Thursday, June 19, 2025

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Creators Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Malware Security Bloggers Network Threats & Breaches 

Home » Cybersecurity » Malware » Vietnam’s Massive CAPTCHA crackers vs. Microsoft DCU

SBN

Vietnam’s Massive CAPTCHA crackers vs. Microsoft DCU

by Gary Warner on December 30, 2023

Earlier this month, Microsoft’s Digital Crimes Unit was featured in a WIRED article by Lily Hay Newman – Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cybercrime. In part, the article discusses MS-DCU’s case against the hackers that they call Storm-1152. According to DCU, Storm-1152 used their CAPTCHA-cracking capabilities to assist other criminals in the massive creation of Microsoft email accounts, such as Hotmail and Outlook accounts. How many? How about 750 MILLION email accounts created for illicit purposes! In their announcement about Storm-1152, DCU’s Amy Hogan-Burney calls out several of the websites run by the group, including Hotmailbox[.]me, 1stCAPTCHA[.]com, AnyCAPTCHA[.]com, and NoneCAPTCHA[.]com.   (I’m not familiar with NoneCAPTCHA, but it looks like it was just a redirect domain to 1stCAPTCHA.)  Amy shares that the group is based in Vietnam and names three of their operators: Duong Dinh Tu, Linh Van Nguyễn (also known as Nguyễn Van Linh), and Tai Van Nguyen.

hotmailbox[.]me
1stCaptcha[.]com
AnyCaptcha[.]com

Some example code is still on github that illustrates how these massive CAPTCHA solvers were used.  For example “CuongPhan1408” has a 1stCaptcha written in GoLang and shows examples in his code of solving Discord account creations using “HCaptchaTaskProxyless” and using “FunCaptchaTaskProxyless” to defeat Microsoft’s Live signups.  FunCaptcha is the tool created by Arkose Labs which is currently used by Microsoft to confirm that emails are only created by humans. 

Techstrong Gang Youtube
AWS Hub

Github user HecTran12 shares code that links to the now-seized-by-Microsoft website 1stcaptcha[.]com which could previously be installed with “pip install 1stcaptcha.” HecTran12’s FunCaptcha example solves Outlook[.]com captchas to make new Outlook accounts. 

Github user “Xtekky” shares his AnyCaptcha[.]com-based code called “Outlook Gen” which is Python code that links to the Microsoft-seized website “AnyCaptcha[.]com” to create Outlook accounts in volume.  The code has 45 stars and 15 forks on Github.

Clearly the USERS of Outlook Gen, based on the forks, included many people from many parts of the world.  XTekky has many interesting tools on his Telegram and Discord channels, including “tools” for creating views and likes on TikTok using bots. He demonstrates by sharing a “why so many likes?” video on his TikTok which has been liked 912,400 times.  This relies on his TikTok Slider CAPTCHA Solver, which he claims has 100% accuracy in defeating the TikTok captcha.  XTekky also has a Discord “Question-based” CAPTCHA solver, which uses OpenAI’s ChatGPT to solve the questions and provide the answers.  

With three major CAPTCHA-solving tools taken down by Microsoft, what’s filling their place?  Based on examining new starring and forking from Github users who liked the old projects, it looks like Russia-based “AntiCaptchaOfficial” is the likely leader.  It claims to solve images with text, Recaptcha v2/v3 Enterprise or non-Enterprise, Funcaptcha Arcoselabs, GeeTest and hCaptcha Enterprise or non-Enterprise, and currently charges rates averaging $0.0005 per solved CAPTCHA. That would be 2,000 account creations per $1. 

Microsoft credits Arkose Labs with their help in investigating the case against Storm-1152, but if the stats page at “anti-Captcha[.]com” can be believed, their site is currently cracking 10,000+ Arkose Labs CAPTCHAs per minute.  Only reCAPTCHA v2 is experiencing more cracks per minute (currently 19,000+). Arkose should be pleased that they are one of the most expensive CAPTCHAs to solve.  Anti-Captcha is currently charging $3 per 1,000.  Their website claims that they are helping disadvantaged workers around the world. 

