{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"經查,涉事兩名攻擊者非法獲取某互聯網公司客戶信息共計11.8億條,在8個月的時間裏利用該信息經營共獲利34萬餘元。最終,二人因侵犯公民個人信息罪,分別被判處有期徒刑三年六個月,有期徒刑三年三個月。"}]}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"某頂級互聯網公司十億餘條信息被外泄"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"6月9日,網傳某頂級互聯網公司被攻陷,十億餘條信息外泄。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"中國裁判文書網的一則判決書證實了該傳聞。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據中國裁判文書網發佈的《逯某、黎某侵犯公民個人信息一審刑事判決書》顯示,2020年8月14日,某互聯網公司報稱警,在2020年7月6日到2020年7月13日時,有黑產通過mtop訂單評價接口繞過平臺風控批量爬取加密數據,爬取字段量巨大,7月6日至7月13日之間平均每天爬取數量500萬,爬取內容包括買家用戶暱稱,用戶評價內容,暱稱等敏感字段。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"經該公司網站排查發現,逯某有重大作案嫌疑,作案地點河南省商丘市睢陽區新城街道長江路民政局家屬院,立爲刑事案件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"經審理查明,被告人黎某在湖南省瀏陽市成立了瀏陽市泰創網絡科技有限公司(自然人獨資),該公司設有返利部、客服部、招商部等部門。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據悉,該公司主要是做優惠券返利的,主要利用用戶的手機號加對方微信好友進行推廣商品,讓用戶領取優惠券,對方使用優惠券成功購買商品,該公司會獲得返利。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"被告人逯某受僱於被告人黎某,作爲公司技術員,每月工資一萬元。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"自2019年11月,被告人逯某在商丘市睢陽區其家中利用自己開發的"},{"type":"text","marks":[{"type":"strong"}],"text":"爬蟲軟件"},{"type":"text","text":",通過某互聯網公司電商網站網頁接口爬取客戶的信息,並將其中客戶的手機號碼提供給被告人黎某,用於瀏陽市泰創網絡科技有限公司用於經營活動,"},{"type":"text","marks":[{"type":"strong"}],"text":"該公司自2019年11月份至2020年7月份利用該信息經營共獲利340187.68元。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"經司法鑑定,被告人逯某通過其開發的軟件爬取某互聯網公司電商網站客戶的數字ID、暱稱、手機號碼等客戶信息共計1180738048條,被告人逯某將其爬取信息中的客戶手機號碼通過微信文件的形式發送給被告人黎某使用共計19712611條。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"涉事互聯網公司安全風控員發現黑產行爲"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"被告人逯某,因涉嫌非法獲取計算機信息系統數據、非法控制計算機信息系統罪,於2020年8月15日被商丘市公安局新城分局刑事拘留,2020年9月22日被逮捕。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"被告人黎某,因涉嫌侵犯公民個人信息罪,2020年8月21日被抓獲,於2020年8月22日被商丘市公安局新城分局刑事拘留,同年9月22日被逮捕。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"被告人逯某辯稱,只採集了五千萬條,十一億八千萬條不是我採集的,是從其它地方下載的,我採集的信息沒有傳播,只有電話號碼,沒有身份信息,沒有聯繫任何一個用戶,沒有得到利潤。獲利只有六七萬或七八萬元。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"被告人黎某辯稱,逯某給我發的信息只是一個單純的手機號碼,沒有拿這些信息做違法犯罪的事情,返利部的獲利是利用該信息,其他部獲利與該信息無關,願意退出37萬元的違法所得。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"證人馬某證言證實,其系某互聯網公司安全風控員,2020年7月13日,其在工作中發現,平臺的評價接口存在異常流量行爲,經排查後發現有黑產通過破解接口的形式進行加密數據的爬取,在2020年7月13日至2020年7月20日之間爬取了3500萬條數據。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"該互聯網公司公司派工作人員前往商丘市公安局犯罪偵查支隊直屬二大隊協查調查,通過嫌疑人逯某的電腦硬盤信息分析統計,共計12億條手機號、user_nick等加密相關信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"國家林業局森林公安司法鑑定中心物證檢驗報告證實,對逯某、黎某手機數據恢復、提取、鑑定。情況說明證實,(調取逯某電腦數據庫中數據的真實性說明)逯某數據庫數據統計,共有12億條數據,據抽樣1W條數據進行排查屬正確關係對數據。