Hackers profit system tampered with 83 students were "qualified" | | | candidates _ information systems news
Original title: 83 candidates have been tampered with, "hacker fraud" why is so rampant?
Xinhua News Agency, Beijing, August 22 (reporters Yuan Ruting and Liu Yide and Ye Hanyong)-contact the intermediary to collect money hackers, student programming easily invaded more than 10 schools, 83 candidates "by" qualified ... ... In recent times, a more direct and more subtle forms of fraud are also spread rapidly and become increasingly rampant.
Reporters found that a few criminals "hacking" into high-tech cheating artifact, by destroying computerized information system "God mysteriously" tamper with the information for profit. How to prevent technology crimes under the new situation?
Invasion site modified 9 defendants sentenced
Specifically looking for did not pass the qualification exam candidates to modify performance pledge payment, receipt contact hacker invasion site changed ... ... In recent days, first destroying computerized information system case in saihan district, Hohhot city, Inner Mongolia people's Court convicted 9 defendants were sentenced ranging from five years to one year and three months in prison.
In June 2015, the Inner Mongolia Department of finance found the Web site of the Office computer system was attacked by malicious, 83 in accounting qualification test in from of that year "failed" as "acceptable".
The Court found, Zhou army, haimouhua, Wang Yu and other 9 accused the hospitals ' financial workers and students exam training institutions, specifically looking for failed the qualification test in that year, and pledged to candidates after paying a fee, for its achievements, charges ranging from 3000 to 11000 per person.
When candidates pay fees, accused of contacts with the candidate, through contact QQ hacker, by technical means, illegal invasion of Inner Mongolia Department of Finance Web site, tampering with a computer system in the "integrated management of the accountants network in Inner Mongolia" save the raw performance data, shouldn't have obtained accounting qualification candidates obtained the certificate. Defendant Zhang Mouhua, Yang Li, Lv Moujiao and 3 others 52000 Yuan profit respectively; accused some distance, haimouhua, Zhang Mouyi, Kong Mouji, Wang Yu, Zhou Moujun and 6 people respectively 89300 Yuan profit, 44300, 15800 Yuan, 17300, 16300 and 7000 Yuan.
Hunan Police Academy of information technology (network monitoring) Dean Liu Xuchong told reporters that the modus operandi is very typical of such cases, the "intermediary". Some criminals may attack network systems themselves do not have the technology, but you can use a small amount of money, hiring "hackers" and benefit from it.
Courts believe that defendant Zhang Mouhua, 9 in violation of State regulations, modifications to the data stored in computer information systems, processes, consequences, his behavior had constituted the crime of destroying computerized information system.
Exploited college student programming easily invaded more than 10 schools
Compared with these cases in Inner Mongolia, Sichuan at a College in yan's modus operandi is more "rough".
In July 2015, Yan University academic information management system for it a scan, found a vulnerability exists on this system, you can get the list of administrators. Yan then deciphering program was compiled, and the password for the administrator account, log on to the system. Since then, yan has been scanning and intrusion, Chengdu and Xian over more than 10 colleges and universities in the academic information management system and database.
First half of the year, graduation and job hunting yan a pinched, playing scores earn someone a modification of crooked mind. He selected some colleges stick is published the second ad, modify the test scores for college students, delete, absenteeism, disciplinary records and left a QQ number on the Internet. A college student Chen chongzhou after seeing the advert to initiate contact with yan. Yan to a section 300, multiple commitments can also be cheap, Chen all 7 results that failed to pass, after Chen yan a PayPal transfer 1200 Yuan.
Using this method, Yan invaded more than 10 schools in a network information system and download data at various University stick publishing small ads. Until May of this year, more students to a school in chongzhou, Sichuan province's Dean's Office reflect your scores have hands and feet, and school and then police.
According to initial investigations, chongzhou alone a University at least 8 students to modify results. To at the time of Yan an illicit profit-making 1. More than 30,000 yuan. Chongzhou prosecutors believe that yan of University information systems store, delete, modify the data processing, the suspected crime of destroying computerized information system, and to arrest yan, in the present case is under further investigation.
A college student, easily invaded more than 10 schools information system? It sounds incredible, police experts are not surprised. Liu Xuchong said, the new network is an important feature of the crime, criminals of younger age, this is partly due to the younger age group to accept new technology more quickly, on the other hand, many websites there is a serious safety hazard, leaving an opportunity for criminals.
