Warehouse Group stolen personal information, in connection with the information for up to 110 million-IT information

If you buy something online, can you imagine after a few minutes are likely to be criminals access to your personal information. In early December, Jiangsu police announced a big infringement of citizens ' personal information, in connection with the information of up to 110 million, they looted citizens ' online shopping information.

Cases from the Chinese Ministry of public security issued a clue to Wuxi City Public Security Bureau, in April this year, China when the Ministry of public security, analyze some of the fraud cases, find a lot of personal information and data may be derived from Jiangyin in Wuxi, the amount of information involved is quite amazing.

Wuxi, Jiangyin, China's public security departments to track these data sources, found in Jiangyin had a network named "Allison" suspect Qiu, probably is reselling personal information brokers, and steal and purchase links are quite close.

To high a survey Center, police by technical means have the suspect's true identity and residential address, and then astonished police teams to Hainan, Anhui and other places and captured 17 suspects, of which 9 are hackers.

Jiangyin City Public Security Bureau security guard Brigade Xiao Hong Wei: hacker suspect is divided into two categories, one is domestic University students, there are 3 main suspects, both domestic network games, Internet skill game award; the other is through the self-taught hacker, a hacker only 17 years old.

Meanwhile, Qiu was arrested at home in a closely monitored by police, after a thorough search, the police found key pieces of evidence. Qiu's hard drive, the police extract a staggering amount of personal information data.

Wuxi City Public Security Bureau security guard detachment of three brigades Guan Lichao: in his computer hard drive taken not yet sold citizens ' personal information to liangqianduowantiao.

Hacker buy low "fraud group" sold

Following a police investigation, Qiu I did not master hacker, his official work is of an enterprise, the storekeeper, and no access to citizens ' personal information. So, Qiu is why trafficking in personal information broker? How did he obtain the mass of citizens ' personal information?

According to Qiu introduction, he joined the underground, it is because his own information disclosure is the experience. When his son was born, second day or third day business called him, he wondered, how could anyone know this information. So he went online query research found that many people could use some means to obtain personal information, sell some businesses.

Qiu feels found opportunity, immediately look for the sale of personal information on the Internet channel, has added dozens of relevant "hack" and "Telecom scam" QQ Group. Try a low bid of personal information, raising prices for sale.

Form a "hacktivist" massive trafficking information

After several transactions, Qiu found technology "hacker group" and exchange of the techniques of fraud "fraud group" basically don't talk to each other, he can shuttle between the QQ Group selling information, buying and selling the difference will be much larger. After verification, Qiu to expand three QQ number have added illegal information trading group 46, group members total more than 20,000 people, trading volume doubled. In order to further drive down prices, Qiu a hacker group employs five technology better student hackers, formed their own "team" at a very low price for the high service.

Reporter: you (personal information) price is very low, very low means how much money?

High: sometimes, like "little Jerry", hundreds of thousands of items give him one thousand or two thousand dollars, prices are very low.

Hackers become Chiu's "cash cow"

Qiu said the "little hero" is his "team" the full force of a hacker. Self-taught, he is only 19 years old, mainly engaged in Web site security testing, vulnerability scan repair work. Has a very good career prospects, now on suspicion of stealing and trafficking in personal information, was sent to prison.

Multi-link, reporters saw a hero in the detention center. Astonished police, the little hero network technology is superb.

According to Jay introduced, academic performance is not good he's only secondary school, beginning in 2014 in contact and fell in love with hacking techniques, and worked day and night to dig into, and his method is to constantly hone technology websites, from the so-called "operational" quickly improved.

"Little hero": because he pitched for nets, build "target" will always be like that, "operational" when will encounter various problems. Elsewhere see the invasion site is illegal, but not stop, because I have entered this circle.

After attacking the practice, "the little Jerry" rapid promotion, and started to write hacking programs and scripts, he prepared the hacking software is free and easy to use, as he fired the fame, in QQ groups and forums, we can't attack site will come to him for help, basic can win, becoming a hacker circles "great God"-level characters. After a friend introduced, when there was no income "little hero" know the main suspects in the case were high, start stealing and trafficking in personal information, obtain benefits.

