Ghostbusters required to prevent future stealth software data theft
POLICE IN SHAOXING, East China’s Zhejiang province, recently uncovered a case in which a listed technology company based in Beijing stole more than 3 billion pieces of personal information from 96 internet enterprises nationwide, including big names such as Baidu, Alibaba and Tencent. Beijing News comments:
This is the largest personal information theft on record. Unlike other data thieves who take advantage of software loopholes to pilfer data from the IT enterprises, this company had obtained people’s login details thanks to its cooperation with the network operators that enabled it to stealthily install software that directly grabs personal data.
When the network users logged in to access their social media, online banking, email and e-commerce accounts, their passwords or secret keys would be directly transferred to the company’s servers through the software.
According to the Shaoxing police, the whole industrial chain was fairly developed. The data buyers subscribe some apps or other internet services for the network users, receiving payments from the app operators or online service providers, which are eager to expand their subscriptions in a short time.
This is done in batch operations and can even realize the accurate matching between the network users and the apps and internet services in light of big data calculation results. As a result, the victims were not surprised when their social media accounts subscribed to an app or service that they were interested in but had never subscribed to themselves.
According to the company’s financial report, its revenue in 2016, when its illegal operation boomed, was 30.28 million yuan ($4.41 million), among which 10.53 million yuan was net profit. The exorbitant profit explains its instiable appetite and audacity.
But the network operators, as the basic service providers and, more important, the first gatekeepers of personal information security, can hardly absolve themselves from blame.
That the company’s dirty business model has been operating for more than a year without being noticed lays bare either the network operators’ lax vigilance or their collusion, as the company’s ghost software was not that difficult to spot by professional eyes.