主要字段包含user_id,user_nick,手機號,註冊時間等屬於某互聯網公司實際認證的真實信息。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"判決:黎某獲刑三年六個月;逯某獲刑三年三個月"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"商丘市睢陽區人民檢察院認爲,被告人逯某受僱於被告人黎某,二人違反國家規定,非法獲取公民個人信息,情節特別嚴重,其行爲均已構成侵犯公民個人信息罪。公訴機關指控罪名成立。且系共同犯罪,被告人逯某、黎某有坦白情節,且認罪認罰,對其均可從輕處罰。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"綜合其犯罪情節及社會危害性,依照《中華人民共和國刑法》第二百五十三條之一、第二十五條第一款、第六十七條第三款、第五十二條、第五十三條、第六十四條之規定,判決如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一、被告人黎某犯侵犯公民個人信息罪,判處有期徒刑三年六個月,並處罰金人民幣三十五萬元。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"二、被告人逯某犯侵犯公民個人信息罪,判處有期徒刑三年三個月,並處罰金人民幣十萬元。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"三、被告人黎某、逯某違法所得依法繼續予以追繳上繳國庫。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"四、依法扣押的作案工具逯某電腦主機5臺、電腦顯示器3臺和手機5個,由扣押機關依法處理。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"矛盾的爬蟲技術"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這起案件中,被告人的主要“作案工具”之一是爬蟲技術,其非法爬取了某互聯網公司的十億餘條數信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在一些場景,爬蟲技術很容易遊走在違法邊緣。尤其在一些金融大數據公司中,爬蟲業務被廣泛應用。2019年下半年,一場嚴厲的監管風暴下,多家金融大數據公司接連被查,被查原因中多涉及違規利用爬蟲技術的問題。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"業內有這樣一種說法,爬蟲貢獻了互聯網50% 的流量,它對於互聯網的繁榮功不可沒。但該技術同時也因“用途”而充滿爭議。爬蟲是一項見不得“陽光”的技術,它廣泛運用,卻少有人願意承認在使用它。因爲它常常被用作非法收集信息的工具,站上數據隱私、數據安全的對立面。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“爬蟲技術本身並無對錯,但要看怎麼用,用錯了肯定違法啊”,一位程序員向AI前線表示,“技術無罪,關鍵在於人”。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"網絡爬蟲是非常普遍的一種數據挖掘技術,它是一種按照一定的規則,自動地抓取網絡信息的程序或者腳本。爬蟲技術最早主要運用在搜索引擎中,它滿足了人們的數據獲取、分析需求。早在1995年,爲了不越“邊界”,互聯網搜索引擎與網頁持有者之間達成了一項“君子協定”— robot協議,該協議規定了哪些信息該爬,哪些信息不該爬,20多年來,該協議一直沿用至今。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在遵循 robot協議的前提下使用爬蟲技術是沒有任何風險的。但往往有些“作惡者”試圖越過紅線,一些大數據公司打着“大數據分析”的名頭違規違法爬取任何網頁及訪問用戶的數據,致使“蟲災”氾濫。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"現在的爬蟲似乎無所不能,只要有賬號密碼都可以爬,包括電商平臺、外賣平臺、地圖、旅行網站、共享單車、等平臺的個人信息,用戶的通訊錄、上網地址、收貨地址、聊天記錄、搜索記錄、支付記錄,甚至央行的徵信報告...總之,一切皆可爬,還可進行定製化爬取。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"爬蟲也是一項“矛盾”的技術。爬與反爬的“鬥爭”每天都在上演,力量此消彼長。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據一位資深程序員介紹,現在比較常見的反爬蟲技術手段主要有,檢測Header信息;設置IP訪問頻率,分析同一IP或同一設備在短時間內多次訪問同一頁面或進行相同操作;識別 UA、通過動態頁面增加爬取難度等方式。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這幾年,隨着隨着AI的發展,一些機器學習、canvas指紋等智能反爬蟲技術也被運用起來。例如,騰訊雲網站管家 WAF就將 AI 檢測引擎能力,運用到了爬蟲 Bot 程序檢測的環節上,AI 引擎能夠對站點訪問流量的會話進行追蹤,通過流量畫像,匹配行爲模型及行爲標籤進行識別,進而識別出爬蟲 Bot 程序流量行爲。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2019年5月,被稱爲“中國版GDPR”的《數據安全管理辦法》徵求意見稿發佈,第16條規定,網絡運營者採取自動化手段訪問收集網站數據,不得妨礙網站正常運行;如自動化訪問收集流量超過網站日均流量三分之一,網站要求停止自動化訪問收集時,應當停止。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一位業內人士認爲,技術只是工具,在獲取數據時需要考慮數據到底有沒有獲得授權,需要幾方授權,在拿到用戶授權的情況下,有沒有拿到網站等數據來源方的授權,這其中涉及到的權責邊界應該更明確。