Demystifying personal data underground trading "Gray Rivers": A 360 borrow data for only 3 points

Lie De revealed that at present, personal information leaks can be roughly divided into three ways. First, personal disclosure of information is unconsciously. The second is those enterprises or individuals with large amounts of data, deliberately leaked information, enter the black chain.

The third is that the criminals pass the technical means to invade the relevant enterprises, the department’s network database, thereby obtaining a large number of personal information.

"Everyone often said that hacker steals the data, but this stealing requires powerful technical support, the real hacker makes the road wide, completely can’t see this data." Li De said that the technology did not reach the wrong elements of the hacker, can also Crack individual systems, but the amount of information that is stolen is very limited.

In his opinion, the most important reason for information data leaks now is inner ghost.

The loan data in his company is open, and anyone can extract and sell data, and there are many data types. In addition to the name of the boruse, contact details, ID number, including mobile phone address book Related content information, picture information, etc.

Some loan companies even asked the borrower to provide nude photos. It is entirely possible to sell the naked photos of the other party without the consent of the other party. The amount is charged, the amount is too large, and even the package is sold.

Li De said that he has a friend who has been engaged in data sales, belonging to terminal retail data merchants, mainly selling "high officials" data, a data price is about 1,000 yuan, and its relatives have three hundred to 500 yuan.

As a seller, his friend only got 10% commission, so the inner ghost is the most profitable person. "I heard that there is a good ghost to sell a well-known e-commerce data, less than half a year, I bought two sets of rooms in Hangzhou, but later caught.

"Li De said, general inner ghost only provides data, not selling data, is divided into the sales channel, almost all large channels and retailers are all-in-one inner ghosts. Crime hotbs in the gray rivers and lakes of this underground trading, say" black words " Become a rule of the branch of the buyers and sellers. "SFZ" represents "ID card", "SJH" represents "mobile phone number", "BC" refers to "gambling", while gaming, sales, etc. represent the direction of the use of such data. In Li The main sales channels of user privacy data are online loans, gambling, giving, marketing, and pyramid institutions.

He analyzed that the marketing agency is mainly used to find a target customer crowd; the gaming mechanism is to provide yellow, gambling, poisonous services, most of whom are fraud gangs; the increasing mechanism is mainly to accumulate user databases. Li De ‘s friends have encountered "violent increasing" situation.

His friend received a strange phone. The other party claimed that if he didn’t pay back, he sent him a friend and a friend family to an insulted SMS, and the nude photos of the public PS, even personally attack, at the time, his friend chose alarm, and finally. "Have you heard of nude loan? Some women borrow money with nude photos, if they don’t pay back, the net loan company will threaten their exposure of nude photos, but some people have not planned money.

"Li De said that these people have clear, even if they have money, nude photos or videos will flow out, so some of them are used to shut down or shut down." "Cannon" net loan appeared, but The return is actually difficult.

Li De said that some borrowers have a very low credit. They have no money, they will loans on the "gun" net loan platform, even sell their ID card.

In Lisnd’s view, the high-interest network loan platform is a "renewable" tool for some low credit, and the illegal gangs such as the company, the black society and the pyramidal enterprises are also "love" to call these people, expand their team. "I heard that some people have found the personal information of the enemies through the financial platform. After using the other ID number to imitate the ID card, we have done a lot of cards, and even the other party is screaming, and he is guilty. His enemies are not only on the Internet. The credit blacklist is also blocked at home. "Li De said.

Li De revealed that after the fraud gang got the data, he first filtered through the user’s age. Their favorite fraud object is college students. They believe that college students have not yet entered the society, their mind is simple, and it is easier to be cheated.

Second, college students regularly have the living expenses of parents, and the cash is relatively fixed.

Again, some college students have to find a job after graduation, and do not want to have a stain before entering the society. Mastering this soft rib, the fraud will inform each other, if you do not pay late payment on time, you will leave the case, affect employment, and college students are easy to say.

According to the data released by the Ministry of Public Security, as of the end of 2019, the criminal act of using citizen privacy data to implement fraud, the police filed a case, and the individual information 100 million, involving nearly 100 million yuan. Zhang Xihui, senior partner of Yingke Law Firm, said that the law has a clear penalty provision for the black industry chain of personal information.

As a financial platform, you should assume the protection and storage of users and consumer data.

If the data leaks threatens public safety and causes serious damage, the platform not only needs to assume civil liability, but also undertake criminal responsibility.

The supervision is enhanced in the past few years, and the personal information data incident at home and abroad has frequently issued.

According to media reports, in 2018, the suspect Liu Moumou used hackers to steal the hotel data of Huaha Group and sold out of the country. After they were arrested by the police; in 2019, Mo Mo’s AI change face software ZAO is involved in privacy Risk caused an uproar and ended by the Ministry of Industry and Information Technology.

In foreign countries, the 2016 Uber57 million driver and passenger data were leaked; in the same year, Yahoo has exposed 3 billion user login data to be stead, 2017 US credit faith institution Equifax user information disclosure involves hundreds of Americans … Some information recorded in detail, name, mobile phone The number, address, and even open a house record. Xue Jun, Vice President of Peking University School of Law, said that Article 11 of the Civil Law of the People’s Law stipulates that the personal information of natural persons is protected by law. Any organization and individual need to obtain personal information of others, and should obtain and ensure information security according to law. Do not illegally collect, use, processing, and transmit others personal information, and must not illegally buy or sell, provide or disclose individual personal information.

Yangdong, director of the National Development and Strategic Institute of Renmin University, Introduction, 2015, 2015 Criminal Law Amendment (Nine) revised the Chapter 243 of the Criminal Law, to the illegal collection, reselling, providing personal data Information and other behaviors set criminal punishment, my country’s combating theft, illegal acquisition of personal information is also vigorously promoted.

Yang Dong believes that, in fact, my country’s criminal punishment has been great, especially for internal personnel who have directly illegally stealing or obtain citizen information in an illegal manner, will sentence more than three years in prison, and punish gold, units, and units The person in charge will also be punished.

But Yang Dong said in the same time: "The criminal law is highly hit, although the strike has the greatest, but the criminal penalty case is not too much." He said, compared to profit, criminals are still lower, they It can even escape the responsibility outside the country. In foreign countries, the EU implemented a severe data protection regulation GDPR.

GDRP is a "General Data Protection Ordinance", which is a bill in which the EU legislature has made high-increasing information and privacy data leakage cases.

The Ordinance is clearly stipulated that the company needs to establish a data protection official DPO (similar to CEO and COO executives), responsible for personal privacy data protection. According to data from the "GDPR law enforcement case selection white paper" jointly prepared by ZTE and Data Falance, as of September 24, 2019, 22 European data regulators have made total billions of euros for total 87 cases. Administrative punishment decision.

Referring to personal data protection suggestions, Yang Dong further suggests that the first should strengthen the preceding, incident protection, strengthen internal control; second to improve personal self-protection; third to strengthen forward incentives.

Xue Jun believes that if you want to fundamentally resolve information leakage issues, you must rely on advanced technology, there may be personal privacy and information disclosure links, it is necessary to use technology to anonymously, these anonymous information can only be identified, and behavior People cannot identify and get it.

(The interviewee is required, Wang Yong, Li Gang, Li De is pseudonym) (Editor: Du Wei (intern), Wang Zhen).

About the author