The first case of hijacking domain name in China

Source: Internet
Author: User

The intermediary transaction SEO diagnoses Taobao guest stationmaster buys the Cloud host technology Hall

China IDC Circle September 19 reported: September 11, Wuxi Binghu District Court sentenced the domestic public security organs cracked the first use of hijacked domain name server method to destroy computer information system case.

The Domain name server (also called DNS) is an important device of the Internet. When people go to the Internet to visit a website, they usually enter the English-alphabet Web site. In fact, the real web site is made up of 0-9 of these 10 figures. The computer is unable to recognize the English alphabet, it can only recognize the number, it will send English letters to the Network service provider's server sent resolution requests. The "server" will be the English letters to resolve the number returned to the Netizen's computer, netizens successfully landed on a website. In the information age, online banking, online transactions, electronic files and other related to the interests of millions of netizens. Because of this, the domain name server also becomes the object which the cyber criminals covet. In the second half of 2007, Ma Zhisong A group of network thieves implemented the hijacking of Domain name server crime, involving the national 31 of millions of Internet users computer poisoning. This mega-cyber crime alerted the Ministry of Public Security.

"Elegant" means maze

Cousin Cousin Programmed

July Chengdu Scorching, a 30-year-old youth wandering in the streets of the city, feel hot and dry. He, named Ma Zhisong, in Chengdu, an internet café as a network management. This job is very easy, but the limited income can not satisfy his pursuit of feasting life. Those who get rich overnight and become millions, tens or even billionaires are his idols. The day when he hoped to become a millionaire came soon. He's online looking for a chance to get rich ...

One day in July, Ma Zhisong on the internet and a netizen called "elegant" chat. "Elegant" told him that there is a technology can hijack the Internet domain name server, that is, through the deception program can be the domain name server resolution of the Web site point to any server. Said no intention, the listener heart, Ma Zhisong brain immediately thought, can hijack technology to the domain name server access users cheat to Trojan server, steal access to the user's game number to make money. Ma Zhisong immediately asked "elegant" there is no hijacking procedures, "elegant" said: I did not, I have only a hijacking program source code. Speaking, he sent a piece of source code to Ma Zhisong. In this way, Ma Zhisong buried in the heart of the rich desire to be ignited.

Since then, according to the "elegant" source code, Ma Zhisong day and night to study how to write hijacking procedures. However, after all, he did not receive specialized computer programming education, in the face of technical problems, he thought of his former Shuangliu County Vocational high school programming cousin Peng. Ma Zhisong a phone call will Peng from Shuangliu County to Chengdu, will hijack the idea of a domain name server told Peng. Peng because of long-term jobless, also for money worry, cousin's "idea" let his eyes a bright.

Since then, Ma Zhisong simply resigned the work of network management, and Peng together according to hijack the source code to write hijacking procedures. Stimulated by greed, the two quickly completed the hijacking of the Domain name server program. Ma Zhisong and Peng are eager to test whether the program can really hijack a domain name server. They decided to lease the server experiment first.

Network Platform

"Recruit" to raise funds

For Ma Zhisong, "Strength" is money. and to make their own interests to achieve, there can be no "capital". So he thought of his fellow friends to complement Yong. The horse is a net friend for many years. The horse will make up for it, and give his "grand plan" a fill. Fill also greatly encouraged, without hesitation to their own savings of more than 4,000 yuan to the horse. Horse with these costs, then rented a server in Chengdu, try to use Peng hijacking program hijacked a domain name server located in Zhongqing, unexpectedly succeeded. Horse, Peng and other people were ecstatic, feel can do a big fight. Soon the cost of 4000 yuan to fill Yong, Ma Zhisong suddenly thought why not find an investment partner online? So, thousands of of users outside the Liu Yugang and Ma Zhiqiang.

