The only professional website in the field of human rights in China
ENGLISH traditional Chinese character Mobile version
Network Report Zone

Internet Report Center Complaint Reporting Process

home page Overview of the seminar Research meeting trends international exchange academic forum base Human rights documents publication Film and television knowledge Chronicle of Events special Focus News
home page > China's Human Rights Story > Special story > Rule of law construction guarantees human rights

Xu Dan: "Fighting" with High IQ Crimes to Hunt "Privacy Thieves"

2019-09-18 14:38:03 Source: Beijing Daily Author: Gao Jian
Font size: default large Oversized | Print |

"We are trained in English..."

"I am a car dealer..."

I believe everyone has had similar experience - just after searching for relevant information on the Internet, the sales call came.

"Who sold my phone number so quickly and accurately?" Many people are not only troubled by this question, but also fear that more information has been leaked.

Can no one stop this rampant privacy theft?

Someone!

Xu Dan is such a person. He is the prosecutor of the Second Procuratorial Department of the Haidian Procuratorate of Beijing and the head of the team that investigates scientific and technological crimes. Criminals who use scientific and technological means to infringe on citizens' personal information are one of his "opponents".

When this "opponent" was the most powerful, it was 2017. That year, the "two high" also issued relevant judicial interpretations to intensify the fight. Also in this year, Xu Dan competed with a group spread across 13 provinces and autonomous regions of the country.

"No one could have imagined such a serious case at that time." Xu Dan recalled that it was originally a "Haidian netizen" who reported to the public security organ that there was a "phishing website" capturing the information of visitors. Because high-tech crimes are involved, the public security organ invites the procuratorate to intervene in advance and jointly carry out investigation.

Prosecutors and police jointly conduct traceability research on the website, which cannot be checked. It turns out that this website is only the lowest link in the whole criminal process: the website is just embedded with code, which can capture the mobile phone information of users browsing. Larger databases are still elsewhere

Where is the database? How many floors are there?

Why can websites capture the mobile phone information of visitors?

Who wrote the code?

If you just grab a mobile phone number, does it count as personal information of citizens?

  ……

One problem after another puzzles Xu Dan. If you can't clarify your thoughts, this case will become confused.

First, we need to solve the most fundamental problem - the nature of mobile phone numbers. Can a mobile phone number be identified as personal information? This is also the basis for the conviction of this case.

Xu Dan asked the drafter of the judicial explanation about the original intention of the legislation, and discussed the characteristics of mobile phone numbers with university professors... After some thinking and verification, Xu Dan concluded that it is easier to deduce specific individuals from mobile phone numbers in combination with the network trajectory, and the law exists to protect the security of citizens' information - this case can be handled!

This characterization not only defines the direction for case investigation, but also sets the standard for similar crime investigation in the future.

Because the case is serious, it is also listed as a case supervised by the Supreme People's Procuratorate and the Ministry of Public Security.

After technical investigation, one question after another has been solved.

First of all, criminals illegally obtained the user's mobile phone number by taking advantage of the operator's vulnerability; Then, we developed a visitor mobile number recording tool, namely code; After the code is resold, it is implanted into various websites; Finally, the user's mobile phone number and other information were resold crazily.

"The mobile phone number is like a person; the code written by a hacker is like a monitor; the websites visited are like various places. The monitor can completely record where the person has been. After the monitor is resold, more people will know the online whereabouts of the mobile phone holder." Xu Dan used a metaphor to more vividly illustrate the entire criminal process.

After online tracking, this group is distributed in 13 provinces and autonomous regions across the country, relying entirely on network connections, and has naturally formed a "pyramid" distribution structure: the first level is the code writer, who holds the code technology and the largest database; The second level is the code salesman, who sells the code from the first level down to the next level to earn a price difference. The first level sells them a few cents to 30 cents for information, and they sell it at a price of more than 40 cents, and can sell it for up to 80 cents for information; The third level is all kinds of website operators. They have a strong demand for user information. After purchasing the code, they implant it into the company's web page. When users click the web page, they can see the user's mobile phone number, mobile phone model, search keywords and other information on the background account, and then hire customer service for telemarketing.

After clarifying the whole chain of the case, we will arrest people according to the network clues. With the unified deployment of the Ministry of Public Security, this loose group all over the country was wiped out within three days.

As a first class "mysterious person", the veil has also been lifted: Liang, from Anhui, has only junior high school culture and no job.

The prosecution has prosecuted 42 people for the crime of infringing citizens' personal information, involving more than 1.2 million pieces of citizens' personal information. In the end, all the public prosecution opinions were supported by the court's judgment, and Liang was sentenced to four and a half years.

Some time after the case was settled, the crime of infringing on citizens' personal information and the secondary crime of telecommunications fraud fell into a low tide. However, the crime of violating citizens' personal information is still making a comeback. Sometimes, even the unit has organized and planned crime.

A big data company in Haidian District specializes in providing customer portrait services for auto dealers. In order to find potential customer groups, this company also used its head to twist. Steal customer information of a well-known travel platform.

The travel platform gave an alarm when it found any abnormality, but the big data company deleted all the electronic data in advance due to the information from the server hosting provider.

For Xu Dan, this case is a natural "lame case" - there is no evidence.

Breaking through the confession is almost the only way. But who will take the initiative to explain after destroying the evidence?

Xu Dan had in-depth exchanges with the technical personnel of the affected company, and understood the modus operandi.

It turned out that big data companies used the token (meaning token in computer identity authentication) vulnerability to extract information about real customers on the platform by forging customers.

Xu Dan made another analogy: for example, when real user A travels on the platform, its relevant records will be kept on the platform. Generally, only the user himself can query his travel records and other information; Big data companies created a virtual A, and then transferred A's travel information from the platform information database.

With such high-tech means, Xu Dan first thought of the programmers of big data companies. Without their technical support, the company could not achieve information theft.

According to this idea, Xu Dan found the company's chief programmer.

At the beginning, programmers wanted to make it difficult for Xu Dan to use all kinds of professional terms, but it never occurred to them that Xu Dan had already figured out the means of crime and firmly remembered the relevant professional terms. After a round of confrontation, the programmer declared defeat and disclosed the true case.

Soon, like dominoes, one senior company after another admitted to agreeing or participating in the crime, but they all proposed that the purpose of the crime was not to sell information for profit, but to enrich big data and better serve enterprises.

Xu Dan did not "catch the case to death", but sent seven directly responsible persons and responsible persons to the defendant seat, and applied the leniency system of pleading guilty. In the end, the seven defendants were duly punished, and the big data company involved in the case got back on track and continued to operate.

After 15 years of work, Xu Dan has cultivated a keen sense of evidence through thousands of cases, which is also his capital to fight against high IQ crimes. Perhaps, high-tech crime will become more and more "smart", but crime will leave traces, traces are weaknesses, seize weaknesses, you can win in one blow.

Print |
Back to top

New Media Matrix

National Human Rights Education and Training Base

Friendly Links

About this website | Copyright Notice | contact us

Internet news information service license: 10120180016 Jing ICP Bei 13021801-8 Jinggong Network Anbei No. 11010102003980