Vietnam's Massive CAPTCHA crackers vs. Microsoft DCU

CyberCrime & Doing Time 2023-12-31

Earlier this month, Microsoft's Digital Crimes Unit was featured in a WIRED article by Lily Hay Newman - Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cybercrime. In part, the article discusses MS-DCU's case against the hackers that they call Storm-1152. According to DCU, Storm-1152 used their CAPTCHA-cracking capabilities to assist other criminals in the massive creation of Microsoft email accounts, such as Hotmail and Outlook accounts. How many? How about 750 MILLION email accounts created for illicit purposes! In their announcement about Storm-1152, DCU's Amy Hogan-Burney calls out several of the websites run by the group, including Hotmailbox[.]me, 1stCAPTCHA[.]com, AnyCAPTCHA[.]com, and NoneCAPTCHA[.]com.   (I'm not familiar with NoneCAPTCHA, but it looks like it was just a redirect domain to 1stCAPTCHA.)  Amy shares that the group is based in Vietnam and names three of their operators: Duong Dinh Tu, Linh Van Nguyễn (also known as Nguyễn Van Linh), and Tai Van Nguyen.

hotmailbox[.]me
1stCaptcha[.]com
AnyCaptcha[.]com

Some example code is still on github that illustrates how these massive CAPTCHA solvers were used.  For example "CuongPhan1408" has a 1stCaptcha written in GoLang and shows examples in his code of solving Discord account creations using "HCaptchaTaskProxyless" and using "FunCaptchaTaskProxyless" to defeat Microsoft's Live signups.  FunCaptcha is the tool created by Arkose Labs which is currently used by Microsoft to confirm that emails are only created by humans. 

Github user HecTran12 shares code that links to the now-seized-by-Microsoft website 1stcaptcha[.]com which could previously be installed with "pip install 1stcaptcha." HecTran12's FunCaptcha example solves Outlook[.]com captchas to make new Outlook accounts. 

Github user "Xtekky" shares his AnyCaptcha[.]com-based code called "Outlook Gen" which is Python code that links to the Microsoft-seized website "AnyCaptcha[.]com" to create Outlook accounts in volume.  The code has 45 stars and 15 forks on Github.

Clearly the USERS of Outlook Gen, based on the forks, included many people from many parts of the world.  XTekky has many interesting tools on his Telegram and Discord channels, including "tools" for creating views and likes on TikTok using bots. He demonstrates by sharing a "why so many likes?" video on his TikTok which has been liked 912,400 times.  This relies on his TikTok Slider CAPTCHA Solver, which he claims has 100% accuracy in defeating the TikTok captcha.  XTekky also has a Discord "Question-based" CAPTCHA solver, which uses OpenAI's ChatGPT to solve the questions and provide the answers.  
With three major CAPTCHA-solving tools taken down by Microsoft, what's filling their place?  Based on examining new starring and forking from Github users who liked the old projects, it looks like Russia-based "AntiCaptchaOfficial" is the likely leader.  It claims to solve images with text, Recaptcha v2/v3 Enterprise or non-Enterprise, Funcaptcha Arcoselabs, GeeTest and hCaptcha Enterprise or non-Enterprise, and currently charges rates averaging $0.0005 per solved CAPTCHA. That would be 2,000 account creations per $1.  Microsoft credits Arkose Labs with their help in investigating the case against Storm-1152, but if the stats page at "anti-Captcha[.]com" can be believed, their site is currently cracking 10,000+ Arkose Labs CAPTCHAs per minute.  Only reCAPTCHA v2 is experiencing more cracks per minute (currently 19,000+). Arkose should be pleased that they are one of the most expensive CAPTCHAs to solve.  Anti-Captcha is currently charging $3 per 1,000.  Their website claims that they are helping disadvantaged workers around the world. 
"With your help, they now have a choice between working in toxic factory conditions or on a computer." 
Their stories don't seem to say "Rather than work in a toxic factory, I help cybercriminals commit fraud and theft by making fake accounts on Outlook, Google, TikTok, Discord and more."