Digital Deception

By Peter Whoriskey
Washington Post Staff Writer
Thursday, May 1, 2008

Are you a human or a computer?

Over the Internet, it's getting harder and harder to tell.

Some of the common tests used by Web sites to distinguish between legitimate flesh-and-blood visitors and malicious human-mimicking computers recently appear to have been outwitted.

Last month, the human verification tests, which typically require users to identify deformed letters set against a cluttered backdrop, were broken by a computer. The computer then repeatedly created free Hotmail e-mail accounts and sent spam from them, according to Websense, the security firm that detected the hacking.

The attack followed similar ones this year against Microsoft's Live Mail accounts and Google's Gmail service. A little over a week ago, the security firm reported a similar attack on Google's Blogger, a blog publishing system.

"What we're noticing over the last year is that these tests meant to tell the difference between a human and a computer are being targeted by more and more malicious groups," said Stephan Chenette, manager of security labs at Websense, the firm based in San Diego that reported the attacks. "And they are getting better at it."

Spam, or unsolicited e-mails containing offers of Viagra, Rolex watches, pornography and the like, are the ultimate aims of such schemes. Solving the human verification tests with computers allows spammers to rapidly create new e-mail accounts from which to issue spam, which is estimated by Ferris Research to cost the U.S. economy $42 billion annually.

The problem of telling computers and humans apart has a long tradition in artificial intelligence theory.

In a landmark paper in 1950, British mathematician Alan Turing proposed that a machine could be said to "think" if it could carry on a conversation -- via teletype -- in a manner that was indistinguishable from a human.

But the practice of distinguishing humans from computers has taken on a far more practical role in the Internet age.

Anyone who has signed up for an e-mail account, bought show tickets or created a free blog, is likely familiar with these modern tests of humanity: they ask visitors to identify a string of wavy, deformed letters.

The letters are supposed to be impossible for computers to read in the time allotted but relatively easy for humans.

CONTINUED     1           >

© 2008 The Washington Post Company