Anti investigation means are comparable to espionage films, and "second dialing IP" has become the foundation of network black production
2022-01-18
Telecommunications fraud, online gambling, online water army... Behind these acts that seriously endanger network security and even crimes, a group of people quietly laid a "foundation" for them and provided "second dial IP" services. Yunnan recently pronounced a verdict on a "second dial IP" black production case. In this case, the criminal gang used a large amount of broadband to create millions of IP (network address) in a short time to form an "IP pool", bypassing the normal IP restrictions, making it difficult for the police to trace. At present, such phenomena are still faced with difficulties in obtaining evidence and insufficient legal punishment. Counter investigation measures are comparable to espionage films The appearance is simple, but there are many high-tech equipment inside: an access control alarm system is set at the door, and someone will give a prompt on the mobile phone; 360 degree remote intelligent camera is installed in the room to monitor the security situation in real time; Several computers use a remote WiFi smart socket, which can automatically restart the virtual server and format the computer at any time... This is not the lens in the spy film, but a computer room that provides "second dial IP" services for crimes such as telecom network fraud. "The gang has a strong awareness of anti investigation and high technical means, which we have never encountered." Yang Xingnan, director of the first division of the network security corps of Yunnan Provincial Public Security Department, said that the "second dial IP" crime is still a new type of crime. In order to successfully investigate and handle it, the network security corps of Yunnan Provincial Public Security Department has trained the network security police of the whole province for many times, and even organized technical and legal experts to study the technical principle of "second dial" and the anti investigation measures of dens. In 2020, Yunnan Police successively received several clues for investigation of gambling and fraud cases. After tracing the computer room set up by huiding company in Chuxiong Prefecture, they found a huge "second dial IP pool". Chen Yuehai, a police officer of the network security corps of Yunnan Provincial Public Security Bureau, introduced that "second dialing IP" uses the principle that home broadband Internet access will obtain a new IP every time the line is disconnected and reconnected; Criminal gangs have mastered a large number of broadband line resources and create a large number of IP in a short time to form an "IP pool", ranging from 100000 to millions, thus bypassing the normal IP restriction strategy, making it difficult for the police to trace the real IP. In September of that year, the Yunnan provincial police unified action, captured the suspect and the industry "ghost" in one fell swoop, a total of 34 people. The court found that the gang illegally carried out virtual public internet proxy access service and broadband sublease business to provide help for others to carry out cyber criminal activities. The network equipment involved in the gang is associated with a number of online gambling cases and Telecommunications fraud cases. "Second dial IP" into crime infrastructure In this case, the principal offender Zhao has a surprising identity: the police of a public security bureau. A few years ago, Zhao met the suspect Hu while handling a case of illegal operation of telecom value-added services. Before the case was completed, the two discussed engaging in telecom value-added services. In 2018, the two partners registered and established huiding company by using the identity information of others, and obtained the value-added telecom business operation license. However, Zhao played a big game in the whole province: he was responsible for managing the money and selected counties and districts rich in IP resources in the whole province, arranged his men to rent houses in the selected counties and districts and handle broadband entry procedures, Hu was responsible for handling certificates, purchasing and installing equipment and controlling the operation of dens in the background, Xu, the technical backbone, was responsible for maintaining the normal operation of equipment, and others were responsible for using the company as a legal person Accept and deal with daily inspection, investigation and handling as shareholders. In less than two and a half years, this group with clear division of labor and efficient cooperation has opened 150 broadband accounts and set up 31 computer rooms in 16 prefectures and cities of Yunnan. According to the network security police, at present, the "second dial IP" black production is still expanding the geographical coverage of IP resources, and some platforms can even provide IP resources such as South Korea and the United States. After the end of the service cycle of "second dialing IP", it is difficult to distinguish between second dialing IP and normal user IP. A single second dialing machine can use IP resources in hundreds of regions across the country, and users may not be where, resulting in strong concealment and difficult traceability. The first consequence is to occupy network resources on a large scale and disrupt the network security order; Second, it has become the soil for breeding all kinds of network crimes and seriously endangering network security. The most upstream of the "second dial IP" black production is illegal advertising promotion, online gambling, telecom fraud, online water army and other cyber criminal activities. Among the dens operated by Zhao's Gang, only the dens in Jianshui County, Honghe Prefecture, Yunnan Province have been associated with 6 Telecom fraud cases. It is difficult to find out how many criminal cases have been caused by network equipment in other dens. The cost of crime is low and it is difficult to crack down, so the supervision needs to be strengthened The case reflects many difficulties faced by the police in combating cybercrime, among which the biggest restriction is the lack of judicial punishment. Kang Xin, head of the legal supervision office of the network security corps of Yunnan Provincial Public Security Department, said that at present, the crimes that provide tools for cybercrime like this case may include the crime of refusing to perform the obligation of information network security management and the crime of helping information network criminal activities, but the sentences of these two crimes are "less than three years". Compared with the harm they cause, the crime cost is obviously too low. If we do not increase the intensity of judicial punishment, in the long run, such crimes may "fight more and more". At the same time, there are high standards for identifying such crimes. Take the judicial interpretation of the above two crimes as an example. First, it is necessary to "know that others use the information network to commit a crime", but it is difficult to determine whether the suspect subjectively "knows" in the actual handling of the case. Second, the identification standard of "serious circumstances" is "providing help to more than three objects", that is, at least three cases are involved. In terms of this IP pool case, at present, it can only be traced back to an "IP pool" from the cases that have occurred, but there is still no means to verify what specific cases have occurred in which many IPS in the "IP pool" have been utilized. Third, the evidence requires the retention of logs and trace records in the first half of the year. However, with the increasing awareness of anti investigation of criminals, the set automatic formatting and other procedures are enough to destroy the above evidence. On October 23, 2021, the draft anti telecom network fraud law was published online to solicit public opinions, which gave hope to the grass-roots police handling cases. They looked forward to the promulgation of the law as soon as possible and suggested taking stronger measures at the national level. For the subjective "knowledge" stipulated by the law, the recognition threshold can be reduced through the introduction of judicial interpretation. For example, personnel who build "second dial IP" and other criminal infrastructure can be considered to be directly recognized as "knowledge". "If it is not used for crimes, who will use these functions?" Investigators said. (reporter: Wang Yan) (outlook new era)
Edit:Luo yu Responsible editor:Wang xiao jing
Source:Half Moon on wechat account
Special statement: if the pictures and texts reproduced or quoted on this site infringe your legitimate rights and interests, please contact this site, and this site will correct and delete them in time. For copyright issues and website cooperation, please contact through outlook new era email:lwxsd@liaowanghn.com