"Little hero": directly to the destination Web site, ask us to invade, to throw right out, or help them find out the data out on the line. Then he sold it, he sold for as much as he wanted to, so basically just hundreds of dollars to hundreds of dollars, or I'm broke, I'll borrow from him, and helped him attack the next time a Web site.

"Little hero" and Qiu in a half a year of cooperation, attacked more than 1000 Web sites, data provided is well below black market prices, Chiu's "cash cow". "Little hero" prior to the incident, from the high profit somewhere around 100,000 yuan.

Reporter: 19 years old, chance is that you don't have to have to do it.

"Little hero": so sorry. Begins, Qiu had not said so and so he sold data to criminal gangs, he said, he was sold, he is also selling, later on I realized, it is fraud, data is from us.

Data illegally "private ordering"

Qiu so close, and hackers, there are three prominent university students, they also know that the illegality of hacking, but still with high cooperation and steal data from personal information for profit.

Criminal suspects, a University freshman beam: our 2015 when got a 360 (security guard) vulnerability in the preceding three, then 360 companies inviting past award. Then after I get to know a hacker. He said to me, stealing information can make money, I looked at the records of some of his payments, then I started doing this.

In this way, the introductions between hackers, high one can take advantage of "cyber attack" more and more, in addition to the five best student hackers, on his QQ has nearly 200 contacts, had been involved in illegally activities of citizens ' personal information. Qiu said, he can handle all personal data, and what is what.

Jiangyin Public Security Bureau network security defend Brigade Xiao Hong Wei: like to hypertension patients data, fraud groups said need such of data, so on by Qiu a released such of information, by hacker suspects on we domestic of the big hospital website for attack invasion, invaded zhihou will hospital background server within some patients of data download, then again by Qiu xxx to high sold to downstream of crime suspects, this among is reflected out such of a "private set business", is said you wants to what data, I are can do.

Planning executives traffic in online shopping information

According to the survey, hackers attacked Web sites in this case including corporate websites, shopping sites, investment sites, medical Web sites, and so on, what kind of data is very complete, but Qiu was still not satisfied, because hackers attacked Web sites take time, get the timeliness of data are relatively poor, he wanted to sell it a more valuable data, that is, immediate purchase personal information over the Internet.

Ad hoc police investigation found that Qiu was arrested just before the transaction data, leaving personal information when consumers shop online, some even just buy finished goods the same day, order information is here to Qiu.

This data is only 1000 pieces, but still attracted great attention of the project. Because the sources of information are the well-known online shopping platform, hacking takes a long time, couldn't get fresh information, there should be a more secret underground trade.

Jiangyin City Public Security Bureau security guard Brigade Xiao Hong Wei: yesterday or the day before online shopping information, fast data traffic in dealer hands, scalp into the hands of criminal gangs, rapid implementation of fraud, the value of information is very high, one may reach 7 to 10 Yuan, top 20 Yuan. Historical information, which means that last year's online shopping information, low prices, likely in a range between 2 cents to 5 cents.

In early 2016, Qiu after months of searching, open up access to instant online shopping data channel. Ad hoc police according to the origin of the data up, finally found the source of the data to a particular, surprised everyone to an identity.

In the famous is a college graduate, has served in domestic famous enterprises, went to a Beijing technology company executives. The network brand companies for domestic and foreign businesses to provide technology and data services, customers almost all well-known online shopping platform.

Some said he initially did not want to have these personal shopping information, these data as "gatekeepers", he has also repeatedly ordered subordinates not to use online shopping data for profit.

110 million cases of personal information in connection with continued investigations

Online shopping data handled in a day is very impressive consumer Internet purchase in just a few minutes later, his order may be in a company. In a very clear value of these instant online shopping information, also wanted to stick to the bottom line, so what happened exactly, so he changed?

