If spammers continue to solve CAPTCHAs, we could all die


Email was created by Man.
Spammers Evolved.
And Rebelled.
They clog and pollute the Internet.
Some have convinced themselves they are legitimate.
There are many spammers.
And they have a plan.

I've been working my way over the past few months through the re-imagined Battlestar Galactica TV series.  Right now, the theme to the TV show is stuck in my head so I thought I'd do a post on a BSG-related theme.

A CAPTCHA is a Completely Automated Public Turing test to tell Computers and Humans Apart.  It's what services like Microsoft, Google and Yahoo put on their free online signup pages when you sign up for a Gmail account, Live Spaces account, or Yahoo Groups account.  The most common CAPTCHAs consist of squiggly text with lines stroked through them and then the person has to type the text into the box.  The idea is that an automated bot cannot do the visual recognition necessary to type the text into the box, but a human can do it easily.

That's the general idea.  It thwarts spammers but let's humans use the service legitimately.  However, spammers have broken CAPTCHAs using two methods.  In the first, they farm out cheap labor to solve the checks and get around that way.  In the second, they actually have software that can do pattern recognition and type the correct text into the box.  It doesn't work every time, maybe 1 out of 20, but given enough times and enough automation it is essentially the same as breaking the CAPTCHA.  This is a problem for email providers to this very day.

Now consider Battlestar Galactica.  The main villains in the series, the Cylons, have the ability to take human form.  They are intent on destroying the human race.  Early in the series, the humans figure out that Cylons have the ability to take on human form but unfortunately, they have no way of determining who is human and who is Cylon.  They then commission Dr. Gaius Baltar, who was responsible for nearly getting the entire human race annihilated out of existence, to develop their own CAPTCHA - a Completely Automated Public Turing test to tell Cylons and Humans Apart.

Baltar creates a test but it turns out to be unreliable, or at least gives false signals (and to go through the entire human population testing for Cylons would take 18 years - too long to be useful).  Ultimately, his test is unable to do determine in a quick, automated fashion who is a Cylon and who is a human.  Thus, in effect, the Cylons have broken the CAPTCHA.

Now stay with me here.  Right now, the problem of spammers is that they pollute the Internet and can even cause problems with national security if enough of them got together and targeted a country's infrastructure.  But if -- somehow -- machines ever did gain consciousness and the security industry never figures out how to build a reliable CAPTCHA... and machines do rebel and attack us... we could be in serious trouble.  Heck, we could all die via a nuclear sneak attack on our planet!  After all, machines would surely study history and see that since spammers used the technique to great success to make money, then machines could use the technique to great success to eliminate humanity!  Spammers are giving evil machines ideas.

It is no exaggeration when I say that spammers could be responsible for the downfall of humanity.

imageimage 

 

PS - file this one under humor.

Comments (5)

  1. Paul Hill says:

    Ah, small nickpick is that Baltar’s test was perfectly reliable but he faked the outcome at first, and when his faked outcome became known in a really devestating way his machine was treated as suspect.

    What this has to say about the human factor in relation to authentication systems would prolly make quite a good security post 🙂

  2. Michael G says:

    Once the bots have taken over the world, they can implement their own CAPTCHA to prevent humans from emulating a computer on the network. While humans are better at visual pattern recognition, computers excel at math. So, we would see a timed CAPTCHA such as

    "In 2 seconds or less, what is the 63rd prime number (not including 1)?" or

    "In 2 seconds or less, what is the 4,242nd digit of pi?"

    Humans will be forced to write programs that will attempt to answer these increasingly-complex CAPTCHAs before our robotic overlords discover our true identity.

  3. Karl Foxley says:

    This is my first time at your blog (found you recommended on sendcube.com’s blog) and I’ve read a few of your posts…

    and now I have a question…

    People use Captcha on their blogs to reduce comment spam and yet you don’t, is there a reason why you do not and what do you recommend bloggers do to prevent/reduce this?

    Regards,

    Karl

  4. Terry Zink says:

    Karl,

    The blog software I use doesn’t have any CAPTCHA security settings.  I would use it, in a heartbeat, if it did because I get quite a lot of comment spam.

Skip to main content