A team of researchers from the Universities of Arizona, Georgia and South Florida have developed a new CAPTCHA solving tool, based on machine learning. According to them they can solve 94.4% of the problems in dark web, qwhich use authentication method to protect themselves from rivals. The tests are carried out on the darker side of the internet precisely to assess how automation manages to maintain the level of protection that CAPTCHA itself offers.
The study aimed to develop a method to improve intelligence about security threats, which currently, when involving CAPTCHAa, are dependent on people for their resolutions.
At dark web, specifically, CAPTCHA are present mainly to prevent DDoS attacks, originating from competing websites, from damaging the daily operation of the page’s services. As this type of threat usually uses automated machines to do its actions, the authentication method ends up serving as a good block.
Want to stay on top of the best tech news of the day? Access and subscribe to our new youtube channel, Kenyannews News. Every day a summary of the main news from the tech world for you!
Even more remarkable is the fact that each site typically uses its own CAPTCHA system, making it difficult to develop universal applications to solve authentication challenges. However, the method used by researchers at the Universities of Arizona, Georgia and South Florida believes that machine learning can eliminate this difficulty.
How the tool works and results
The tool works from a system that interprets raster images, identifying each character individually, from processes such as identifying edges between letters, removing noise from the contents and the like.
In addition, to clearly identify the character, the tool uses several samples collected by researchers from other CAPTCHAs, to identify even in the case of digit rotation, for example.
As for the results of the tool, according to the article, the researchers tested the solution in a currently inactive dark web market that hosted stolen data and, in order to access any information, it needed validation via CAPTCHA. On that occasion, the software managed to solve all the challenges imposed in at least three attempts.
Finally, the researchers emphasize that performance has only been tested in this market, so while similar results are expected in other environments, variations are possible.
Availability and impact
The project has already been made available by the researchers on GitHub, albeit without the 50,000 samples used to train their machine learning. However, with the bulk of the code already accessible by the public, it is possible that effective variations will soon be released by other developers and, in the future, could become Internet security problems.
It is important to understand that the software in its current version was developed with noble goals by the researchers of the Universities involved, with the main focus on dark web. However, with the code being in the hands of the public, which also involves cybercriminals, variations capable of circumventing systems other than the ones the creators focused on may appear.
In general, the tool is important for the fight against the dissemination of leaked information, but its availability to the public, however, can become a future headache.
