Home > News content

Wechat hidden verification code service is used as app false registration and fraud

via:CnBeta     time:2019/12/3 12:26:16     readed:582

"Wechat circle old account 400 yuan, explore female account 170 yuan, male account 200 yuan." He Sheng, a social account seller, said. According to the investigation, Hesheng, as a seller, is just the end of cash flow in the account trading chain. The platform that is located in the upper reaches of the black industry and hidden in the WeChat public number is exposed.

Card dealers like Chen Miao are called "card dealers" in the industry. According to people close to the black industry, the black industry personnel only need to obtain the mobile phone number and verification code through the card dealer and the code receiving platform, and then use the automatic program tool to complete the whole registration process. At present, many platform has been "WeChat" public number, through which they can register multiple App accounts in a short time. The downstream of the receiving platform includes many kinds of black ash production such as "haowool" and telecom fraud. The former, has made many large enterprises lose a lot; the latter, is common in the attention of the network "pig killing plate" and other love gambling scams.

Buy and sell wechat, detective, online account of love and marriage, and heichan loves to stare at "love and marriage fans"

"(for sale) all kinds of marriage networks, dating and social accounts." In an account trading QQ group, users nicknamed "Hesheng account sales center" (hereinafter referred to as "Hesheng") published an advertisement.

Hesheng said in the advertisement that the accounts of Shijijiayuan, zhenai.com, qiaoyin, Kuaishou and many other social platforms are all sold, and as strangers' social giant's detective, stranger and wechat accounts are also in his "business scope".

"The old wechat band (i.e. the circle of friends) account is 400 yuan, the female account is 170 yuan and the male account is 200 yuan, which can be customized." According to Hesheng, the so-called "customization" means that customers can specify pictures, and they are responsible for data and response matching.

Another seller nicknamed "Bingguo" said, "treasure net account new number 300 yuan, with a member of 550 yuan; old number 550 yuan, with a member of 850 yuan. Century Jiayuan belt member 150 yuan. "

Recently, a reporter from Beijing News joined a number of communication groups in the black industry and found that the advertising of account trading is still close to screen swiping. In addition to QQ, there is a lot of such information on leisure fish. Reporters in the idle fish saw a large number of century Jiayuan and other account sales related commodity display box.

What do you do with buying and selling these accounts? "Kill pigs." Simple two words, is the marriage website account seller Li Feng (pseudonym) gives the answer.

Some people in the black industry said frankly that the fans absorbed through the social platform account of marriage and love were "marriage fans" in the circle. Because of its stickiness and strong liquidity, it is "very popular" in black labor. Frankly speaking, it is easier to carry out fraud.

"Do you think I'm a fool? I think I'm a fool myself." The victim Zhang Ying (pseudonym) got to know a netizen who called herself "Wang Junkai" on the marriage website last August. With Wang Junkai's beauty and his daily greetings to Zhang Ying, Zhang Ying fell in love quickly and was finally cheated of 180000 yuan. According to Zhang Ying, the other side has been avoiding videos with her, and she suspects that the photos are fake.

Li Feng revealed that at present, the industrial chain has been modularized. "A batch of people who register accounts in batches are called registrars; a batch of people who sell accounts are called sellers; another batch of people who authenticate accounts with real names are called certifiers."

Li Feng is one of the sellers. Li Feng can make a profit of 20 yuan by buying and selling each number for 80 yuan to pick up goods from his last home and then for 100 yuan. "I'm selling naked numbers, that is, unauthenticated accounts." Li Feng introduced that he could earn several hundred yuan a day just after entering this trip.

Wechat hidden verification code service, one verification code is about one yuan

Li Feng mentioned that the registrant also has a name - "the Party of making numbers". On top of the "number making party", there are multiple interest chains, such as code receiving platform and card merchants.

For most people, the code receiving platform is a relatively unfamiliar vocabulary. According to the literal meaning, it can be simply interpreted as "the platform for receiving the verification code" In the eyes of black industry practitioners, the code receiving platform is considered as "the entry weapon of black ash production". Downstream can connect multiple black ash production, such as fraud, wool collection, single brushing, Navy, etc.

Beijing News reporter survey found that many yards platform has been "settled" WeChat public number.

"Our main message plus voice code." The reporter contacted the "ocean" through a public number called "code card business verification code to receive SMS business to receive voice". "(each verification code received) probe 1.2 yuan, Soul1 yuan, Momo 1.5 yuan, wechat 4 yuan." "Ocean" means.

