#FactCheck -AI-Generated Video Falsely Claims Iran Unveiled B-2-Like Drone During War

CAPTCHA, or the Completely Automated Public Turing Test to Tell Computers and Humans Apart function, is an image or distorted text that users have to identify or interpret to prove they are human. 2007 marked the inception of CAPTCHA, and Google developed its free service called reCAPTCHA, one of the most commonly used technologies to tell computers apart from humans. CAPTCHA protects websites from spam and abuse by using tests considered easy for humans but were supposed to be difficult for bots to solve. 

But, now this has changed. With AI becoming more and more sophisticated, it is now capable of solving CAPTCHA tests at a rate that is more accurate than humans, rendering them increasingly ineffective. This raises the question of whether CAPTCHA is still effective as a detection tool with the advancements of AI.

CAPTCHA Evolution: From 2007 Till Now

CAPTCHA has evolved through various versions to keep bots at bay. reCAPTCHA v1 relied on distorted text recognition, v2 introduced image-based tasks and behavioural analysis, and v3 operated invisibly, assigning risk scores based on user interactions. While these advancements improved user experience and security, AI now solves CAPTCHA with 96% accuracy, surpassing humans (50-86%). Bots can mimic human behaviour, undermining CAPTCHA’s effectiveness and raising the question: is it still a reliable tool for distinguishing real people from bots?

Smarter Bots and Their Rise

AI advancements like machine learning, deep learning and neural networks have developed at a very fast pace in the past decade, making it easier for bots to bypass CAPTCHA. They allow the bots to process and interpret the CAPTCHA types like text and images with almost human-like behaviour. Some examples of AI developments against bots are OCR or Optical Character Recognition. The earlier versions of CAPTCHA relied on distorted text: AI because of this tech is able to recognise and decipher the distorted text, making CAPTCHA useless. AI is trained on huge datasets which allows Image Recognition by identifying the objects that are specific to the question asked. These bots can mimic human habits and patterns by Behavioural Analysis and therefore fool the CAPTCHA. 

To defeat CAPTCHA, attackers have been known to use Adversarial Machine Learning, which refers to AI models trained specifically to defeat CAPTCHA. They collect CAPTCHA datasets and answers and create an AI that can predict correct answers. The implications that CAPTCHA failures have on platforms can range from fraud to spam to even cybersecurity breaches or cyberattacks. 

CAPTCHA vs Privacy: GDPR and DPDP

GDPR and the DPDP Act emphasise protecting personal data, including online identifiers like IP addresses and cookies. Both frameworks mandate transparency when data is transferred internationally, raising compliance concerns for reCAPTCHA, which processes data on Google’s US servers. Additionally, reCAPTCHA's use of cookies and tracking technologies for risk scoring may conflict with the DPDP Act's broad definition of data. The lack of standardisation in CAPTCHA systems highlights the urgent need for policymakers to reevaluate regulatory approaches.

CyberPeace Analysis: The Future of Human Verification

CAPTCHA, once a cornerstone of online security, is losing ground as AI outperforms humans in solving these challenges with near-perfect accuracy. Innovations like invisible CAPTCHA and behavioural analysis provided temporary relief, but bots have adapted, exploiting vulnerabilities and undermining their effectiveness. This decline demands a shift in focus. 

Emerging alternatives like AI-based anomaly detection, biometric authentication, and blockchain verification hold promise but raise ethical concerns like privacy, inclusivity, and surveillance. The battle against bots isn’t just about tools but it’s about reimagining trust and security in a rapidly evolving digital world.

AI is clearly winning the CAPTCHA war, but the real victory will be designing solutions that balance security, user experience and ethical responsibility. It’s time to embrace smarter, collaborative innovations to secure a human-centric internet.

References

• https://www.business-standard.com/technology/tech-news/bot-detection-no-longer-working-just-wait-until-ai-agents-come-along-124122300456_1.html 
• https://www.milesrote.com/blog/ai-defeating-recaptcha-the-evolving-battle-between-bots-and-web-security 
• https://www.technologyreview.com/2023/10/24/1081139/captchas-ai-websites-computing/‍
• https://datadome.co/guides/captcha/recaptcha-gdpr/

Introduction

‍

With the advent of cloud computing, new information and asset delivery avenues have become possible, including Infrastructure-as-a-Service, Platform-as-a-Service, and Software-as-a-Service. With this change, the conventional paradigm of "computer as a product" is replaced with "computing as a service," which is provided to customers via the internet by big data warehouses or the cloud. Additionally, it has brought about an essential shift in how organisations function, allowing them to access computer tools and services online instead of needing to construct and manage their IT systems. As a result, organizations are now more agile, scalable, and efficient and can react swiftly to shifting consumer demands and market situations.