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"隨着監管越來越嚴格,爬蟲技術的使用邊界也將更加明晰。互聯網從業者應當懷有敬畏之心,要時時注意不要觸碰邊界,畢竟,爬蟲只是技術,灰色的是“助惡者”。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"黑產猖獗,AI風控來“智”鬥"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"近年來,黑產分子欺詐的手段也是“道高一尺、魔高一丈”,人機對話、網絡詐騙等新興欺詐手段增多,詐騙方法也漸趨智能化。據統計,網絡黑產的從業人員超過 200 萬,市場規模高達千億級別。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"例如在電商場景中,每逢節日大促,商家和平臺會推出滿減、優惠券、紅包、積分抵現金等多種多樣的促銷,但消費者經常遇到失去到手的戰利品和優惠券的情況,實際上,這很大可能是網絡黑產們在背後動了這些原本屬於消費者的奶酪。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通常情況下,在官方發佈促銷活動之前,黑產會通過暗網、QQ 羣、微信羣、黑產論壇等渠道來及時獲取相關活動信息,以不法渠道購買大批量 IP、手機號和設備資源等基礎資源來註冊、登錄電商平臺,並通過自動化操作工具以及自動 \/ 人工打碼平臺來提升作惡效率。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在很多電商業務場景中,黑產會專門研究對應的業務流程並從中挖掘出存在的漏洞,再與自有核心資源和基礎工具進行整合,從而把整個行爲鏈條編寫成可以自動執行的業務工具,開始全自動、大批量的進行作惡,從而獲取高額利潤。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"依法打擊黑產不僅需要監管部門、平臺和商家的協作,更需要技術手段的介入。目前,很多行業如電商、金融、遊戲、醫療等行業的很多企業和機構開始運用AI來加強大數據風控。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"與傳統的人工風控方式相比,AI風控能夠解決很多歷史痛點問題。首先是人工效率的問題,傳統體系中,人爲干預因素較多,但每個人工作時間有上限。但 AI 的工作時間不會受到限制,可以 24 小時工作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"其次,AI 技術對細化客戶分層的顆粒度及實現精細化管理助力頗多。AI 能夠代替人工處理,能精準用戶畫像,提高風險識別能力。特別是處理大規模的客戶方面,例如針對百萬級、千萬級、上億的客戶,如此大量的客戶不能完全靠一個風控團隊去處理,必須要藉助 AI 技術進行這種大量級客戶的風險識別工作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"italic"},{"type":"size","attrs":{"size":10}},{"type":"strong"}],"text":"參考鏈接:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/wenshu.court.gov.cn\/website\/wenshu\/181107ANFZ0BXSK4\/index.html?docId=7987f14ab34e4480ae9dad3c009aff7d&fileGuid=6c8ytcXxGtJGch8d","title":"","type":null},"content":[{"type":"text","marks":[{"type":"italic"}],"text":"https:\/\/wenshu.court.gov.cn\/website\/wenshu\/181107ANFZ0BXSK4\/index.html?docId=7987f14ab34e4480ae9dad3c009aff7d"}],"marks":[{"type":"italic"},{"type":"size","attrs":{"size":10}}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/mp.weixin.qq.com\/s?__biz=MzU1NDA4NjU2MA==&mid=2247519476&idx=3&sn=92777bdba191119e51b80f9f9612932b&chksm=fbea353bcc9dbc2d85854dfa75f8213ac9a61eb8f24c96f88285b802b69af975d16988a8b9c9&scene=27#wechat_redirect&fileGuid=6c8ytcXxGtJGch8d","title":"","type":null},"content":[{"type":"text","marks":[{"type":"italic"}],"text":"https:\/\/mp.weixin.qq.com\/s?__biz=MzU1NDA4NjU2MA==&mid=2247519476&idx=3&sn=92777bdba191119e51b80f9f9612932b&chksm=fbea353bcc9dbc2d85854dfa75f8213ac9a61eb8f24c96f88285b802b69af975d16988a8b9c9&scene=27#wechat_redirect"}],"marks":[{"type":"italic"},{"type":"size","attrs":{"size":10}}]}]}]}
傳某頭部互聯網公司被攻陷,攻擊者利用爬蟲獲取11.8億條數據,8個月獲利34萬
