Interest chain behind the killing phone fraud: the rampant illegal trade in personal information data-phone fraud, death scams-IT information
If not on August 19 call, 18 year old girl Xu Yuyu in 10 days ' time to Nanjing University of posts and telecommunications.
This phone call, tricked out Xu Yuyu 9900 for college costs. A day earlier, Xu Yuyu received notice from Department of education grants, crook claimed a sum of grants given to her. This let her guard down. Alarm on my way home, Xu Yuyu suddenly fainting, unfortunately passed away.
Xu Yuyu before and after the event, the same tragedy happening to a sophomore Song Zhenning,.
The southern Shandong business daily reported on August 25, Song Zhenning August 18 received a cold call from Jinan, the other on the phone that he is the Public Security Bureau, said Song Zhenning jewellery was overdraw bank cards, more than 60,000 yuan. Liar Song Zhenning out of credit card and identity information has been trusted. On August 23, the Song Zhenning died due to cardiac arrest.
Xu Yuyu, linyi city, Shandong province, and Song Zhenning came from.
Today, calling for the protection of personal information, and telecommunications fraud means it is moving closer to the user features of direction. Who let the "Xu Yuyu" personal information even know she is applying for financial aid, so as to implement the "precision" scam? virtual number exists in the telecom sector and what vulnerabilities? personal information disclosure cases and what kind of value chain?
Virtual operator implementation of real-name system is around the corner
According to media reports, Xu Yuyu received fraudulent phone numbers belong to the 171th, so-called virtual operators.
With 170 171th, as the main platform of virtual operators, without having to build communications networks, but operators leasing entities (Telecom, China Unicom, China Mobile) network of the telecommunications business.
Fraud warning was issued, said Chinese public security departments, 170/171th Telecom fraud is "disastrous", one of the main reasons, is the real-name registration vulnerabilities.
At present, China's telecommunications industry according to the phone user's true identity information as of September 1, 2013 registration requirements of users apply for fixed phone, mobile phone (including wireless Internet cards) while waiting for the network, telecommunication service operators to provide true identity, that is, to the real-name system.
Deputy Zhu Wei, Director of the Center for studies of CUPL propagation method to accept the first financial 1 c reporter, said in an interview, because of the virtual operator is still in the early stages of development, regulatory measures are not yet in place, virtual operators there are weak Telecom real-name system implementation issues.
Zhu Wei said: "in the context of the three carriers actively promote the real-name authentication, virtual operators know that in the absence of the real-name authentication cases, put the number of kiosks, newsstands, places a great deal of promotion. Many of these numbers are not real-name authentication is directly why cause them to become the main means of fraud. "Zhu Wei believes that virtual operators cannot take off duty, it should at least take responsibility for administrative law.
According to the people's posts and telecommunications daily reported: in messages of current malicious fraud, almost 44% from the 170th. First quarter of the year, in the context of strong combat communications fraud special events at the Ministry, as the users of the fast-growing virtual business, virtual spam SMS, fraud complaints have also increased significantly, even a decline of 40%, but complaints has increased over the same period last year to 65%.
In April this year, the Ministry of information and communication development Division, said virtual operators have been regulatory issues: "the Ministry has always attached importance to the resale business phone with real name, information management, particular measures, increased to investigate three aspects of various measures. Labels such as fraud on the virtual operator is not conducive to the development of the industry, but also the impact of 170th, the legitimate rights and interests of the user, the Ministry will continue to support the development of virtual operators in accordance with regulation, and strengthen supervision, pipe, and not random. ”
Zhu Wei recommendations, taking into account in particular the Ministry for sale, rent, sell virtual number and location, and effective supervision.
Who will reveal your personal information
Who first "stole" a citizen's personal information and sale, dissemination?
To that end, 1 journalist to "illegal access to personal information" as the keyword search judgments network in China. Retrieved 12 cases, leaked the identity include: auxiliary police officers of the police station, hospital Street Community Service Center staff, and even the Internet company's "inner demons".
Hunan province Chenzhou City Intermediate Court this year April released of a copies judicial instruments displayed, October 2014 to April 2015, Lee a in Hunan province yizhang Public Security Bureau City South police station served as auxiliary police during, using the by other police of digital certificate into police organ within online of national population query system, gets citizens personal information more than 2000 over, and to each article 40 Yuan ranging of price sold to a phone QQ Shang awareness of users, was money nearly 100,000 yuan.