The Growth of Remote and Hybrid Workspaces

‍

Hybrid and remote workplaces are becoming more popular post-pandemic era. Many businesses have used regional workplace solutions to manage a more scattered workforce. IT departments are put in a difficult position since they have to make sure that branch office staff and remote workers can access the information they require safely and dependably. VPNs and Direct Internet Access links are becoming more and more popular, thus IT professionals are coming up with innovative ways for connecting distant locations to the main office while protecting the confidentiality of information.

User Portability

‍The widespread use of mobile devices for work, along with the growing Bring Your Own Device (BYOD) culture, has significantly contributed to the rise of remote work and flexible work environments. Employees can now connect to corporate systems using either personal or company-issued devices through secure methods such as Virtual Private Networks (VPNs) or cloud-based platforms. This has made teleworking, work-from-home setups, and flexible work hours increasingly common and practical, allowing for greater productivity and work-life balance.

Growing Volume of Traffic

‍

Professionals in the modern workplace must have access to private apps stored in a data centre or a multi-cloud setup. Nevertheless, these programs might not always be easily accessible from branch offices or by remote workers and staff members might not have instant support for IT. Organizations must discover solutions to this problem so that remote workers may consistently and dependably access company resources while also making the most of their current assets. It is important to note that employees need reliable and secure ways to access their work tools from anywhere, just like they would in the office.

Battling Networking and Security Issues in a Post-Pandemic Setting

‍

While many businesses have successfully adopted a cloud-first approach for new system implementations or have deployed specific Software-as-a-Service (SaaS) solutions, many are still struggling to fully reap the benefits of moving most or all of their business software to the cloud.

‍

• Conventional IT frameworks allowed for the creation of the present company applications. Because of this, these applications are frequently inflexible and configured for fixed capacity across a limited number of data facilities. Certain organizations could lack the elements required to oversee an entire cloud migration. This could be the result of things like an affinity for on-premises systems, aversion to alteration, or a lack of experience with cloud systems. 
• Although cloud computing might be a cost-effective solution for some workloads, it might not be the best choice overall. Running certain applications in a combination of cloud services or on-premises may be more cost-effective. 
• Particularly if they are regionally distributed, workloads requiring high connection speeds or low latency may not be ideal for cloud computing.
• If a corporation lacks authority over the servers in the cloud, it may be concerned about the integrity of its data stored there. Consequently, they would rather keep it inside their data facilities.
• Firms may be restricted in their ability to migrate some types of information to the cloud by legal or compliance regulations. 

Networking and Cybersecurity Consolidation: Handling Present Risks

‍

In the past, protecting a network required establishing boundaries and keeping an eye on communication between recognized devices. However, it is now required for a network's components to work together as a cohesive system due to shifting expectations. To do this, flexible network pieces must be able to communicate with one another while also protecting workflows, apps, and payments that move across different devices. The current problem is to effortlessly combine security with network capabilities and connection so that data can flow between constantly moving devices while being inspected, encrypted, and subject to regulation.

Infrastructure and security personnel must update their methods and equipment to better meet these constraints to deliver reliable, efficient, and trustworthy access across users, apps, and regions within an enterprise. Inevitably, networking and safety will eventually merge for improved organizational alignment.

Businesses may stay ahead of the competition in attracting top people in an increasingly diverse and cost-effective workplace by integrating a virtual and physical workforce. The future of security solutions lies in consolidation and platformisation; a cloud-centric Secure Access Service Edge (SASE) the capacity offering paired with network edge capabilities like secured Software-Defined Wide Area Network (SD-WAN) can improve and automate the safety measures of the company while also cutting down on the complexity and expense of managing disparate point remedies.

Safe Networking: Moving Towards This Phenomenon and Concentration of Cybersecurity

‍

Companies relying on conventional networking models often face challenges in securing modern elements, such as cloud-based applications, remote users, mobile devices, and distributed locations, because traditional networks were not designed with these factors in mind. A robust networking strategy integrates both safety and networking into one system to get around these problems. It enhances security posture and network performance. It improves the user's experience and lessens the complexities of management. It is important to combine point product providers into a risk management platform rather than implementing safety measures one at a time. Tighter cooperation, greater efficiency, and a quicker, better-coordinated reaction to network threats are made possible by this.

SASE: A Coordinated Method

‍

Secure Access Service Edge (SASE) is a cloud-based architecture that offers security and networking solutions as needed and unites all edges into a single logical connection.

SASE drivers

‍

Conventional safety measures are ill-suited to deal with the more dispersed and complicated IT environment brought about by the advent of the Internet of Things, edge computing, and telecommuting. Using SASE, security and network services may be accessed from the cloud, eliminating the need to backhaul traffic to a single data centre for safety assessment.

‍

• Distant user traffic assessment and blind spots presented difficulties for companies.
• Full oversight over hybrid network operations is provided by SASE technology, which provides network services including FWaaS, SWG, DLP, and CASB.
• Issues around abnormal port usage and policy violations have arisen as more customers access SaaS apps from different gadgets and regions.
• SASE technology reduces the cost of hiring IT staff by combining safe access to resources from one supplier.
• SASE technology consolidates secure accessibility capabilities from one vendor, hence lowering the cost of hiring IT workers.
• One major benefit of SASE technology is its ease of administration. Even when overseeing multiple offices inside a corporate network, the IT department's job is minimized because a single cloud-based administrator manages the entire system.

