In 2017, the scale of my country's network security industry was more than 45 billion yuan, while the black and gray industry has reached a scale of 100 billion yuan. The black and gray industry has developed more rapidly than the security industry. According to the statistics of Ali Security Zero Lab, hundreds of thousands of telecom frauds were observed from April to December 2017, with a loss of more than 100 million yuan, involving tens of thousands of victims. Telecom fraud cases remain high and large in scale. non-stop upgradin.
The above-mentioned set of data comes from the "2018 Cyber ​​Black and Ash Governance Research Report" (hereinafter referred to as the "Report") released by Ali and Southern Metropolis Daily, which was released on August 21 at the 2018 Cyber ​​Security Ecological Summit.
The "Report" pointed out that at present, online black and gray industries are facing difficulties in obtaining evidence, encountering obstacles in coordination and cooperation, and insufficient investment in capacity building. The "Report" suggests that a joint government-enterprise mechanism should be established to jointly build a security "firewall."
The Internet black and gray industry is not far away from us.
If you follow a bunch of unfamiliar marketing accounts on Weibo inexplicably, QQ will be added to unfamiliar groups somehow, and Douyin will “automatically†become a “fan†of an internet celebrity. Perhaps the black and gray production gang has been manipulated through data theft. Up your account.
Recently, the police in Yuecheng District, Shaoxing, Zhejiang, cracked a case called "the largest data theft case in history", which started from the discovery of the above-mentioned abnormal phenomenon.
In late June of this year, the Internet Police Brigade of the Public Security Bureau of Yuecheng District received multiple reports from citizens, saying that they discovered without knowing that strange friends and followers were added to their social accounts such as Weibo and QQ, and their mobile phones often received various reports inexplicably. A kind of spam advertisement pop-ups, text messages, and suspected personal information being leaked.
The police investigation found that a listed company in Beijing with new media marketing as its main business signed a marketing and advertising system service contract with an operator covering more than ten provinces and cities, exploiting the operator’s inadequate supervision and arranging malicious collection of information on the operator’s server The program illegally obtains user data from the operator’s traffic pool and stores some of the data on Japanese servers in order to avoid supervision and investigation.
This case affected many operators in many provinces and cities across the country, such as China Telecom, China Mobile, China Unicom, China Railway and Radio and Television, and led to the acquisition of user data of 96 Internet companies across the country, including Baidu, Tencent, Alibaba, and Toutiao. Almost all domestic The core Internet companies have all been "plucked by wild geese", and none of them have been spared.
What secret information users search for on the Internet, where to go, when and where to open a house, what they bought, etc., are all mastered by criminal gangs that steal user information. In this case, the black-and-ash production gang has manipulated user accounts and carried out fanning, brushing, grouping, illegal promotion on social platforms such as Weibo, WeChat, QQ, Douyin, etc., illegally making profits, and a company under the criminal gang for one year Revenue is more than 30 million yuan. With the above-mentioned comprehensive user information, the black and gray production gangs can also carry out various criminal acts such as precise telecom fraud by performing "portraits" of users.
Four types"The use of Internet technology to carry out various crimes such as theft, fraud, and extortion frequently occurs, and the black and gray production industry derived from the Internet is accelerating its spread." The "Report" said.
The "Report" reveals the four types of black and gray production links: technical black and gray products, source black and gray products including false account registrations, black and gray products on platforms used for illegal transactions and exchanges, and implementation of various types of black and gray products. Kind of illegal and criminal acts of black and gray products.
The black-and-ash production technology promotes the breeding and spread of network crimes such as pornography, gambling, fraud, etc. It provides criminals with a "vest" and "protective umbrella" to hide their identities and conceal criminal evidence, and continue to derive new "viruses" and new variants. Failure to eradicate the black and gray gangs and cut off the "seven inches" of hidden criminal links will cause endless troubles.
Technical black and gray products, which are mainly produced and provided for various types of software and hardware equipment and services for those who are not technically technical in the middle and lower reaches. Trojan horse implantation, phishing websites, and various types of malicious software are all common technical black and gray products. Produce.
The "Report" found that the main purpose of traditional Trojan horses is to control the host of infected persons, but in recent years, the intention of virus Trojan horses has shown more and more profitability. In 2016, deception and fraud accounted for 5% of the Trojan horse samples popular on the entire network. By 2017, the proportion had risen to 11%.
In addition, "hackers" use these information to steal the victim’s assets by copying large-scale websites such as banks to induce users to provide sensitive personal information such as account passwords. In recent years, most of them have been counterfeiting major banks and China Mobile. Disrupting the order of the platform, putting platform users at risk, and also affecting the reputation of the platform.
The "Report" pointed out that the illegal use of online accounts is mostly realized in the form of malicious registration, false authentication, and account theft. Taking malicious registration as an example, the "Report" shows that currently 83% of malicious accounts generated through black card registration are mainly distributed in online taxi-hailing, Internet finance, vertical e-commerce, and online games, among which 45.5% of malicious accounts are active in online taxi-hailing. Among them, they are mainly used to obtain red envelopes for taxi rides; 16.6% of malicious accounts are malicious in Internet finance, using malicious accounts for illegal financial management and lending, etc.; 14.5% are malicious in vertical e-commerce such as some famous cake brands and certain travel brands; 7.1% committed evil on some well-known online game platforms. Malicious registration has caused the emergence of a large number of non-real-name registered mobile phone cards and online accounts, providing a "cover vest" for crimes such as online fraud, online pornography, gambling, and drugs.
