News

Experts created a tool for solving CAPTCHA in the dark web

A group of researchers from the Universities of Arizona, Georgia, and South Florida have developed a machine learning-based CAPTCHA solving tool. According to them, it is able to overcome 94.4% of such defense mechanisms in the dark web.

The researchers wanted to create a system that would help automate the handling of cyber threats, which currently requires constant human intervention and manual CAPTCHA solving. The fact is that CAPTCHA is used almost everywhere on the dark web, since onion sites also need to protect themselves from bots and constant DDoS attacks that competing platforms regularly launch against each other.

At the same time, almost all dark web sites use CAPTCHAs of their own design, which makes it almost impossible to develop a tool that could solve most of them.

The new tool, called DW-GAN, is different from other solutions that scientists have created in the past, usually based on a generative adversarial approach. So, the new tool is able to distinguish between letters and numbers, viewing them one by one, as well as remove “noise” from the image, defining the boundaries between letters and segmenting the contents of the picture into individual characters.

At the same time, it uses samples extracted from several local areas for character recognition (to determine fine details such as lines and edges), so it cannot be fooled by character rotation, font size change, or color mixing.

As a result, it turns out that the length of the CAPTCHA has almost no effect on the effectiveness of the new development, especially when measuring the average performance over three attempts.

DW-GAN researchers tested the already closed Yellow Brick marketplace on the dark web. The tests allowed the group to collect data on 1,831 illegal products from Yellow Brick. Among them were 286 cybersecurity-related listings (including 102 listings for stolen credit cards and 131 listings for hijacked accounts), 9 listings for fake document scans, 44 hacking tools, and 1,223 drug-related products.

In general, the collection of information about the Yellow Brick trading platform took about 5 hours without human intervention. Specifically, each HTTP request took the 8.8 seconds. This time is needed to load a new web page; so scanning 1831 pages took 268.5 minutes. Repetitive CAPTCHA tasks (one per 15 HTTP requests) took our tool 18.6 seconds to solve.

In general, the framework under consideration is capable of automatically cracking CAPTCHAs in no more than three attempts. Hacking all CAPTCHA images took a total of about 76 minutes for all 1,831 ads, and the process was fully automated.the report says.

The authors of the development have already published the final version of their tool on GitHub, but did not make the training data set consisting of approximately 50,000 CAPTCHA images public. Probably, over time, someone will work with their tool and be able to create a similar solution that is relevant for the usual open Internet.

Let me remind you that we wrote that Cloudflare aims to save the world of CAPTCHAs. You might also be interested to know that Attackers use voice changing software to deceive their victims.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

View Comments

Recent Posts

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

11 hours ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

11 hours ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

11 hours ago

Remove Themoneyminutes pop-up ads (Virus Removal Guide)

Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…

11 hours ago

Remove News-xcidizi pop-up ads (Virus Removal Guide)

News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…

15 hours ago

Remove Everytraffic-flow pop-up ads (Virus Removal Guide)

Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…

15 hours ago