The authors | Muyou and Chen Chuan
Video link: https://www.bilibili.com/video/BV1Sf4y1u79x
This is a typical naked chat scam process, the worst part of naked chat scam is that he can squeeze all your money, and the amount of money cheated may be as high as hundreds of thousands;
Victims are afraid that things will be exposed, often do not dare to call the police, eat the bitter fruit alone, and are afraid of appearing on the campus wealth rankings;
And even if you've been scammed out of all your money, the other person may still send out the naked chat video, hey, just play.
So, in the fourth phase of the B side of the Internet, let's talk about how security companies and the police have caught this kind of criminal.
The first step in the counter-offensive is to start with this naked chat software. During the development of android apps, developers compile Java source code into machine code that Android can run.
Security companies and police can restore the APP to Java source code to track the black server and beat the black industry.
As the main development language for Android, Java's design philosophy is to pursue cross-platform compatibility - Write Once Run Anywhere.
To achieve this, you need to configure a virtual environment so that your code can flow unimpeded on any device, and this virtual environment is the Android Runtime, or ART for short.
Your code is compiled uniformly, the code is synthesized into a file that can be run in ART, the synthesis tool here is dx, so this file ends in .dex, called the classes.dex file, and finally the classes.dex file and the resource file, the configuration file is packaged together into our common download package - apk.
The whole process is like a black product packing a black box in layers, and the best way to open this carefully woven black box is to reverse the process.
First extract the classes.dex file from the apk, but the dex file at this time cannot be viewed directly.
At this time, it is necessary to convert the dex file into a file that can be viewed, classes_dex2jar.jar.
Then use the code viewing tool , jd-gui , to open the classes_dex2jar.jar and view the source code of the APP.
It is very important to get the source code, through the source code, we can find the IP and server address of the black production,
Some black producers even leave the QQ number WeChat signal in the code,
If the server address in the code does not have permission set, enter the IP address and you can also see the naked chat video stored on the server.
Get these can directly call 110, arrest people to seal the server, a burst hammer.
The case we just mentioned is that you actively downloaded the APP injected with the virus program, but more often than not, the APP you downloaded is not malicious.
For example, Taobao, just the information they collected because the internal ghost leak and API leaked because of the internal ghost leak and API we talked about in the first two issues.
At this time, we need to think like black production.
No matter how clever the means of black production to steal data are, after getting the data, they will definitely go to the market to sell.
And we can monitor the buying and selling of this data. The stolen thing is not afraid that it will not shoot, and once it is shot, it can catch the current, so the most important thing is to monitor the data transactions in the black market.
First of all, we can expand intelligence channels, such as the dark web, cloud network disk, online library, code hosting, Telegram group, Potato group, major black and gray production forums, etc., to control all the places where data can be bought and sold.
Set up plugins in these trading platforms to automatically monitor and capture transaction information, for example, when we set "SF Express" as a keyword, we can crawl all trading posts about "SF Express".
After the transaction of the keyword is monitored, the authenticity of the data can be further verified, such as whether the ID number and name correspond.
If this data is all true, then we can at least know how this data was leaked.
For example, the SMS platform leaks a verification code SMS issued to the user by a broker through a third-party SMS channel, and the leaked data format is the mobile phone number - region - operator - SMS content.
Then based on the content of the SMS we can reverse the data source.
After finding the source of the information leakage, you can close the corresponding API to plug the loophole and make up for it.
But we can't wait until an accident happens every time to think of a remedy. There may be thousands of APIs within an Internet platform, distributed in different departments, so even if there is no leaked data, it should be sorted out in advance of all the company's APIs, find high-risk APIs, and focus on monitoring.
Although the problem of previous data breaches is very serious, it is not realistic to want to sell data unscrupulously, and there have been signs on the dark web not to buy and sell sensitive data such as mobile phone numbers and ID numbers.
Thanks to Yongan Online Ghost Valley Lab and 360 Beacon Lab for providing content support. B station search Lei Feng network to pay attention to us, the next video, we come to talk about the fight against fraud and fraud. We'll see you in the next episode.
![These 37 cross-border gambling criminals, Guangdong public security shouted that you immediately surrender yourself[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)