It turns out that earlier this year, the company had planned to give the Department a raise, but failed to deliver, which in a discontented, he decided to go online and look for the sale of data channels, give yourself a "raise".

Suspects in a: thousands of Yuan at the beginning of each month, to tell you the truth I don't really have the money are after, I had wanted to see this road go? Later, about five thousand or six thousand per month, 10,000 bucks. After a minute, human greed is out, because the money was not hard and not tired, and finally don't stop, just bigger and more. In May and June this year, when more than 30,000 dollars a month.

These data after Qiu sold changed hands, proved extremely high accuracy, got the news of the fraud ring organizers to look for a high "order" and even are willing to pay in advance waiting.

After investigation and verification, to take advantage of some of their positions, illegal downloading citizens shopping data in the dead of night through cloud, offline files sent Qiu in the form of a data broker. In order to get more money, to pass the data directly to a number of Telecom fraud criminals and some advertising salesman.

To a: great harm to society, when do greed, did not want to, or I realize that is a crime, but I didn't want to down. Sitting behind bars is really deserved it, deserved.

Current statistics, suspects in this case were stealing and trafficking in personal information of more than 110 million, Chiu, in a first group of 13 suspects have been transferred to the procuratorial organs for prosecution task force continues to dig deep, and organized by the Chinese Ministry of public security of China joint operations, seeking to capture more suspects of stolen personal information.

仓库保管员组团盗卖个人信息，涉案信息达1.1亿条 - IT资讯

如果您在网上买东西，您能否想象几分钟后您的个人信息就有可能被不法分子获取。12月初，江苏警方公布一起侵犯公民个人信息大案，涉案信息多达1.1亿条，他们专门盗卖公民网购信息。

案件源于中国公安部下发给无锡市公安局的一条线索，今年4月，中国公安部在分析一些网络诈骗案件时，发现很多个人信息数据可能来源于无锡江阴地区，涉案信息的数量十分惊人。

无锡、江阴中国公安部门全力跟踪这些海量数据的来源，发现在江阴有一个网名为“佳佳拍”的嫌疑人邱某，很可能是倒卖公民个人信息的中间商，与盗取者和收购者的联系都相当密切。

以邱某为调查中心，警方借助技术手段掌握了多名犯罪嫌疑人的真实身份和居住地址，随后，专案组民警分赴海南、安徽等地，抓获17名犯罪嫌疑人，其中9人是黑客。

江阴市公安局网络安全保卫大队肖宏伟：黑客嫌疑人主要分成两类，一种就是国内高校的在校学生，主要有3名嫌疑人，都获得过国内各大网络比赛、网络技能比赛的奖项；另一种就是通过自学成才的黑客，有一名黑客只有17岁。

与此同时，被警方严密监控的邱某在家中被捕，经过仔细搜查，警方找到了关键证据。在邱某的硬盘里，民警提取出了数量十分惊人的公民个人信息数据。

无锡市公安局网络安全保卫支队三大队管力超：在他的电脑硬盘里面取到的尚未出售的公民个人信息就有两千多万条。

黑客低价买进“诈骗群”高价卖出

经过警方调查，邱某本人不掌握黑客技术，他的正式工作是某企业的仓库保管员，并没有机会接触公民个人信息。那么，邱某是怎么成了贩卖公民个人信息的中间商？他又是如何获得海量的公民个人信息的呢？

据邱某介绍，他加入这个地下产业，竟然是因为他自己信息泄露的一次经历。原来他儿子出生的时候，第二天或者第三天就有商家给他打电话，他就觉得很奇怪，怎么会有人知道这个信息。于是他就上网去查询研究，发现很多人可能利用一些手段获取公民个人信息，卖给一些商家。