Low cost, high porous, concealment, the urgent need to control new types of crime
The past two years, by hacking into systems, tamper with information, so as to profit illegally transgenders in Xinjiang, Guangdong, Shandong and other places, has also exposed tamper with candidates ' accomplishments, volunteer "hacker fraud" cases. "Black" why more and more rampant crime to modify data into network system?
--Crime and low cost. Liu Xuchong told reporters that this first of all because the cost is low, can be described as "lucrative". Reporters at some e-commerce platform search found some written procedures, software customization, development of program code "virtual goods", a 20-Yuan can buy.
--Criminals into believing that "hidden high." Many criminals believe that this type of "hacker-style fraud" does not want to transfer lines, can be done remotely via instant messaging, deprecated tools account can be destroyed afterwards, so do not leave traces, equivalent to put the network on "invisibility cloak". "As long as he did this thing, it leaves a trail, we'll be sure to find him. "Liu Xuchong told reporters.
--More security vulnerabilities. In the case of, China's public security departments found that many units of information management systems are "built up" tests prior to the online aspects have been neglected, and tend to be more focused on hardware in the security risk, such as erecting of firewalls, intrusion detection systems, etc, but not focusing too much on software development and testing, leaving many security vulnerabilities, need to pay attention to.
National top ten lawyers Qin Xiyan introduced under the Penal Code, in violation of State regulations, the computer information system functions to delete, modify, increase, interference, thereby making it impossible for the system to function properly, if serious consequences, to 5 years ' imprisonment or criminal detention; particularly serious consequences, for more than 5 years in prison.
"' Black ' into a network system to modify data, the key is to prejudice the order of social administration, ranging from causing loss of user information, personal privacy, to threats to national security, cause huge amounts of money, important information is lost, the damage is irreversible. "Qin Xiyan said.
Responsible editor: Zheng Hanxing
Article keywords:Information systems students hack
