The means of committing cyber crimes are constantly innovating. How to hold the "seven inches"
With the popularization and application of Internet of Things, big data, cloud computing and other new generation network technologies, illegal activities have become unprecedented concealment and transnational, and the problems faced by China are also challenges faced by the whole world.
To prevent and crack down on increasingly complex cyber crimes, it is necessary to constantly improve cyber legislation and provide new normative support and more effective institutional support in the process of dealing with cyber crimes; It is necessary to achieve comprehensive coordination and linkage integration in a larger scope; It is necessary to further promote the basic information construction, make full use of big data technology and information technology to improve the intelligent level of prevention and control, and build a national network security center.
At the international level, it is necessary to emphasize the export of China Rules and China’s experience, and actively promote the new convention system of cybercrime under the framework of the United Nations, so as to enhance China’s right to international discourse and normative participation in the field of new cybercrime governance.
□ Our reporter Du Xiao
In recent years, cyber crime has attracted more and more attention. At the Central Political and Legal Work Conference held in January this year, Meng Jianzhu, member of the Political Bureau of the Communist Party of China (CPC) Central Committee and secretary of the Central Political and Legal Committee, pointed out that at present, China’s cyber crimes have accounted for one-third of the total crimes, and the growth rate is over 30% every year.
At the recently held 5th China Internet Security Conference (ISC2017) with the theme of "Everything changes into people is the measure of security", industry insiders and relevant experts made a detailed analysis of the current factors affecting network security and the characteristics of cyber crimes, and put forward a series of countermeasures.
Disclosure of security vulnerabilities should comply with the law.
In the first half of this year, the ransomware WannaCry spread all over the world. The reason why this happens is precisely because WannaCry exploited the vulnerability of Microsoft operating system.
At the ISC2017 Cyber Security Rule of Law Forum, Huang Daoli, director and associate researcher of the Cyber Security Law Research Center of the Third Institute of the Ministry of Public Security, introduced the situation related to security vulnerabilities.
"From some related incidents at home and abroad, it can be seen that security vulnerabilities have become the core elements that cause system insecurity. There are many problems surrounding security vulnerabilities, including their generation. We believe that the disclosure of security vulnerabilities has become the central link of network security risk control. " Huang Daoli said.
Security vulnerabilities focus on how to disclose them. Huang Daoli introduced several cases:
Last year, WOOYUI (a safety feedback platform between manufacturers and security researchers) "White Hat" disclosed a loophole in a dating website, which triggered a criminal case.
The WannaCry incident that has attracted much attention.
A large website issued a public statement to a "white hat" who publicly disclosed the details of security vulnerabilities without authorization.
"A security breach is an unintentional defect. There is no definition of security vulnerability in domestic and foreign laws. Now Article 25 of China’s Cyber Security Law continues to identify the internal vulnerability risk attribute of security vulnerability, and identifies security vulnerability as one of the security risks. However, security vulnerabilities are only considered as a kind of risk, and vulnerability information also belongs to network security information. Article 26 of the Cyber Security Law ranks vulnerable network information in the first place. " Huang Daoli said.
According to Huang Daoli, there are several ways to deal with security vulnerabilities after they are discovered: no disclosure, confidentiality after discovery, no report, no report to manufacturers, and no disclosure to the public; Security disclosure, where the vulnerability discoverer discloses the security vulnerability to an unspecified public; Responsible disclosure, security vulnerabilities are reported to the manufacturer, and after the solution is complete, the manufacturer will announce the vulnerabilities and send them to users; Collaborative disclosure, stakeholders share vulnerability information and work together.
"The above situations have always existed." Huang Daoli said that the traditional disclosure of security vulnerabilities is based on responsible disclosure. The next stage is the modern vulnerability disclosure policy with collaborative disclosure as the trend.
"We have a basic point of view. Based on the dual nature of security vulnerabilities, on the one hand, it is harmful, because the rapid spread of the Internet is magnified, and illegal disclosure to users will affect public safety and even national security; On the other hand, we can control network security risks through the use of security vulnerabilities and provide important technical support for law enforcement activities. " Huang Daoli said that the discovery, disclosure and repair of security vulnerabilities are the basic work of network security. All stakeholders around security vulnerabilities should shoulder their due legal responsibilities, including social responsibilities, and jointly promote the orderly and legal development of the Internet.