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"經查,涉事兩名攻擊者非法獲取某互聯網公司客戶信息共計11.8億條,在8個月的時間裏利用該信息經營共獲利34萬餘元。最終,二人因侵犯公民個人信息罪,分別被判處有期徒刑三年六個月,有期徒刑三年三個月。"}]}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"某頂級互聯網公司十億餘條信息被外泄"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"6月9日,網傳某頂級互聯網公司被攻陷,十億餘條信息外泄。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"中國裁判文書網的一則判決書證實了該傳聞。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據中國裁判文書網發佈的《逯某、黎某侵犯公民個人信息一審刑事判決書》顯示,2020年8月14日,某互聯網公司報稱警,在2020年7月6日到2020年7月13日時,有黑產通過mtop訂單評價接口繞過平臺風控批量爬取加密數據,爬取字段量巨大,7月6日至7月13日之間平均每天爬取數量500萬,爬取內容包括買家用戶暱稱,用戶評價內容,暱稱等敏感字段。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"經該公司網站排查發現,逯某有重大作案嫌疑,作案地點河南省商丘市睢陽區新城街道長江路民政局家屬院,立爲刑事案件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"經審理查明,被告人黎某在湖南省瀏陽市成立了瀏陽市泰創網絡科技有限公司(自然人獨資),該公司設有返利部、客服部、招商部等部門。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據悉,該公司主要是做優惠券返利的,主要利用用戶的手機號加對方微信好友進行推廣商品,讓用戶領取優惠券,對方使用優惠券成功購買商品,該公司會獲得返利。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"被告人逯某受僱於被告人黎某,作爲公司技術員,每月工資一萬元。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"自2019年11月,被告人逯某在商丘市睢陽區其家中利用自己開發的"},{"type":"text","marks":[{"type":"strong"}],"text":"爬蟲軟件"},{"type":"text","text":",通過某互聯網公司電商網站網頁接口爬取客戶的信息,並將其中客戶的手機號碼提供給被告人黎某,用於瀏陽市泰創網絡科技有限公司用於經營活動,"},{"type":"text","marks":[{"type":"strong"}],"text":"該公司自2019年11月份至2020年7月份利用該信息經營共獲利340187.68元。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"經司法鑑定,被告人逯某通過其開發的軟件爬取某互聯網公司電商網站客戶的數字ID、暱稱、手機號碼等客戶信息共計1180738048條,被告人逯某將其爬取信息中的客戶手機號碼通過微信文件的形式發送給被告人黎某使用共計19712611條。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"涉事互聯網公司安全風控員發現黑產行爲"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"被告人逯某,因涉嫌非法獲取計算機信息系統數據、非法控制計算機信息系統罪,於2020年8月15日被商丘市公安局新城分局刑事拘留,2020年9月22日被逮捕。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"被告人黎某,因涉嫌侵犯公民個人信息罪,2020年8月21日被抓獲,於2020年8月22日被商丘市公安局新城分局刑事拘留,同年9月22日被逮捕。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"被告人逯某辯稱,只採集了五千萬條,十一億八千萬條不是我採集的,是從其它地方下載的,我採集的信息沒有傳播,只有電話號碼,沒有身份信息,沒有聯繫任何一個用戶,沒有得到利潤。獲利只有六七萬或七八萬元。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"被告人黎某辯稱,逯某給我發的信息只是一個單純的手機號碼,沒有拿這些信息做違法犯罪的事情,返利部的獲利是利用該信息,其他部獲利與該信息無關,願意退出37萬元的違法所得。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"證人馬某證言證實,其系某互聯網公司安全風控員,2020年7月13日,其在工作中發現,平臺的評價接口存在異常流量行爲,經排查後發現有黑產通過破解接口的形式進行加密數據的爬取,在2020年7月13日至2020年7月20日之間爬取了3500萬條數據。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"該互聯網公司公司派工作人員前往商丘市公安局犯罪偵查支隊直屬二大隊協查調查,通過嫌疑人逯某的電腦硬盤信息分析統計,共計12億條手機號、user_nick等加密相關信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"國家林業局森林公安司法鑑定中心物證檢驗報告證實,對逯某、黎某手機數據恢復、提取、鑑定。情況說明證實,(調取逯某電腦數據庫中數據的真實性說明)逯某數據庫數據統計,共有12億條數據,據抽樣1W條數據進行排查屬正確關係對數據。