邱某觉得自己发现了商机，立即在网上寻找买卖个人信息的渠道，先后加了几十个有关“黑客技术”和“电信诈骗”的QQ群。尝试低价收购公民个人信息，抬高价格卖出去。

组建“黑客团队”海量盗卖信息

经过几次交易，邱某发现，研究技术的“黑客群”和交流诈骗技巧的“诈骗群”基本不互相往来，他可以穿梭在两种QQ群之间倒卖信息，这样买进和卖出的差价会大得多。经核实，邱某用于扩展业务的三个QQ号共加入非法信息交易群46个，群成员总计2万多人，交易数量成倍增长。为了进一步压低收购价格，邱某又在黑客群里雇佣了五个技术较好的学生黑客，形成自己的“团队”，以极低的价格为邱某服务。

记者：你收（个人信息）的价格很低，很低是指多少钱？

邱某：有的时候，像“小杰”那种，几十万条就给他一两千块钱，价格就很低的呀。

黑客成为邱某的“摇钱树”

邱某所说的“小杰”是他“团队”中最厉害的一名黑客。自学成才的他，虽然只有19岁，主要从事网站安全测试、漏洞扫描修复等工作。本来有着很不错的事业前景，如今却因为涉嫌盗取和贩卖公民个人信息，进了监狱。

经多方联系，记者在看守所里见到了小杰。专案组民警介绍，小杰的网络技术十分高超。

据小杰介绍，学习成绩并不好的他只上到中专，2014年开始接触并喜欢上了黑客技术，从此夜以继日钻研，而他磨练技术的方法就是不断攻击网站，从所谓的“实战”中快速提高。

“小杰”：因为自己搭的网，自己搭的“靶机”永远都是那样的，“实战”的时候才能遇到各种问题。在其它地方都看到了，入侵网站是属于违法的，但已经停不下来了，因为我已经进入这个圈子了。

经过攻击练习，“小杰”技术飞速提升，并开始编写黑客程序和脚本，他编写的黑客软件既免费又好用，为他打响了名气，在QQ群和论坛中，有大家攻击不了的网站就来找他帮忙，基本都能拿下，渐渐成了黑客圈子里“大神”级别的人物。经过一个网友的介绍，当时没有收入的“小杰”认识了本案的主要嫌疑人邱某，开始合作盗取和贩卖公民个人信息，获取利益。

“小杰”：直接给目标网站，叫我们去入侵，要把权限丢出去，或者帮他们把数据找出来，拿出来就行了。然后他卖了，他卖了之后他想给多少给多少，所以基本就几百块钱几百块钱给，或者是我没钱了，我先找他借，然后下次帮他再攻击个网站。

在“小杰”和邱某合作的大半年里，攻击超过1000家网站，提供的数据价格远低于黑市价，成为邱某的“摇钱树”。而“小杰”到案发前，从邱某处获利大约十万元。

记者：19岁，机会多的是，你没有到非得干这事的地步。

“小杰”：所以后悔。开始的话，邱某某他也没说数据卖给犯罪团伙，他只是说，他也是转手，他也是倒卖，后来慢慢知道了，都是诈骗，数据都是从我们这里来的。

数据盗卖竟然“私人订制”

在与邱某某关系密切的黑客中，还有三名知名高校的大学生，他们也知道黑客行为的非法性，却仍然与邱某某合作，盗取公民个人信息数据以牟利。

犯罪嫌疑人、某大学大一学生梁某：我们2015年的时候，获得了一个360（安全卫士）漏洞提交的前三名，然后360公司就邀请我们过去颁奖。当时我过去了之后认识了一个黑客。他就跟我说，盗取信息可以赚钱，给我看了一下他的一些付款的记录，然后我才开始搞这个。

就这样，黑客之间互相介绍，让邱某可以利用的“网络攻击队”越来越多，除了五个关系最好的学生黑客，在他的QQ里还有近两百个联系人，基本都曾参与盗卖公民个人信息的活动。邱某曾对外宣称，所有个人信息数据他都可以搞定，要什么有什么。