The investigation of online financial crimes is very knowledgeable.
Campus loan and training loan … … In recent years, network financial crime has become the most common form of network crime, and its harm is also relatively great.
At the ISC2017 Cyber Crime Investigation and Talent Training Forum, Sun Xiaodong, director and associate professor of the Cyber Crime Investigation Teaching and Research Section of China Criminal Police College, legal adviser of Liaoning Provincial Government and special instructor of Dalian Public Security Bureau, introduced the situation of cracking down on cyber financial crimes.
"The online financial crime we are talking about today is a broad concept, that is, in the network environment, the forms of crime derived from various channels such as online investment and financial management, trading, settlement and payment; It is not a kind of crime or a crime stipulated in the criminal law, but a kind of common and popular overall crime form among law enforcement agencies. " Sun Xiaodong said that no matter what the form of online financial crimes is, in nature, it is nothing more than pyramid schemes, fraud, illegal fund-raising and illegal business operations.
According to Sun Xiaodong, there are generally two lines to crack down on online financial crimes, data and funds. "The so-called data includes criminal suspects pushing the information involved to unspecified victims by telephone, text messages, social software, websites, etc. After the victims are fooled, the criminal suspects obtain benefits through third-party transfer and virtual transactions. For example, in terms of information, we will pay attention to IP addresses and virtual identities. The channel of capital benefits depends on the information related to bank accounts, including third-party payment information and transaction details. "
"In terms of investigation, inquiry is the first step, and successful inquiry often becomes a prerequisite for determining the success of a case. Why is it very important to ask about network-related cases? Because the victim of this kind of case is willing to cooperate with you subjectively, but his subjective description may be lacking or even ambiguous because they don’t understand the network knowledge and the details of the case. This requires our case handlers to fully understand the grasp of the case and grasp the key points to make a breakthrough. " Sun Xiaodong said.
Compared with traditional cases, the information related to Internet cases is often more complicated.
"Internet cases are rarely single cases, and they are all multiple cases. As long as the information is sent, it is very important to find the source of the information and the first person involved by tracing back to the source. In addition, it is the website of the company. Many victims, including our grassroots case handlers, sometimes misunderstand in the process of understanding the relevant information. The victim said that he would make an investment in a certain website. In fact, this website is only the carrier of propaganda information, and the real trading platform is on an independent server. Because the victim doesn’t understand it and can’t describe it accurately, we need to do a lot of work at this time. We need to inquire about the company’s website, introduce the platform trading model through the website, and then find the key information or evidence a little bit. " Sun Xiaodong said.
Once the investigation is carried out, it mainly starts from four aspects: website, funds, personnel and transactions.
According to Sun Xiaodong, in terms of personnel, it generally includes telephone operators, customer service, network management and platform administrators. "General platform administrator, with transaction data management authority, is the technical core of the gang, sometimes called trader. Besides the simplest operators and platform administrators, how can keyboard players and platform administrators be found? In fact, different cases have different forms of expression, and we have different ideas when investigating. "
Sun Xiaodong believes that the details of transactions and funds may prompt the nature of the case in some cases, and some interesting phenomena may be found after reading more cases. "When we investigated the fund accounts involved, we found that different cases showed different characteristics. For example, a stakeholder-type financial investment case may publicize P2P to the outside world, but you may find that investors’ funds have not flowed out in its preset way after pouring into this platform, but have formed a large pool of funds, which may be a case of illegally absorbing public deposits. If returned in a certain proportion, it may be suspected of pyramid schemes. Therefore, funds can sometimes help us analyze certain cases. "
"Under the guidance of investigation thinking, we should rationally choose investigation techniques and strengthen the awareness of evidence. Investigation itself belongs to an empirical discipline rather than a classic discipline, and investigators should constantly sum up experiences and lessons and analyze their own shortcomings in their work. At the same time, the development of the network is changing with each passing day. As investigators, we should constantly learn and update our business capabilities. " Sun Xiaodong said.
Playing digital games on spot trading platform
In online financial crimes, spot trading platform cases are more prominent.