Courts of second instance finds, Lee committed crime of infringement of citizens ' personal information, and sentenced to a year for a month and fined 15,000 yuan.
Case, Rizhao city, Shandong province, Chen unrepaid loans in Lanshan district Rizhao city, Dong Wei Street runs "photographers of nature" and "open sesame child photography."
In order to attract customers, between mid-August and since June 2014, with each 5 Yuan respectively to zhangyu, Chen b purchase in Lanshan hospital birth and parents ' names, home addresses, contact information, personal information such as article 84 and more than 330 articles.
At the time, zhangyu, person b is the identity of Rizhao Lanshan hospital Chen Dong Wei Street Community Health Center staff.
In addition, some online shopping platform, may have a lot of personal information data for the lawless personnel offers the possibility of illegal access to citizens ' personal information.
Case in Shanghai, from October 2010 to September 2011, a Vice President of e-commerce service company in Shanghai, inspired shop to buy first, head of the company information, website customer order information.
Link to the original, first, head of the information store site staff to see Bartholomew from Miao Mou made somewhere first, shop the site database account, password, configure the server's IP address and port, and three times to steal technology, shop first website includes information on customer orders amounted to 300yuwantiao.
Eventually, the Court of first instance found that contralateral committed offence of illegal access to personal information, and sentenced to ten months, and 15,000 yuan.
Who deals with your personal information
Everyone is a producer of personal information, but not clear how personal information is to be reserves, protection, use, transfer or sale.
1 c journalists retrieved through the judgment of China NET information network found that illegal purchase of citizens ' personal information is almost in a telephone fraud case "standard". Personal information layers to resell and, ultimately, to commit fraud. In some cases, can even see the "exact" purchased a certain type of citizen's personal information.
Jilin siping city tiexi District Court in July this year, according to a copy of the case, since January 2015, the defendant paid b join the QQ Group of illegal trafficking of personal information data, after the illegal access to personal information in the group, changing hands with each piece of information ranging from 0.1 Yuan to 1.2 Yuan sold to Wang Ding, received 8,000 yuan.
Wang Ding also joined a similar QQ Group of illegal access to personal information, while person b, who purchased from the citizens ' personal information, particularly with regard to advice or buy "Bai Nian Yasunari Kawabata's" products of the group citizens ' personal information, after the fare increase, each 0.5 to 1.5, depending on the price of the second sale to Wang Shaobao us sales of fake drugs gangs.
In the meantime, Wang illegally sold citizens ' personal information 30yuwantiao Ding, sales amounted to more than 200,000 yuan and a profit of more than 40,000 yuan.
Maanshan city, Anhui Province also had a similar telephone fraud case: white by QQ on multiple purchases include name, address, contact details and other personal information. From December 2013, white one and sell these messages through QQ, agreed every 1000 Yuan to buy 13,000, Zhang phone scams using the above information.
White a seized computer hard drives and USB flash drive much of citizens ' personal information a total of 1.77 million. Investigators in the USB drive a random sample of citizens ' personal information with the national motor vehicle/driver information resource library, basic information matches the information in the nation's population.
An increasing number of cases, personal data leaks, illegal trading of the present situation is even more grim.
In order to strengthen the protection of personal information, the European Union, the United States issued a series of regulations and documents. For example, the EU in September, further strengthening of the protection of personal privacy, going to WhatsApp, Facebook and Skype Internet communications service provider is also included under the supervision of the e-Privacy Directive.
In China, November 2015 began implementation of the People's Republic of China criminal law amendment (I) explicitly States, in violation of State regulations, sells or provides personal information to others, if the circumstances are serious, to three years ' imprisonment or criminal detention, and Department or penalties the circumstances are especially serious, shall be sentenced to imprisonment between three to seven years and fined.
In addition, in violation of State regulations, will perform their duties in or a citizen's personal information obtained in the course of providing services, sell or provide to others for a heavier punishment.
Despite leaks, sold citizens ' personal information into the punishment, but in practice, due to the protection of personal information involves a multisectoral cross-management reasons, in order to strengthen the protection of personal information, there is still a long way to go.
