Reporter Zhang Tianpei
Painted by Li Qiang
Editor's note: I just bought a fitness experience class in a group, and I received a promotional call from the gym to sell cards; With a new bank card, people will soon come to ask if they need a loan...... In our daily lives, our personal information is leaked unconsciously, and harassing phone calls and promotions follow one after another.
In the course of handling the case, the public security organs found that at present, criminals infringing on citizens' personal information have formed an industrial chain, and information acquisition, information reselling, and information use are key links. Some criminals illegally obtain citizens' personal information and carry out illegal and criminal activities through various methods such as implanting Trojan horse programs and colluding with internal and external personnel, seriously interfering with citizens' daily lives.
Information loss of education and training institutions——
Placing Trojan horses on the education and training industry to illegally obtain internal data
去年9月,一條關於有人在某教育培訓機構電腦內植入惡意軟體,導致公司客戶資料、使用者資訊等敏感數據被非法獲取的線索浮出水面。該公司內部監控錄像顯示,員工魯某某趁公司無人值守,刻意遮擋公司監控探頭,將隨身帶的優盤插入其他員工工作電腦,獲取電腦中的數據資訊。
After investigation, this is not the first time Lu Moumou has committed a crime. The police realized that the case should be a case of artificially dropping virus Trojan horses, rather than the suspect's confession simply to spy on the privacy of other colleagues, so they conducted an in-depth investigation as soon as possible. Lu Moumou admitted that he frequently jumped to online education and training institutions across the country, and the main purpose was to implant Trojan horse programs in the company's computers and obtain a large amount of internal company data.
After further investigation, the police found that Lu Moumou was only one link in the criminal chain, and behind him there were many links such as the organizer Yan Moumou and the professional and technical personnel who provided the Trojan virus, and the criminals were distributed in many places. "This kind of criminal chain is divided into upstream, midstream, and downstream such as Trojan horse makers, organizers who buy Trojan horse programs and distribute them, and errands and 'poisoning' personnel." According to the police handling the case, this case is very harmful to society, the gang involved in the case is large in number and well-organized, and the criminal methods are extremely hidden.
In this case, the victim enterprises were all engaged in online education and training on the Internet, and basically relied on the Internet to conduct business, but due to their small size, they lacked professional strength in internal security management and network security prevention. At the same time, due to the large turnover of employees in sales positions, it is impossible to find out the abnormal situation of employees' computers in time.
It is understood that the members of the criminal gang joined the victim enterprise mainly for the purpose of putting Trojan horse programs, and did not create performance for the relevant enterprises, and all of them were centrally lodging and unified management under the arrangement of Yan Moumou, and all used anonymous chat tools to communicate with each other, which is a typical case of a vicious cyber-related criminal gang that illegally obtained customer data and business data within the enterprise.
After examination and interrogation, combined with the inquest and evidence collection, the police found that the gang had successively "poisoned" more than 50 enterprises. "The successful detection of this case has effectively deterred practitioners engaged in illegal acquisition, trading and trading of data in the online education and training industry, effectively safeguarded the legitimate interests of relevant enterprises, and ensured the security of citizens' personal information." The police handling the case said.
E-commerce platform "order decryption"——
Merchants, "decryption intermediaries", and courier companies collude to sell personal order information
Not long ago, netizen Han Moumou reported to the public security organ that after buying tea in the store of an online shopping platform, his mobile phone number received many strange sales calls and overseas fraudulent calls, and also received all kinds of false shopping information. After receiving the report, the public security organs followed the line and found that there was an organized and professional criminal chain of infringing on citizens' personal information behind the clues, and immediately launched an in-depth investigation.
According to the relevant person in charge of an e-commerce company, after the introduction of laws such as the Personal Information Protection Law and the Data Security Law, in order to better protect the personal privacy of consumers, e-commerce platforms and express delivery companies will replace the intermediate information in fields such as recipient, mobile phone number, and delivery address with "*" on the e-commerce merchant page and express delivery list to encrypt the order information. However, in practice, in order to meet the normal business needs of merchants, e-commerce platforms usually provide a small amount of "order decryption" quota, but some merchants are driven by interests to collude with "decryption intermediaries" to "decrypt all encrypted orders". Order export, order decryption, and order settlement, as long as you can easily obtain the encrypted customer order information in three simple steps.
"E-commerce merchants use order assistants and ordering software to export 'encrypted orders' in batches and send them to 'decryption intermediaries'." The decryption intermediary colludes with the courier company's 'ghost' to decrypt the order information and send it to the e-commerce merchant. The e-commerce merchant will then pay the 'decryption intermediary' based on the number of orders successfully decrypted. The police handling the case introduced.
