WeChat hidden collection verification code service, used as APP false registration, fraud)

“WeChat has an old account of 400 yuan, exploring female accounts of 170 yuan and male accounts of 200 yuan.” Social account seller “He Sheng,” said.

The reporter’s investigation found that in the account buying and selling black production chain, the “He Sheng” that exists as a seller is only a liquidation end. Located on the upper reaches of the black industry, the code-collecting platform hidden in the WeChat public account was exposed. The so-called code-receiving platform, that is, the platform that receives the verification code just does not use its own mobile phone card. A large number of “registration cards” are on the counter of Chen Miao (pseudonym). “Can’t make a call, but can receive text messages.”

Card dealers like Chen Miao are called “card dealers” in the industry. According to a person close to the black industry, black people only need to obtain the mobile phone number and verification code through the card dealer and the code receiving platform, and then use the automated program tool to complete the entire registration process. At present, many code-receiving platforms have “resident” WeChat public accounts, through which they can register multiple APP accounts in a short time. The downstream of the access platform includes a variety of black and gray products such as “scrape wool” and telecommunications fraud. The former has caused many large enterprises to suffer heavy losses; the latter is often found in love gambling scams such as the online killing pigs.

Buying and selling WeChat, Detective, and Marriage.net accounts, heirs love staring at “Marriage Fans”

“(Sell) various dating networks, blind dates, and social accounts.” In an account transaction QQ group, a user nicknamed “He Sheng Account Sales Center” (hereinafter “He Sheng”) posted an advertisement.

He Sheng said in the advertisement that the accounts of several social platforms such as Century Jiayuan, Zhenai.com, Douyin, and Kuaishou are available. As a stranger’s social giant, Momo and WeChat accounts are also in his “business scope.” Inside.

“Wechat Circle (ie Friends Circle) is 400 yuan old, explores female accounts 170 yuan, male accounts 200 yuan, can be customized.” According to He Sheng, the so-called “customization” is that customers can specify pictures, they are responsible for making Data and responses match.

Another seller, nicknamed Bingguo, said, “Zhenai.com has a new account of 300 yuan and 550 yuan for members; an old account of 550 yuan and 850 yuan for members. Century Jiayuan brings members 150 yuan.”

Beijing News reporters recently joined multiple black industry exchange groups and found that advertisements related to account trading are still almost screen-washing. In addition to QQ, there is a lot of such information on Freefish. The reporter saw a large number of product display boxes related to the trading of accounts such as Century Jiayuan on Xianyu.

What do you do when buying or selling these accounts? “Kill the pig.” The simple word is the answer given by Li Feng (pseudonym), the seller of the dating website account.

Often, the victims met near-perfect marriage partners through social networking sites, participated in online gambling under the guise of “lovers”, and eventually all their savings and loans disappeared with “lovers” after being recharged into their gaming accounts. In the eyes of criminals, the victims are nothing more than “pigs” raised in so-called “love”, and they will “kill” after being fattened. This scam was given a very vivid and cruel name-“killing the pig”.

Some black people bluntly said that the fans absorbed through the social network account of marriage and love, the jargon in the circle is “marriage and love”. Because of the high viscosity of marriage and love, strong liquidity, it is “popular” in black labor. To put it bluntly, fraud is easier.

“Do you think I’m like a fool? I myself think I’m stupid.” Victim Zhang Ying (pseudonym) met a netizen who claimed to be “Wang Junkai” on the dating website last August. In addition to the “Wang Junkai” ‘s face value and warmth to Zhang Ying every day, Zhang Ying quickly fell in love and was eventually deceived 180,000. According to Zhang Ying’s description, the other party has always avoided video with her, she suspects that the photo was originally fake.

Li Feng revealed that the industry chain has developed modularly. “A batch of people registered accounts in batches called registrars; a sales account was a group of people, that is, vendors; and a group of people who performed real-name authentication on accounts, was called certifiers.”

Li Feng is one of the sellers. Each number spends 80 yuan to pick up the goods from the previous home and then sells for 100 yuan. Li Feng can buy and sell each number for a profit of 20 yuan. “I sell naked numbers, that is, unauthenticated accounts.” Li Feng introduced that he can earn hundreds of yuan a day just after entering this trip.

WeChat hidden verification code service, one verification code is about one yuan

The registrar mentioned by Li Feng also has a name-“Number-making Party.” On the “number-making party”, there are multiple interest chains such as code-connecting platforms and card merchants.

For most people, the code platform is a relatively new word. In literal terms, it can be simply interpreted as a “platform for receiving verification codes.” In the eyes of black industry practitioners, the code receiving platform is considered to be “the entry weapon for black and gray products.” Marines and other black and gray products.

The Beijing News reporter’s investigation found that many code-connected platforms have “residents” WeChat public accounts.

“Our shop owner text message plus voice code.” The reporter got in touch with “Ocean” through a public account called “Code Card Receiver’s Verification Code to Receive SMS Service and Voice”. “(Each verification code received) explores 1.2 yuan, soul1 yuan, Momo 1.5 yuan, WeChat 4 yuan.” “Ocean,” said.