主要字段包含user_id,user_nick,手機號,註冊時間等屬於某互聯網公司實際認證的真實信息。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"判決:黎某獲刑三年六個月;逯某獲刑三年三個月"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"商丘市睢陽區人民檢察院認爲,被告人逯某受僱於被告人黎某,二人違反國家規定,非法獲取公民個人信息,情節特別嚴重,其行爲均已構成侵犯公民個人信息罪。公訴機關指控罪名成立。且系共同犯罪,被告人逯某、黎某有坦白情節,且認罪認罰,對其均可從輕處罰。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"綜合其犯罪情節及社會危害性,依照《中華人民共和國刑法》第二百五十三條之一、第二十五條第一款、第六十七條第三款、第五十二條、第五十三條、第六十四條之規定,判決如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一、被告人黎某犯侵犯公民個人信息罪,判處有期徒刑三年六個月,並處罰金人民幣三十五萬元。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"二、被告人逯某犯侵犯公民個人信息罪,判處有期徒刑三年三個月,並處罰金人民幣十萬元。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"三、被告人黎某、逯某違法所得依法繼續予以追繳上繳國庫。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"四、依法扣押的作案工具逯某電腦主機5臺、電腦顯示器3臺和手機5個,由扣押機關依法處理。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"矛盾的爬蟲技術"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這起案件中,被告人的主要“作案工具”之一是爬蟲技術,其非法爬取了某互聯網公司的十億餘條數信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在一些場景,爬蟲技術很容易遊走在違法邊緣。尤其在一些金融大數據公司中,爬蟲業務被廣泛應用。2019年下半年,一場嚴厲的監管風暴下,多家金融大數據公司接連被查,被查原因中多涉及違規利用爬蟲技術的問題。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"業內有這樣一種說法,爬蟲貢獻了互聯網50% 的流量,它對於互聯網的繁榮功不可沒。但該技術同時也因“用途”而充滿爭議。爬蟲是一項見不得“陽光”的技術,它廣泛運用,卻少有人願意承認在使用它。因爲它常常被用作非法收集信息的工具,站上數據隱私、數據安全的對立面。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“爬蟲技術本身並無對錯,但要看怎麼用,用錯了肯定違法啊”,一位程序員向AI前線表示,“技術無罪,關鍵在於人”。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"網絡爬蟲是非常普遍的一種數據挖掘技術,它是一種按照一定的規則,自動地抓取網絡信息的程序或者腳本。爬蟲技術最早主要運用在搜索引擎中,它滿足了人們的數據獲取、分析需求。早在1995年,爲了不越“邊界”,互聯網搜索引擎與網頁持有者之間達成了一項“君子協定”— robot協議,該協議規定了哪些信息該爬,哪些信息不該爬,20多年來,該協議一直沿用至今。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在遵循 robot協議的前提下使用爬蟲技術是沒有任何風險的。但往往有些“作惡者”試圖越過紅線,一些大數據公司打着“大數據分析”的名頭違規違法爬取任何網頁及訪問用戶的數據,致使“蟲災”氾濫。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"現在的爬蟲似乎無所不能,只要有賬號密碼都可以爬,包括電商平臺、外賣平臺、地圖、旅行網站、共享單車、等平臺的個人信息,用戶的通訊錄、上網地址、收貨地址、聊天記錄、搜索記錄、支付記錄,甚至央行的徵信報告...總之,一切皆可爬,還可進行定製化爬取。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"爬蟲也是一項“矛盾”的技術。爬與反爬的“鬥爭”每天都在上演,力量此消彼長。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據一位資深程序員介紹,現在比較常見的反爬蟲技術手段主要有,檢測Header信息;設置IP訪問頻率,分析同一IP或同一設備在短時間內多次訪問同一頁面或進行相同操作;識別 UA、通過動態頁面增加爬取難度等方式。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這幾年,隨着隨着AI的發展,一些機器學習、canvas指紋等智能反爬蟲技術也被運用起來。例如,騰訊雲網站管家 WAF就將 AI 檢測引擎能力,運用到了爬蟲 Bot 程序檢測的環節上,AI 引擎能夠對站點訪問流量的會話進行追蹤,通過流量畫像,匹配行爲模型及行爲標籤進行識別,進而識別出爬蟲 Bot 程序流量行爲。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2019年5月,被稱爲“中國版GDPR”的《數據安全管理辦法》徵求意見稿發佈,第16條規定,網絡運營者採取自動化手段訪問收集網站數據,不得妨礙網站正常運行;如自動化訪問收集流量超過網站日均流量三分之一,網站要求停止自動化訪問收集時,應當停止。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一位業內人士認爲,技術只是工具,在獲取數據時需要考慮數據到底有沒有獲得授權,需要幾方授權,在拿到用戶授權的情況下,有沒有拿到網站等數據來源方的授權,這其中涉及到的權責邊界應該更明確。