The mobile phone cards seized by the police were "piled up like mountains".
The largest WeChat plug-in case in China, the largest "black hat" promotion case in China, and the largest domain name hijacking case in China … … Yesterday, the Guangdong Provincial Public Security Department held a press conference to report the effectiveness of cracking down on cybercrime and cracked a number of major and influential new cybercrime cases in the country. It is understood that from January to October this year, Guangdong Province detected more than 1,430 cases of online illegal production, detained more than 9,220 people in criminal detention, and seized more than 5.8 billion pieces of personal information of citizens who were leaked and stolen, up 29.68%, 22.26% and 557.64% respectively, which effectively cracked down on the arrogance of online illegal production crimes.
Guangzhou cracked the largest case of manufacturing and selling WeChat plug-in software in China.
Recently, the Guangdong Provincial Public Security Department organized the Guangzhou Public Security Bureau to carry out the "Net Net No.11" project to close the net, knocked out a large new hacker criminal gang that made, resold and used WeChat plug-in software, engaged in the business of buying and selling WeChat accounts and keeping numbers, arrested 44 criminal suspects, and seized about 650,000 micro-signals involved, involving about 10.41 million yuan. The case is the largest network black production case that has been cracked in China to manufacture and sell WeChat plug-in software.
In May this year, when Guangzhou police detected a fraud case of dating, they found that the suspect used a WeChat plug-in software called One Piece. The so-called WeChat plug-in software has the functions that official WeChat does not have, such as logging in micro-signals in batches, automatically adding friends, sending friends in batches, managing group messages, and authenticating micro-signals in batches. It is an important tool for black producers to raise and sell numbers, and can provide a large number of account resources for gangs that commit crimes such as online fraud.
According to the suspect’s confession, the software was sold to them by a man named Liang Moulun and solved the problems encountered in the use of the software. The task force conducted in-depth investigations and successfully concluded a new hacker criminal gang that produced, resold and used WeChat plug-in software, engaged in the business of buying and selling WeChat accounts and keeping numbers.
After the micro-signal was "raised", its value soared by a hundredfold.
After investigation, the gang, centered on Chen Mou Exhibition, a software producer, is divided into three roles: software producer, software agent and micro-signal dealer. The first floor consists of three people, including Chen Mou Zhan, a software producer, who is mainly responsible for developing the One Piece WeChat plug-in software and uploading it to the website for users to download. The software requires an authorization code to use, and the suspect illegally profited by selling the authorization code and charging the software agency fee. On the second floor, there are 10 software agents, including Liang Mou, who mainly obtain agency qualifications from software producers, buy authorization codes in bulk at low prices and resell them to micro-signal vendors. Some agents are also engaged in the black business of micro-signal vendors. On the third floor, there are 31 micro-signal merchants, including Gong Mou, who mainly buy authorization codes from agents, and register real-name WeChat accounts in batches by using One Piece software to carry out the business of raising and selling numbers.
What are these micro-signals sold in bulk used for? According to the police handling the case, most of them are used to disguise their identity to engage in illegal and criminal activities, and become tools for crimes downstream of online black production, such as dating fraud. The newly registered number is cheaper, only a few dollars, while the old number that has been raised for a while will sell for tens to hundreds of dollars.
Gambling sites "wears vest" to improve its ranking.
Recently, the Guangdong Provincial Public Security Department organized the public security organs of Foshan City to carry out the "Net No.10" network-closing operation in six provinces and eight cities, including Foshan, Fujian, Sichuan and Jiangsu, and successfully destroyed a criminal gang that used Baidu Black Hat to promote the online gambling industry chain, arrested 72 suspects, seized 1.32 million yuan in cash on the spot and frozen 15 million yuan in funds. This case is the largest network black production case that Baidu Black Hat promoted the online gambling industry chain in China.
Since the beginning of this year, it has been found in the work of Foshan Internet Police Detachment that there are a lot of gambling sites information in the top links in Baidu search engine. After investigation, criminals use technical means to implant online gambling, online pornography, online fraud and other promotional links in multiple websites to improve the search ranking of promotional links and increase the click-through rate of promotional links. This promotion method is called black hat SEO in the black industry. In short, it is to improve the ranking in search engines by improper methods. Accordingly, the police carried out in-depth investigation and found a large gang that used Baidu black hat to promote the online gambling industry chain.
