Cloud Conference in mid-July and a white hat (front of hackers, skills that can identify your computer or network vulnerabilities but are not malicious but informed as soon as possible and repair) armed with an Android Pad is called opposite him a cell phone, a couple of seconds after the phone's incoming call number display "18688888888". In fact, after just a half-hour set, cost tens of thousands of calls, this Pad can be "set aside" any number he wants. YSL iPhone 5 Case
This is arbitrary, if combined with personal information being leaked or on the black market to buy the network, use it (fraud) (cheating) will be more productive than the more common 400 win phone. White hat of cloud platforms cited an example: female college student missing, Crooks posing as her mobile phone to call family, perhaps cheated tens of thousands of minute transfer.
Any call could be forged
Calling number changes there is no difficulty, the whole process cheats just a VoIP service provider, a tool to cheat mobile number, certification (part of the network the phone might read this number to display) as well as valid contact information can. This is the Internet and carrier network identifying blind spots that appear when network operators call the traditional operator agreement on calling number for identity verification.
Passer-by tells us that when we call on a traditional telephone network, calling and being called by operators connected at both ends, that is,
Calling of the = operator = operator = is called.
Operators at this time via mobile phone hardware and SIM card to transmit a unique identification ID, caller's identity could not be faked (unless you use operators to kill).
But after the rise of Internet telephony, it is no longer controlled by operators along the chain, VoIP operator or ISP involved. When Internet telephony users (such as a Pad) call, its chain is
Pad= VoIP operator =, operator = is called.
Network operators call the traditional operator in the process, it uses the Protocol itself does not have any identity verification, operators are considered to be fully trusted. To the Pad to give a fictitious ID, which trick the phone operators, can turn into an arbitrary calling number.
All VoIP service, tool to cheat mobile number, certification is not difficult to obtain, if not, developed from scratch don't require too much effort. YSL iPhone 5 Case
However, arbitrage, fake number just mobile first.
"Traffic is King" phishing sites
Phishing Web site traffic is the Internet a "taunt".
Assume 3 things top on the Priority List of phishing sites, is that these 3 things will flow, flow rate and flow. If in addition to the 4th thing, that is a reasonable one iteration.
Fishing website traffic sources has a wide variety of was (and still is), including IM, search engines, small site advertising, social networks, pop and some highly approximate address. But now many were blocked by security software, bulk SMS spam has become an important source of traffic, which is highly dependent on a fake base station.
Interpretation of pseudo-base station in Wikipedia is like this:
Generally by the host and portable computer through bulk SMS, SMS transmitter device to search and seize its Center, phone card information within a certain radius, through base station masquerading as operators, using other phone number forcibly sent to the user's handset fraud, advertising and other messages.
Larger initial pseudo-base station, only a GSM network for China Mobile and Unicom 2G; now by pressing 3G, 4G, signal upgrades, devices were also more compact, mostly car, and even placed in a backpack version.
But beyond the generation, pseudo-base station works is like this:
Within the truncated access of mobile phone base stations normally communication = pseudo = SMS = base station released a successful of the phone.
Development of pseudo-base station is not difficult, so once the programme out of or sold in the market, individuals or small workshops can be produced. 13 years ago has a lot of direct traffic in machine site on the Web, these equipment are called bulk SMS Taobao, renamed the 900 and 1800 equipment after being banned.
Lei feng's network journalists free to change a few words in Baidu, and you'll find the two sellers.
First is a sales machine, assemble the second home is sold piecemeal.
By such base stations after the traffic, fishing stations operational principle whereby those who are willing to take the bait, more precisely who is silly and who to.
Cloud man told us that domestic fishing station in the second half of the year increased significantly, in 5-peaked in June of this year; now the fishing stations produced more detailed, even very close to the real interaction logic. Many phishing sites in the past simply fill in some bank card information, many new sites will allow users to rapidly complete the transfer in the interaction design.
Domestic fishing stations there are more concentrated development upstream, most sites use the same set of back-end systems, in which passers-by are often called knife technology Studio. Although called the Studio, but probably only a small development team or even a person.
Clouds of white caps and even showed us a fishing station in which they scored the background, you can see the site online in less than 20 days has more than 360 pieces of bank card information includes name, card number, password, ID card, valid credit card CVV are substantially complete, but this was only a small "single site".
Mature fish team will buy multiple domain names pointing to the same site. Due to the back-end system is widely used, sometimes like sharp knives Studio Team even than the fishing operation is to make money. Security circles also have always had a joke: the difference between white hat and Black Hat is a monthly salary of 10,000 10,001 daily.
