China News Service, Beijing, October 13th (Reporter Xia Bin) Recently, the Cybersecurity Detachment of the Public Security Bureau of Guangxi Laibin City and the Wuxuan Police successfully cracked the first case of "SMS bombing" in Guangxi after nearly two months of hard work.
In June of this year, the Cybersecurity Detachment of the Public Security Bureau of Laibin City received a report that someone set up a website on the Internet to carry out illegal and criminal acts such as text message bombing and game plug-in.
In response to relevant clues, with the assistance of the security team of the Tencent Guardian Program, the Cybersecurity Detachment of the Public Security Bureau of Laibin City passed an investigation and finally identified the suspects and carried out arrests.
After interrogation, the criminal suspect Zhuo Moujian confessed that he had bombed illegal services (also known as "call dead you") through proxy text messages, and made a profit from the price difference by developing offline subcontracting services. When he was found by the public security organs, Zhuo Moujian has developed more than 450 subordinate agents. Among them, only one agent in Kaifeng City, Henan Province purchased the service and carried out more than 5 million SMS bombings.
As a kind of illegal and vicious harassment behavior, the "call to death" SMS bombing has severely infringed on the personal rights of users in recent years, and has also caused adverse effects on some enterprises.
Due to the concealment of the black production gangs and the fragmented industrial chain, it is difficult to solve the SMS bombing case.
As the provider of clues to the investigation of this case, Tencent and Guangxi police held a "You're dead" SMS bombing black product management media communication meeting in Beijing on the 13th, and announced the details of the case on the spot, disclosed the data of the SMS bombing black product, and appealed to all sectors of society. Pay attention to the SMS bombing of black property management together.
"Death to you" is the use of bombing software by criminals to allow the target user's mobile phone to receive a large number of verification text messages in a short time. What's more, it can send thousands of harassing text messages to the target user's mobile phone number within 1 minute, and continue to send high-density text messages. The formation of a "bombing" effect seriously interferes with the normal use of the user's mobile phone.
Relevant data shows that SMS bombing of black production currently harms more than 3,500 verification code interfaces and 2,400 SMS interfaces on more than 2,000 websites. There are as many as 1.6 million+ bombing text messages on the entire network every day.
In the SMS bombing chain, ordinary users are only one of the victims, and companies that are used to send verification SMS often suffer loss of corporate profits and a crisis of brand trust.
Yang Hong, a risk control expert at Tencent Security Tianyu, introduced that the principle of "death you" is an illegal bombing software. It collects a large number of normal corporate website sending SMS interfaces (CGI interfaces) through crawling methods, and integrates them into bombing websites or bombing software. On the Internet, by visiting a large number of websites in a short period of time, the verification SMS will be sent to the target user’s mobile phone through the operator’s interface in a normal way of applying for the SMS verification service.
The verification code text messages themselves may not be potentially harmful, but when hundreds of thousands of text messages continue to flood into the same mobile phone at the same time, the bombardment-style harassment causes users to be unable to use their mobile phones normally, which seriously violates user rights.
Yang Hong suggested that enterprises can replace the SMS verification code through number verification in server-side prevention and control. The upstream verification method avoids the risk of downstream verification. The user can verify the phone number with one key when logging in, without having to accept the verification code for verification. Avoid the risk of being used by SMS bombing software at the source.
Secondly, in some special cases, when users still need a verification code to log in, the enterprise can use the "graphic verification code" to verify the security of the login behavior and filter out batch requests from the SMS bombing software.
Whether it is the establishment of corporate website protection mechanisms, user-side evasion and deterrence, or the police's crackdown on criminals, the management of "death you" SMS bombing can not be solved unilaterally, and comprehensive management together has become the focus of discussion at the conference.
On the site of the communication meeting, representatives of the Cybersecurity Detachment of the Public Security Bureau of Guangxi Laibin City, Tencent Security Team, and the on-site media launched a joint call to call on companies related to SMS verification services, upstream and downstream service providers and other social sectors to pay attention to the issue of SMS bombing black industry governance and work together to maintain good Internet environment.
(over)