From the “dark net” into the net of justice, Zhenjiang City, the city’s first detection of “dark net” case
Where there is sunshine, there will be shadows. The "dark web", a place that many people have heard of but inaccessible, naturally breeds many crimes due to its strong anonymity and confidentiality.
In March of this year, the Zhenjiang City Public Security Bureau of Jiangsu Province started to operate from a post found in its work. Under the guidance and support of the Jiangsu Provincial Public Security Department’s Internet Security Team, it finally tore a gap in the “dark web” and followed the vine. Destroyed an industrial chain selling and trafficking citizens’ personal information, arrested 3 suspects, involving more than 200 million pieces of citizen’s personal information. This is the city’s first dark web case successfully detected by the Zhenjiang Public Security Bureau, and it is also the "Net Net" of Zhenjiang Public Security Agency. One of the major achievements of the 2020" special operation.
An account leads to a "black industry chain"
In March 2020, the police from the Cybersecurity Detachment of the Zhenjiang Municipal Public Security Bureau discovered a post selling bank credit cards for personal information data during an inspection of the dark web, and the screenshot of the information display showed many people from Danyang, Zhenjiang.
Wang Wensheng, deputy mayor of Zhenjiang City and director of the Municipal Public Security Bureau, after listening to the report of the network security detachment, attached great importance to it and clearly instructed to immediately deploy the city’s network security professional technical forces to set up a task force, and must "take down" this new type of cybercrime .
"Check, and check to the end!" Gu Chuanxian, member of the party committee and deputy director of the municipal bureau, as the leader of the branch, also put forward a clear request after understanding the situation.
The dark web is a "deep web" hidden under the Internet. Ordinary search engines cannot access and browse at all, and need to use a professional browser to use special encryption technology to jump layer by layer. The inherent invisibility makes it difficult to track criminal activities carried out on the dark web. Even if they are discovered, it is difficult to lock the identity of the suspect through a randomly generated account. Zhenjiang Public Security is facing such a challenge this time.
"Using the dark web to commit crimes means that the suspect's network technology is by no means ordinary, which adds a lot of difficulty to the investigation of the case." Yang Yining, head of the network security detachment of the Zhenjiang Public Security Bureau, said that he immediately organized manpower for the case. The clues were analyzed and judged. The investigators carefully reviewed the experience materials of similar cases in other cities, analyzed case by case, classified and summarized one by one. The notes alone were filled with more than a dozen sheets of A4 paper, and the case mind map was drawn with countless sheets. . Several days and nights, based on repeated research and judgment based on big data analysis, the prototype of a black industry chain has initially emerged. However, because the dark web data is too hidden, it is extremely difficult to trace the source, and it is impossible to directly lock the suspect with just one account. , How to open the breakthrough has become the key to the success or failure of the case.
The police contacted the suspect with "black words"
Faced with the deadlock, investigators decided to adjust their thinking and contact the suspect through the dark web.
"This is a risky move. Chats on the dark web are in jargon. If you say something wrong, you will lose all your efforts, but once it succeeds, it will be a breakthrough." The investigating police said. Relying on his previous familiarity with many cases, he successfully packaged himself into a "qualified" dark web trader, and used "jargon" to communicate with the other party skillfully. At the same time, the technical team was racing against time to crack the password of the suspect's darknet account. The computer screen was beating bytes and lines of code were executed. Finally, after a period of dealings, the suspect Wang was finally locked. Wang graduated from the computer department of a well-known university in China and worked in a credit card center of a bank in Shanghai. His computer level is different from ordinary people. It is very consistent with the initial "face painting" and has the ability and motivation to commit the crime. The case finally made a major breakthrough. . The task force successfully arrested the criminal suspect Wang in Guizhou in June, and through the line tracking, soon arrested the criminal suspect Luo in Guangxi in early July. When examining the suspect Wang, the task force found that there was a person who had been chatting with him for a long time, and that the person had collected various online loans and bank data for a long time, and the chat records reflected that there were nearly 200 million illegally obtained items in the hands of the person. Personal information of citizens. Through further investigations, the task force identified the suspect Liao XX.