Derivative fraudThere are also platform-like black and gray products used for illegal transactions and exchanges in the black and gray production links. The "Report" pointed out that malicious websites include empty package trading platforms, order-swiping platforms, code-receiving platforms, verification code printing, card issuing platforms, etc. These platforms have become the main places for black and gray software and information exchanges. Crimes provide convenient tools to obtain channels.
Take the empty package trading platform as an example. The so-called "empty package" is an empty express package, which is when sellers jointly use hands (swiping platform) to conduct false transactions in order to improve the reputation of the store, resulting in a large number of unreal express orders.
In addition, according to the statistics of Ali Security Zero Laboratory, there were as many as hundreds of professional and technical black and gray production platforms active in 2018. Service specialization has made criminal technology more civilians, and low prices have also gradually reduced the cost of black-and-white technology crime.
The "Report" also found that the Internet industry, due to black and gray production, has derived malicious orders, malicious refunds, malicious evaluations, and malicious complaints for the purpose of extortion and disrupting order.
The "Report" pointed out that common types of online fraud also include impersonation of public security law, leadership, customer service refunds, part-time billing, second-hand trading platforms, airline ticket refunds and changes, and so on.
Among them, impersonation of public security, procuratorate, and law fraud is currently one of the most severe types of fraud in online fraud. Criminals use multiple roles such as banks, public security, and prosecutors to suspect a "major confidential criminal case" on the basis of the victim's funds and personal identity. Carry out psychological bombardment on the victim and commit fraud by transferring the victim’s property to a "secure account". This type of fraud has another characteristic, that is, the proportion of frauds targeting middle-aged and elderly people is very high, and fraudsters take advantage of the weaknesses of middle-aged and elderly people to guard against it.
Comprehensive governanceThe "Report" pointed out that in the entire industrial chain of online black and gray products, various means are used to pick up, steal or obtain personal information through buying and selling, thereby committing crimes such as fraud, and becoming the main way for black and gray products to profit. . Network black and gray products have a bad impact on citizens’ personal information security, property security, social order, and the security and stability of national infrastructure, disrupting the implementation of laws and policies, jeopardizing the construction of a social credibility system, disrupting the order of cyberspace, and eroding the normality of the Internet economy Working cancer.
The "Report" recommends that, in the face of the dilemma of online black and gray industry governance, a multi-party joint cooperation mechanism of government, enterprise and research should be established to strengthen the governance system and concept innovation.
At present, more than 100 universities across the country have set up information security majors, and many key universities have set up cyberspace security colleges. An education system for training cyber security talents has been initially formed, but there is still a gap between the needs of corporate security talents and the training system of colleges and universities. There is a gap, which requires the upgrade of the entire security personnel training concept and system.
The "Report" pointed out that in the future, it is necessary to attract more talents from other fields to enter the security field. Alibaba Security has established security laboratories such as Alibaba Gemini, Alibaba Orion, Alibaba Pandora, and Alibaba Zero, which lays a solid foundation for the cultivation of security talents in black and gray industry governance. basis. The government and manufacturers should strengthen cooperation, and at the same time, there should be new methods of combating "administrative competent units + public security agencies."
According to the complicated status of the legal application of the black and gray industry chain, the public security organs take multi-departmental joint governance and multi-police coordinated strikes as ideas, and use administrative management as a breakthrough point for competent authorities such as industry and commerce to manage relevant platforms and websites; at the same time; The fixed server data facilitates the public security organs to dig the upstream and downstream links of the industry chain, and finally file a criminal case against the entire industry chain.
The "Report" also recommends that the comprehensive treatment of "anti-blocking and dredging" of black and ash production should be achieved. First of all, an online protection system for black and gray products should be established. Most of the comprehensive online trading platforms and software for black and gray products are concentrated in forums, websites, etc., through the display of the website and server-related content, and its functional role in the black and gray products, combined with current laws and regulations, to cooperate with relevant regulatory bodies. Targeted crackdowns. For those unable to conduct offline project crackdowns, they should make full use of the efficiency and convenience of administrative governance methods, and promptly dispose of, shut down, and demobilize these apparently illegal groups and forums, which can effectively save judicial resources. , Improve judicial efficiency.
For offline governance, attention and follow-up efforts on technical black and gray products should be increased. Due to reasons such as insufficient coercive force and penalties, it is difficult for simple administrative management to achieve the desired effect of radical cure; and due to problems such as the application of law, it is difficult for criminal strikes to timely control part of the gray industrial chain. Therefore, to further promote the governance method combining "management and combat" and strengthen the governance of offline cases is the only way for the governance of online black and gray assets.
Truck Led Display,Mobile Led Billboard,Truck Mounted Led Screen,Truck Led Screen
ShenZhen Megagem Tech Co.,Ltd , https://www.megleddisplay.com