Source: Surging News
Author: Yuan Lu, Jia Fang
Zeng Min took his thigh with his strength, there was pain, everything was true.This day is the third day when she was scammed by the Internet, but she has always been in a terrible dream and couldn't get out.
In the early morning of February 14, someone applied to add Zeng Min's QQ friend. She didn't think much. She thought that the person you could know passed the other party's application.The other party immediately sent her a few folders. She opened it and looked at her personal information inside, with important contents such as address book, private photos, and working files in mobile phones.
"Just like the clothes were picked up." Zeng Min said that she couldn't understand which link was wrong, and her information would be leaked like this.Under the threat of the other party, she transferred more than 100,000 yuan (RMB, the same below) in half an hour.
Two days before Zeng Min was scammed, and on the evening of February 12, the news of 4.5 billion personal information leaked spread on the Internet.These data are mainly personal courier information of online shopping users, including real names, telephones and addressing information, and have public inquiry channels.
Liu Qianwei is a data security expert. He has been engaged in information security for more than 20 years. Every month, he will help the company's customers to handle five or six major data leaks, find the reasons for leakEssenceIn his opinion, domestic data security still faces serious problems such as compliance landing, lack of important data protection, lack of comprehensive risk perception.
One Taobao consumer record, a courier takeaway order, a recruitment website registration, a campus recruitment company information statistics ... In each movement terminal, there may be an invisible network hunting individualsprivacy.These personal information flows to every corner of the Internet world, and may eventually become a sword that stabs to themselves.
"Why are me"
"Why is me?"
This is a question that Zeng Min has been asking herself for a few days., "Uncomfortable and disgusting to vomit", every day, I have a liar and cheated money.23 -year -old Zeng Min worked in a government unit. Some of the more than 100,000 yuan were deceived, and some of them were some of her money that she saved money for three years.
In the early morning of that day, she hadn't had time to respond. The other party called her via QQ, and she answered.Opposite is the voice of a man, saying a non -standard Mandarin.The man directly stated that he wanted to want money.If he transferred money, he deleted these things cleanly; if he didn't turn, he leaked all the information of Zeng Min.
Zeng Min's brain was blank, and he was very scared.Her first reaction was to call the police for help, but the other party could monitor her mobile phone in real time and threatened her to call her family and leaders immediately if the police called the police."He really called my leader's phone immediately."
In QQ voice call, Zeng Min remembered that the man said the name of the leader and heard the voice of the leader.She was panicked at the time, and was afraid that he leaked the information in the phone.
The person on the opposite side began to guide her to transfer money. After she turned her tens of thousands of savings, she asked her to find money and loan."I really did what he said. As if there is any magic, I have always led my fear."
After turning the money, the other party also asked her to find a way to give him fiveQian, "I couldn't get out, and hung up the phone, but I was afraid that he would call me again, and I deleted him QQ." Zeng Min recalled.
Zeng Min left the transfers and borrowing records. Some of the payee names. She reported to the police and thought that she could find people with this information.However, the police told her that the ID card and bank card were likely to be bought by scammers, and even if they found themselves, "and it is estimated that people are not in the country."
Under despair, Zeng Min told his parents about the deceived parents, "The old people of this age have no concept of the senior fraud of online fraud, and I don’t understand why I was deceived, let alone accept it, and I couldn't accept it.I can't find this money. "When a person, Zeng Min hid in the room and cried.She brushed various online articles that have similar experiences every day, and obtained "a trace of comfort and search for a little hope."
Information security expert Gao Xuefeng's customers also have such situations.The documents or links sent by the offenders generally bring a Trojan virus. As long as it is opened, it will be poisoned, and the computer or mobile phone will be remotely controlled.In this way, the other party stole private information in mobile phones and computers, and deceived property.