Liu and Ma Zhiqiang are a pair of good friends who live in Dongning County, Heilongjiang province. Liu After graduating from middle school, no suitable job, often on the internet. He found that many people on the Internet to acquire traffic, on the internet to find the sale of traffic flow, and then resell transferred to the homes, earning the difference. One day in the same month, Liu in Baidu website posted a post of purchase flow, a net name "Ma elder brother" initiative to find him accosted. "Brother Ma" learned that Liu's "business" after said: I hijacked the domain name server to engage in traffic, technology has matured, is the lack of funds. If you make a contribution, we can do it together and divide it together. Some say Liu a little heartbeat, also a bit hesitant. He thought it would be much easier to sell traffic on the Internet than he had worked hard all day. But can the word "Brother Ma" be believed? Margo "Aware of the hesitation of Liu, said you go to Chengdu to see if you decide whether to invest." Liu thought it was an opportunity and he promised to come down. Willow immediately find Ma Zhiqiang, will and "horse brother" to discuss things told Ma Zhiqiang, and tried to persuade Ma Zhiqiang together to invest. Ma Zhiqiang was also persuaded. Two people together 18,000 yuan fly to Chengdu and "Brother Ma" meet.

Tang Songjun 21 years old, a university in Zhejiang province, mathematics major grade four students. Like many science and engineering students, Tang Songjun also likes to soak up the Internet. But he is different from other students, he is using his computer knowledge to write small programs for others to make money. These days, Tang Songjun a little uneasy. A man called "Brother Ma" on the internet to him to write Trojan virus program. Tang Songjun know "horse brother" must be to use Trojan virus, this is to help "Brother Ma" crime. However, he really refused to "brother Ma" out of the 3000 yuan per month of the temptation to pay. With this money, he can not need to provide tuition fees at home, can be very chic to live. Finally, he made up his mind: follow "Brother Ma".

In this way, a few people in the interests of the drive to form a rampant network of criminal gangs.

Plot a fine division of labor

Give "Ace" Zhang Kangkou

Ma Zhisong got Liu Yugang, Ma Zhiqiang, Tang Songjun Support, feel the powerful. When Liu Yugang, Ma Zhiqiang to Chengdu, Ma Zhisong will they received their own residence, and called Peng, to discuss the implementation of hijacking domain name server plan. Ma Zhisong said to them: "We are ready to hijack the domain name server to engage in traffic, in the country, not many people now understand the technology." As long as we succeed, we can fallout. "Then, Ma Zhisong will engage in traffic, forge Web pages, hijack domain name servers, so that users of the computer Trojan virus, and then can steal other people's game account a lot of money" trick "to do the description. The others were excited to hear it. Ma Zhisong also proposed to earn 40% of their own money, the remaining 20% per cent. People have said Iron core followed "Brother Ma" dry. Shenzhen, a company's chat software every day there are millions, tens of thousands of users, users in the use of the company chat software, the computer will automatically pop up a "Mini net" home page. If the user computer is hijacked by hijacking the domain name server to the fake mini net home page, then the Trojan virus users will be millions. Ma Zhisong decided to forge the company's "Mini Net" home page.

Ma Zhisong also to the gang members of the Division of labor: Ma Zhisong himself forged the website "Mini Net" home. Ma Zhiqiang is responsible for contacting the leased server online. After Ma Zhiqiang the alias of "Li Gang" to Wuxi a company rented 8 servers. Liu, repair is responsible for contact "under the", that is, online contact a group of people using Trojan virus to specifically steal other people's game equipment, and then resell the game equipment. Of course, these will be based on Trojan virus to steal the game account number to Ma Zhisong they pay money. Soon Willow soon through the former customers contact a large number of "under the". These homes provide 17 kinds of theft of various types of game account Trojan virus. Ma Zhisong also will own fake mini NET homepage and these Trojan virus hangs in Wuxi's 8 servers, then lets Tang Songjun write the collection domain name server the procedure.

One night in September 2007, Ma Zhisong led Peng, BU, Ma Zhiqiang, Liu and other people to find a secluded restaurant in Chengdu Wuhou box, Ma Zhisong open notebook computer, using wireless network card to log on to the Internet. In the eyes of all, Ma Zhisong began to hijack the operation of the domain name server, to millions of netizens opened the jaws ...