Knocked on the door three times, almost passing by the suspect
"You are Liao XX, we are the police of the Zhenjiang City Public Security Bureau, Jiangsu Province. Some situations require your cooperation in the investigation." With the third knock on the door, the door of a family in a district in Shanghai finally opened. The suspect Liao XX was successfully captured.
It turned out that by analyzing Wang’s dark web transactions, the police made it clear that the offline Liao XX was located in Shanghai, and learned that Liao XX was about to return to his hometown in Fujian to attend a relative’s wedding. Once he returned to his hometown, it would bring huge variables to the follow-up work, and the leader of the detachment, Yang Yining, decided to immediately send personnel to Shanghai to carry out the arrest.
The community police in his temporary residence reported a situation to the arrest team: due to work requirements during the epidemic, the communities conducted a thorough survey of the floating population, but there was no one in Liao’s rented house, so it could not Confirm whether it is their actual place of residence.
After some research, the community police and community staff came to the door first on the grounds of visiting, but no one responded. In order not to provoke an alarm, the arrest team decided to keep a group of personnel for observation, and the other personnel retreated first.
On July 13, it was raining heavily in Shanghai. It was obvious that the target under the umbrella was easily exposed, and it was difficult to observe the situation while hiding in the cave. The ambush police had to find a slightly sheltered corner to stand, sweat and rain mixed with disposable raincoats. On them.
After more than an hour, the police came to the door again, but no one answered.
Just when everyone thought that Liao might not live here and was about to go to the unit where he originally worked to find out the situation, the ambusher sent a message: "The curtain has moved! There should be someone inside!" At the same time, another message was also corroborated. Liao Moumou is at home. This time, Liao XX finally opened the door, and his pocket was filled with a ticket for returning to Fujian the next day.
Struggling to death, the suspect tried to delete traces of crime in person
"Don't move! What are you doing!?" Several policemen rushed forward and subdued Liao.
It turned out that after the police knocked on the door to indicate their intentions, Liao Moumou pretended to cooperate, but tried to delete the relevant information on the computer while the police were not prepared. After he was subdued, the police asked him for the passwords of several mobile phones, but Liao remained silent and refused to explain. When being taken by the police to the local public security organ for questioning, Liao still firmly denied the fact of his crime.
During the inspection of its equipment, the police found that the computer hard disk slot was empty and could not be turned on, but the computer was directly sealed on site and could not be lost. The investigating police took out the video taken at the scene to check again, and found that Liao Moumou made a subtle throwing action after touching the computer. The police inspected all the equipment found on the scene one by one based on this clue, and finally found that Liao Moumou Use the U disk as the system disk and want to destroy the evidence in this way at the moment of arrest.
Always silent, I was afraid of being "hacked"
After being taken back to Zhenjiang, Liao XX still did not cooperate with the review work. On the one hand, the police conducted data inquiries on the tools of the crime, and on the other hand, they sought a breakthrough in the interrogation. When finally talking about new things on the dark web, Liao Moumou opened the chatterbox for the first time and introduced the dark web world to the police. He was still somewhat proud of his words. The police seized the opportunity to ask why he was on the dark web. When buying and selling citizens’ personal information, Liao told the police that he had been working in a company in Shanghai before, but he left because of low income and the family’s living expenses in Shanghai were very high. So he thought of committing crimes through the dark web.
Although he confessed to the facts of the crime, he was still reluctant to hand over the computer and mobile phone passwords. After taking good care of the police, he realized that he was afraid that after the mobile phone and computer were handed over, the dark web transaction partner would "hack his whole family." Finally, after 7 consecutive hours of perseverance by the police, Liao was finally willing to believe in the country and the justice of the law, and truthfully accounted for all his crimes, computer and mobile phone passwords, and the case was successfully solved.
The "dark web" is only concealed but not invisible. Once caught in it, it will eventually fall from the "dark web" to the "lawful web".
From：On DarkNet – Dark Web News and Analysis
Copyright of the article belongs to the author, please do not reproduce without permission.