win is to “decode” the CAPTCHAs. Here is text from the site:

What is Decode to Win? Decode to Win is a contest website in which you decode graphical messages to increase your chance at winning a prize. You get one point for every message you decode. At the end of each week, we pick a random user from the top 15 point holders and send him/her a prize offering. In some cases, we will send prizes to more than one user.

No doubt, signing up adds your name to validated spam lists - they get you coming and they get you going. Interesting premise though. It appears that they are breaking Google CAPTCHAs by the looks of it, but it’s difficult to know for sure unless you are Google. One interesting thing I noticed as I was testing it is that the first one succeeds while the following tries always fail until you reload the flash file. It’s unclear why they do this, but my guess is that it is likely that people will try more than once, and it is unlikely that they will sign up. So it’s worth getting them to try three or more times to see if they simply typoed the second try. It’s out the folks, no one should doubt that CAPTCHAs definitely are being broken. Thanks to Ronald to pointing this one out.

4 Responses to “CAPTCHA Breaking Game”

  1. Spikeman Says:

    Site seems to be down now.

  2. tyler Says:

    “Luis Von Ahn: Human Computation” - i think that one of the first thing’s he discusses was a group of spammers that would queue up CAPTCHA’s that they couldn’t solve, then on the other end ran a porn site with just images, but for ever 5 or so images you’d see they’d pull a CAPTCHA off the queue and if you got it correct they’d show you the next sequence of 5 photos.

  3. thrill Says:

    What are the chances these guys are related to these guys:

    Instead of paying someone to solve them, just pretend you’re running a sweepstakes and utilize the power of the Internets Tube Afficionados™ to solve them.


  4. Protocol Says:

    Came across some interesting articles on your site regarding CAPTCHA and OCR and didn’t know if you are aware or not but there are a couple of programs floating around the underground communities that do this quite effectively already some even have the ability to learn ie..when its showing the wrong character you can correct it it will never fail again on that font and font library is only limited by the amount installed on that machine. you can soften edges invert select colors ect… and it’s about 4 years old but still does a great job !!! to refrain from the newbs going script kiddie crazy i will refrain from giving the name of the program. but rest assured it is out there.