夺命电话诈骗案背后利益链:个人信息数据非法买卖猖獗 - 电话诈骗,夺命诈骗 - IT资讯
如果不是8月19日的一通电话,18岁女孩徐玉玉在10天后就可以到南京邮电大学报到了。
这通电话,骗走了徐玉玉上大学的9900元费用。此前一天,徐玉玉接到了教育部门发放助学金的通知,而骗子也声称有一笔助学金要发放给她。这让她放松了警惕。在报警回家的路上,徐玉玉突然晕厥,不幸离世。
徐玉玉事件前后,同样的悲剧发生在一名大二学生宋振宁身上。
《鲁南商报》8月25日报道称,宋振宁在8月18日接到一个来自济南的陌生电话,对方在电话里称自己是公安局的,并称宋振宁银行卡号被人购买珠宝透支了六万多元。骗子说出了宋振宁的银行卡和身份信息,取得了信任。8月23日,宋振宁因心脏骤停而离世。
徐玉玉和宋振宁均来自山东省临沂市。
在不断呼吁个人信息保护的今天,电信网络诈骗手段却正朝着更贴近用户特性的方向发展。是谁泄露了“徐玉玉们”的个人信息,甚至知道了她正在申请助学金,从而实施了“精准“诈骗?电信运营部门的虚拟号码存在着怎样的漏洞?个人信息泄露案件中又存在着怎样的利益链条?
虚拟运营商落实实名制迫在眉睫
据媒体报道显示,徐玉玉接到的诈骗电话号码属于171号段,即所谓的虚拟运营商号段。
以170/171号段为主要服务平台的虚拟运营商,无需自己建设通信网络,而是租用实体运营商(电信、联通、移动)的网络开展电信业务。
多地中国公安部门在发布诈骗预警时表示,170/171号段是电信诈骗“重灾区”,主要原因之一,就是实名制登记存在漏洞。
目前,中国通信行业根据2013年9月1日起施行的《电话用户真实身份信息登记规定》要求,用户办理固定电话、移动电话(含无线上网卡)等入网手续时,要向电信业务经营者提供真实身份信息,也就是要实名制。
中国政法大学传播法研究中心副主任朱巍接受第一财经1℃记者采访时表示,由于虚拟运营商还处于发展的初级阶段,监管措施尚未到位,目前虚拟运营商确实存在对电信实名制落实不力的问题。
朱巍介绍说:“在三大运营商积极推动实名认证的背景下,虚拟运营商明知在没有进行实名认证的情况下还把号码放到书报亭、报摊等地方进行大量的推广。大量此类号码未进行实名认证是直接导致它们成为诈骗主要手段的原因所在。”朱巍认为,因此虚拟运营商无法脱责,至少应该承担行政法上的责任。
《人民邮电报》报道的数据称:目前的恶意诈骗短信中,有近44%都来自170号段。今年一季度,在工信部强力打击通讯信息诈骗专项活动的背景下,由于虚商用户的快速增长,虚商垃圾短信、诈骗短信的投诉量也大幅上升,虽然环比下降了40%,但投诉量比去年同期上升了65%。
今年4月,工信部信息通信发展司曾就虚拟运营商监管问题表态称:“工信部一直高度重视转售企业的电话实名制工作,在宣传管理、细化措施、加大查处等三方面采取了各种措施。虚拟运营商被打上诈骗等标签不利于行业发展,更影响了170号段用户的合法权益,工信部将继续支持虚拟运营商依法依规发展,同时要加强监管,做到放管结合,放而不乱。”
朱巍建议,工信部要特别考虑出售、租售虚拟号段的方式和地点,并加以有效监管。
谁泄露了你的个人信息
谁最早“偷了”公民的个人信息,并对外出售、传播?