Recommendations

‍

• For high-risk use cases, consider utilizing Zero Trust Network Access to supplement or replace the outdated VPN for distant users.
• Take inventory of the gear and agreements in order to progressively replace the branch and perimeter hardware on-site over a few years in favour of delivering SASE functionalities via the cloud.
• Simplify and cut expenses by grouping suppliers when VPN, CASB, and encrypted web portal agreements are up for renewal. Profit from a market that has come together and integrated these security edge services.
• Limit SASE products to a couple of partnering companies.
• Irrespective of location, integrate Zero Trust Network Access (ZTNA) and methods of authorization (such as MFA) for every client, including those in the workplace or branch.
• To meet security and regulatory requirements, select SASE products that provide you control over where inspection takes place, how traffic is directed, what is recorded, and where records are kept.

Conclusion

‍

The development of cloud technology, the rise of offsite and hybrid workplaces, and the increased challenges in communication and privacy following the pandemic highlight the necessity for a comprehensive and integrated strategy. By adopting SASE (Secure Access Service Edge), a cloud-centric framework that enables secure connectivity across diverse environments, businesses can enhance cybersecurity, streamline operations, and adapt to the evolving needs of modern workplaces. This approach ultimately contributes to a safer and more efficient future for information architecture.

References

‍

• https://www.dsci.in/files/content/knowledge-centre/2023/DSCI-Fortinet%20POV%20Paper.pdf
• https://www.datacenterknowledge.com/cloud/cloud-trends-and-cybersecurity-challenges-navigating-future
• https://banagevikas.medium.com/cybersecurity-trends-2024-navigating-the-future-10383ec10efe

Authors:

‍

Soumya Gangele (Intern - Tech & Policy), CyberPeace

Neeraj Soni (Sr. Researcher), CyberPeace

‍

11th November 2022 CyberPeace Foundation in association with Universal Acceptance has successfully conducted the workshop on Universal Acceptance and Multilingual Internet for the students and faculties of BIT University under CyberPeace Center of Excellence (CCoE).

CyberPeace Foundation has always been engaged towards the aim of spreading awareness regarding the various developments, avenues, opportunities and threats regarding cyberspace. The same has  been the keen principle of the CyberPeace Centre of Excellence setup in collaboration with various esteemed educational institutes. We at CyberPeace Foundation would like to take the collaborations and our efforts to a new height of knowledge and awareness by proposing a workshop on UNIVERSAL ACCEPTANCE AND MULTILINGUAL INTERNET. This workshop was instrumental in providing the academia and research community a wholesome outlook towards the multilingual spectrum of internet including Internationalized domain names and email address Internationalization.

‍Date –11th November 2022

‍Time – 10:00 AM to 12:00 PM

‍Duration – 2 hours

‍Mode - Online

‍Audience – Academia and Research Community

‍Participants Joined- 15

‍Crowd Classification - Engineering students (1st and 4th year, all streams) and Faculties members

‍Organizer : Mr. Harish Chowdhary : UA Ambassador

‍Moderator: Ms. Pooja Tomar, Project coordinator cum trainer

‍Speakers - Mr. Abdalmonem Galila, Abdalmonem: Vice Chair , Universal Acceptance Steering Group (UASG)and

‍Mr. Mahesh D Kulkarni Director, Evaris Systems and Former Senior Director, CDAC, Government of India,First session was delivered by Mr. Abdalmonem Galila, Abdalmonem: Vice Chair , Universal Acceptance Steering Group (UASG) “Universal Acceptance( UA) and why UA matters?”

• What is universal acceptance?
• UA is cornerstone to a digitally inclusive internet by ensuring all domain names and email addresses in all languages, script and character length.
• Achieving UA ensures that every person has the ability to navigate the internet.
• Different UA issues were also discussed and explained.
• Tagated systems by the UA and implication were discussed in detail.

Second session was delivered by Mr. Mahesh D Kulkarni, ES Director Evaris on the topic of “IDNs in Indian languages perspective- challenges and solutions”.

• The multilingual diversity of India was focused on and its impact.
• Most students were not aware of what Unicode, IDNS is and their usage.
• Students were briefed by giving real time examples on IDN, Domain name implementation using local language.
• In depth knowledge of and practical exposure of Universal Acceptance and Multilingual Internet has been served to the students.
• Tools and Resources for Domain Name and Domain Languages were explained.
• Languages nuances of Multilingual diversity of India explained with real time facts and figures.
• Given the idea of IDN Email,Homograph attack,Homographic variant with proper real time examples.
• Explained about the security threats and IDNA protocols.
• Given the explanation on ABNF.
• Explained the stages of Universal Acceptance.