September 04, 2009

Numbers: CAPTCHAs and Suicide Bombers

Two hard numbers effecting the attack model. The cost of attacking a CAPTCHA system with people in developing regions, from the Economist's report on the state of the CAPTCHA nation:

The biggest flaw with all CAPTCHA systems is that they are, by definition, susceptible to attack by humans who are paid to solve them. Teams of people based in developing countries can be hired online for $3 per 1,000 CAPTCHAs solved. Several forums exist both to offer such services and parcel out jobs. But not all attackers are willing to pay even this small sum; whether it is worth doing so depends on how much revenue their activities bring in. “If the benefit a spammer is getting from obtaining an e-mail account is less than $3 per 1,000, then CAPTCHA is doing a perfect job,” says Dr von Ahn.

And here, outside our normal programme, is news from RAH that people pay for the privilege of being a suicide bomber:

A second analysis with Palantir uncovered more details of the Syrian networks, including profiles of their top coordinators, which led analysts to conclude there wasn't one Syrian network, but many. Analysts identified key facilitators, how much they charged people who wanted to become suicide bombers, and where many of the fighters came from. Fighters from Saudi Arabia, for example, paid the most -- $1,088 -- for the opportunity to become suicide bombers.

It's important to examine security models remote to our own, because it it gives us neutral lessons on how the economics effects the result. An odd comparison there, that number $1088 is about the value required to acquire a good-but-false set of identity documents.

Posted by iang at September 4, 2009 09:25 AM | TrackBack
Comments

Cant help thinking the first section would have benefited greatly from a few words defining the term. I am sure a majority of people are familair with the technology, but I've never come across the name, and without that bit of knowledge there isnt really enough tow work out what is being talked about.

Posted by: DigbyT at September 4, 2009 08:21 PM

Good point! I added a picture, which should be worth a thousand words.

Posted by: Iang at September 4, 2009 08:24 PM
Post a comment









Remember personal info?






Hit preview to see your comment as it would be displayed.