In the course of handling the case, the public security organs found that at present, criminals infringing on citizens' personal information have formed an industrial chain, and information acquisition, information reselling, and information use are key links. Some criminals illegally obtain citizens' personal information and carry out illegal and criminal activities through various methods such as implanting Trojan horse programs and colluding with internal and external personnel, seriously interfering with citizens' daily lives.
Failure of information in education and training institutions - Trojan horse programs are placed in the education and training industry to illegally obtain internal data
去年9月,一条关于有人在某教育培训机构电脑内植入恶意软件,导致公司客户资料、用户信息等敏感数据被非法获取的线索浮出水面。该公司内部监控录像显示,员工鲁某某趁公司无人值守,刻意遮挡公司监控探头,将随身带的优盘插入其他员工工作电脑,获取电脑中的数据信息。
After investigation, this is not the first time Lu Moumou has committed a crime. The police realized that the case should be a case of artificially dropping virus Trojan horses, rather than the suspect's confession simply to spy on the privacy of other colleagues, so they conducted an in-depth investigation as soon as possible. Lu Moumou admitted that he frequently jumped to online education and training institutions across the country, and the main purpose was to implant Trojan horse programs in the company's computers and obtain a large amount of internal company data.
After further investigation, the police found that Lu Moumou was only one link in the criminal chain, and behind him there were many links such as the organizer Yan Moumou and the professional and technical personnel who provided the Trojan virus, and the criminals were distributed in many places. "This kind of criminal chain is divided into upstream, midstream, and downstream such as Trojan horse makers, organizers who buy Trojan horse programs and distribute them, and errands and 'poisoning' personnel." According to the police handling the case, this case is very harmful to society, the gang involved in the case is large in number and well-organized, and the criminal methods are extremely hidden.
In this case, the victim enterprises were all engaged in online education and training on the Internet, and basically relied on the Internet to conduct business, but due to their small size, they lacked professional strength in internal security management and network security prevention. At the same time, due to the large turnover of employees in sales positions, it is impossible to find out the abnormal situation of employees' computers in time.
It is understood that the members of the criminal gang joined the victim enterprise mainly for the purpose of putting Trojan horse programs, and did not create performance for the relevant enterprises, and all of them were centrally lodging and unified management under the arrangement of Yan Moumou, and all used anonymous chat tools to communicate with each other, which is a typical case of a vicious cyber-related criminal gang that illegally obtained customer data and business data within the enterprise.
After examination and interrogation, combined with the inquest and evidence collection, the police found that the gang had successively "poisoned" more than 50 enterprises. "The successful detection of this case has effectively deterred practitioners engaged in illegal acquisition, trading and trading of data in the online education and training industry, effectively safeguarded the legitimate interests of relevant enterprises, and ensured the security of citizens' personal information." The police handling the case said.
E-commerce platform "order decryption" - merchants, "decryption intermediaries", and courier companies collude to sell personal order information
Not long ago, netizen Han Moumou reported to the public security organ that after buying tea in the store of an online shopping platform, his mobile phone number received many strange sales calls and overseas fraudulent calls, and also received all kinds of false shopping information. After receiving the report, the public security organs followed the line and found that there was an organized and professional criminal chain of infringing on citizens' personal information behind the clues, and immediately launched an in-depth investigation.
According to the relevant person in charge of an e-commerce company, after the introduction of laws such as the Personal Information Protection Law and the Data Security Law, in order to better protect the personal privacy of consumers, e-commerce platforms and express delivery companies will replace the intermediate information of the recipient, mobile phone number, delivery address and other fields with "*" on the e-commerce merchant page and express delivery list to encrypt the order information. However, in practice, in order to meet the normal business needs of merchants, e-commerce platforms usually provide a small amount of "order decryption" quota, but some merchants are driven by interests to collude with "decryption intermediaries" to "decrypt all encrypted orders". Order export, order decryption, and order settlement, as long as you can easily obtain the encrypted customer order information in three simple steps.
"E-commerce merchants use order assistants and ordering software to export 'encrypted orders' in batches and send them to 'decryption intermediaries'." The decryption intermediary colludes with the courier company's 'ghost' to decrypt the order information and send it to the e-commerce merchant. The e-commerce merchant will then pay the 'decryption intermediary' based on the number of orders successfully decrypted. The police handling the case introduced.
