"Internet thieves" rampant rampage: Quest black chain-Telecom fraud information data, black chain-IT information

Guided reading

Many practitioners suggest that using fraudulent to disperse dark industry chain, hidden features, lock upstream and downstream tracking and chain of evidence is very difficult, in some cases even transnational occurs in Africa, Southeast Asia and other regions, information protection law is not perfect and difficult to combat illegal need to work together to combat it.

The popularity of e-commerce, mobile payments, fewer and fewer consumers to carry cash, people joked "thieves are out of a job."

But on the Internet, stealing user electronic accounts, virtual asset "Internet thieves" is rampant.

Approaches for disclosing personal information is processed, sold and used for telecommunications, such as fraud or fraudulent, formed a huge black industrial system, the hidden cancer in the Internet world.

"Our business teams lurks in all data observed on the black market, domestic groups with professional fraud was rampant. "Many insiders.

2016 the annual Symantec Internet security threat report noted that specialize in online fraud in the Internet black market black workforce of up to 1.6 million people, user information is circulating on the black market as high as 600 million. Industry estimates, every year China the result of black-related economic losses of billions of Yuan.

Hackers, Trojans, "inner demons" and purchase user data

"If you use the same user name and password, and recommendations must be replaced, at least make sure that where there is money, must not use the same user name and password. "On more than one occasion, Qiu Han is making the proposal.

With the popularity of e-commerce and the Internet, a growing number of user behavior data and transaction information is stored on the Internet, as most users struggle to remember too many Web site login names and passwords, tend to use the same or similar user names and passwords, a convenience, there are certain risk.

Qiu Han introduced, Internet company for data security of standard and input varies, some website may will put user name and password expressly save, or not do any encryption, and firewall arresting, dang system slightly vulnerability Shi, on will was hacker attack stolen go user data, then for "hit library", that using these account name and password, information attempts to landing many other website, once using has same of account name and password, will will was hacker "hit" into account, then stolen go user funds or other related information.

Theft is the most basic part of black industries. In addition to hacking, Trojan virus, their ghosts, social work library and other means, information leaks can be prevented.

Shandong death of student Xu Yuyu has been Telecom fraud case details, hackers use online registration systems, uploading Trojan, intrusion systems stolen 60duowantiao candidate information and selling online, Xu Yuyu personal information just from the hands of a hacker into the hands of liars.

Driven by interests, some employees involved in the trafficking of customer data. Banking regulators in the case regarding disclosure of customers ' personal information by banking financial institutions risk warning notice pointed out that some of the banks have "inner demons" sold customer information of illicit profit.

1 million questionnaires-based China information security and privacy report, personal information seriously, but lack of awareness of self-protection. 55% of the research does not indicate the certificates copies in use, 34% of the participants on the free WiFi the uncritical use.

China's Ministry of public security disclosed in black in cybercrime industry, all kinds of phishing sites, cell phone Trojans, as well as most rampant crime to steal a user's personal information. In 2015, only around the cases related to the Chinese public security departments cracked more than thousand, involving more than 1 billion yuan.

Traditional black industry from the hacker access to sensitive information in the upper reaches, downstream of the bump and discord after useful information to sell the data, data distributors profit selling black data consumer. And new black industry is is Terminal channel in-depth three or four line even rural, to 20 Yuan to 50 Yuan ranging of price purchase user phone,, and ID, and handheld ID photos, and bank card information even u shield, full information, and requirements sold party shall not loss above material, these user most lifetime not left live to, its identity information flows upstream, and in black produced personnel hands into social, and electric business, and Internet financial, products of registered user, has good of shopping records and small credit records, Borrow a big loan just don't know when it will disappear. Such fraud technology from China's Taiwan area for incoming city and along the southeast coast and spread to the Mainland.

User identification is key

Black nature of the industry is through the realization of gains. The current large websites and agencies recognize and resist against the exception account mechanism, black workers would choose the mini site repeatedly attempts to "crash" get after users complete information to realisation.

