Reporter Gong Mengze

  Weilai Automobile is out of the circle again.

This time it is not because of new energy vehicles, but virtual currency "mining".

  On April 7, a reporter from "Securities Daily" learned from a handling notice issued by Weilai Automobile that Zhang, an administrator of a cluster server of Weilai, took advantage of his position to mine virtual currency using the company's server resources.

After investigation, the employee began to use the company's server computing resources to illegally conduct digital mining operations for virtual currency ether since February last year, and profited from it.

During the investigation, Zhang confessed to his violations.

  Employees were exposed to using the server to "mine"

  In this regard, the reporter contacted Weilai to verify the matter, and Weilai responded that the official announcement shall prevail.

  Ma Xiang, a litigator of Bellon Law Firm, told the "Securities Daily" reporter that in this case, Zhang may be suspected of committing the crime of illegally controlling computer information systems, and may be sentenced to fixed-term imprisonment of not more than three years or criminal detention, and may also be fined or only fined; If the circumstances are particularly serious, he shall be sentenced to fixed-term imprisonment of not less than three years but not more than seven years and shall also be fined.

  According to the data, ETH is a digital token of Ethereum, called "Bitcoin 2.0". Like other digital currencies, ETH can be bought and sold on trading platforms.

Currently, with a total market capitalization of over $400 billion, Ethereum is the second-largest cryptocurrency in the world after Bitcoin.

  In fact, the incident of using the company's server resources to "mine" to make extra money is not the first case of Weilai.

  According to the judgment document previously published by China Judgment Documents Network, An Mou, a senior operation and maintenance engineer of a domestic Internet company, illegally controlled 155 Baidu servers by compiling scripts from the end of January to the end of May 2018 to mine Bitcoin and Monero. Wait, sell some bitcoins and make a profit of more than 100,000 yuan.

As of the eve of the investigation, he still had about 2.94 bitcoins in his account.

In the end, An was sentenced to three years in prison, his illegal gains were confiscated, and he was fined 11,000 yuan.

  A senior network security engineer who did not want to be named revealed to reporters that many suspects will use iterm (terminal emulation program) to control the server central control machine.

With the help of specific software, the central control will upload the "mining" script, and let the server download the "mining" script in batches, so that the powerful computing power of the company's server can be used by individuals.

"After the company's computing resources are uploaded to the corresponding website, they will continue to mine virtual coins, and settle to individuals in Bitcoin according to the amount of uploaded computing resources."

  "Many people think that the 'mining' Trojan just slows down the system and consumes system resources. This view seriously underestimates the harm of the 'mining' Trojan. The impact of the 'mining' Trojan goes far beyond that," the engineer told reporters. , "mining" Trojans usually operate high-risk behaviors such as "closing Linux/Windows firewall" and "installing rootkit backdoors". The Trojan horse controller may also steal server confidential information, control the server to carry out DDoS attacks, and use the server as a springboard to attack other computers.

  Security sandbox supervision pilot work started

  According to the latest report of Tencent's security team, among the public cloud attacks, intrusions for the purpose of "mining" accounted for 54.9%.

In order to manage the entire chain of virtual currency, the regulatory policy for virtual currency "mining" activities is continuing to increase.

  On January 10, 2022, the "Decision of the National Development and Reform Commission on Amending the "Industrial Structure Adjustment Guidance Catalog (2019 Version)" was reviewed and approved.

Among them, a seventh item is added to the elimination category "1. Outdated production technology and equipment" in the "Industrial Structure Adjustment Guidance Catalog (2019 Edition)", and the content is "Virtual currency 'mining' activities."

  In addition, the rectification of "mining" in various places is also in action.

In December 2021, the Zhejiang Provincial Commission for Discipline Inspection, the Provincial Supervision Commission, the Provincial Party Committee Network Information Office and other departments formed a joint inspection team to conduct random inspections of 20 state-owned companies in 7 regions of the province through direct inspections of computer rooms and follow-up inspections of "mining machines". The unit's 36 IP addresses will seriously investigate and correct a number of violations of regulations and disciplines that use public resources to participate in virtual currency "mining" and transactions.

  In recent years, the new energy vehicle industry has generated new security issues such as software security, network security, and industrial supply chain security, which have also brought great challenges to vehicle safety supervision.

In response to the complex and ever-changing safety situation in the automotive industry, five departments including the State Administration for Market Regulation and the Ministry of Industry and Information Technology jointly issued the "Notice on Trial Implementation of the Automotive Safety Sandbox Supervision System" a few days ago to jointly launch the pilot work of automotive safety sandbox supervision. , in order to improve the safety supervision methods of new automobile technologies, new formats and new models.

  "In the future, intelligent and connected car data will become one of the core competitiveness of car companies. Car manufacturers should establish a sound car data security management specification and process, fully guarantee users' right to know and control the collection of personal information, and enhance user trust. I feel.” Pei Lin, director of digital user experience for automotive products in JDPower China, told reporters that establishing high standards in enterprise data security protection will help car companies gain more consumers’ recognition of technology security, and make consumers more willing to cooperate with The sharing of travel data by car companies will ultimately help car companies gain the upper hand in the competition of future travel ecology.

(Securities Daily)