Gao Xuefeng has been doing in the field of personal information security for 11 years. He is now the founder of a network security technology company and is mainly responsible for information security in government and enterprises.In his opinion, in the era of mobile Internet, people basically paid, shopping, communication and chatting were through mobile devices. The leakage risk of personal information and the challenges of response were getting greater.Although the relevant laws have been introduced one after another, "but many people using the Internet are not strong security awareness."
Gao Xuefeng's relevant laws are that in recent years, China has successively introduced network security law, data security law, key information infrastructure security protection regulations, and personal information protection laws.
But for Zeng Min, these laws are unfamiliar.She heard that there are laws related to personal information, but she always feels far away from herself, and she never thinks that she will be rejected by personal information.
The purchase and sale of the clear price
Like Zeng Min, many people do not know that on some network platforms, the privacy personal information has become a product with a clear price price.
In some social software groups, user information including household registration, mobile phone number, positioning, checking files, property investigation, opening house records, flowing water, etc. are sold publicly.
In a sales group sneaked into the surging news, if you only query the basic information of your personal information, including ID cards, names and addresses, the price is 700 yuan/time, and the price is the lowest agency price.If you want to be his agency, you need to transfer to him a 5,000 yuan agency fee.
A information seller said that they do not have personal information transactions on domestic platforms such as WeChat or QQ. The business is currently conducted on overseas social software, but the transfer is mainly through Alipay accounts.
"Because the current amount of information has been leaked more, the criminals make a large data collection of various data. Enter the corresponding requirements in it, and the system will automatically searches related information."Wang Ze said.
Not only some overseas social software, but also countless personal data transaction in the dark network.The dark network is also known as the Hidden Web. Ordinary users cannot search and access through conventional Internet means. Its design makes the user's identity highly secret, and the dark web community cannot communicate with each other.These leaked information on public sale, including citizenship information of government institutions; customer information of financial institutions such as banks, securities, and other major telecom operators, as well as the Internet, express delivery, hotels, real estate, aviation, hospitals, schools and other industries.Customer information.
On February 18th, when a reporter followed the relevant discussion posts of dark web and entered the information query and trading group mainly based on a certain overseas social software, it was found that each group of such groups was onThousands of people participated, and the number of continuous activity was around 1,000 within 24 hours.
In this group of information transactions, there is a new user entry every ten seconds. Among them, there are not only people inquiry information, but also practitioners who intend to provide privacy information in batches and seek long -term cooperation.Some groups provide address finding people, affiliated figures, identity household registration, mobile phone owner, opening house records, courier address, loan records, license plate owners, personal commonly used passwords, mobile games and social network account passwords, contact information of the same nameThe registered personal privacy can find the required information within a certain time limit as long as they pay.Some sellers said that the main whereabouts of the mobile phone number can be located, and such entries areThe group is marked as "entertainment".
In addition to these artificial charging services, the privacy query website is everywhere in the dark network. Countless personal information is consumed like snowballs, voyeur, stealing.
For this kind of personal information transactions on the outer network, Sun Wenjie, director of Yunnan Lingyun Law Firm, believes, "Any individual or unit, if it violates relevant national regulations, is sold or provided by citizen individuals in what form of the country.The information constitutes the crime of infringing the personal information of citizens. "
According to the provisions of the crime of" violating the personal information of citizens "in accordance with the criminal law of the Criminal Law, it violates the relevant national regulations, sold to others or provides citizens to provide citizensPersonal information, if the circumstances are serious, be sentenced to imprisonment or detention of less than three years, and shall be punished or a single fine; if the circumstances are particularly serious, they will be imprisoned for three years and seven years, and a fine.
In addition, information sellers often hide the IP address through overseas social software and dark networks.Information is also used for other types of illegal crimes, such as telecommunications fraud.
According to the monitoring of the Qi Anxin Intelligence Center, it was found that only from January to October 2022, more than 95 billion Chinese institutions were illegally traded overseas, of which 60%were personal information of citizens.There are about 57 billion pieces, which is equivalent to 1.4 billion Chinese people. In the first ten months of 2022, an average of 41 personal information was leaked.
