Nada Collar

I was just searching about CAPTCHA (pictures of letters used for human verification) for an idea I had been thinking about and noticed news from last month (I was busy and didn’t do much reading lately) about how some spammers have cracked CAPTCHA…. I think thats un-imaginative thinking. Of course maybe they have a program to beat the Captcha, but why go to that effort?

Anyone with half a brain can figure out how to beat Captcha.

Think about this… Anyone with half a brain can use a captcha. So now all I need is someone with half a brain!!!! Simple.

Still not getting it?

Ok. Create a simple website that uses Captcha, say: “play our game and win money” (or even better, prOn). Make the game a captcha… Give away some money. Now write your software for creating yahoo email accounts. When Yahoo asks for a Captcha pass it through to your other site. Instead of serving up a captcha that some software created, serve up the image that Yahoo gave you. Tada. Someone with half a brain is solving your captcha.

I guess you could almost say its a different form of social engineering.

As a footnote: Captcha Killer claim (and probably can do, I see no reason why it can’t be done) to automatically solve captcha, (for “blind” people using ocr techniques)

Some of the news articles about the “cracking”:

Techdigest

It even got slashdotted
Tech Blorge

Update: After writing all that above I came across the term “Captcha farming”…. If you just know what to search for its amazing what results you can find. Anyway this concept has been around for a while, and its commonly used in the prOn industry (just as I thought).

There has been a reasonable amount of noise lately about lead generation affiliates and their shady practises. Shoemoney published an article from an anonymous guest some time ago about how ValueClick seemed to be in some shady practises. They (Shoemoney wrote that he had done some due diligence and seemed to agree with the guest) seemed to be directly involved in the “Win a free iPod” deals.

I did some digging and discovered that the websites in question were run by the old 180Solutions team. Now it seems that analysts are questioning the state of the industry and what effect these kinds of deals are going to have on these companies.

We have already seen the Florida Attorney General take action against ringtone scammers. But I predict class action suites. There must be a lot of people who have been scammed by free ringtones, free iPods and other shady deals. And there must be a lot of Lawyers itching to make a fortune off them.

Start developing your sites explaining these shady deals and class action lawsuits. I suspect they will make create adsense or affiliate pages to get leads for the lawyers Ironic isn’t it.

Shoemoney has an article about these sites that promise free stuff and then make you fill in ton’s of forms and shell out money to sign up for things. The article was written be someone who wished to remain anonymous and sent it to Shoemoney to print. He seems to think that these companies might be owned by ValueClick, but there is no reason why that association is made (other than the fact that ValueClick don’t seem to be in this market).

I’ve done some digging and I think either Mr anonymous is wrong, or multiple people have the same software that is generating the same code.

First take a look at the source code of these sites. They are obviously all related as they have the same source code, the same terms and conditions, and yet as Shoemoney points out they have different domain registration information. Why would you do that? Maybe if you have something to hide?

taken from Shoemoney’s article:

1) http://www.consumerdirectsavings.com

Registered to:
Inner Concepts (innerconcepts@gmail.com)
297 Kingsbury Grade #D
PO Box 4470
Stateline, NV, 89449-4470
US
775-588-0161

2) http://www.freelawntractor.com

Registered to:
eSolutions Media (admin@esolutionsmedia.net)
4001 Kennett Pike
Suite 134
Greenville, DE 19807
US
866-670-9043

3) http://www.webrewardscentral.com

Registered to:
Inc., MarketLabs.net (admin@marketlabs.net)
MarketLabs.net, Inc
40 East Main Street
#333
Newark, DE 19711-4639
US
866-348-3896

Now I started searching for some of the things in the code and tada. I got a hit. Search for get_demographic and you get a nice link from the FTC. Oh look its about a similar company, bestrewardsaround.com. Same code.

The link shows documentation of ads that don’t conform to some settlement from a company called Zango Inc. And guess who owns it…. None other that Mr Keith Smith and Daniel Todd, formerly known as 180Solutions Inc. Sounds about right.

Seems to me they are trying to hide from their past as it might frighten too many victims.

Of course there always was a relationship between ValueClick and 180Solutions. Maybe Shoemoney has more information than I have found.