为此,1℃记者以“非法获取个人信息”为关键词检索了中国裁判文书网。检索到的12个判例中,泄露者的身份包括:派出所辅警、医院街道社区服务中心的工作人员、甚至还有互联网公司的“内鬼”。
湖南省郴州市中级法院今年4月发布的一份司法文书显示,2014年10月至2015年4月,李某在湖南省宜章县公安局城南派出所担任辅警期间,利用该所其他民警的数字证书进入公安机关内网上的全国人口查询系统,获取公民个人信息2000余条,并以每条40元不等的价格出售给一个手机QQ上认识的网友,获赃款将近十万元。
法院二审认定,李某犯侵犯公民个人信息罪,判处有期徒刑一年一个月,并处罚金人民币1.5万元。
山东省日照市的一起判例显示,陈某甲在日照市岚山区安东卫街道经营着“大自然婚纱摄影店”和“芝麻开门儿童摄影店”。
为了招揽顾客,自2014年6月份至8月中旬间,他以每条5元的价格分别向张玉、陈某乙购买在岚山医院出生的新生儿出生时间及家长姓名、家庭住址、联系方式等个人信息84条和330余条。
彼时,张玉、陈某乙的身份是日照市岚山医院安东卫街道社区卫生服务中心的工作人员。
此外,一些网购平台,因存有大量个人信息交易数据,也为不法人员非法获取公民个人信息提供了可能性。
上海的一起判例显示,2010年10月至2011年9月,上海一家电子商务服务公司的副总裁授意该公司信息部负责人购买一号店网站客户订单信息。
这位信息部负责人联系到原一号店网站员工缪某某,从缪某某处取得一号店网站数据库账号、密码、配置服务器的IP地址及端口,并通过技术手段先后三次窃取一号店网站客户订单信息共计300余万条。
最终,法院一审认定缪某某犯非法获取公民个人信息罪,判处有期徒刑十个月,罚金人民币1.5万元。
谁在交易你的个人信息
人人都是个人信息的生产者,却不清楚个人的信息数据是如何被储备、保护、使用,甚至转让或买卖。
1℃记者通过中国裁判文书网信息网检索发现,非法购买公民个人信息几乎是电话诈骗案件中的“标配”。公民个人信息被层层转卖,并最终用以实施诈骗。在一些案例中,甚至可以看到“精确”购买某一类公民的个人信息。
吉林四平市铁西区法院今年7月发布的一份判例显示,自2015年1月起,被告人付某乙加入了非法贩卖公民个人信息数据的QQ群,在该群中非法获取公民个人信息后,转手以每条信息0.1元至1.2元不等的价格卖给王某丁,获得8千元。
王某丁同样加入了类似的QQ群非法获取公民个人信息,同时把从付某乙等人处购买的公民个人信息,特别是涉及咨询或购买过“柏年康成”集团产品的公民个人信息,经过加价,以每条0.5元至1.5元不等的价格二次出售给了王少宝等人组成的销售假药团伙。
在此期间,王某丁非法销售公民个人信息30余万条,销售金额达20余万元,获利4万余元。
安徽省马鞍山市也发生了一起类似的电话诈骗案件:白某通过QQ多次购买包含姓名、住址、联系方式等内容的公民个人信息。从2013年12月起,白某又把这些信息通过QQ卖给张某,约定每1000元购买13000条,张某利用上述信息实施电话诈骗活动。
在白某被扣押的电脑主机硬盘及U盘存有公民个人信息累计有177万条之多。侦查人员在其U盘中随机抽取的公民个人信息与全国机动车/驾驶人信息资源库、全国人口基本信息库中的信息相符。
越来越多的案例显示,当下个人信息数据泄露、非法买卖的形势正越发严峻。
为了加强个人信息保护,欧盟、美国都正在出台一系列的法规和文件。例如,欧盟拟在9月份进一步强化个人隐私保护,准备将WhatsApp、脸书和skype等互联网通信服务商也纳入电子隐私指令的监管之下。
在中国,2015年11月起开始实施的《中华人民共和国刑法修正案(九)》明确规定,违反国家有关规定,向他人出售或者提供公民个人信息,情节严重的,处三年以下有期徒刑或者拘役,并处或者单处罚金;情节特别严重的,处三年以上七年以下有期徒刑,并处罚金。
另外,对违反国家有关规定,将在履行职责或者提供服务过程中获得的公民个人信息,出售或者提供给他人的从重处罚。
尽管泄露、出售公民个人信息已入刑,但是从实践来看,由于个人信息保护涉及多部门交叉管理等原因,要真正强化个人信息保护仍有很长的路要走。