As a high-frequency trading platform, will often become the target of black industries. But such attacks are not specific for which platforms, all institutions are likely to face the risk of fraud.

Black workers is a reality of a group of people, can become money becomes money, cannot be turned into cash on their own. Products which they varied, to virtual products such as game, recharge, realisation of such products has developed a more sophisticated path physical class have cell phones and even biscuits, underwear has.

Currently on the market most of the fraud case, root is the user's personal account information, the platform does not recognize originating the request really is a user or a fraud, losses incurred as a result. Incomplete statistics, market on four key elements of the bank card information (name, social security number, credit card number, Bank reserve phone number) of magnitude do more than even the five elements (the four elements and Bank passwords) also in millions more.

Telecom fraud case, as criminal gangs have mastered the user more detailed personal information, will also role play, transform, was caught off guard.

Head to the 21st century business Herald reporters, despite the black industries ' specific losses caused by too much on one platform, but confidence in the platform of information security, user caused great impact and reputation, risk prevention technologies into huge expenditures of the platform. By partnering with leading face recognition technology company, will be able to reduce the risk of fraudulent registration.

Black industries are the enemies of the industry.

Many practitioners suggest that fraudulent to disperse the black middle class, hidden features, lock upstream and downstream tracking and chain of evidence is very difficult, in some cases even transnational occurs in Africa, Southeast Asia and other regions, information protection law is not perfect and difficult to combat illegal need to work together to combat it.

21st century business Herald reporters learned, more information-sharing platform in the industry have been set up, such as the Chinese Association for payment clearing support more businesses under "financial risk information sharing Alliance" lead set up the Chinese Internet Finance Association financial industry information sharing platform on the Internet up and running, and in sharing information on fraud, illegal transactions of the industry at the same time, will also conduct joint disciplinary.

“网络小偷”猖獗横行：探秘信息数据黑色产业链 - 电信诈骗,黑色产业链 - IT资讯

导读

多位从业者表示，利用黑色产业链进行欺诈的行为存在分散、隐蔽特征，上下游追查和证据链锁定难度都很大，一些案件甚至跨国发生在非洲、东南亚等地区，相关信息保护法律也不完善，困难重重，打击黑产需要多方联手共同打击。

电子商务、移动支付的普及，消费者越来越少随身携带现金，人们打趣道“小偷都快失业了”。

但在互联网上，靠盗窃用户电子账户资金、虚拟资产的“网络小偷”却十分猖獗。

各种途径泄露的个人信息被加工、转卖，并用于电信诈骗或盗刷等，形成庞大的黑色产业体系，成为互联网世界中的隐秘毒瘤。

“我们有业务团队潜伏在各种数据黑市上观察，国内进行专业欺诈的团伙非常猖獗。”多位业内人士介绍。

赛门铁克2016《年度互联网安全威胁报告》指出，互联网数据黑市中专职于网络诈骗的黑色产业大军高达160万人，在黑市中流通的用户资料则高达6亿条。行业内测算，每年中国因黑产相关造成的经济损失近千亿元。

黑客、木马、“内鬼”和购买用户数据

“如果各位习惯用同样的用户名和密码的，建议大家一定要进行更换，至少要保证有钱的地方，一定不能用同样的用户名和密码。”在多个场合，邱寒都提出上述建议。

随着电子商务以及互联网的普及，越来越多的用户行为数据和交易信息存储在互联网上，由于多数用户难以记住过多的网站登录账户名和密码，倾向于使用部分相同或近似的用户名和密码，带来便利的同时也存在一定隐患。

邱寒介绍，互联网公司对于数据安全的标准和投入不一，一些网站可能会把用户名和密码明文保存，或者未做任何加密、防火墙拦阻，当系统稍有漏洞时，就会被黑客攻击盗走用户数据，进而进行“撞库”，即利用这些账户名和密码等信息尝试登陆许多其他网站，一旦使用了相同的账户名和密码，便会被黑客“撞”进账户，进而盗走用户资金或其他相关信息。