At the ISC2017 Cybercrime Investigation and Talent Training Forum, Wu Yubao, vice president of the School of Information Technology of Nanjing Forest Police College with rich practical experience, introduced the investigation of such cases.
"For this kind of case, we met a lot in the past ten years. Many people may receive such a phone call asking if they are interested in investing in oil, silver, garlic, ginger, Chinese medicine and so on. Some people will say that the stock market is not good, the price is always falling and they can’t make money. Investing in their platform can make two-way transactions, and the price of goods can make money, and the price of goods can also make money. Of course, many people may hang up the phone, but some people have fallen into the trap, causing huge economic losses to the family. " Wu Yubao said.
According to Wu Yubao, once customers participate in this platform, they will open corresponding virtual accounts on the platform, which corresponds to each customer. After the account is opened, participants in these platform transactions will transfer the funds in personal accounts, such as bank accounts, online banking or third-party payment accounts, to the platform, which is called deposit operation. Personal funds are transferred to the fund pool established by the platform sponsor through the deposit operation. After the deposit, the platform and the fund pool are linked, and the platform will display the figures equivalent to the funds in the customer account. What the victim sees is not his own money, but a number. In fact, the victim’s money has been out of his control and transferred to the fund pool, and the controller of this fund pool is the platform sponsor. Every time you deposit money, the total amount of funds will change.
"After all customers have completed the deposit, the platform sponsor will organize a so-called investment instructor to tell everyone that today’s market is very good and can be invested. Then, customers will buy and sell during the operation, and there will be handling fees and storage fees. If you hold a list, you will still charge storage fees, extension fees, etc. overnight if you don’t open your position today. The money is taken away by the platform. If the customer fails to invest, for example, it is predicted that the price of gold will rise tomorrow, but as a result, the price of gold will fall tomorrow, and the customer will have some losses. All these will lead to a little deduction of the trading platform customers’ funds, and what customers see is that their own money will gradually decrease. If the customer thinks that the investment failed and lost money, and there is some money left in the account, and wants to get the money back quickly, he can make a gold move, but he can only get the remaining small amount displayed on the platform. Who has the balance of the fund pool? It is in the hands of the platform sponsor. " Wu Yubao said.
There are several key problems in similar cases. First, is there any physical delivery?
"I haven’t seen a platform that can provide physical delivery in handling cases. This is a typical violation. I just play digital games with everyone on the platform and there is almost no physical delivery." Wu Yubao said.
Have the funds in the fund pool entered the market activities?
"All the victims’ funds are in the fund pool ‘ Sleep ’ , funds are not really involved in market activities. For example, helping people buy lottery tickets on their behalf, this person has not really entered the lottery market after receiving your money, but put the money into his pocket, just telling you that you have not won the prize. " Wu Yubao said.
The other is the organizational form of the transaction.
"The transaction organization form is actually a centralized transaction in the platform, and it is not scattered. For example, a subject matter, 500 kg of ginger or 2 tons of Chinese herbal medicines is a decentralized transaction in reality, and this platform is generally a centralized quotation method. So what is the transaction method? There are generally two kinds of platforms, one is matchmaking and the other is market maker. The understanding of matching transactions and market makers is very helpful for us to investigate cases. We must have a deep understanding of the platform trading mode and operation mode, otherwise there will be great resistance in the investigation process. " Wu Yubao analyzed.
Wu Yubao also believes that in the process of handling such cases, there are several issues that need attention: with the illegal sale of citizen information, all spot trading platforms will call specific people; In the process of handling, sometimes a gang will be caught by tracing the source. This gang is only one group in the platform, and it is a group crime; There is a phenomenon of "black eating black". Once, a platform reported that the money in the cash pool was transferred away. In fact, it was a "hacker" who attacked the trading platform and put the funds in the cash pool into his account. This is a phenomenon of "black eating black".
Improve the governance mechanism system of cyber crime
Cybercrime is becoming more and more complex, which challenges the current model of combating governance.
