We are all familiar with the little boxes of distorted text that we are asked to decipher and reproduce when applying for an account on an online service, in order to prove that we are human and not a spam-generating robot.
Looking for the lowest possible price for which people will solve these "puzzles", spammers have turned towards the developing world: India, China, Bangladesh, and other countries where the pay for such tasks is measly for Western standards.
$0.80-$1.20 for a batch of 1,000 deciphered CAPTCHA boxes (depending on accuracy) is the going rate on online exchanges, where people around the world offer their various services and bid for projects. And, according to The New York Times, on one of those (Freelancer.com), one can find plenty of offers for such tasks.
The operations that organize this type of work are somewhat sophisticated and include brokers and middlemen, and word about these organizations usually spreads through friends - says Luis von Ahn, one of the innovators behind the CAPTCHA concept.
As boring as the job is, it is still attractive to a lot of young people in developing countries. For some, this constitutes a full-time job. For others, it's a good way to earn some pocket money by working a couple of hours per day.
Ariful Islam Shaon, a college student from Bangladesh has set up an operation that relies on some 30 other students filling in CAPTCHAs for around three hours per day. He bids on the offers he finds on online exchanges and gets paid through money transfer services. He does not know and he is not interested in knowing the identities of those who pay him for the job.
But, things are not as rosy as they seem - it appears that even with costs as low as they are, the only ones who can hire puzzle-solving services are well established spammers that are already turning a profit.
Also, the executive of an Indian outsourcing company says that he stopped offering this service because it's not worth the money they can get. The price is set by productivity and accuracy of the people working, and after a while, they begin to lose focus and interest because the task is mind-numbing, and consequently productivity and accuracy decline.
Large Internet companies seem not to be worried about this issue, mainly because they stopped using only CAPTCHAs a long time ago. The are now complimented with confirmation codes sent as text messages to cellphones and other tools that are used to increase security. These days, it seems that compromised accounts are the biggest problem.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.