In this case, criminal suspects such as Li and Chen were looking for merchant customers who needed to decrypt order data on the Internet platform, and after smelling the "business opportunities", some platform merchants started to think crookedly. After the merchant bundled the encrypted order information to Li, Chen, etc., it was resold and sent to the data decryptor Hu Moumou and others, illegally obtaining the customer's personal information in the order.
"This is a typical case of 'order decryption' type of infringement of citizens' personal information." According to the police handling the case, a total of 300 suspects were arrested in this case, and the amount involved was as high as more than 0 yuan.
Fake recruitment on job search websites - impersonating employers to induce them to download fraudulent apps and deceive job seekers for reselling information
去年6月,某网络招聘平台向公安机关报案:该平台求职者田女士投诉称,平台注册信息为“某科技有限公司第一分公司”的联系人以教如何赚钱为诱饵,对其进行刷单诈骗2400元。“我们经过分析发现,该科技有限公司冒充合法企业,在平台上传虚假的营业执照、办公环境视频,通过发布虚假职位,累计非法获取上百名求职者姓名和手机号。”该网络招聘平台安全部门相关负责人介绍。
Once the job seeker provides his or her resume to the technology company, the criminal gang will add the job seeker's WeChat the next day, recommend the anchor to the job list, and direct him to an office app. After the drainage is successful, the fraud gang will continue to induce the victim to download the fraudulent APP and carry out fraud on the victim. The public security organs dug deep and found a criminal gang that went from making and selling fake business licenses to reselling personal information for job seekers, and then helping wire fraud gangs carry out precision fraud.
“经查,该团伙已初步形成制售假营业执照、在各大平台违规注册公司、骗取倒卖求职者信息的黑产链条。”办案民警介绍。据查,犯罪团伙一共非法获取近千名求职者的联系方式,涉及的求职人员遍布全国各地。另外,该团伙在7个网络招聘平台上冒用正规企业信息进行注册,致使被冒用的企业无法在平台注册招聘,堵塞求职人员入职相关企业的网上通道,对求职招聘市场秩序造成了严重破坏。
After the case was cracked, the public security organs reported the information on thousands of fake industrial and commercial business licenses sold by the gang to a number of recruitment platforms for verification and cancellation, and promptly cut off the black and gray industry chain.
In recent years, the public security organs have attached great importance to the protection of citizens' personal information, and have always maintained a high-pressure and hard-hitting posture against crimes infringing on citizens' personal information, and have further promoted the "Clean Network" series of special actions, and more than 7000 related cases have been detected in only 0 years.
The public security organs remind that personal information processors should strictly perform their statutory responsibilities and obligations, improve personal information protection system norms and technical measures, and maintain the security of citizens' personal information; The public should properly keep, store, and use personal information, and where leads on leaks of personal information are discovered, promptly make a complaint or report to the public security organs and relevant departments, to protect lawful rights and interests.
Precautions for the protection of personal information
To prevent the leakage of personal information and prevent fraud, the Tai'an police in Shandong Province remind us to strengthen our awareness of prevention from the following 5 aspects, so that criminals have no opportunity to take advantage of it.
Special calls should be noted: "400" or "+" starts with overseas scam calls, if there are no overseas relatives and friends, it is likely to be scam calls; Calls starting with 0 are generally enterprise numbers, which can only be answered and cannot be called; Unknown phone numbers are displayed, and the location of the identity is not displayed, so it is recommended to hang up directly for such numbers.
Keep the express documents: express documents, train tickets, withdrawal receipts, credit card bills, etc. often contain personal information such as ID numbers and mobile phone numbers, which can easily cause information leakage if discarded at will.
Be cautious when using WiFi: WiFi in some public places is likely to be a "phishing" trap set up by criminals, which is easy to leak your personal information. When using public WiFi that is not commonly used, try not to log in to your online banking account or online shopping account.
Change the login password frequently: It is best to change the payment password of online banking and online shopping regularly, and the password of different accounts should be set with different passwords, and the password should be added with special symbols such as punctuation as much as possible.
Lending identity certificates: Renting or lending ID cards and bank cards to others will bring huge legal risks to yourself. Lending your ID card may lead to someone else using your personal information for illegal activities. The bank card contains your personal financial information, and if this information is disclosed to others, it may lead to the risk of card theft and transfer of funds.
Original title: "Internet Police: Three Cases Uncover the Black and Gray Industry Chain of Crimes Infringing on Citizens' Personal Information"
Transferred from: Cyber Security Bureau of the Ministry of Public Security
Source: China News Service