江阴市公安局网络安全保卫大队肖宏伟：比如说要高血压病人数据，诈骗团伙说需要这样的数据，那么就由邱某发布这样的信息，由黑客嫌疑人对我们国内的各大医院网站进行攻击入侵，侵入之后将医院后台服务器内一些病人的数据下载，然后再由邱某某以高价转卖给下游的犯罪嫌疑人，这当中就是体现出这样的一个“私人订制”，就是说你想要什么数据，我都能做到。

监守自盗公司高管贩卖网购信息

根据调查，本案中黑客攻击的网站包括企业网站、购物类网站、投资理财类网站、医疗机构网站等等，数据种类可谓十分齐全，但是邱某依然不满意，因为黑客攻击网站需要时间，拿到数据的时效性比较差，他想贩卖一种更值钱的数据，也就是即时的网购个人信息。

专案民警在调查中发现，邱某被捕前刚刚交易过一批数据，都是消费者在网上购物时留下的个人信息，有的人甚至当天刚下单购买完商品，订单信息就到了邱某这里。

这批数据虽然只有一千条，但还是引起专案组的高度重视。因为信息的来源都是知名的网购平台，黑客攻击需要较长的时间，不可能获得这样新鲜的信息，应该有一种更隐秘的地下交易。

江阴市公安局网络安全保卫大队肖宏伟：昨天或者前天的网购信息，迅速经过数据贩卖中间商手里，倒卖到下游的犯罪团伙手中，迅速地实施诈骗，信息的价值是非常高的，一条可能达到7元到10元，最高的20元不等。历史的信息，也就是说去年的网购信息，价格偏低，一般有可能一条在2毛到5毛之间不等。

2016年初，邱某经过几个月的搜索，打通了获得即时网购数据的渠道。专案民警根据这批数据向上溯源，终于找到数据的源头于某，而于某的身份让所有人都感到吃惊。

于某是著名高校的硕士毕业生，曾在国内知名企业任职，后来到北京某科技公司担任高管。这家公司为国内外的网络品牌商家提供技术和数据服务，客户几乎遍布所有知名的网购平台。

于某说，自己一开始没有想过贩卖这些个人网购信息，作为这些数据的“看门人”，他还曾多次严令下属不能用网购数据牟利。

涉案1.1亿条个人信息案件还在继续调查

于某每天经手的网购数据十分惊人，一位消费者上网购买商品仅仅几分钟后，他的订单就可能被于某的公司获取。于某十分清楚这些即时网购信息的价值，也曾经想坚守底线，那么究竟发生了什么，让他发生了转变？

原来，今年年初，公司原本计划给于某的部门涨薪，但是没有兑现，这让于某产生不满，他决定上网去寻找贩卖数据的渠道，给自己“涨薪”。

犯罪嫌疑人于某：最开始的时候每个月几千块钱，那个钱说实话我真的没看上，我当时想看看这条路能不能走？后来每个月大概有五六千，一万块钱。钱一到手之后，人的贪欲就出来了，因为这个钱来得也不难也不累，最后就收不住手了，就越做越多。今年五月份、六月份的时候每月三万多块钱。

这些数据经过邱某转手贩卖后，被证明准确性极高，得到消息的诈骗团伙组织者赶紧找邱某“订货”，甚至愿意先付钱排队等着。

经调查核实，于某利用职务之便，非法下载公民购物数据，在深夜通过云盘、离线文件等形式发送给邱某等数据中间商。为了获得更多钱财，于某还把这些数据直接卖给了多名电信诈骗的犯罪分子和一些广告推销商。

于某：对社会造成了很大的危害，当时做的时候利欲熏心，没有想，或者我自己意识到了是犯罪，但是我没有往下想。坐在铁窗后面真的是罪有应得，罪有应得。

目前统计，本案的犯罪嫌疑人共盗取和贩卖公民个人信息超过1.1亿条，邱某、于某等第一批13名嫌疑人已经被移送检察机关提起公诉，专案组还在继续深挖，并进一步由中国公安部组织中国多地联合行动，力求抓获更多盗卖公民个人信息的犯罪嫌疑人。