Qihoo 360 engineer cracked the card vulnerability and malicious recharge was detained

Qihoo 360 released a statement confirming that network engineers have cracked the card vulnerability and maliciously recharged for criminal detention

On July 6, September 25, a media report reported that Yang, a network engineer of Qihoo 360, had cracked the system vulnerability of the Municipal card and helped himself and his colleagues maliciously recharge the account for more than 2600 yuan. Therefore, he was detained for six months. 360 the company issued a statement today to confirm the incident and apologized to the public.

360 according to the statement, two technical departments, Guan Gong, used the research to crack the Beijing Municipal one card password and maliciously recharged the card for consumption. The amount involved was 1700 yuan.

360 the company said, "two employees were sentenced to personal behaviors even though they were using the card vulnerability. However, our company should assume the responsibility of employee education and have taken corresponding measures to strengthen management, avoid the recurrence of similar events. Here, we solemnly apologize to the public ."

The following is the full text of Qihoo 360 company statement:

About media reports about the use of card vulnerabilities by employees of the Company

Recently, media reports said two employees of Qihoo cracked the password of the Beijing Municipal one card and maliciously paid for the card. In this regard, our company is described as follows:

(1) At the end of 2010, our Technical Department found that the municipal card system had a security vulnerability, because the vulnerability involved the public interests of tens of millions of cardholders. Our company immediately reported to the relevant departments. At the requirements of relevant departments, our company was commissioned to study the vulnerability to further determine the severity of the vulnerability. During the study, we found that the vulnerability could be directly recharged, we have presented this demonstration and situation simulation to relevant departments.

(2) A few months later, two engineers involved in the study failed to resist the temptation due to weak legal awareness. After recharging, they spent money in private, involving 1700 yuan.

(3) After the incident, our company actively cooperated with the public security department to conduct an investigation and removed the two employees according to the company's regulations. Because this vulnerability involves public information security, our company has not disclosed it to the outside world as required by relevant departments.

(4) two employees were sentenced to personal behaviors even though they were using the card vulnerability. However, our company is responsible for employee education and has taken corresponding measures to strengthen management, avoid the recurrence of similar events. Here, we solemnly apologize to the public.

News link:

Qihoo engineers cracked the card vulnerability and malicious recharge was detained

Beijing Times News (Reporter Liu Jie) Beijing Qihoo Technology Co., Ltd. (hereinafter referred to as Qihoo Company) network engineer Yang, after cracking the system vulnerability of the Municipal card, help yourself and colleagues maliciously recharge more than 2600 yuan. Reporters learned yesterday that Chaoyang court sentenced Yang to six months of criminal detention for theft, Lin was sentenced to five months of criminal detention and suspended.

Yang and Lin were network engineers at Qihoo before the incident. At the end of last December, Yang found a vulnerability in the municipal card Recharge System. He tried his own card and cracked the system password contained in the card chip. He found that he could change the card amount at will.

It is understood that the municipal one card company imposes restrictions on user recharge. If a user wants to recharge a large amount (accumulated more than 3000 yuan), they need to fill in their contact information online and make an appointment three days in advance, after confirmation by the card company, you can recharge your account. For this reason, Yang did not dare to recharge the card. He "recharged" more than 2600 yuan to three cards of himself, Lin and others through the company's computer.

In addition to using public transport in this city, one card also provides many other functions, such as card swiping in supermarkets, cinemas, hospitals, and parks. At the same time, if one card is bound to a mobile phone card launched by China Telecom or China Unicom, it can charge the phone fee.

After confirming the recharge, Yang and Lin went to the supermarket and other places to swipe the card for consumption, totaling more than 1700 yuan. In early March this year, the Municipal one card company found that some card transaction records were not completed at the designated recharge point, and the amount of each recharge was large. it was suspected that the card was maliciously recharged. By tracking the purchase records of suspected cards, the police locked Yang and Lin and captured them. During the trial, the two pleaded guilty and all losses were rejected.

after hearing the case, Chaoyang court held that Yang and Lin had used secret techniques to steal company property for personal gain. A large amount of money had constituted theft and Yang was the principal offender, lin is an accomplice. The court sentenced Yang to six months of criminal detention. Lin was sentenced to 5 months of criminal detention and 5 months of probation.