Students discover shop vulnerability 0 buy tens of thousands of Yuan of goods were arrested-micro-shop scams-IT information
Shao Mou, 19, freshman, usually like on the Web "to take advantage"-exploiting some rules, qiangdian red, gifts, and flow, and so on.
In early April, he hears an Insider: Yiwu socks in a well-known group of micro-shop there are loopholes, just modify pay code, 0 shop, so he and 3 students in a sweep of more than 50,000 yuan of goods. Later, the matter was uncovered.
Yesterday, the Yiwu Public Security Bureau criminal investigation Brigade to notify, uncovered a fraud vulnerabilities zero payment shopping shopping platform, involving goods worth 350,000 yuan, netted 8 people but one is accounting, all the rest are students, involved groups dominated by college students. Correspondent Ye Chaolei reporter Dong Qi
More than 1000 single has sold but not a penny to Bill
Two years, with the micro-shopping, many entities have been out of the tiny shop, Yiwu socks in this well-known group in August last year out of the tiny shop, known as the future would build 50,000 micro-shop, right open to global entrepreneur online sales channels.
The micro-shop architecture is a technology company in Shenzhen on the basis of a set of source code changes are completed, the original code 30% derivatives in use across the country.
And only sell their products in other derivative, the sock industry group in addition to selling his socks, underwear, knitted products, combined with other vendors to hold group sales phone, wallet, jewelry, shoes and other goods.
"We have separate sales and finance, settled on a monthly basis. "Hosiery Group Marketing Director Yu introduced micro-shops open up, basic functioning, no problem too big.
The end of April this year, Yiwu, another micro-shop business leaders and distinguished guests talking, his micro-recently a little exception, there will be some shows payment but not the payment list, he asked more than ever.
Mr Yu moved quickly to get the staff to verify results let him jump out of his skin: there are more than 1000 multi-list shows the payment, did not actually arrive – basically, these goods have been issued, worth more than 350,000 yuan.
Was tricked products in addition to a number of iPhone 6S, and small items such as socks, pillows.
On May 18, verify all clearly cheated merchandise, Yu arrived at the Yiwu criminal report.
Involved hundreds of people, but most people only bought dozens of commodity
After the alarm, Yiwu criminal communications (Cyber) reconnaissance squadron in fraud network of police, 23 police and other units to set up a task force to carry out the detection.
Through the investigation, police found that the case involves hundreds of people, scattered throughout the country, but most people buy goods in dozens of Yuan, or hundreds, and not up to standard in criminal cases, in the end, police focused goal on 11 purchases more than 5000 Yuan, and have been receiving people.
"In accordance with the law, more than 6000 Yuan fraud, 5000 to 6000 Yuan belongs to the illegal destruction of computer systems, these 11 people, at most one involved more than 20,000 yuan. "The police said.
After one-month investigation, detectives went to Chongqing, Sichuan, Jiangxi, Henan, Fujian, Hunan, Jiangsu, Beijing, and captured 8 suspects, up to 25 years old, minimum age of 16.
After the arrest, they explain, they are the hosiery group micro-shop payment vulnerabilities.
"When shopping in the stores, first log on to the computer app, and use a simulator mobile environment, using ' Ethereal software ' crawls out of transaction data, and then on one of the payment code is modified, so that service display transaction status is paid, but in fact they did not pay. "The police said.
As long as money can get inside information
Arrested 8 persons, in addition to the 25-year old Chen (female) is a ranking of the national top ten accounting firms accounting, with the remaining 7 students per capita, Shao Mou, yellow bear, paying some classmates, a vocational and technical college freshman year in Jiangxi.
"We found that people involved are basically students, in addition to vocational school students, there are some well-known university students, professional basic and computer-related, computers are good at. "Police said that to their suspicions is that these people spread all over the country, if only a few people a vulnerability is found, how do other people know this?
In the course of the investigation, police found that 8 people each have hundreds of QQ Group, secret hidden in the crowd.
Shao Mou said, because is students, usually living not more, he like and students with to online research how less money shopping, this year early, he from friends there learned that, has a specifically of shopping vulnerability group, they called "line reported group", joined Hou, as long as monthly paid 80 to 200 Yuan costs, group main on will not timing released some information, then using these information not money or less money shopping.
Police searched "shopping vulnerability group", out of more than 580,000 related results.
Most people thought it was just "cheap"
Shao Mou said, first joined the group, basically is the use of QQ grab a red envelope, Rob gift, or use some of the activities of the platform of the company rules loophole grab grab vouchers, gift or cell phone traffic.
"In addition, sometimes the shopping platform accidentally misplaced commodity prices, 100 Yuan to 10 Yuan, as long as we think commodities useful, also robbed in the past. ”
After joining the intelligence group, Shaw did account for a lot cheaper: basic group fee each month can earn back after he introduced three students to enter the base.
On April 1, an intelligence group publish information, someone found a micro-store source code vulnerability exploit zero-payment, Nantong, and gives a micro-micro-store address and the sock industry group in Yiwu.
After getting the information, Shao Mou and students started immediately "free" shopping, in addition to small, this tiny shop in Yiwu each bought a iPhone 6S, in connection with the value of about 50,000 yuan.
After the incident, through communication, most students realize that violate the law, current 80% goods have been returned. Shao 8 are mandatory measures such as, in the case is also under investigation.
