The captchas don't need to be wrong. It's enough to result in an output quite similar to a german word, so it's more likely to fail it. Tricky because the same person can pass it at a different moment.
Statistical information about language/captcha word/failed answer could give interesting results.
Long time running the captchas is not so important, as they can have been logging all these time without getting the captcha.
Somebody on a german ISP trying to break de: passwords, could be showing captchas for users who have never passed one.
If the attack is complete enough / the ISP uses a few proxys, the simply increment of people seeing captchas could explain the increment of OTRS complains. I suggest asking them for their ISP / IP.