Ponder on £ 200,000 university entrance exam candidates being resold this year-information disclosure, college entrance examination-IT information
This two-day,18 years old girl Xu Yuyu linyi "cheated death" hurt people's nerves again. Information disclosure, just like a leech, tightly in back of us, believe everyone received sales calls, text messages, we have information on exactly how many were sold?! The dark industry chain, now proud to what extent? This afternoon, blasting three (app ID:sdbaosanyang) investigations found that there are a lot of data being offered for sale on the Internet, a wide range of geographical diversity, shocking, ponder!
|-Blue
Reselling personal information into a dark industry chain
Profits, money fast, more and more people join to resell personal information, which has become a dark industry chain. In the transaction market in trafficked information has a price. According to the sources, the primary sources of student data, price about 1-2 Yuan/article, bulk purchase at a special rate. Compared to the student's information, e-commerce, banking, insurance, stock exchange data, more sought after, the price is higher. Who buys these data, is to lie.
Blast three (app ID:sdbaosanyang) sister of searching on the Internet and "candidate data" relating to the QQ Group, found all over the country are trafficking in QQ Group of candidate data, each more than more than more than 800 people in the group, leaving more than 10 people.
These groups are written in bold in the Group introduced the sale of information classification, some direct quotation: "trading one Yuan, and verify a, 10 a. ”
Blast three (app ID:sdbaosanyang), add a few student data trafficking QQ, QQ's profile is written "in late 2016 candidate list" sellers said the information he got more than 200,000 Shandong University entrance exam candidates, all new this year.
Information includes school, name, phone number, home address, parent phone calls, and these data are valid information can guarantee 90%. When asked when the purchase price, the other side says, all package data in Shandong province bought the most cost-effective, as long as 6000 Yuan, if bought separately would cost a little more.
QQ space from each other, as you can see, he resells data over 3 years, almost every summer will be a new "data". The sources for these data, the other very carefully, did not want to reveal, but stressed that the data is true.
On Taobao, the blast three (app ID:sdbaosanyang) also found a scalping Taobao shop owner information.
Baby details page says "national automatically collect owner information, updated daily, accurate to provinces and cities, cars, cards on time, age and contact details", put some screenshots in the text below, you can clearly see the different owners of information. Owners of information seems to be from some auto sales sites.
So much personal information, what flowed from where? Why this rampant human trafficking?
Asia company Web sites in the world's worst
According to professionals, general user data was leaked three possibilities: one is the contact with the data of internal staff use their posts to facilitate the theft, second, hacker crawling through website vulnerability information, the third is leaked the information when the services provided by the third party website.
Student data is compromised, for example, from schools, education, admissions and other areas are likely to leak. Not only are students, teacher's information might be leaked. Today broke up a training agency staff working in Beijing, illegal acquisition, buying the 200yuwantiao students and parents information, apart from mass advertising to parents, also in network platforms sell.
In addition to internal staff use terms of reference to facilitate brokering of information, more information is on the Internet has been "stolen".
Has an article on the BBC website today said: Asian corporate network security efforts are the worst in the world.
▲ BBC website screenshots
Reason is a site from the invasion of Asian companies to discover intrusion, use 520 days (median), which spent an average of only 146 days.
A vulnerability of the site takes a year to find during that time did not know how much data had been leaked, site security is very bad.
Vulnerability according to the domestic platform, in 2015, the platform vulnerability of the domestic Web site received more than 40,000, both personal and corporate websites, there are Government loopholes. 2015, for example, IESS, Cangzhou city a system vulnerable, 2.7 million medical insurance, pension, social security personnel suspected leakage of sensitive information. Most of the Government, enterprises and individual Web site does not have enough power to form professional security team, lack of professional restoration advice and repair verification mechanisms, frequently updated as your business, new vulnerabilities are exposed.
In accordance with the provisions of the Penal Code, reselling personal information allegedly constituted the crime of illegal access to personal information. Offence of illegal access to personal information, refers to the theft or other means to obtain organs, or the financial, telecommunications, transportation, education, medical care and other units in the performance of duties or the citizen's personal information obtained in the course of providing services, sale or offering to others, if the circumstances are serious. Guilty of illegal access to personal information, to three years ' imprisonment or criminal detention, or be fined.
Personal information security and not pay more to watch out for will be able to fix things. Some netizens said, defrauded legal consciousness of people is shallow, but personal strong awareness of the law, could not defend the large quantities of information. All Governments, businesses and organizations raise the importance of network and information security, will it be possible from the roots cut off Black chain.
