Recently, the Shanghai Xuhui Public Security Bureau, under the guidance of the municipal bureau’s criminal investigation, network security corps and other relevant units and with the assistance of public security agencies across the country, successfully detected a series of extremely large cyber thefts after six months of continuous fighting. case. During this period, the arrest team traveled to more than 30 provinces (cities) across the country, with a total journey of more than 100,000 kilometers. They successively arrested nearly 100 criminal suspects led by Zhao, Yang, Zhang, etc., and froze the funds involved in the case. More than 2.25 million yuan was recovered, and more than 1.64 million yuan of funds involved in the case were recovered, saving millions of yuan in economic losses for the victim units and investors.
On February 27, 2017, a financial information service company discovered that one of its APP software had been attacked by multiple hackers, and RMB 10.56 million was illegally withdrawn within half a day, so it reported to the police Report the case to the agency. After receiving the report, the Xuhui Public Security Bureau immediately set up a task force, sent personnel to the company immediately, and raced against time to sort out the APP platform server data. On the same day, it analyzed the suspect's modus operandi and successfully blocked the loopholes, avoiding the risk for the company and investors. greater loss.
At the same time, the task force went all out to carry out investigation work. After investigation, it was found that on February 27, a suspect exploited a vulnerability in the APP platform and used hacking methods to tamper with the requested amount data during the APP recharge process, resulting in an abnormal amount of money being recorded on the platform, and he quickly performed a cash withdrawal operation to commit the crime. After successfully committing the crime, the suspect taught the method of committing the crime through the Internet, causing the vulnerability to be widely disseminated and exploited. As of the incident, ***422 abnormal APP accounts used this method to maliciously recharge, of which 269 successfully withdrawn money.
After mastering the suspect's committing crimes, the task force repeatedly studied and carefully formulated an investigation plan. Within 12 hours after the incident, the identity of the suspect Zhao who committed the first crime in this case was clarified. , and on March 3 and 4, three main suspects including Zhao, Yang, and Zhang were arrested in Anhui. Investigators then followed the lead and gradually identified nearly a hundred suspects involved in the case across the country. As of August 29, the task force has arrested nearly 100 suspects in Shanghai, Anhui, Jiangsu, Gansu, Zhejiang, Henan, Hebei, Shandong, Guangdong, Guangxi, Heilongjiang and other places, and successfully solved the nationwide case of exploiting network vulnerabilities. Cases of theft from P2P financial companies. So far, 74 of the criminal suspects in the case, including Zhao, Yang, Zhang and others, have been approved by the procuratorate to be arrested, and the case is still under further investigation.
Police reminder: This case is a case of cyber theft using hacker means. In this regard, relevant companies should pay attention to improving the security level of website systems, strengthen the review of large-value transactions in the short term, and report to the police in time if any abnormalities are discovered. It is recommended that relevant APP software development companies can entrust a specialized network security performance testing company to conduct internal security testing, and then launch it to the market after passing the test.