"Ocean" introduced that the specific operation process is: after payment, he provides a mobile number, the reporter imports the mobile number into each major app and clicks "send verification code", and he will send the verification code. Through the verification code sent by "ocean", the reporter can register successfully after trying to input simple information on the exploration platform. The whole process, usually not more than a minute.

In the process of communication, "ocean" is quite careful. In order to avoid wechat supervision, he will not mention "verification code" in the chat. When the reporter asked him to verify the code, he asked, "don't say those three words, you can replace them with others."

The public security department is increasing its crackdown on the black production of verification codes. Among the nine typical cases of fighting against and rectifying the network chaos published by the Ministry of public security in 2018, there is the first criminal mode in China that obtains telephone "black card" and verification code in batches through operator servers.

In July this year, the online police headquarters of Guangdong Provincial Public Security Bureau cracked the first case of illegal Internet production in China, which was to crack down on pre installed mobile phone back door access to verification code to register online account. After investigation, a technology Co., Ltd. in Shenzhen provided terminal system solutions for a number of manufacturers of miscellaneous mobile phones. A Trojan hacker program was implanted in the bottom layer of the mobile phone operating system that did not leave the factory. As long as the user bought a mobile phone and inserted a phone card, his mobile phone number was controlled by the hacker program without knowing it. In addition, the company also built a number of mobile phone verification code receiving platforms, combined with the Trojan hacker program embedded in the bottom of the mobile phone operating system in advance, and used the received mobile phone number and SMS verification code to provide various network account registration services for the downstream Mafia gangs, with the service fee of 0.4 to 2.5 yuan each time. According to the technical analysis of Tencent Guardian plan security team, after the SMS verification code is returned, the relevant SMS will be deleted and blocked in the background, resulting in the inability of mobile users to find that their number has been used by others to register a network account.

One registration card is about 10 yuan, mostly used for telecommunication fraud and collecting wool

According to the internet account malicious registration black industry governance report released by Tencent, card dealers are the source of malicious registration industry chain. "A card dealer is a registered card dealer." A person close to the black industry told the Beijing News.

According to a reporter's investigation, due to the large number of mobile cards required, the registration cards with voice function off by default and ultra-low charge are favored by these black industry practitioners. "They use cat pool to do group control, which can realize simultaneous operation of multiple mobile cards." Those close to black production said. Cat pool is an electronic device on which multiple black cards of mobile phones can be inserted. The mobile phone card can be used to receive the verification code through the cat pool, and a large number of virtual accounts can also be stored.

Generally speaking, the card dealer cooperates directly with the code receiving platform, and automatically sends the verification code to the code receiving platform through the catpool. The code receiving platform pays the "card dealer" a fee ranging from 1 jiao to 3 yuan for each information. The card dealer can basically "stay at home and enter more than 10000 yuan per month".

Under the ground of a second-hand mobile phone market in Beijing, Chen Miao (pseudonym) put a pile of white cards in front of the glass counter. "One registration card is 12 yuan. If there is a large number, the price is negotiable."

The reporter of Beijing News in Chen Miao's booth saw that except for the plain white card, it was no different from the mobile card used in daily life. "This is the registration card. You can't make a phone call, but you can receive a text message." Chen Miao looked up at the reporter who interviewed him secretly, pointed to the white card and said, "it can be used to register an account. If you have an account, you can do what you want. If you want, I can send you express. "

However, Chen Miao is not willing to disclose how these registration cards came from. Jane (pseudonym), a black industry researcher, told the Beijing news that a considerable part of these cards are IOT cards and virtual number cards.

"IOT network cards are sold and activated through agents, not operators." Li Tong, a mobile phone shop owner in Tianjin, told the Beijing News. According to Li Tong, "generally speaking, these IOT network cards are strictly forbidden to be used on mobile phones, but they are currently packaged as mobile traffic cards to flow to the market."

The reporter visited two second-hand mobile phone stores in Beijing, and found that there were registered card sellers with prices of about 10 yuan. In multiple QQ groups and wechat groups, reporters also found that registered card sellers published advertisements.

"Internet account malicious registration black industry governance report" points out that malicious registration is the upstream source of downstream network crime.

With malicious registration as the core, the upstream has a number provider providing mobile phone card number. They provide the downstream with registration information by including IOT card, non real name outflow from individual virtual operators, non real name outflow by collusion between black production personnel and individual operators' staff, as well as other non real white name and virtual false real name. They provide SMS verification code or voice verification code The code receiving platform provides a coding platform for image and slider verification codes, and a "material supplier" for citizen personal information and enterprise registration information. These people provide resources for registration information and identity binding information, respectively, to provide registration actors with registration behaviors. After the registration is completed, chamber of Commerce will raise the price of the number and prevent it from being banned by security measures, and finally provide it to the downstream for a variety of downstream black ash industries.