(Article part of a 21st century economic report, the Yangtze evening news, United Kingdom BBC website)
细思极恐:山东今年20万高考考生信息遭倒卖 - 信息泄露,高考 - IT资讯
这两天,18岁临沂女孩徐玉玉“被骗致死”再次刺痛了人们的神经。信息泄露,就像一条水蛭,紧紧地吸在了我们的脖颈上,相信每个人都接到过各种推销电话、短信,我们的信息到底有多少被出卖了?!这条黑色产业链,现在张狂到什么程度?今天下午,爆三样(微信ID:sdbaosanyang)的样妹暗访发现,目前还有大量的数据信息在网上被标价出售,种类繁多,地域多样,让人震惊,细思极恐啊!
文|海蓝
倒卖个人信息成黑色产业链
暴利,来钱快,使得加入倒卖个人信息的人越来越多,这已经成为了一个黑色产业链。在交易市场中,被贩卖的信息都有着明码标价。据有关人士透露,一手的学生数据,售价约1-2元/条,大量采购还有优惠。相比于学生的信息,电商、银行、保险、股市交易的数据价格更为抢手,价格也更高。而买这些数据的人,都是拿来骗人的。
爆三样(微信ID:sdbaosanyang)的样妹在网上搜索了与“考生数据”有关的qq群,发现基本上全国各地都有贩卖考生数据的qq群,每个群里多则800多人,少则十几人。
这些群主们大胆的在群介绍里写着出售信息的分类,有的直接标价:“交易一元一条、验证一元一条,10元一批。”
爆三样(微信ID:sdbaosanyang)的样妹随意加了几个贩卖学生数据的qq号,一个qq号的简介里写着“2016年最新考生名单”的卖家说,他手上有20多万山东高考考生的信息,全是今年最新的。
信息里包含了学校、姓名、电话、家庭住址、家长电话,而这些数据能够保证90%都是有效信息。当样妹询问购买价格时,对方表示,所有山东的数据一起打包买最合算,只要6000元,如果分开买就会贵一点。
从对方的qq空间里,样妹可以看到,他倒卖数据已经超过3年了,几乎每年暑假都会得到一批新“资料”。对于这些数据的来源,对方十分谨慎,并不愿意透露,只是强调数据都是真的。
在淘宝上,爆三样(微信ID:sdbaosanyang)的样妹还发现了一家倒卖车主信息的淘宝店。
在宝贝详情页面写着“全国车主信息自动采集,每日更新,可精确到省市、车型、上牌时间、年限和联系方式”,在文字下面放了几张截图,可以清楚地看到不同车主的信息。车主的信息似乎都是从一些汽车销售网站抓取的。
如此多的个人信息,究竟是从哪里流出的?为何能够如此猖狂的进行贩卖?
亚洲公司的网站安全全世界最差
据专业人士介绍,一般用户数据被泄露有三种可能:一是与数据有接触的内部人员利用职务便利盗取,二是黑客通过攻击网站漏洞抓取信息,三是第三方网站在提供服务时泄露了信息。
以学生数据被泄露为例,从学校、教育局、招生办等环节都有可能泄露。不光是学生,教师的信息也有可能被泄露。今天在北京爆出了某培训机构员工利用工作便利,非法获取、购买了200余万条学生及家长信息,他们除了向家长群发广告,还在一些网络平台出售。
除了内部人员利用职权便利倒卖信息,更多的信息则是从网络上被“偷走”的。
今天在BBC网站上有一篇文章说:亚洲公司的网络安全工作是全世界最差的。
▲BBC网站截图
理由是亚洲公司的一个网站从被入侵到发现入侵,要用520天(中位数),而全球的平均花费天数只有146天。
一个网站的漏洞要花费一年多的时间才会发现,这期间不知道多少数据已经被泄露了,网站的安全措施实在太差。
根据国内补天漏洞平台介绍,2015年该平台收到的国内网站的漏洞就超过4万条,除了个人和企业网站,也有政府部门存在漏洞。比如,2015年沧州市社保局某系统存在漏洞,270万医疗、养老、社保参保人员敏感信息疑遭泄露。大多数的政府、企业和个人网站没有足够力量组建专业安全团队,缺乏专业的修复建议和修复验证机制,随着业务的频繁更新,新漏洞不断被曝光出来。
根据《刑法》规定,倒卖个人信息涉嫌构成非法获取公民个人信息罪。非法获取公民个人信息罪,是指以窃取或者其他方法非法获取国家机关或者金融、电信、交通、教育、医疗等单位在履行职责或者提供服务过程中获得的公民个人信息,出售或者非法提供给他人,情节严重的行为。犯非法获取公民个人信息罪的,处三年以下有期徒刑或者拘役,并处或者单处罚金。
信息安全不是单靠个人多加提防就能解决的事情。有网友说,被骗的人都是法律意识浅薄,可是个人再强大的法律意识,也不能防住信息的大量泄漏。只有所有的政府、企业、机构都提高对于网络信息安全的重视程度,才有可能从根源掐断黑色链条的存在。
(文章部分内容来源于21世纪经济报道、扬子晚报、英国BBC网站等)