Greed is a wild grab

Millions of internet users infected with virus

Ma Zhisong and other people use the above "trick", ushered in the harvest of the "season." Rich "profits" make them more greedy and crazy. From September 2007 to November, the Ma Zhisong gang forged the above Web page to hijack the domain name server, so that the computers of Internet users who visited the home page of the above-mentioned website were illegally resolved to the 8 virus servers located somewhere in Wuxi, causing their computers to infect the virus. For a time, the virus spread to 31 cities nationwide. Shanghai, Shenyang, Harbin, Chongqing, Nanjing and other 31 cities of the domain name server cache data was modified, nearly millions of internet users computer infected Trojan virus. An average of tens of thousands of Internet users ' game accounts are stolen every day. Ma Zhisong A group of people each day according to the number of stolen game account to "under the" collect money. In less than two months, the gang was frantically grabbing more than 400,000 of dollars in stolen money. Ma Zhisong himself 150,000, the remaining 250,000 yuan by Peng, BU, Liu, Ma Zhiqiang the spoils. The company to prevent more Internet users of computer virus, in early November to the same month 19th had to be forced to close the "mini net", resulting in direct loss of advertising company more than 100,000 yuan. At this time Ma Zhisong and other people immersed in the "Yuwengdeli" pleasure. "Elegant" Netizen's advice made him stoned ...

Alarmed the Ministry of Public Security

Hacker Paradise Broken

One day in early November 2007, a fax from the National Computer Virus Emergency treatment center in Shenzhen, located in a company office area, broke the peace. The company's public relations, Technology centers, advertising department in charge of the urgent call together. The fax said the company's servers could be attacked, and millions of computers across the country might be using the company's chat tools as Trojans. The company immediately redeployed technicians to find out why. After careful examination, the company personnel surprised, originally, the company "Mini Net" home was forged ...

The same month 19th, the state Ministry of Public Security received a report. Such a large number of domain name servers hijacked, modified, millions of netizens have been violated, it is rare, shocking. The crime in this case is unique, involving a wide range of social impact, caused the Ministry of Public Security attaches great importance to the immediate organization of the strong troops to carry out investigation work. Soon, the public security organs found the hijacking site in Chengdu, Sichuan, so the use of High-tech means, and gradually determined the identity of the perpetrators.

At this point, the Internet has released the above-mentioned company has been attacked news. Ma Zhisong feel danger is close, he first divided the money, then will Liu Yugang, Ma Zhiqiang sent back to the Northeast home. Ma Zhisong to his cronies Peng, fill Yong said: "The domestic game account can not do, to engage in foreign." The trio also prepared to hijack a famous foreign search engine by domain name server.

At this time, the public security organs have also identified the identity of the Ma Zhisong gang. December 29, 2007, the Public security organs sent 5 41 police officers to Heilongjiang, Sichuan, Shandong, Zhejiang and other countries to implement capture.

"Arrest, start!" Instructions, the same morning, Chengdu arrests Action Group of the police rushed to the suspect hiding place, Ma Zhisong, Peng, to fill Yong. At the same time, Zhangjiagang, Heilongjiang province Dongning County, Hangzhou city, Zhejiang Province, and other public security organs of the criminal suspect Ma Zhiqiang, Liu Yugang, Tang Songjun and other people arrested one by one. At this point, the damage to 31 cities nationwide criminal gangs were completely destroyed by public security organs.

February 15, 2008, the case by the Wuxi Binghu District People's Procuratorate trial, Ma Zhisong and other 6 per capita suspected of destroying computer information system was legally authorized to arrest the hospital. In the same year, July 11, the hospital to the accused Ma Zhisong, Peng, Tang Songjun, Ma Zhiqiang, Liu Yugang, compensation for damage to the computer information system charges to the court to prosecute. September 11, Wuxi Binghu District Court to the above 6 accused of the crime of destroying computer information systems, sentenced to Ma Zhisong imprisonment for four years, sentenced to Peng three years, sentenced to Tang Songjun imprisonment for two years, sentenced to Ma Zhiqiang, Liu Yugang imprisonment for 2 years six months, sentenced to a year of imprisonment.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.