If the crypto-sphere were an old, stately home, Twitter scambots would be the antique mold; part of the house for almost as long as it existed.
The bots pose as famous users and following a post, reply underneath that they’re doing some sort of improbable cryptocurrency giveaway. Lucky users send a small ‘token’ amount to show they’re serious, with the promise of a large return. The better scams use other accounts to upvote the post, and reply pretending they’ve received the said giveaway.
Needless to say, these returns never materialize.
After months of requests from the crypto community, Twitter finally decided to tackle the scambots. Users who change their names to ‘Elon Musk’ will now have their accounts automatically frozen. They can regain access (and keep their new name) by providing a phone number and successfully completing a CAPTCHA.
“As part of our continuing efforts to combat spam and malicious activity on our service, we’re testing new measures to challenge accounts that use terms commonly associated with spam campaigns,” a spokesman from Twitter said.
CAPTCHA
Standing for ‘Completely Automated Public Turing test to tell Computers and Humans Apart’, CAPTCHA’s have become one of the main defenses used to prevent automated attacks, spam or data loss. Developed in the late 1990s, they determine whether an account applying for access is a human or a computer program.
Distorted letters, that can normally be identified by humans but cannot be detected by software, are one of the most popular CAPTCHAs; found in a whole variety of websites from bank to social media accounts, like Twitter.
This worked for more than a decade, but in 2013, Google unveiled its own CAPTCHA-beating program that had a 99.8% level of accuracy. Since then, machine learning has become adept at breaking CAPTCHAs and there are even blog posts explaining how to bypass them.
Take 1.7 Seconds, Defeat 98% Of Scammers!
The 9m people in the world who have a Binance account (more to come with the South Korean move) will have solved the exchange’s jigsaw puzzle. Users are required to move a piece of the jigsaw into the right place within a minute and, if completed successfully, will be allowed access to their account. If the piece is placed in incorrectly, or a minute elapses, the user has to complete another puzzle.
The company that developed this peculiar, new CAPTCHA, is a company called GEETEST. Based in China, their website claims they are the next generation of “behavior-based authentication”. Binance, which was only founded in July of last year, was the first crypto-business in the world to use their software, onboarding it in November.
GEETEST is a subsidiary of Wuhan Kaigi Network Technology Co.Ltd, also based in China. Looking further into their files, the company received a $24m investment from Sequoia Capital, a venture capital firm with a portfolio estimated to be worth $1.4trn.
The Really Puzzling Thing Is Why Twitter Can’t Figure This Out
This is important for the cryptocurrency community. Outdated CAPTCHAs leave both businesses and people vulnerable to attack. For an exchange like Binance, which has over a billion dollars going through its servers every day, standard security measures are inadequate; it has been attacked twice since the beginning of the year.
That Twitter is finally doing something to stop scambots is a positive move and hopefully, it won’t just be Elon Musk who enjoys the privilege of CAPTCHA protection. However, if the capability is already there to break these old-style mechanisms, then this is merely a token gesture by Twitter towards fixing the problem: papering over the cracks in the ceiling.
It’s important to know that serious investors, the likes of Sequioa, are injecting capital into new security projects. The world is quickly digitizing and this opens up new opportunities, and threats; deciphering squiggly lines on a page is no longer a strong line of defense.
But remember when Elon Musk called a British diver a pedophile for trying to save the Thai kids in a water-filled cave?
That was really him.
Disclaimer: The author [Not giving away ETH] is not invested in any cryptocurrency or token mentioned in this article, but holds investments in other digital assets.
Comments