Saturday, June 14, 2025

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Creators Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Malware Security Bloggers Network Threats & Breaches 

Home » Cybersecurity » Malware » Vietnam’s Massive CAPTCHA crackers vs. Microsoft DCU

SBN

Vietnam’s Massive CAPTCHA crackers vs. Microsoft DCU

by Gary Warner on December 30, 2023

Earlier this month, Microsoft’s Digital Crimes Unit was featured in a WIRED article by Lily Hay Newman – Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cybercrime. In part, the article discusses MS-DCU’s case against the hackers that they call Storm-1152. According to DCU, Storm-1152 used their CAPTCHA-cracking capabilities to assist other criminals in the massive creation of Microsoft email accounts, such as Hotmail and Outlook accounts. How many? How about 750 MILLION email accounts created for illicit purposes! In their announcement about Storm-1152, DCU’s Amy Hogan-Burney calls out several of the websites run by the group, including Hotmailbox[.]me, 1stCAPTCHA[.]com, AnyCAPTCHA[.]com, and NoneCAPTCHA[.]com.   (I’m not familiar with NoneCAPTCHA, but it looks like it was just a redirect domain to 1stCAPTCHA.)  Amy shares that the group is based in Vietnam and names three of their operators: Duong Dinh Tu, Linh Van Nguyễn (also known as Nguyễn Van Linh), and Tai Van Nguyen.

hotmailbox[.]me
1stCaptcha[.]com
AnyCaptcha[.]com

Some example code is still on github that illustrates how these massive CAPTCHA solvers were used.  For example “CuongPhan1408” has a 1stCaptcha written in GoLang and shows examples in his code of solving Discord account creations using “HCaptchaTaskProxyless” and using “FunCaptchaTaskProxyless” to defeat Microsoft’s Live signups.  FunCaptcha is the tool created by Arkose Labs which is currently used by Microsoft to confirm that emails are only created by humans. 

Techstrong Gang Youtube
AWS Hub

Github user HecTran12 shares code that links to the now-seized-by-Microsoft website 1stcaptcha[.]com which could previously be installed with “pip install 1stcaptcha.” HecTran12’s FunCaptcha example solves Outlook[.]com captchas to make new Outlook accounts. 

Github user “Xtekky” shares his AnyCaptcha[.]com-based code called “Outlook Gen” which is Python code that links to the Microsoft-seized website “AnyCaptcha[.]com” to create Outlook accounts in volume.  The code has 45 stars and 15 forks on Github.

Clearly the USERS of Outlook Gen, based on the forks, included many people from many parts of the world.  XTekky has many interesting tools on his Telegram and Discord channels, including “tools” for creating views and likes on TikTok using bots. He demonstrates by sharing a “why so many likes?” video on his TikTok which has been liked 912,400 times.  This relies on his TikTok Slider CAPTCHA Solver, which he claims has 100% accuracy in defeating the TikTok captcha.  XTekky also has a Discord “Question-based” CAPTCHA solver, which uses OpenAI’s ChatGPT to solve the questions and provide the answers.  

With three major CAPTCHA-solving tools taken down by Microsoft, what’s filling their place?  Based on examining new starring and forking from Github users who liked the old projects, it looks like Russia-based “AntiCaptchaOfficial” is the likely leader.  It claims to solve images with text, Recaptcha v2/v3 Enterprise or non-Enterprise, Funcaptcha Arcoselabs, GeeTest and hCaptcha Enterprise or non-Enterprise, and currently charges rates averaging $0.0005 per solved CAPTCHA. That would be 2,000 account creations per $1. 

Microsoft credits Arkose Labs with their help in investigating the case against Storm-1152, but if the stats page at “anti-Captcha[.]com” can be believed, their site is currently cracking 10,000+ Arkose Labs CAPTCHAs per minute.  Only reCAPTCHA v2 is experiencing more cracks per minute (currently 19,000+). Arkose should be pleased that they are one of the most expensive CAPTCHAs to solve.  Anti-Captcha is currently charging $3 per 1,000.  Their website claims that they are helping disadvantaged workers around the world. 

