SEARCH:
washingtonpost.com
Web
| Search Archives

Digital Deception

With a test, Web sites let people in and keep out computers set to unleash spam attacks. Now, computers are cracking the code.

TOOLBOX

Resize Text

Save/Share +
Print This
E-mail This

COMMENT

Discussion Policy
CLOSE
Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions. You are fully responsible for the content that you post.

Who's Blogging

» Links to this article
Washington Post Staff Writer
Thursday, May 1, 2008; Page D01

Are you a human or a computer?

Over the Internet, it's getting harder and harder to tell.

Some of the common tests used by Web sites to distinguish between legitimate flesh-and-blood visitors and malicious human-mimicking computers recently appear to have been outwitted.

Last month, the human verification tests, which typically require users to identify deformed letters set against a cluttered backdrop, were broken by a computer. The computer then repeatedly created free Hotmail e-mail accounts and sent spam from them, according to Websense, the security firm that detected the hacking.

The attack followed similar ones this year against Microsoft's Live Mail accounts and Google's Gmail service. A little over a week ago, the security firm reported a similar attack on Google's Blogger, a blog publishing system.

"What we're noticing over the last year is that these tests meant to tell the difference between a human and a computer are being targeted by more and more malicious groups," said Stephan Chenette, manager of security labs at Websense, the firm based in San Diego that reported the attacks. "And they are getting better at it."

Spam, or unsolicited e-mails containing offers of Viagra, Rolex watches, pornography and the like, are the ultimate aims of such schemes. Solving the human verification tests with computers allows spammers to rapidly create new e-mail accounts from which to issue spam, which is estimated by Ferris Research to cost the U.S. economy $42 billion annually.

The problem of telling computers and humans apart has a long tradition in artificial intelligence theory.

In a landmark paper in 1950, British mathematician Alan Turing proposed that a machine could be said to "think" if it could carry on a conversation -- via teletype -- in a manner that was indistinguishable from a human.

But the practice of distinguishing humans from computers has taken on a far more practical role in the Internet age.

Anyone who has signed up for an e-mail account, bought show tickets or created a free blog, is likely familiar with these modern tests of humanity: they ask visitors to identify a string of wavy, deformed letters.

The letters are supposed to be impossible for computers to read in the time allotted but relatively easy for humans.


CONTINUED     1           >

More in Technology

Brian Krebs

Security Fix

Brian Krebs on how to protect yourself from the latest online security threats.

Post I.T.

Post Tech Blog

Reporting on the crossroads of technology and culture.

Rob Pegoraro

Faster Forward

Tech columnist Rob Pegoraro blogs about gadgets, software, tech glitches and more.

© 2008 The Washington Post Company