The investigation found that the gang provided operation and maintenance services to 143 gambling information websites, such as Zeng × Ren, Xiao× Er, Ye× Zhu, Tie× Pan and Ju× Pan. In order to improve the ranking of this kind of target website (gambling sites) in various search engines and increase the hit rate of being searched, it forged the homepage of the website into a news media page, and used the title to attract clicks, thus attracting traffic. After Baidu’s ranking was improved, the gang secretly inserted gambling advertisements and links in the webpage to promote various gambling sites for gambling gangs.
In addition, in order to ensure that gambling sites is accessible and has certain concealment, the gang also purchased SSL certificates from overseas for website encryption and VPN services for climbing over the wall, thus avoiding supervision and review.
The source of batch registration of online accounts "meal" is actually "inside ghost"
Recently, under the coordination and command of the Guangdong Provincial Public Security Department, Dongguan public security organs simultaneously launched the "Net Net 22" project in Guangdong, Fujian, Shandong and other places, knocked out a mobile phone verification code obtained by building a network code platform, registered a new type of criminal gang with online virtual accounts in batches, arrested 82 major suspects in various links such as "industry ghosts", "card merchants", platform personnel and downstream crimes, and seized more than 1,400 personal information of citizens. The case completely cut off the black industrial chain of the "receiving platform".
In May this year, the investigation of Dongguan Cyber Police Detachment found that Dongguan Ziyou Network Technology Co., Ltd. set up a "Domi" network code access platform, contacted "card merchants" and criminals with black products, bypassed real-name authentication, and obtained verification codes of mobile phones in batches, and then provided them to black products users of the platform to register various platform accounts in batches, and then provided them to criminals downstream for "car", "loan" and "loan".
After in-depth investigation, it was found that two staff members of Dongguan telecom operators acted as "ghosts in the industry" and used their work to provide a large number of mobile phone "black cards" for "card merchants". Card merchants then sell mobile phone "black cards" to cyber criminals, who use "cool cards" and "cat pools" to connect with the "Domi" platform. By using the "Domi" platform, they can receive verification codes of mobile phones in batches, and illegally sell a large number of accounts after registering in popular mobile apps. Account buyers can get the first discount of the corresponding merchants, or implement it in a way of not paying after consumption and not returning small loans.
For example, criminal gangs of black goods registered a large number of accounts on platforms such as Alipay, Didi Chuxing, Shouqi Chuxing and Hungry, and then sold them to criminals downstream. After using this account, downstream criminals deliberately fail to pay, maliciously owe money after the loan, or get the first discount from the platform merchants.
The police reminded that providing code-receiving services for online criminal gangs is to help information network criminal activities, and the masses should not try their own laws. If you find any clues about the code receiving platform, please report to the public security organ in time.
Network access automatically jumps to gambling sites? It was a domain name hijacking.
Recently, the Guangdong Provincial Public Security Department organized the public security organs of Zhongshan City to carry out the "Net Net No.13" project to close the net, knocked out a domain name hijacking criminal gang, arrested 80 criminal suspects, and seized a large number of computers, mobile phones, bank cards, cars and other items. This case is the largest network black production case of domain name hijacking crime in China.
In July this year, during an online patrol, Zhongshan Cyber Police Detachment found that some people posted publicity information about gambling slang such as "operator DNS hijacking", "BC", "CP", "chess and cards" and "LH" on Baidu Post Bar, and used domain name hijacking to "drain" gambling sites.
Internet domain name hijacking is to hijack the domain name resolution server by illegal means, gain the control of the domain name resolution record of the website, and then modify the resolution result of the domain name of the website, so that users cannot directly visit the target website. After entering the domain name, the webpage will jump to designated websites such as gambling and pornographic websites.
After layer-by-layer investigation and analysis, the task force finally locked in a network domain name hijacking criminal gang headed by Li Molong, Zheng Monan, Chang Mou, Zhao Mou, He Mochao, He Moguang and others. The gang members are located in Zhongshan, Beijing, Fujian, Jiangsu and other places in Guangdong.
After investigation, it was found that Li Moulong and others set up a studio in Shiqi District, Zhongshan City since February 2019, and used hacking software to hijack websites such as "A certain amount of treasure" to brush traffic for illegal websites such as Mark Six Lottery in gambling sites and the mainland, in order to attract people to browse gambling sites and participate in online gambling, and formed a "DNS operation gang, domain name hijacking gang, intermediary promotion gang and downstream gambling gang".
The police reminded that it is a serious crime to provide domain name hijacking and promote "drainage" services for cybercrime, and the masses should not try their own laws. Please report to the police actively if you find that the webpage jumps forcibly or that computers and mobile devices find viruses and Trojan horse infections. (Text/Guangzhou Daily All-Media Reporter Li Dong Correspondent Lin Hongsheng, Jiang Shuting, Li Changda)