“With your help, they now have a choice between working in toxic factory conditions or on a computer.” 

Their stories don’t seem to say “Rather than work in a toxic factory, I help cybercriminals commit fraud and theft by making fake accounts on Outlook, Google, TikTok, Discord and more.”

*** This is a Security Bloggers Network syndicated blog from CyberCrime & Doing Time authored by Gary Warner. Read the original post at: https://garwarner.blogspot.com/2023/12/vietnams-massive-captcha-crackers-vs.html

December 30, 2023December 30, 2023 Gary Warner account bots, arkoselabs, email, Fraud, funcaptcha, Malware, MicrosoftDCU, reCaptcha, Spam
  • ← USENIX Security ’23 – Mingli Wu, Tsz Hon Yuen ‘Efficient Unbalanced Private Set Intersection Cardinality And User-Friendly Privacy-Preserving Contact Tracing’
  • Tech Security Year in Review →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

Upcoming Webinars

How to Spot and Stop Security Risks From Unmanaged AI Tools

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

ThreatLocker

Most Read on the Boulevard

Huge Food Wholesaler Paralyzed by Hack — is it Scattered Spider Again?
Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks
Meta AI is a ‘Privacy Disaster’ — OK Boomer
Navigating Data Security Challenges in Cloud Computing for Universities
Microsoft Data Loss Prevention (DLP): Tips to Protect Your Business Following the Latest Outage
NIST Launches Updated Incident Response Guide
AI Ready: The Complete Guide to AI-Powered Cybersecurity Training in 2025/2026
Microsoft’s June 2025 Patch Tuesday Addresses 65 CVEs (CVE-2025-33053)
Identity’s New Frontier: AI, Machines, and the Future of Digital Trust
New Cybersecurity Executive Order: What You Need To Know

Industry Spotlight

Meta AI is a ‘Privacy Disaster’ — OK Boomer
Application Security Cloud Security Cyberlaw Cybersecurity Data Privacy DevOps Featured Governance, Risk & Compliance Humor Industry Spotlight Mobile Security Most Read This Week News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threats & Breaches 

Meta AI is a ‘Privacy Disaster’ — OK Boomer

June 13, 2025 Richi Jennings | Yesterday 0
Huge Food Wholesaler Paralyzed by Hack — is it Scattered Spider Again?
Analytics & Intelligence Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Malware Most Read This Week Network Security News Popular Post Ransomware Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Huge Food Wholesaler Paralyzed by Hack — is it Scattered Spider Again?

June 10, 2025 Richi Jennings | 4 days ago 0
Meta’s Secret Spyware: ‘Local Mess’ Hack Tracks You Across the Web
Application Security Cloud Security Cyberlaw Cybersecurity Data Privacy DevOps Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threats & Breaches Vulnerabilities 

Meta’s Secret Spyware: ‘Local Mess’ Hack Tracks You Across the Web

June 4, 2025 Richi Jennings | Jun 04 0

Top Stories

Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Malware Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Vulnerabilities 

Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks

June 13, 2025 Jeffrey Burt | Yesterday 0
BADBOX 2.0 Botnet Infects Million-Plus Devices, FBI Says
Application Security Cloud Security Cybersecurity Data Security Featured IoT & ICS Security Malware Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence 

BADBOX 2.0 Botnet Infects Million-Plus Devices, FBI Says

June 9, 2025 Jeffrey Burt | Jun 09 0
Trump EO Takes Aim at Biden, Obama Provisions for Identity, Sanctions, AI
Cloud Security Cyberlaw Cybersecurity Data Security DevOps Featured Identity & Access Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

Trump EO Takes Aim at Biden, Obama Provisions for Identity, Sanctions, AI

June 9, 2025 Jeffrey Burt | Jun 09 0

Security Humor

Facebook CEO Mark Zuckerberg announces the plan to make Facebook more private at Facebook’s Developer Conference on April 30, 2019

Meta AI is a ‘Privacy Disaster’ — OK Boomer

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Creators Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2025 Techstrong Group Inc. All rights reserved.
×