Police said: "most of these students did not realize that they may have been committed, they would think it is an exploit cheap, but ' intelligence groups ' main group is known criminal, General construction group for two or three months after the dissolution of the group, to help build. ”
大学生发现微店漏洞,0元买数万元商品被抓 - 微店,诈骗 - IT资讯
邵某19岁,读大一,平常喜欢在网上“占便宜”——利用一些平台规则的漏洞抢点红包、礼物和流量等。
今年4月初,他听到一个内幕消息:义乌一家全国知名袜业集团的微店存在漏洞,只要修改支付代码,就能以0元购物,于是,他和3个同学一下扫了5万余元的货。后来,事情败露了。
昨天,义乌市公安局刑侦大队对外通报,破获一起利用购物平台漏洞零付款购物的系列诈骗案,涉案商品价值35万元,落网的8人除了一人是会计,其余全是在校学生,涉案群体也以大学生为主。通讯员叶超磊记者董齐
1000多单已成交却没一分钱到账
这两年,随着微信购物兴起,不少实体企业陆续开出微店,义乌这家全国知名袜业集团去年8月也开出微店,号称将来要建5万个微店,把线上售卖渠道权开放给全球创业者。
这个微店的架构是深圳一家技术公司在一套原代码基础上修改完成,这个原代码全国有30%的微商在使用。
和其他微商只卖自家产品不同,这家袜业集团除了卖自家袜子、内衣等针织产品,还联合其他供应商抱团销售手机、钱包、首饰、皮鞋等商品。
“我们销售和财务分开,每月结算一次。”该袜业集团营销总监余先生介绍,微店开起来后,基本运作正常,没有出过大问题。
今年4月底,义乌另一家做微店的企业负责人和余先生聊天时,说自家微店最近有点异常,会出现一些显示付款但实际上没付款的单子,他问余先生这边有没有遇到过。
余先生赶紧让工作人员核实,结果让他吓了一大跳:有1000多笔单子交易状态显示已付款,实际上却没到账——这些货物基本上都已发出去,价值35万余元。
被骗走的商品除了多部苹果6S手机,还有袜子、枕头等小件商品。
5月18日,在核实清楚全部被骗商品后,余先生赶到义乌刑大报案。
涉案上百人但多数人只买了几十元商品
接警后,义乌刑大通讯(网络)诈骗案件侦查中队联合网警、廿三里派出所等单位成立专案组开展侦破。
通过调查,民警发现,这个案件涉及上百人,分布在全国各地,但多数人购买的商品在几十元或上百元,并没达到刑事案件标准,最终,民警把重点目标放在11个购买商品超过5000元,并已收货的人身上。
“按照法律规定,超过6000元是诈骗,5000元到6000元属于非法破坏计算机系统,这11人里,最多一个涉案20000多元。”民警说。
经过一个多月调查,侦查员分赴重庆、四川、江西、河南、北京、福建、湖南、江苏等地,抓获8名犯罪嫌疑人,最大25岁,最小16岁。
落网后,他们交代,他们利用的是这家袜业集团微店的支付漏洞。
“在微店购物时,先在电脑上登录微信,并使用模拟器模拟手机环境,利用‘抓包软件’把交易数据抓取出来,然后对其中一个支付代码进行修改,这样客服那边显示的交易状态就是已付款,但实际上他们并没出钱。”民警说。
只要交钱就能得到内部消息
落网的8人中,除了25岁的陈某(女)是一家排名全国前十的会计师事务所会计,其余7人均是学生,邵某、黄某,熊某、付某还是同班同学,都在江西一家职业技术学院上大一。
“我们调查发现,涉案人员基本都是在校生,除了职业学校学生,也不乏一些全国知名大学学生,专业基本和计算机有关,对电脑都比较在行。”民警说,让他们疑惑的是,这些人分布在全国各地,如果仅少数人发现了漏洞,其他人又怎么知道的呢?
在调查过程中,民警发现这8个人每人都有上百个QQ群,秘密就藏在这些群里。
邵某说,因为是学生,平时生活费不多,他喜欢和同学一起到网上研究怎么少花钱购物,今年年初,他从朋友那里得知,有个专门的购物漏洞群,他们称之为“线报群”,加入后,只要每月缴纳80到200元费用,群主就会不定时发布一些信息,然后利用这些信息不花钱或者少花钱购物。
民警在网上搜索“购物漏洞群”,跳出超过58万个相关结果。
大多数人以为只是“捡便宜”
邵某说,刚开始加入的群,基本都是利用QQ抢红包、抢礼物,或利用一些公司平台的活动规则漏洞抢抢代金券、礼品或是手机流量。
“另外,有时候哪家购物平台不小心把商品价格标错,100元标成10元,我们只要觉得商品有用,也会过去抢。”
加入线报群后,邵某确实占了不少便宜:每个月交的群费基本都能赚回来,之后他开始介绍三名同学进入这个群。
4月1日,一个线报群发布信息,有人发现一微店原代码存在漏洞,可利用漏洞零支付购物,并给出南通一家微商和义乌这家袜业集团微店地址。
得到信息后,邵某立即和同学开始“免费”购物,除了小商品,在义乌这家微店还每人购买了一只苹果6S手机,涉案价值5万元左右。
案发后,经过沟通,多数学生意识到触犯法律,目前80%货物已被退回。邵某等8人被采取强制措施,案件还在侦查中。
民警说:“这些学生多数人都没意识到自己已经犯法,他们都觉得是利用漏洞捡便宜而已,但这些‘线报群’群主是知道行为犯法的,一般在建群两三个月后就会解散群,重新再建。”