Steal website personal information hacker earn million dollars

Absrtact: The reporter then through the thorough understanding discovers, at present many social, the recruitment and so on personal information related website, already became the hacker and the commercial website steals the wealth the new platform. A more detailed personal information, the price can even reach 50 yuan.

Social, recruitment site security vulnerabilities hackers use their vulnerabilities to sell personal information a detailed information to profit up to 50 yuan

Steal website personal information hacker earn million dollars

Newspaper (reporter Yangfan) "This week, countless courtship phone and SMS let me see the phone on the upset!" "Unmarried Miss Zhang told reporters yesterday that she had registered a new user on a dating site, and that because of the poor confidentiality of the site, personal information leaked out, she now has to change her mobile phone number."

The reporter then through the thorough understanding discovers, at present many social, the recruitment and so on personal information related website, already became the hacker and the commercial website steals the wealth the new platform. A more detailed personal information, the price can even reach 50 yuan, hackers one months can profit as much as tens of thousands of dollars.

WikiLeaks

Personal information is posted on the website

Miss Zhang is the sales manager of an export trading company in Zhongguancun, 32 years old, and has a car in a room. According to her, because after graduating from university has been enamored of work, the personal event to delay, so chose to look for opportunities on the marriage website.

The first one months after registering a new user for a website, everything is normal. Miss Zhang has the intention of netizens, must pass her verification to chat and add as friends, here Miss Zhang's contact method has been in a confidential state.

But one months later, the symptom is wrong, Miss Zhang frequently receives the message and the telephone from the stranger. Through repeated inquiries, Miss Zhang learned that her mobile phone number, QQ number and other contact information has been published by other dating sites.

Since then, Miss Zhang many times with the publication of their own information on the website after that, because the site's personal information security protection capability is not strong, the user's personal information stolen by other sites, resulting in Miss Zhang's encounter.

Secret

A personal information can be sold for 50 yuan

FW (Legal Evening): Can you give a brief introduction to the current situation of personal information security?

Wei Shanming (security engineer of an internet company, 7 years hacker Experience): At present, many domestic social, recruitment website intrusion Prevention technology is very poor.

FW: What is the use of stealing personal information in general?

Wei-Ming: Personal information is money, such as recruitment site, a resume of at least 1 yuan, senior talent's resume can sell 50 yuan. Many hackers use to sell resumes one months to gain more than million yuan.

FW: Is the knowledge required to steal this information high?

Wei-ming: For professional hackers is simply a piece of cake, and even sometimes Baidu search can take these personal information to crawl out.

Prevention

Network real-Name system is the general trend

According to the domestic large-scale marriage website Lily Net CEO Fanjiang introduced, the current site personal information loss is mainly three ways: the first is the hacker direct theft, the second is the member to obtain information after the transmission, the third is the site's internal personnel to steal, for the above three types of theft, the current site most of the following methods to protect:

Website Protection Personal Information Disclosure method

First, raise the threshold of registration, in response to the national call to promote real-name.

The current serious dating site, each person registered on average to spend twenty or thirty minutes to fill in, and, in the test questions hidden polygraph, if the registrant is inconsistent, or scribbled, the site can identify the person.

Second, to remind members not to disclose personal information easily.

Some because members of their own security awareness is not enough, the personal contact information in the personal profile is fully disclosed. The site should remind members that this is risky.

Third, there is also a website is not enough internal management, so that internal staff can obtain membership of the complete information, thereby increasing the risk of leakage.

At present, large Web sites have adopted strict intranet monitoring, such as to strengthen the management of access rights, in the database to contact the way encryption, call center phone number hidden dial-up system and so on.