Jin Bo, assistant to the director of the Third Research Institute of the Ministry of Public Security and chief scientist, believes that cyber crime has new characteristics compared with traditional crimes, such as the intelligence of the subject of cyber crime, high level of specialization of personnel, hidden behavior without leaving traces, and diverse means of committing crimes. Communication can form transnational cyber crimes across regions, and the cost of cyber crimes is very low, and the consequences are difficult to control and predict. At the same time, cyber crime technology develops with the development of Internet technology and is constantly innovating. These factors lead to the complexity of cyber crime, which brings great difficulties to the investigation and evidence collection of public security organs. In addition, with the full penetration of network society and real society, traditional criminal activities are becoming more and more networked, especially violent terror and organized crime, and their planning, organization, contact and incitement are all carried out online.
At the ISC2017 Cyber Security Rule of Law Forum, the Report on Global Cyber Security Situation and Countermeasures from the Legal Perspective issued by 360 Company holds that with the development and popularization of information technology, especially the development of Internet technology, a borderless cyberspace has gradually formed around the world, and every country is a member of this space, facing common risks and challenges, and most of the actual cyber security incidents have transnational characteristics. Therefore, the international community needs to think about how to strengthen the protection of network security around the world, and more need to determine the rules of behavior in cyberspace, so as to better prevent all kinds of network attacks.
"At present, the hottest topic in the field of cyber security governance is cyber crime governance." Wu Shen Kuo, associate professor of Beijing Normal University and secretary-general of internet society of china Research Center, said at ISC2017 Sub-forum on Cybersecurity and Rule of Law that especially with the popularization and application of new generation network technologies such as Internet of Things, big data and cloud computing, illegal acts have become unprecedented concealment and transnational, and the problems faced by China are also challenges faced by the whole world.
Wu Shen Kuo introduced the relevant measures of the international community. For example, within the scope of the European Union, Europol established EC3 organization, and the Lisbon condition in EU legislation determined that the field of computer crime had direct legislative authority, which provided ideas for the harmonization of regional legislation.
"We need to break through the old cognitive thinking and practical mode of crime governance. In this process, it is necessary to put criminal means under the overall planning to realize the governance of crime source, and we should have a new concept of comprehensive governance. Efforts should also be made to speed up the improvement of network legislation and provide new normative support and more effective institutional support in the process of dealing with cyber crimes. It is necessary to effectively overcome the shortcomings of the mechanism of fragmented law enforcement and achieve comprehensive coordination and linkage integration in a wider range. Adhere to the guidance of intelligence information, vigorously promote the information operation mechanism integrating intelligence information with command and action, and at the same time further promote the construction of basic informatization, make full use of big data technology and informatization means to improve the intelligent level of crime prevention and control, and build a national network security center. " Shen Kuo Wu said.
Wu Shen Kuo believes that it is necessary to emphasize the export of the China Rules and China’s experience at the international level, and it is worth noting that the system of the new cybercrime convention should be actively promoted under the framework of the United Nations, so as to enhance China’s international voice and normative participation right in the new cybercrime governance field.
Cartography/Gao Yue
interlinkage
Article 27 of the Network Security Law of the People’s Republic of China stipulates that no individual or organization may engage in activities that endanger network security, such as illegally invading other people’s networks, interfering with the normal functions of other people’s networks, and stealing network data; It is not allowed to provide programs and tools specially used to engage in activities that endanger network security, such as invading the network, interfering with the normal functions and protective measures of the network, and stealing network data; Knowing that others are engaged in activities that endanger network security, they may not provide technical support, advertising promotion, payment and settlement, etc.
Article 40 of the Network Security Law stipulates that network operators should keep the user information they collect strictly confidential and establish and improve the user information protection system.
Article 42 of the Network Security Law stipulates that network operators shall not disclose, tamper with or destroy the personal information they collect; Personal information shall not be provided to others without the consent of the person being collected. However, unless a specific individual cannot be identified after processing and cannot be recovered.
Network operators should take technical measures and other necessary measures to ensure the safety of personal information collected by them and prevent information from being leaked, damaged or lost. When personal information is leaked, damaged or lost, it shall immediately take remedial measures, inform users in time according to regulations and report to relevant competent departments.
Article 46 of the Cyber Security Law stipulates that any individual or organization shall be responsible for its use of the Internet, and shall not set up websites or communication groups for committing fraud, teaching criminal methods, making or selling prohibited items, controlled items and other illegal and criminal activities, and shall not use the Internet to publish information related to committing fraud, making or selling prohibited items, controlled items and other illegal and criminal activities.