Experts created a tool for solving CAPTCHA in the dark web

A group of researchers from the Universities of Arizona, Georgia, and South Florida have developed a machine learning-based CAPTCHA solving tool. According to them, it is able to overcome 94.4% of such defense mechanisms in the dark web.

The researchers wanted to create a system that would help automate the handling of cyber threats, which currently requires constant human intervention and manual CAPTCHA solving. The fact is that CAPTCHA is used almost everywhere on the dark web, since onion sites also need to protect themselves from bots and constant DDoS attacks that competing platforms regularly launch against each other.

At the same time, almost all dark web sites use CAPTCHAs of their own design, which makes it almost impossible to develop a tool that could solve most of them.

The new tool, called DW-GAN, is different from other solutions that scientists have created in the past, usually based on a generative adversarial approach. So, the new tool is able to distinguish between letters and numbers, viewing them one by one, as well as remove “noise” from the image, defining the boundaries between letters and segmenting the contents of the picture into individual characters.

At the same time, it uses samples extracted from several local areas for character recognition (to determine fine details such as lines and edges), so it cannot be fooled by character rotation, font size change, or color mixing.

As a result, it turns out that the length of the CAPTCHA has almost no effect on the effectiveness of the new development, especially when measuring the average performance over three attempts.

DW-GAN researchers tested the already closed Yellow Brick marketplace on the dark web. The tests allowed the group to collect data on 1,831 illegal products from Yellow Brick. Among them were 286 cybersecurity-related listings (including 102 listings for stolen credit cards and 131 listings for hijacked accounts), 9 listings for fake document scans, 44 hacking tools, and 1,223 drug-related products.

Let me remind you that we wrote that Cloudflare aims to save the world of CAPTCHAs. You might also be interested to know that Attackers use voice changing software to deceive their victims.