In this case, criminal suspects such as Li and Chen were looking for merchant customers who needed to decrypt order data on the Internet platform, and after smelling the "business opportunities", some platform merchants started to think crookedly. After the merchant bundled the encrypted order information to Li, Chen, etc., it was resold and sent to the data decryptor Hu Moumou and others, illegally obtaining the customer's personal information in the order.
"This is a typical case of 'order decryption' type of infringement of citizens' personal information." According to the police handling the case, a total of 300 suspects were arrested in this case, and the amount involved was as high as more than 0 yuan.
Job Search Sites Fake Recruitment –
Impersonating the employer induces the company to download fraudulent apps to deceive and resell job seekers' information
去年6月,某網路招聘平臺向公安機關報案:該平臺求職者田女士投訴稱,平台註冊資訊為“某科技有限公司第一分公司”的聯繫人以教如何賺錢為誘餌,對其進行刷單詐騙2400元。“我們經過分析發現,該科技有限公司冒充合法企業,在平台上傳虛假的營業執照、辦公環境視頻,通過發佈虛假職位,累計非法獲取上百名求職者姓名和手機號。”該網路招聘平臺安全部門相關負責人介紹。
Once the job seeker provides his or her resume to the technology company, the criminal gang will add the job seeker's WeChat the next day, recommend the anchor to the job list, and direct him to an office app. After the drainage is successful, the fraud gang will continue to induce the victim to download the fraudulent APP and carry out fraud on the victim. The public security organs dug deep and found a criminal gang that went from making and selling fake business licenses to reselling personal information for job seekers, and then helping wire fraud gangs carry out precision fraud.
“經查,該團夥已初步形成制售假營業執照、在各大平台違規註冊公司、騙取倒賣求職者資訊的黑產鏈條。”辦案民警介紹。據查,犯罪團夥一共非法獲取近千名求職者的聯繫方式,涉及的求職人員遍布全國各地。另外,該團夥在7個網路招聘平臺上冒用正規企業信息進行註冊,致使被冒用的企業無法在平台註冊招聘,堵塞求職人員入職相關企業的網上通道,對求職招聘市場秩序造成了嚴重破壞。
After the case was cracked, the public security organs reported the information on thousands of fake industrial and commercial business licenses sold by the gang to a number of recruitment platforms for verification and cancellation, and promptly cut off the black and gray industry chain.
In recent years, the public security organs have attached great importance to the protection of citizens' personal information, and have always maintained a high-pressure and hard-hitting posture against crimes infringing on citizens' personal information, and have further promoted the "Clean Network" series of special actions, and more than 7000 related cases have been detected in only 0 years.
The public security organs remind that personal information processors should strictly perform their statutory responsibilities and obligations, improve personal information protection system norms and technical measures, and maintain the security of citizens' personal information; The public should properly keep, store, and use personal information, and where leads on leaks of personal information are discovered, promptly make a complaint or report to the public security organs and relevant departments, to protect lawful rights and interests.
■ Consolidation
Precautions for the protection of personal information
To prevent the leakage of personal information and prevent fraud, the Tai'an police in Shandong Province remind us to strengthen our awareness of prevention from the following 5 aspects, so that criminals have no opportunity to take advantage of it.
Special calls should be noted: "400" or "+" starts with overseas scam calls, if there are no overseas relatives and friends, it is likely to be scam calls; Calls starting with 0 are generally enterprise numbers, which can only be answered and cannot be called; Unknown phone numbers are displayed, and the location of the identity is not displayed, so it is recommended to hang up directly for such numbers.
Keep the express documents: express documents, train tickets, withdrawal receipts, credit card bills, etc. often contain personal information such as ID numbers and mobile phone numbers, which can easily cause information leakage if discarded at will.
Be cautious when using WiFi: WiFi in some public places is likely to be a "phishing" trap set up by criminals, which is easy to leak your personal information. When using public WiFi that is not commonly used, try not to log in to your online banking account or online shopping account.
Change the login password frequently: It is best to change the payment password of online banking and online shopping regularly, and the password of different accounts should be set with different passwords, and the password should be added with special symbols such as punctuation as much as possible.
Lending identity certificates: Renting or lending ID cards and bank cards to others will bring huge legal risks to yourself. Lending your ID card may lead to someone else using your personal information for illegal activities. The bank card contains your personal financial information, and if this information is disclosed to others, it may lead to the risk of card theft and transfer of funds.
(Arrangement of the reporter's visit to the champion)
People's Daily (10/0/0 0 Edition)