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"隨着監管越來越嚴格,爬蟲技術的使用邊界也將更加明晰。互聯網從業者應當懷有敬畏之心,要時時注意不要觸碰邊界,畢竟,爬蟲只是技術,灰色的是“助惡者”。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"黑產猖獗,AI風控來“智”鬥"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"近年來,黑產分子欺詐的手段也是“道高一尺、魔高一丈”,人機對話、網絡詐騙等新興欺詐手段增多,詐騙方法也漸趨智能化。據統計,網絡黑產的從業人員超過 200 萬,市場規模高達千億級別。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"例如在電商場景中,每逢節日大促,商家和平臺會推出滿減、優惠券、紅包、積分抵現金等多種多樣的促銷,但消費者經常遇到失去到手的戰利品和優惠券的情況,實際上,這很大可能是網絡黑產們在背後動了這些原本屬於消費者的奶酪。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通常情況下,在官方發佈促銷活動之前,黑產會通過暗網、QQ 羣、微信羣、黑產論壇等渠道來及時獲取相關活動信息,以不法渠道購買大批量 IP、手機號和設備資源等基礎資源來註冊、登錄電商平臺,並通過自動化操作工具以及自動 \/ 人工打碼平臺來提升作惡效率。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在很多電商業務場景中,黑產會專門研究對應的業務流程並從中挖掘出存在的漏洞,再與自有核心資源和基礎工具進行整合,從而把整個行爲鏈條編寫成可以自動執行的業務工具,開始全自動、大批量的進行作惡,從而獲取高額利潤。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"依法打擊黑產不僅需要監管部門、平臺和商家的協作,更需要技術手段的介入。目前,很多行業如電商、金融、遊戲、醫療等行業的很多企業和機構開始運用AI來加強大數據風控。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"與傳統的人工風控方式相比,AI風控能夠解決很多歷史痛點問題。首先是人工效率的問題,傳統體系中,人爲干預因素較多,但每個人工作時間有上限。但 AI 的工作時間不會受到限制,可以 24 小時工作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"其次,AI 技術對細化客戶分層的顆粒度及實現精細化管理助力頗多。AI 能夠代替人工處理,能精準用戶畫像,提高風險識別能力。特別是處理大規模的客戶方面,例如針對百萬級、千萬級、上億的客戶,如此大量的客戶不能完全靠一個風控團隊去處理,必須要藉助 AI 技術進行這種大量級客戶的風險識別工作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"italic"},{"type":"size","attrs":{"size":10}},{"type":"strong"}],"text":"參考鏈接:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/wenshu.court.gov.cn\/website\/wenshu\/181107ANFZ0BXSK4\/index.html?docId=7987f14ab34e4480ae9dad3c009aff7d&fileGuid=6c8ytcXxGtJGch8d","title":"","type":null},"content":[{"type":"text","marks":[{"type":"italic"}],"text":"https:\/\/wenshu.court.gov.cn\/website\/wenshu\/181107ANFZ0BXSK4\/index.html?docId=7987f14ab34e4480ae9dad3c009aff7d"}],"marks":[{"type":"italic"},{"type":"size","attrs":{"size":10}}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/mp.weixin.qq.com\/s?__biz=MzU1NDA4NjU2MA==&mid=2247519476&idx=3&sn=92777bdba191119e51b80f9f9612932b&chksm=fbea353bcc9dbc2d85854dfa75f8213ac9a61eb8f24c96f88285b802b69af975d16988a8b9c9&scene=27#wechat_redirect&fileGuid=6c8ytcXxGtJGch8d","title":"","type":null},"content":[{"type":"text","marks":[{"type":"italic"}],"text":"https:\/\/mp.weixin.qq.com\/s?__biz=MzU1NDA4NjU2MA==&mid=2247519476&idx=3&sn=92777bdba191119e51b80f9f9612932b&chksm=fbea353bcc9dbc2d85854dfa75f8213ac9a61eb8f24c96f88285b802b69af975d16988a8b9c9&scene=27#wechat_redirect"}],"marks":[{"type":"italic"},{"type":"size","attrs":{"size":10}}]}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章