People sit well at home
Strange things happen quietly
In the dim light, in the dead of night
Your computer starts searching on its own
Swipe and rummage through your chat history
Select the "favorite" object to send the message
The sender shows that you are asleep
Captured by surveillance cameras
Only endless night and hollowness
Recently, the public security network security department of Pingyang County, Wenzhou, Zhejiang Province, cracked a case, arrested 30 criminal suspects involved in the case, and returned 1.18 million yuan in stolen goods.
Review of the case
In April this year, the Pingyang County Public Security Bureau's Cyber Security Brigade took Xiao Chen, a financial officer of a company in its jurisdiction, to report to the police, saying that his computer was illegally controlled by others, and that the suspect used his WeChat to instruct cashier Xiao Zhang to transfer money to different bank cards, causing an economic loss of 2.982 million yuan.
The case dug deeper
It turned out that the overseas fraud gang first recruited domestic hacker technicians through the network and made a Trojan horse program.
Then they disguised as a "*** policy plan" Trojan program mail mass sent to the domestic enterprise mailbox, enterprise staff opened the program, infected with Trojan virus, hackers remotely controlled their computers, disguised identity, waiting for the opportunity to commit crimes.
On the day of the case, the cashier Xiao Zhang received instructions from "Financial Xiao Chen" on WeChat, and thus made three large transfers. "Xiao Chen" on WeChat has exactly the same tone of speech and sentence breaking habits as when he usually sends emails.
Not only that
The Trojan can autonomously "geometrically diffuse"
After using the enterprise mailbox to spread to achieve the purpose of remote control, the hacker uses the controlled computer to log in to the enterprise employee chat tool, and then carries out secondary transmission, and repeats the above crime process, resulting in the spread of the virus to an order of magnitude.
The degree of harm can be imagined, and the detection of the case is imminent.
Clues surfaced
Combined with the victim's financial room monitoring and the results of the computer inquest involved in the case, the police ruled out the suspicion of internal personnel of the company.
Subsequently, the police thoroughly figured out its process by tracking the remote control software layer by layer.
Criminal gangs use WeChat and email to spread the information, resulting in the computers of the financial personnel of the victim enterprises being controlled, and the financial secrets of the enterprises being "at a glance".
When the time comes, hackers will imitate the tone of financial personnel and send transfer instructions to cashiers, causing huge losses to the company.
Closing operations
After stripping away the facts of the case, the special police organized and carried out network collection operations in Zhejiang, Guangxi, Henan, Jiangxi and other places, and in one fell swoop destroyed a hacker studio headed by Liao and a money-laundering gang headed by Ge, and arrested 30 criminal suspects involved in the case.
After interrogation, the suspect confessed to his illegal and criminal acts.
Based on the analysis of the virus and remote control data sources, the police found that there were 23 other early-warning risk enterprises in the jurisdiction.
Binh Duong Public Security has visited and investigated 13 companies on the spot, and has done a good job of reminding the transfer regulations of enterprise financial personnel.
Features of the case
01
The goal of the crime is clear and the confusion is strong.
This type of crime is mainly aimed at corporate financial personnel. After the criminal gang makes the Trojan horse program, it disguises itself as a Trojan horse program of relevant national policy documents and sends it to the company's mailbox, thereby reducing the awareness of enterprise employees and achieving the purpose of implanting Trojan horses.
02
Trojans spread geometrically, and tracing their origins is difficult.
After the Trojan horse program uses the enterprise mailbox to spread to achieve the purpose of remote control, the criminal suspect uses the controlled computer to log in to the enterprise employee chat tool for secondary transmission, and repeats the above crime process, causing the virus to reach the order of magnitude.
03
Trojans are highly camouflaged and not easy to detect.
The criminal gang updates the Trojan in real time, and ordinary antivirus software cannot detect and kill the Trojan program. After the enterprise computer is poisoned, the criminal suspect will use the remote control terminal to peek into the use of the computer, further determine the identity, work and rest rules, chat tone, etc. of the computer user, and wait for the opportunity to commit the crime.
(1) Popularize safety awareness education
Enterprises need to increase the popularization and education of information security knowledge for staff in key positions, and do not click to download links and documents released by strangers at will.
(2) Strengthen technical support for information security
Enterprise computers need to be equipped with firewalls, intrusion detection and other protection technologies, regularly update software, check and kill Trojans, once found that the computer has unknown files or abnormal operations, immediately cut off the network, and report to the public security organs.
(3) Complete and improve internal management systems
Enterprises need to further improve the information security management system, clarify internal responsibilities and management processes, such as setting up multiple approval and confirmation procedures, strengthening the daily preventive management of key links such as financial approval and cashier confirmation, and ensuring the safety of enterprise property.