I want feedback
Save a Web page
Xinhua
黑客入侵系统篡改成绩谋利 83名学生被“合格”|成绩|信息系统|考生_新闻资讯
原标题:83名考生成绩被篡改,“黑客式舞弊”为何如此猖獗?
新华社北京8月22日电(记者袁汝婷 刘懿德 叶含勇)中介收钱联系黑客、高校学生编程轻易入侵十几所学校、83名考生成绩“被”合格……近段时间,一种更直接、更迅速也更隐蔽的舞弊形式正在蔓延,并日渐猖獗。
记者调查发现,少数犯罪分子把“黑客”包装成高科技作弊神器,通过破坏计算机信息系统“神不知鬼不觉”篡改信息牟利。如何防范新形势下的科技犯罪?
入侵网站改成绩 9名被告人获刑
专门寻找未通过会计从业资格考试的考生,承诺付款即可修改成绩,收款后联系黑客,入侵网站改成绩……近日,内蒙古呼和浩特市首例破坏计算机信息系统案在赛罕区人民法院宣判,9名被告人被分别判处五年至一年零三个月不等的有期徒刑。
2015年6月,内蒙古自治区财政厅工作人员发现,该厅网站计算机系统被人恶意攻击,83名参加当年会计从业资格考试的考生成绩从“不合格”被篡改为“合格”。
法院审理查明,周某军、海某华、王某宇等9名被告人从多家医院的财务工作者和考试培训机构的学生中,专门寻找未通过当年会计从业资格考试的考生,并承诺考生支付一定费用后,为其修改成绩,收费标准为每人3000元至11000元不等。
每当有考生支付费用后,与该考生联系的被告人,就通过QQ联系黑客,以技术手段非法入侵内蒙古自治区财政厅网站,篡改计算机系统中“内蒙古会计人员综合管理服务网”保存的原始成绩数据,使得本不该取得会计从业资格证的考生取得了该证书。被告人张某华、杨某丽、吕某姣等3人分别获利52000元;被告人张某程、海某华、张某义、孔某吉、王某宇、周某军等6人分别获利89300元、44300元、15800元、17300元、16300元和7000元。
湖南警察学院信息技术(网监)系主任刘绪崇告诉记者,这一类案件的作案手法非常典型,即“中介型”。部分犯罪分子可能自身并不具备攻击网络系统的技术,但可以利用很少的钱,雇佣“黑客”,再从中谋取利益。
法院审理认为,被告人张某华等9人违反国家规定,对计算机信息系统中存储、处理的数据进行修改,后果严重,其行为均已构成破坏计算机信息系统罪。
利用漏洞 高校学生编程轻易入侵十几所学校
与内蒙古上述案件相比,四川某高校大学生闫某的犯罪手法更显“简单粗暴”。
2015年7月,闫某对所在高校教务处信息管理系统进行扫描时,发现该系统存在漏洞,可以获取管理员列表。闫某随后编制了破译程序,并用管理员账号、密码登录该系统。此后,闫某先后扫描并入侵成都及西安等地10余所高校的教务信息管理系统并下载数据库。
今年上半年,临近毕业并四处找工作的闫某手头紧张,打起了给别人改分数赚钱的歪主意。他特地选择了一些二本院校的网络贴吧发布广告,为在校大学生修改考试成绩,删除旷课、处分记录,并在网上留下了QQ号。崇州某高校学生陈某看到广告后,主动联系闫某。闫某以一科300元、多了还可以便宜的承诺,将陈某不及格的7科成绩全部改为及格,事后陈某向闫某的支付宝转账1200元。
利用这一手段,闫某入侵了十几所学校的网络信息系统并下载数据,在多个高校贴吧发布小广告。直到今年5月,多名学生向四川省崇州市某学校的教务处反映自己的分数被动了手脚,校方随后报警。
据警方初步调查,仅崇州一所高校就至少有8名学生修改成绩。至案发时,闫某已从中非法牟利1.3万余元。崇州检察机关认为,闫某对高校信息系统中储存、处理的数据进行删除、修改,其行为涉嫌破坏计算机信息系统罪,遂对闫某予以批捕,目前此案正在进一步侦办中。
一名高校学生,就可以轻易入侵十几所学校的网络信息系统?这听上去有些匪夷所思,在公安专家看来却并不奇怪。刘绪崇说,新型网络犯罪的一个重要特点是,犯罪分子低龄化,这一方面是由于低龄群体接受新型技术更快,另一方面,不少网站存在严重安全隐患,也为犯罪分子留下可乘之机。
成本低、漏洞多、隐蔽性高 亟须防控新型犯罪
近两年,通过入侵各类系统、篡改信息,从而非法牟利的案件层出不穷,在新疆、广东、山东等地,也先后曝出篡改考生成绩、志愿的“黑客式舞弊”案件。“黑”进网络系统修改数据的犯罪缘何越来越猖獗?
——犯罪成本低。刘绪崇告诉记者,这首先是因为犯罪成本很低,可谓“一本万利”。记者在一些电商平台搜索发现,一些代写程序、软件定制、程序代码开发的“虚拟商品”,只需20元即可购买。
——犯罪分子误以为“隐蔽性高”。不少犯罪分子认为,这类“黑客式舞弊”不需要线下交接,通过即时通讯工具即可远程完成,事后工具账号可销毁弃用,故而不会留下痕迹,相当于穿上了网络“隐形衣”。“然而只要他做了这个事情,就会留下痕迹,我们就肯定能找到他。”刘绪崇告诉记者。
——安全漏洞多。在办案中,中国公安部门发现,目前不少单位的信息管理系统多是“建完就上”,忽略了上线前的测试环节,而且在安全风险规避上往往更注重硬件,比如架设防火墙、入侵检测系统等,但对软件的开发和检测不太注重,留下不少安全漏洞,亟待引起重视。
全国十佳律师秦希燕介绍,根据刑法,违反国家规定,对计算机信息系统功能进行删除、修改、增加、干扰,造成计算机信息系统不能正常运行,后果严重的,处5年以下有期徒刑或者拘役;后果特别严重的,处5年以上有期徒刑。
“‘黑’进网络系统修改数据,最关键是妨害了社会管理秩序,轻则造成用户信息丢失、个人隐私泄露,重则威胁国家安全,造成单位巨额资金、重要信息遗失,这种危害是不可逆的。”秦希燕说。
责任编辑:郑汉星
文章关键词: 成绩 信息系统 考生 黑客
我要反馈
保存网页
新华网