According to incomplete statistics, number of new phishing sites from 50 to 150 a day and count the number of victims may be thousands of people a day, these sites live cycle is not too long, a lot of not more than 3 days, and probably to servers abroad. Fishing chain, in addition to the sale of template and source code, and dedicated team is responsible for the distribution (for example drove a fake base station running around). Judging from the geographical distribution of victims, many pseudo-base stations often replace a city a day.
Whether pseudo-base station or a fishing station, their activities online and offline is very flexible, but usually organizations are small, mostly less than 10 close team.
Countless black card, therefore the finish of wool
If the forged numbers and phishing sites are stupid and rich individuals that pull the wool is silly and gold companies. In theory any open rewards can be collected, including, but not limited to coupons, sweepstakes, rewards.
On April 6 this year, suning, a full 100 minus 50 activities were explosions using a threshold of just over 0.1. That night a lot of technical night scalps, is rumored to have a brush 17,000 single.
Suning's losses may be 50 million-70 million.
Suning is after brushing part Sun
Previously uncovered, including Uber's car was painted single-event:
Industry slang, no single driver name "patient", and scalping people known as "nurse". When issuing scalping requests, is to brush a single staff for "needle".
Scalping was immediately with a new user account, select the driver near the starting position, driver "orders" (actually empty) acquired after concluding the visit + Uber fare subsidies, then fare back to the scalp through other personnel, drivers leave subsidies, and scalping due rewards earnings once a fare of 30 Yuan for the new user.
Uber starting pointers like "prick"
More than two procedures, we need some automated tools, bulk registration and most of the time need unused mobile phone number in order to register a new user, which spoke of a black card.
These black card appears as a platform for SMS receiving online, most with full multi-platform client (iOS, Android, Win etc), more important is that most of them have provided the Automation API.
Automation API is the highlight
Small cat pool
Passer-by tells us that domestic 5-6 large messages about receiving platform, each nearly 200,000 number, or at least millions of black card. These black cards through something called "cat pool" of special equipment receive information, of course, these black cards if a region will produce local base stations in the region to a halt, so they are actually "distributed"--more accurately is scattered everywhere in every number of the hundreds of scattered in different locations. According to the cloud track, these black card where the majority were concentrated in Guangzhou, Shenzhen and Dongguan in 3 places.
Another problem is worthy of study, millions can normally send and receive text messages, but no black card is where real-name identities come from? Insiders inform us two sources:
A is some outflow of industry message card, they had used to control the device networking only, so it is usually opened only traffic and SMS;
There is from the agents, agents rushed business number may be sold to these platforms, agents themselves have a lot of real ID information, and can even give their card to do the real-name authentication.
Then there is the black card, and some cats pools (CAT pool production is certified, but due to the large market such as TB, its purchase and use is difficult to monitor), so have the unlimited text messaging platform, there is no unlimited ID.
Therefore the present a professional sheep population is relatively fixed, there is a clear division of labour, like all project personnel specifically found, developers follow up quickly automate message platform to receive the verification code, and some even specialize in the recovery and distribution of coupons. Of course, compared to coupons, these people prefer cash and in-kind (for example iPhone sweepstakes, or financial sites to experience such as gold).
Insiders tell us that black card in the strict sense and therefore the wool is not illegal, but there is no clear gray areas. In fact, these SMS receiving platform has an API interface, Lei feng's network reporter without even thinking about what "normal uses".
General for, as long as has VoIP of exists forged number hard blocking; fishing station are only can track to of is they online Shang of front desk, these front desk also frequently replaced, and track line Xia of pseudo base station need quite density and number of personnel input, almost not too may; while wool of roots in stream of black card, but if no operators shots, also rarely was can hit these unlimited ID of source.
Tips
Micro sweep sweep, author tips bar ~
5517 votes
Apple iPhone 6
September 10, 2014, at 1 o'clock in the morning Beijing time, the company held at the Flint Center for the arts at the California Institute of kubidinuodeansa the fall of 2014 launch, officially released its next generation iPhone 6. This is the largest mobile phone release in Apple's history. September 12 opening book on September 19. First listed of countries and regions including the United States, and Canada, and France, and Germany and the United Kingdom, China, Hong Kong, Japan, and Singapore and Australia, China missed the iPhone 6/6 Plus a starter.
View details of the voting >>
No comments:
Post a Comment