For how to control the above -mentioned illegal criminal acts, Sun Wenjie suggested, on the one hand, the path and behavior of browsing logging in to the overseas privacy trading websites through technical means to strengthen the daily supervision of such casesNational -level supervision and disposal platforms, strengthen international cooperation, and weave the global regulatory network.
"Data Assets Bad online"
A privacy query website reads a sentence, "Privacy is dead, see more." Wang Ze did not agree with this statement.Require privacy and safety.
A few days ago, after Gao Xuefeng saw the news of 4.5 billion personal information leakage, he checked with his phone number on the dark network and found that the courier he had purchased was exposed.Essence"This kind of network transmission is encrypted. It is difficult to find who is doing it. It may not be able to catch it even if it can be located." Gao Xuefeng believes it is difficult to investigate the leak.
In data sellers, all kinds of information can be traded, even if it is just a name.Wang Ze said that another example is a ticket. If the illegal person gets a screenshot of the air ticket, you can track which person, which aircraft, and other detailed information. "The harm is great."
In Gao Xuefeng's view, personal information finally fell on the data protection of the enterprise.Regardless of whether it is the C -end data or the C -end service provided by an enterprise, a large amount of personal information data may be generated in the end, which may be attacked or stolen by hackers.There is also a leak that may be that internal personnel of the enterprise steal data, and the sales profit is "a lot".
In real life, many APP collects user information as an analysis of the portrait portrait portrait of the company's customer group without authorization or overlap, or resold to other companies to make a profit.
Some applications will "eavesdo" your chat or "peeking" user search preferences."This is actually a leakage of personal information. Some apps may authorize you to open the right of microphone. Voice recognition captures keywords and do backstage operations." Gao Xuefeng said.
"Many companies have no system planning, and they are not capable of covering data assets that need to be protected." Liu Qianwei said.The client found him and said that the data was leaked.Liu Qianwei set up a "task force", "to diagnose the doctor like a doctor". Is it a network problem or an account problem? What are the exposes and what ways others can obtain this information.
Many data have been leaked for a long time in his customers, or some people have sold these data on the dark network.
Among Gao Xuefeng's customers, someone was once remotely controlled by mobile phones and transferred the money in mobile banks away."How does his password leak?" Gao Xuefeng reminded that many people are used to using the same password. If you log in to unsafe websites, of which offenders can obtain information.
Improper system
In order to prevent personal information from leaking online, Gao Xuefeng usually uses multiple passwords in different situations, especially those related to payment, and set more complicated passwords.
Wang Ze's daily work is to ensure the security of a network system. If there is an illegal request to use personal data, he needs some strategies to intercept the request of an informal approach.
Over the years, he has handled some malware, collected evidence collection information for court cases, hunted hackers in the computer system, studied massive log data, used and maintained various security tools.
In his opinion, this huge system of information is difficult to be perfect. "Don't completely expect the company to fully protect your data, personal information security awareness is the most important."
Specifically, he has never left real names and detailed addresses on the online shopping platform. When the courier is sent, he chose to put it in the courier cabinet.If some platforms need to authorize the phone number, he usually refuses to use it.He registered a mailbox specializing in various verification codes and registered various network information with a virtual phone number."As far as personal information is concerned, it is not authorized to be authorized, because it will share it with a third party, and many people will not go to see what they write in the privacy agreement."
Director of the Beijing Lanqin Law FirmLi Wenqian suggested not to fill in the questionnaire on the Internet at will, register the website without the source of the unknown website, do not click unknown SMS links, do not scan the QR code of unknown sources, do not expose too much information on various social software., Not greedy for small and cheap, downloading an unknown app.
After experiencing this fraud, Zeng Min unloaded the chat software.On the fifth day of her fraud, her post became a tree hole under her post, and the same experience as her described what she was deceived.In the past, she comforted the same victims as her, "they are all scammers' faults, and protect their personal privacy in the future."
(To protect the privacy of the respondents, Zeng Min and Wang Ze are pseudonym.)