“With your help, they now have a choice between working in toxic factory conditions or on a computer.” 

Their stories don’t seem to say “Rather than work in a toxic factory, I help cybercriminals commit fraud and theft by making fake accounts on Outlook, Google, TikTok, Discord and more.”

*** This is a Security Bloggers Network syndicated blog from CyberCrime & Doing Time authored by Gary Warner. Read the original post at: https://garwarner.blogspot.com/2023/12/vietnams-massive-captcha-crackers-vs.html

December 30, 2023December 30, 2023 Gary Warner account bots, arkoselabs, email, Fraud, funcaptcha, Malware, MicrosoftDCU, reCaptcha, Spam
  • ← USENIX Security ’23 – Mingli Wu, Tsz Hon Yuen ‘Efficient Unbalanced Private Set Intersection Cardinality And User-Friendly Privacy-Preserving Contact Tracing’
  • Tech Security Year in Review →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

Upcoming Webinars

How to Spot and Stop Security Risks From Unmanaged AI Tools

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

ThreatLocker

Most Read on the Boulevard

Hacktivists Strike Within Minutes of Israel Missile Attacks on Iran Nuclear Sites 
Novel TokenBreak Attack Method Can Bypass LLM Security Features
Washington Post Journalists’ Microsoft Email Accounts Hacked
Trump’s TikTok Tarry — Yet Again, Ban-Can Kicked Down the Road
U.S. Moves to Collect $7.74 Million Tied to N. Korea IT Worker Scam
Guardrails Breached: The New Reality of GenAI-Driven Attacks
Cities of the Future or Hacker’s Paradise? The Cybersecurity Risks of Smart Cities
EU AI ACT
Top 10 Challenges Implementing DMARC in GWS
MY TAKE: Microsoft takes ownership of AI risk — Google, Meta, Amazon, OpenAI look the other way

Industry Spotlight

Iran Reduces Internet Access After Israeli Airstrikes, Cyberattacks
Blockchain Cloud Security Cybersecurity Data Security Digital Currency Featured Identity & Access Incident Response Industry Spotlight Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches 

Iran Reduces Internet Access After Israeli Airstrikes, Cyberattacks

June 18, 2025 Jeffrey Burt | Yesterday 0
Trump’s TikTok Tarry — Yet Again, Ban-Can Kicked Down the Road
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Data Privacy DevOps Endpoint Featured Governance, Risk & Compliance Humor Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches 

Trump’s TikTok Tarry — Yet Again, Ban-Can Kicked Down the Road

June 18, 2025 Richi Jennings | Yesterday 0
Novel TokenBreak Attack Method Can Bypass LLM Security Features
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Industry Spotlight Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Vulnerabilities 

Novel TokenBreak Attack Method Can Bypass LLM Security Features

June 17, 2025 Jeffrey Burt | 2 days ago 0

Top Stories

AWS Makes Bevy of Updates to Simplify Cloud Security
Cloud Security Cybersecurity Featured News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

AWS Makes Bevy of Updates to Simplify Cloud Security

June 18, 2025 Michael Vizard | Yesterday 0
U.S. Moves to Collect $7.74 Million Tied to N. Korea IT Worker Scam
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence 

U.S. Moves to Collect $7.74 Million Tied to N. Korea IT Worker Scam

June 17, 2025 Jeffrey Burt | 1 day ago 0
Washington Post Journalists’ Microsoft Email Accounts Hacked
Cybersecurity Data Privacy Data Security Featured Identity & Access Industry Spotlight Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches 

Washington Post Journalists’ Microsoft Email Accounts Hacked

June 16, 2025 Jeffrey Burt | 3 days ago 0

Security Humor

Randall Munroe’s XKCD ‘Good Science’

Randall Munroe’s XKCD ‘Good Science’

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Creators Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2025 Techstrong Group Inc. All rights reserved.
×