“Ocean” introduced the specific operation process. After payment, he provided a mobile phone number. The reporter imported the mobile phone number into each major app and clicked the “Send Verification Code”. Through the verification code sent by “Ocean”, the reporter can register successfully after trying to enter simple information on platforms such as exploration. The entire process usually takes less than one minute.

During the communication, “Ocean” was very careful. In order to avoid WeChat supervision, he did not mention the word “verification code” in the chat. When the reporter asked him for a verification code, he asked, “Don’t say those three words, you can use other words instead.”

The crackdown on black code verification by public security departments is increasing. Among the 9 typical cases of cracking down on network chaos announced by the Ministry of Public Security in 2018, there was the first crime mode in the country to obtain phone “black cards” and verification codes in batches through an operator’s server.

According to media reports, the network black and gray production gang colluded with operators in many provinces such as Guangxi, Guizhou, and Sichuan to “inner ghost” and use the “empty card” that has not been activated in the market to build a platform to connect to the operator’s server to register accounts Send and receive verification codes. The company uploaded the “empty mobile phone number + verification code SMS” to the receiving platform, and sold it to dozens of “black card” card gangs for these groups to register for Internet platform accounts such as WeChat, and then implemented brushing, fraud, Release of illegal gambling information, online recruitment and other illegal criminal acts.

In July this year, the Cyber ​​Police Corps of the Guangdong Provincial Public Security Department detected the first case of a nationwide blackmail case against a pre-installed mobile phone backdoor to obtain a verification code to register an online account. After investigation, a certain Shenzhen Technology Co., Ltd. provided terminal system solutions for many non-branded mobile phone manufacturers and implanted a Trojan horse hacking program at the bottom of the mobile phone operating system. As long as the user bought a mobile phone and inserted a phonecard, his mobile phone was unknowingly The number is controlled by a hacker program. In addition, the company also built multiple platforms for receiving mobile phone verification codes, combined with the Trojan horse hacking program embedded in the bottom layer of the mobile phone operating system in advance, and used the received mobile phone numbers and SMS verification codes to provide various online account registrations for downstream gangs. For service, the service fee for each connection is RMB 0.4 to RMB 2.5. According to the technical analysis of the Tencent Guardian Program security team, after the SMS verification code is returned, the related SMS is deleted and blocked in the background, resulting in that the mobile phone user cannot find that his number has been used by another person to register a network account.

A registration card is about 10 yuan, which is mostly used for telecommunications fraud and fleece

According to the “Internet Account Malicious Registration for the Black Industry Industry Governance Report” issued by Tencent, car dealers are the source of the malicious registration industry chain. “Card dealers are registered card dealers,” a person close to the black family told the Beijing News reporter.

According to a survey by reporters, due to a large number of mobile phone cards required, registration cards that turn off the voice function by default and ultra-low fees are favored by these black industry practitioners. “They use the cat pool for group control, which can realize the operation of multiple mobile phone cards at the same time.” Said those close to the black labor. Cat pool is an electronic device, and you can insert multiple mobile phone black cards on it. The mobile phone card can be used to receive verification codes through Cat Pool, and a large number of virtual accounts can also be stored.

Generally speaking, card merchants work directly with the code receiving platform and automatically send verification codes to the code receiving platform through Cat Pool. The code receiving platform pays “card merchants” for remuneration. Card dealers are basically able to “go home without leaving home and earn over 10,000 yuan a month.”

Under the ground of a second-hand mobile phone trading market in Beijing, a stack of white cards are cluttered in a glass counter in front of Chen Miao (pseudonym). “The registration card is 12 yuan each. If the quantity is large, the price will be negotiated.”

The Beijing News reporter saw at the booth of Chen Miao that the card was no different from a daily-used mobile phone card except that the card was all white. “This is the registration card. You can’t make a phone call, but you can receive text messages.” After looking up at the unannounced reporter, Chen Miao pointed at the white card and said, “It can be used to register an account. If you have an account, you can do it. I can send you a courier if you want. ”

However, Chen Miao would not disclose how the registration cards came from. A black industry researcher Jane (pseudonym) told the Beijing News reporter that a considerable part of these cards is IoT cards, and there are virtual number cards.

“IoT cards are sold and activated through agents, not operators.” Li Tong (a pseudonym), a mobile phone shop owner in Tianjin, told the Beijing News reporter. According to Li Tong, “Generally speaking, these IoT cards are strictly forbidden to be used on mobile phones, but they are currently packaged as mobile phone traffic cards and flow to the market.”

The reporter visited two second-hand mobile phone stores in Beijing and found that there were sellers of registered cards at prices of around ten yuan. In multiple QQ groups and WeChat groups, reporters also found advertisements issued by registered card sellers.

“Internet Account Malicious Registration of Black Industry Management Report” states that malicious registration is the upstream source of downstream cybercrime.

