Hackers hit P2P information security bottom line can hold?

Source: Internet
Author: User
Keywords Security breach p2p system information disclosure template system hacking
Tags broadband cost credit customer customer service data development entering

Recently, the new network of peer-to-peer lending platforms released online announcements about broadband attacks suffered by hackers. The announcement said that the new online customer service received hackers blackmail information, then the site instability. At the same time, the announcement said that this hacker attack only caused the temporary suspension of the platform system due to the occupation of broadband and would not cause any leakage of investor information and loss of property.

Xinlian Online launched on July 31, 2013, and this is the second time that the platform has experienced technical problems since entering this July. July 3, 2014, the platform announcement system announcement said the technical team found that the platform after the investigation of major security loopholes, has been the first time a technical repair.

In recent years, P2P lending platform has entered a period of rapid development. The "China Internet Loan Industry's First Half Yearly Report 2014" released recently by the Lending Home shows that as of the end of June 2014, the number of national lending platforms reached about 1184, and the trade volume was about To 81.837 billion yuan. By the end of 2014, the number of P2P platforms in China will reach 1,500.

With the rapid development of P2P net loan industry, information security of platforms and investors has been repeatedly threatened, hacking platforms have been staged frequently. According to media reports, in 2013, nearly 70 domestic network loan platforms were closed due to hacking incidents.

Template system is inherently inadequate

Wang Chengzhang, COO of Guocheng Financial Co-founder, told the reporter of "First Financial Daily" that at present, there are mainly three types of hackers attacking the network loan platform.

The first is yards farmers. Such people based on personal interests and hobbies, like to grab software vulnerabilities, and test results to the platform. "This hacker and platform are mutually reinforcing relationships," said Wang Jianzhang. The second is a professional attacker. The hacker hired by peers, high borrowers and individual grievances, attack platform. The third is blackmail. This type of hacker will enter the system database to extract information and money on the platform blackmail, "Once the site was hacked, resulting in investors unable to access the site and the platform cash withdrawal difficulties, will cause panic and then run."

This reporter learned that, this year, all loans, pat loans, pterosaurs loan and many other network platform have been hacked Hacker, forced to close the server, short stop service.

It is generally accepted in the industry that there are three major directions for hacker attack platforms, namely the big-name platform, the template-based platform and the high-interest platform.

An industry insiders told the "First Financial Daily" reporter, due to cost constraints, the current industry independent development system software, the number of platforms, more platforms choose to buy "template", the price of the template varies. "In Taobao, the cheapest 200 yuan to buy a set, and mature software template providers according to the system level, priced at 30,000 to 500,000 range." The industry pointed out that due to the same system kernel, if a loophole It was discovered that will lead to loopholes in large numbers of platform vulnerabilities, hackers choose such a platform "both economical and efficient."

The reporter combed and found that a financial technology called financial financial Internet providers in the official website wrote: "300 P2P network credit system customers, 30% market share." Another called "green sparrow system" Of the site claimed: "Green Sparrow system is a professional P2P network loan program, the company provides P2P network lending platform for all-round technical support and site operations planning." In the site case column can be found using the system part of the network credit Platform, including Rong Yi Xinyi, easy days loan, the western rich, a large loan, the Spirit Exchange earnings, snow loans, national security loans and other 29 network of credit companies.

Subsequently, this reporter visited Taobao and China suppliers two platforms, enter the "P2P system" keywords, Taobao listed a total of 658 pieces of baby, the maximum price of 98,000 yuan. Chinese suppliers even show 343754 quoted price information. By the yuan of Qingdao Software Technology Co., Ltd. developed a value of 6,000 yuan a P2P loan program marked on the page "set of 110 from the grant."

Self-built system costs high

The face of "menacing" hacker, the template system has "inherent deficiencies," the industry generally accepted response is platform self-built system. However, industry insiders also admit that having independent systems faces many realistic difficulties, such as long time-consuming, unstable systems, and higher costs.

It is understood that, at present, Guocheng's platform system for finance is developed independently, including manpower and software, with an annual investment amounting to one million yuan. As the scale increases, the amount invested in the next three years will increase to 3 million. "My development is a bottomless pit," said Wang Jianzhang.

This bottomless pit is also reflected in the server, similar to the platform system, the server platform independent purchase and use of cloud server in two ways. In Ali cloud, for example, a server hosting fee of 40,000 yuan a year, if the platform requires 6 servers, then the annual cost of about 240,000. If you buy a server alone, each cost 60,000 yuan. "The purchase cost is not the most important, more importantly, after the purchase, the server needs to be managed by telecom to ensure that the server is powered on for 72 hours." Wang Jianzhang told First Financial Daily that some platforms in the industry are independent Servers, but these servers do not go to telecom hosting, but placed in the corporate room, once the power outage will result in a large loss of data.

He Mu, general manager of wealth in large card July 12, 2014 "how to be a qualified P2P investors," the forum said that network information security is not only refers to the prevention of hacker attacks, as well as platform for Internet systems investment. By the end of 2012, there had been a hard disk burn-out and data loss event on the platform of E-loan. After the incident, Zheda wealth to increase equipment investment, according to Hemu revealed that three years for the network system has invested more than 10 million yuan, of which staff costs accounted for Liu Cheng, equipment costs account for 40%. Currently does not include the number of platform operators, the number of IT team has reached 80 people.

User information disclosure needs to be solved urgently

The acceleration of P2P is not only reflected in the number of platforms, but also reflected in the size of investors who choose this mode of financial management. Net Loan House "2014 China's online loan industry in the first half annual report" data show that as of the first half of 2014, China P2P lending platform investors 443,600 people, and this figure is almost 2013 annual number of investors 250,500 People 2 times. Behind the multiple increase of P2P network platform interposer is a large number of personal information is controlled by the platform, personal information security urgently needs attention and protection.

On October 24, 2013, Ren Ren Zi issued a public notice on the user's personal information security bulletin. The announcement pointed out that in the process of communicating with users, the renminbi staff members found that the identity information had been occupied when the individual user registered personal rented account was found . After the staff survey found that the user has registered in a P2P platform and submitted identity information, the platform stolen user information registered in the Renren website and used to publish advertisements.

The leakage of user information has become a problem to be solved urgently, and whether the user needs to upload an ID card has also become a hot spot for investors and platforms when authenticating users.

It is understood that some of the platforms in the real-name authentication links do not need to upload ID cards, such as love investment, building blocks box, together loans, non-Nuo pounds passengers.

Select the platform does not need to upload ID card that, on the one hand this way to create a poor user experience, on the other hand there is also the risk of information disclosure. "The authenticity of the information binds the personal interests. If the registration information of the platform does not match the information of the bank card, the investors will not be able to withdraw the cash. Therefore, the investors are not required to be faked."

Requirements for uploading ID card platform for more cost considerations, "At present, the network credit platform and the Ministry of Public Security real-name certification docking, but each query will be 5 dollars, regardless of the success or not." Forced to require investors to upload ID card is undoubtedly very platform "economy."

This reporter also learned that, for the user information security issues, the past two years, some platforms have also occurred in the case of the interests of investors hacked. Hackers invaded the platform system background, the investor real-name authentication information and withdrawn bank card-related information is changed to hacker information, leading investors to profit into the hacker account. "Nowadays, most mainstream platforms do not need to upload ID cards, which is also the development trend in the industry," said Wang Jianzhang.

In early 2014, Guo Ligen, vice chairman of China Banking Regulatory Commission, said in a forum that Internet finance should firmly hold the bottom line of information security and enhance the risk-resistance capability of Internet finance so as to truly promote the sound development of Internet finance industry. getty map

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.