Does captcha work?
The big picture
There are approximately as many automated, AI-assisted internet bots as there are humans on the internet. Unfortunately, a high level of ‘bad bot’ internet traffic (e.g., impersonators trying to steal usernames and passwords) is holding steady compared with a decline in ‘good bot’ traffic (e.g., routine automated customer service functions). On average, websites are targeted by one malicious bot for every two humans.
Most of you reading this post work within mid to small-sized organizations. If so, your site typically has security vulnerabilities that make you a target. Most hackers who launch bad bots want to steal information, not extort money (as with dreaded denial of service attacks). This underscores the critical importance of using different usernames and passwords for all sites you regularly visit.
Bad bot human impersonation goes beyond information theft
Because bad bots can impersonate human written communication, they are often used to disrupt or even shut down online conversations. The objective of those instigating such attacks is to confuse readers and even stop the dissemination of information they believe is threatening to their interests or beliefs.
Bad bots also create havoc by–
- Buying up good seats for concerts and other events for inflated resale prices.
- Inflating the number of views for YouTube videos and other social media posts.
- Flooding online gaming with high-speed bids to sabotage outcomes.
- Driving up web ad traffic counts to extract more money from advertisers.
One notable success
Have you noticed the reduction in spam in the recent years? –Spam bots which constituted 2 percent of internet traffic four years ago, was reduced last year to 0.1 percent. The reason? Before 2012, spam links boosted SEO (Search Engine Optimization). Then, Google decided to introduce a new SEO algorithm that penalized not only those originating spam links, but also those who hosted them with the objective of deceptively achieving higher search engine results. This zero-tolerance approach worked.
A number of IT security experts have recommended tighter ground rules for business and government. If enough stakeholders agreed, the industry could then push for a non-negotiation policy against cyber extortionists. Unfortunately, suppressing most types of bad bot activity won’t be as easy as it has been for spam reduction.
Does captcha work?
Have you wondered how effective CAPTCHA is in differentiating humans from robots? (CAPTCHA screens pop up with floating characters that you input into a field to gain access to a website). Unfortunately, Captchas provide only low-level protection and can be circumvented by a variety of means.
Bad bot surge on mobile web
Because there are now more mobile than desktop users, hackers have been aggressively developing complex, sophisticated techniques to attack these devices. So, make sure your portable devices have the best, latest security in place. –IoT (The Internet of Things) and wearables are emerging as the next targets.
In addition to never using the same username and password combination twice, only enter your credit card information on secure sites, keep your software (including browsers) up to date, and make sure your anti-virus software is of the highest standard. Not taking these measures can cause you significant grief. Finally, if your computer, unbeknownst to you, is hijacked and turned into a zombie bot, you will be hurting others as well.