With malicious registration as the core, there are number providers that provide mobile phone card numbers upstream. They include IoT cards, non-real-name numbers issued by individual virtual operators, non-real-name numbers co-produced by hackers and individual operator staff, Other non-real-name white and fake real-name numbers are provided to downstream for registration information; provide a code platform for SMS verification code or voice verification code, provide a coding platform for images and slider verification code, provide citizen personal information and business registration Information “suppliers”, these people provide resources for registration information and identity binding information, respectively, to provide registered actors for registration. After the registration is completed, the No. Chamber of Commerce will raise the number to increase the price of the number and prevent it from being banned by security measures and finally provide it to the downstream for a variety of downstream black and gray industries.

The black and gray industry downstream is first used in crime scenarios such as fraud. For example, as mentioned above, these accounts are not registered as real identities. In addition, malicious accounts may also be used by black people to fleece, brush powder, brush volume, and scramble letters, and other false traffic behaviors, advertising marketing, and other illegal or gray behaviors.

Cao Lei, director of the e-commerce research center, previously said in an interview with the media that the domestic “wool party” has formed a highly organized black and gray production organization. Internet companies, from BAT to start-ups, may face huge threats from the “Wool Party” as long as they hold market events.

Experts: need to further clarify the subject of regulatory responsibility

On November 19, the Supreme People’s Court released the “Special Report on Judicial Big Data: Characteristics and Trends of Cybercrime”, showing that from 2016 to 2018, the virtual criminal tools used by defendants in cyber fraud cases were WeChat, QQ, Alipay, etc., accounting for The ratios were 42.21%, 35.23%, and 15.28%. The proportion of fraud cases using WeChat in all online fraud cases has increased rapidly year by year. The popularity of WeChat has made it a more frequent tool for cyber fraud criminals in 2018.

The report also pointed out that the defendants used the impersonation of others to deceive the victims in the online fraud cases, accounting for 31.52%.

Strengthening supervision on the platform is considered to be one of the important ways to cut off the black industry interest chain. “Weak supervision is a problem on many platforms, which allows them (black industry practitioners) to directly publish advertisements and contact customers. Strengthening information review by setting keywords and other methods may be a breakthrough to improve this problem.” A black labor researcher said.

A lawyer told the Beijing News reporter that “the absence of platform supervision leaves room for criminals. Strict implementation of the real-name system is conducive to reducing information leakage.”

Many experts said that the most effective way to combat such black production is to directly kill malicious registration tool providers upstream of their industry chain.

As early as September 2016, the Ministry of Industry and Information Technology, the China Banking Regulatory Commission, and the Ministry of Public Security jointly issued the “Notice on Preventing and Combating Telecom Network Fraud Crimes”, which set a clear timetable for the implementation of the real-name system for telephones, and gave the telecommunications operators the card opening Quantitative restrictions. According to media reports, Shen Yong, who participated in the investigation of the case of the love code, the largest verification code platform at the time, believes that this will fundamentally curb the development of such platforms (that is, code access platforms).

According to reports, large-scale card vendors often hold millions of mobile phone SIM cards, and through the verification code platform, they can provide tens of thousands of website items to receive verification code services. “At that time, we found that there were about tens of thousands of service items provided by the Aima platform, and the prices ranged from one cent to one. The historical transaction amount involved in the case between the six months was about tens of millions.” Shen Yong said.

In recent years, regulation has been increasing the crackdown on source card vendors. In March last year, Huangpu Police smashed three “card dealers” dens in Dongqu Street, Luogang Street, and Changzhou Street, arrested five suspects, and seized more than 30 computers for the crime, more than 100 sets of cat pools, and mobile phone cards. More than 40,000 sheets and so on. According to the confession of the suspect, a large number of unknown mobile phone cards mainly come from mobile phone cards purchased in the name of enterprises or units, commonly known as “corporate cards”. These mobile phone cards are registered under different company names, and most of them only have the function of answering incoming calls and sending and receiving information. Suspects take advantage of the “corporate card” without personal real-name registration to provide services to various “customers” (mostly criminals who implement telecommunications fraud) who need to circumvent the real-name system.

Internet blackouts continue to spread. Ma Sanjun, vice chairman and secretary-general of the Hebei Electronic Commerce Law Research Association and associate professor at Hebei Engineering University, believes that there is an urgent need for strong supervision of relevant electronic commerce operating platforms. “This requires further clarification of the subject of regulatory responsibility. The” E-Commerce Law “, which came into effect on January 1, this year, does not specify specific regulatory departments and divisions of responsibilities. It is only a general rule and lacks operability in practice. Relevant departments need to introduce relevant supporting regulations or rules for further improvement in a timely manner. In addition, the difficulty of obtaining evidence for online transactions also poses new challenges to supervision. In this regard, more efforts need to be made to strengthen industry self-discipline and innovative supervision methods. “

Leave a Reply

Your email address will not be published. Required fields are marked *