The downstream black ash industry is first used for crime scenes such as fraud. For example, the above mentioned pig killing plate, beauty fraud, share recommendation fraud, etc., these accounts are obviously not registered as real identities. In addition, the malicious account may also be used by the black producers to collect wool, brush powder, brush quantity, brush orders, fry letters and other false traffic behaviors, advertising and marketing, and other illegal or gray behaviors.

Cao Lei, director of the e-commerce research center, said in an interview that the "wool party" in China has formed a highly organized organization of black ash production. From bat to start-up Internet companies, as long as they hold market activities, they may face a huge threat from the "wool party".

Experts: need to further clarify the subject of regulatory responsibility

In November 19th, the Supreme People's Court issued the special report on judicial big data: the characteristics and trends of cybercrime. It shows that from 2016 to 2018, the main criminal tools used by defendants in online fraud cases were WeChat, QQ, Alipay and so on, accounting for 42.21%, 35.23% and 15.28% respectively. The proportion of fraud cases by using wechat in all online fraud cases has increased rapidly year by year. By 2017, it has surpassed QQ. The popularity of wechat makes it a tool frequently used by cyber fraud criminals in 2018.

The report also points out that when the defendant is carrying out the cases of network fraud, the cases of deceiving the victim by posing as others account for the highest proportion, accounting for about 31.52%.

Strengthening the supervision of the platform is considered to be one of the important ways to cut off the black industry interest chain. "Weak supervision is a problem of many platforms, which enables them (black industry practitioners) to directly publish advertisements and contact customers. It may be a breakthrough to improve this problem by setting keywords and other ways to strengthen information audit. " A black industry researcher said.

A lawyer told the Beijing News, "the absence of platform supervision left space for lawbreakers, and strict implementation of the real name system is conducive to reducing the occurrence of information leakage."

Several experts said that the most effective way to crack down on this kind of black industry is to directly crack down on the malicious registration tool providers upstream of its industrial chain.

As early as September 2016, the Ministry of industry and information technology, the China Banking Regulatory Commission, the Ministry of public security and other six departments jointly issued the circular on preventing and combating the crime of telecommunication network fraud, which put forward a clear timetable for the implementation of the real name system of telephone, and at the same time, imposed quantitative restrictions on the card opening of telecommunication operators. According to media reports, Shen Yong, who was involved in the investigation of the case of love code, the largest verification code platform at that time, believed that this would fundamentally curb the development of such platforms (i.e. code receiving platforms).

According to reports, card dealers with a large scale often hold millions of mobile SIM cards. Through the intervention of verification code platform, they can provide verification code services for tens of thousands of website projects. "At that time, we found that there were about tens of thousands of service projects provided by AI code platform, with prices ranging from 10 to 1 yuan. Between half a year, the amount of transactions involved in the case with historical records is about tens of millions. " Shen Yong said.

In recent years, the supervision has been increasing the attack on the source card dealers. In March last year, Huangpu police destroyed three "card dealers" dens in Dongqu street, Luogang street and Changzhou street, arrested five suspects, seized more than 30 computers, more than 100 sets of maochi, and more than 40000 mobile phone cards. According to the suspect, a large number of nameless mobile cards are mainly from mobile cards purchased in the name of enterprises or units, commonly known as "enterprise cards". This kind of mobile phone card is registered in the name of different enterprises, and most of them only have the functions of answering calls and receiving and sending messages. The suspects take advantage of the characteristics of "business card" without personal real name registration to provide services for all kinds of "customers" (most of them are illegal elements who carry out telecommunication fraud) who need to avoid the real name system.

Network blackout is spreading. Ma sanjun, vice president and Secretary General of Hebei E-commerce Law Research Association and associate professor of Hebei University of engineering, believes that it is urgent to supervise the relevant e-commerce operation platforms. "This needs to further clarify the subject of regulatory responsibility. However, the e-commerce law just implemented on January 1 this year does not specify specific regulatory departments and responsibility division, only general provisions, and lack of operability in practice, which requires relevant departments to timely issue relevant supporting laws and regulations or rules to further improve; in addition, the difficulty of obtaining evidence for online transactions has also formed a new challenge to regulation In this respect, more efforts need to be made to strengthen industry self-discipline and innovate regulatory methods. "

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments