Buying a ticket can cause a loss of 100,000 yuan. This is the black market you don’t know about.

Recently, Damai.com was attacked by a database collision, which resulted in the theft of users' personal information, indirectly leading to the fraud of 39 users in various places across the country, with losses amounting to 1.4742 million yuan, with the highest amount of fraud for a single person being nearly 100,000 yuan, which had a huge impact. Obviously, this is not an isolated case. There have been many domestic Internet websites that have been hacked due to network vulnerabilities, resulting in user data leaks, including Tianya Forum, NetEase 163 Mailbox, Sina Weibo, Renren, Alipay, etc.

Cybercrime has become the "public enemy of the Internet"

Not only domestic Internet companies are troubled, but international technology giants are also unable to defend themselves against hacker intrusions. On February 16, 2013, technology giants such as Apple, Facebook and Twitter publicly admitted that they were hacked. Twitter was hacked and leaked the information of 250,000 users. It was later confirmed that the user information was leaked because the hacker embedded the Trojan code in the HTML of a certain website and used the Java vulnerability to invade the computers of the employees of these companies. Coincidentally, on May 22, 2014, eBay required nearly 128 million active users to reset their passwords because it learned that hackers could obtain passwords, phone numbers, addresses and other personal data from the website.

What is even more surprising is the Apple Xcode security incident. On September 17, 2015, it was revealed that the unofficial download of Apple's development environment Xcode contained malicious code, which would automatically inject information theft and remote control functions into the compiled APP applications. It has been confirmed that WeChat, NetEase Cloud Music, AutoNavi Maps, Didi Chuxing, Railway 12306, and even some bank mobile applications were affected. More than 3,000 applications on the App Store were infected. This incident is more typical. Previously, Apple was praised as having the most secure system, but after being hacked, it also made people feel uneasy about the current network security environment.

In addition, even government websites are not immune. Some government websites are often hacked due to lack of awareness of prevention. Some hackers maliciously tamper with articles and pictures, and some directly shut down the website. If these are just some "pranks" by hackers, then the consequences of some public sector websites with a large amount of user information being attacked are even more serious. On December 25, 2014, the Wuyun vulnerability reporting platform reported that a large amount of 12306 user data was circulated on the Internet, including user accounts, plain text passwords, ID numbers, mobile phone numbers and email addresses. After these important information was obtained by hackers, they were sold, causing users to suffer information harassment, and even worse, it would threaten the security of some users' online bank accounts.

Why are cybercriminals so rampant?

Of course, the rampant cybercrime is naturally driven by huge profits. The reason why Internet websites are repeatedly hacked and user information is repeatedly stolen is inseparable from the huge black interest chain behind it. According to incomplete statistics from relevant agencies, there are currently more than 400,000 "practitioners" in China's cybercrime industry chain, and at least 1.6 million people are engaged in cyber fraud, with an "annual output value" of more than 110 billion yuan. This output value is equivalent to three times the annual profit of Internet giants such as Tencent in 2015.

At present, the so-called "website visitor marketing" is the most deeply felt by users. For example, nowadays, netizens often receive a call from the so-called financial platform soon after visiting a financial website or downloading a financial APP. This is because some criminals use loopholes in QQ and operating platforms to write codes, sell and implant them into some corporate websites. As long as a netizen visits the website, even if he does not register or log in to the QQ number or mobile phone number, the information will be stolen and transmitted to the server of the criminals. The criminals will then grab and sell it to the corporate website so that the website customer service can directly contact the website visitor. According to the introduction, if the visitor's QQ number is online, the theft success rate is close to 100%. If it is a mobile phone number, the theft success rate of China Mobile users is close to 80%, and China Unicom is also close to 10%. The relevant code is sold by rental, which costs 198 yuan a month, and the captured mobile phone number is charged separately, with a mobile phone number selling for 1 to 2 cents. There have been criminals who have made tens of thousands of yuan a day. This kind of black market activity under the banner of "website visitor marketing" has recently appeared frequently in major search engines. Some criminals, in the name of marketing, have implanted malicious code into websites included in the search engines to steal user privacy information and sell it, and other illegal and irregular activities, and the situation is getting worse and worse.

The most important thing is that although the cybercrime industry has become so rampant and poses a huge threat to the Internet security of netizens, it is very difficult to prevent and combat it. On the one hand, in the Internet age, users' private information is stored on a large number of websites, such as e-commerce websites, online banks, ticket booking websites, etc., which gives cyber hackers an opportunity to take advantage of. Once a website has a vulnerability, it will be targeted, resulting in information leakage. On the other hand, in the struggle with network security companies, network hackers have been looking for more technical paths to break through defenses, especially because of the huge profits, which have attracted many top technical talents to join, making defense more difficult, and also posing a challenge to the technical capabilities of network security companies.

How to eliminate cybercrime?

On the other hand, as the network security situation has become increasingly severe in recent years, Internet giants have also established independent network security departments or divisions, and increased their investment in network security technology. On the one hand, they have launched personal products to help ordinary netizens prevent virus intrusions and privacy leaks; on the other hand, they have also launched enterprise-level products to help other small and medium-sized websites prevent hacker intrusions and network attacks to ensure website security. However, even so, the rampant behavior of the black industry has not been completely eliminated, including the leakage of user information on Damai.com, and the recent hacker stealing Baidu promotion accounts to go online on gambling websites in the middle of the night, etc., which are all clear evidence that the black industry has become increasingly rampant recently. So, how should we eliminate the "black hands" of the online black industry? I think we can start from the following three aspects:

First of all, netizens must enhance their awareness of prevention. In addition to installing necessary anti-virus software, they need to be extra careful about the websites they visit and not easily fill in personal ID cards, bank cards, mobile phone numbers and other private information. They also need to enhance their awareness of prevention for unfamiliar phone calls. Whenever they encounter calls for money transfers, they must be carefully verified and authenticated. They must not easily believe unfamiliar text messages and do not easily click on the links in them. This is the first line of defense to ensure that their property is not lost.

Secondly, Internet giants should take the initiative to take responsibility for ensuring user access security, further improve their technical defense capabilities, change passive prevention into active attack, and minimize the risks that users may encounter. On the one hand, it is necessary to prevent and eliminate the information security risks on their own network platforms, especially some platforms with search ecology should be more vigilant, such as some application stores, and search platforms such as Baidu. Websites and applications that collect information or have security risks should even be detected and taken offline. For example, Baidu Security has seized and taken offline hundreds of thousands of sites through technical means. At the same time, it should also cooperate with the public security department, and most of the Internet giants currently have cooperation with the public security department. For example, Alibaba's security department has jointly cracked down on more than a thousand cybercrime suspects with the police, and Tencent has jointly established a telecommunications fraud alliance with the Guangdong Provincial Public Security Department, Shenzhen Public Security Bureau's anti-information fraud consultation hotline and other departments; Baidu relies on its technical advantages to cooperate with the public security department. For example, in terms of monitoring and positioning of fake base stations, Baidu's security department has played a huge role, which is of great help in actively cracking down on cybercrime, and it is also equivalent to building a line of defense for user network security.

Finally, the government needs to coordinate with relevant departments at a higher level to carry out a continuous and concentrated crackdown on cybersecurity crimes. For example, the legislation progress on cybercrime should be accelerated, and the cybercrime organizations and individuals investigated should be severely punished to ensure that cybercrime dare not break the law. Another example is to establish an anti-black industry alliance with major domestic Internet security companies to jointly combat cybercrime, and to carry out a continuous and concentrated crackdown on cybersecurity crimes; another example is to strengthen the technical construction of cybersecurity in the public security department, increase the detection rate of cybersecurity crime cases, and achieve the purpose of deterring cybercriminals, etc. All of these need to be led and promoted by government departments, and then completed under the actions of cybersecurity companies or organizations.

In general, with the rampant cybercrime, both ordinary netizens and Internet platforms have suffered greatly. Netizens have been repeatedly defrauded due to information leaks, and Internet platforms have been paralyzed and information leaked under hacker attacks, triggering public crises. Therefore, netizens, all Internet platforms, and government departments should be consistent in their stance and attitude towards combating cybercrime.