信息窃取是黑色产业最基础的环节。除黑客攻击之外，木马病毒、机构内鬼、社工库等途径，用户信息泄露可谓防不胜防。

山东学生徐玉玉遭电信诈骗离世案件侦破细节披露，黑客利用网上报名系统的漏洞上传木马，侵入系统盗出60多万条考生信息并在网上出售，徐玉玉的个人信息就这样从黑客手中流入骗子手中。

利益驱使下，部分机构员工参与贩卖客户数据。银监会在《关于银行业金融机构客户个人信息泄露案件风险提示的通知》指出，部分银行有“内鬼”出售客户信息非法谋利。

基于100万份问卷的《中国个人信息安全和隐私保护报告》指出，个人信息泄露严重，但自我保护意识缺乏。生活中有55%的调研者不标明证件复印件用途，34%的参与者对免费WiFi不加鉴别使用。

中国公安部披露，在网络犯罪黑色产业中，各类钓鱼网站、手机木马，以及窃取用户个人信息的犯罪最为猖獗。2015年，仅各地中国公安部门破获的相关案件就超过千起，涉案金额超过10亿元。

传统黑色产业由上游黑客获取用户敏感信息，挤轧有用信息后将数据卖给下游，数据分发商赚取差价卖给黑产数据使用方。而新型黑色产业则是终端渠道深入三四线甚至农村，以20元到50元不等的价格购买用户手机号、身份证、手持身份证照片、银行卡信息甚至U盾等全套资料，并要求出售方不得挂失上述材料，这些用户大多一辈子未离开居住地，其身份信息流向上游，并在黑产人员手中变成社交、电商、互联网金融等产品的注册用户，有良好的购物记录和小额信贷记录，只是不知何时会借入一大笔贷款消失不见。这样的欺诈技术从中国台湾地区传入大陆，并在东南沿海一带乃至向内地扩散。

识别用户是关键

黑色产业的本质是完成相应利益变现。当前大型网站和机构普遍有针对异常账户的识别和抵御机制，黑产从业者会选择在小型网站反复尝试“撞库”，获取用户相对完整的个人信息后再去变现。

作为一个高频交易场景的平台，往往会成为黑产业者的作案目标。不过这样的攻击并不具体针对哪家平台，业内所有的机构都有可能面临这样的欺诈风险。

黑产从业者是很现实的一群人，能变成钱就变成钱，不能变成钱就自己用。他们变现的产品五花八门，以虚拟类产品如游戏币、充值等为主，此类产品已经形成较成熟的变现路径；实物类则有手机甚至饼干、内裤都有。

当前市场上的多数欺诈案例，根源都是用户个人账户信息泄露，而平台无法识别发起请求的到底是用户本人还是欺诈分子，导致用户损失。不完全统计，市场上银行卡四要素信息（姓名、身份证号、银行卡号、银行预留手机号）量级在千万以上，即便是五要素（四要素加银行取现密码）信息也在百万以上。

而在电信诈骗案件中，由于犯罪团伙掌握了用户详细的个人信息，也会分角色扮演、变换话术，令人防不胜防。

有机构负责人对21世纪经济报道记者表示，尽管黑产业者在具体某家平台上造成的损失不太大，但对平台的信息安全、用户信心和声誉造成极大影响，风险防范技术的投入在平台支出中占比巨大。通过与领先的人脸识别技术公司合作，将能降低欺诈注册风险。

黑色产业是行业公敌。

多位从业者表示，利用黑产进行欺诈的行为存在分散、隐蔽特征，上下游追查和证据链锁定难度都很大，一些案件甚至跨国发生在非洲、东南亚等地区，相关信息保护法律也不完善，困难重重，打击黑产需要多方联手共同打击。

21世纪经济报道记者了解到，业内多个信息共享平台陆续成立，如中国支付清算协会支持，多个企业发起的“金融风险信息共享联盟”，中国互联网金融协会牵头搭建的互联网金融行业信用信息共享平台上线运行，在行业共享欺诈、违法违规交易信息的同时，还将进行联合惩戒。