With the increasing frequency of leaking personal information for sale, the dark web needs legal regulation

　　It is known that the visible matter in the universe is 4%, and dark matter and dark energy account for 96%. Similar to the universe, the virtual space created by computers also has such a ratio . Among them, the “clear web” content such as websites, forums, and post bars that people browse every day only accounts for 4% of the entire Internet content, while the remaining 96% of the content exists on the “dark web” that people cannot easily obtain.

　　The dark web exists opposite to the open web, and it is the "dark web" of the Internet . In some major events affecting the world, the dark web has played an important role. Almost all the websites of the terrorist organization ISIS are built on the dark web. In addition, from the huge pornographic industry behind live pornography to the endless emergence of online drug trafficking, almost all of these malicious cybercrimes are related to the dark web.

　　Recently, once again, through industry insiders logging into Telegram and the dark web, reporters from "Economic Information Daily" reported that hundreds of millions of pieces of accurate personal information of various categories were being sold publicly. The dark web is not dark. As dark web data leaks and reselling information become more frequent, dark web governance is imminent.

　　Trace the source of the dark web, the dark web is not dark

　　The dark web is a decentralized anonymous encrypted network that exists in the deep web. As the underground world of the Internet, the server address and transmission data of the dark web are anonymously hidden, and can only be connected to after the computer is authorized by special software. . The history of the dark web is almost as old as the Internet .

　　The concept of the dark web originated from the U.S. military organization. In 1996, researchers from the US Naval Research Laboratory (NRL) David Goldschlag, Mike Reed, and Paul Syverson put forward the idea, “ In a system, any user will be anonymous in real time when connecting to the Internet, and will not report to the server. Disclosure of identity " . Since then, researchers have begun to develop a way to route communications through the Internet as anonymously as possible in response to people’s growing concerns about Internet security.

　　Goldschlag, Reed, and Syverson aim to anonymously route network traffic through multiple servers and encrypt it layer by layer in the process. Because in this system, the password protection of data wrapped in layers like an onion, and therefore, they called it " Onion Network " ( Tor) .

　　When Tor was released in 2002, it was intended as a free and open source project. In this way, people who want to use the software can easily access the software, while also relying on a decentralized network for maximum security. As Tor became more and more popular, its users began to require its inventors to allow people living under oppressive governments to freely access restricted websites in response to censorship. This prompted the creators of Tor to start developing a way to bypass government regulation so that users can access government-restricted websites .

　　Although Tor’s inventors provided the platform for free in good faith and built it to deal with government scrutiny, they still encountered another problem: the platform is very complex and highly technical, so its users are limited to technology-savvy professionals. user. This prompted the inventors of Tor to begin to develop solutions to Tor's ease of use problems.

　　In 2008, after the new version of the Tor browser was released, the use of Tor became extremely simple. It only requires a simple configuration to connect to the dark web. This has made more and more dark web sites spring up, and it has also made a large number of illegal sites. The number of content dark web sites has increased .

　　It can be seen that many dark webs do not have any malicious intentions, including platforms such as Tor, which are not malicious software themselves, and their technology is also used by many legitimate companies. The Tor browser is more to help ordinary people obtain privacy protection, and the positive significance is greater than the negative effect until the emergence of Bitcoin .

　　In 2009, Satoshi Nakamoto released Bitcoin. Before the advent of Bitcoin, although a large number of dark web sites appeared, they were basically forums and blog sites for technical sharing, and there were few online transactions. Because users on the dark web are often in different countries and use different currencies, and neither side wants to risk using credit cards or PayPal for transactions, because it is easy to leave traces and be tracked.

　　However, the anonymous transactional nature of Bitcoin solves this long-standing problem. With the emergence of Bitcoin, transaction websites have begun to emerge on the dark web . In February 2011, Ross Ulbricht created the first dark web black market "Silk Road" on the Tor network, described as an evil version of "eBay". Since then, various types of black transactions began to appear on the dark web, which eventually formed the general impression of the current people on the dark web.

　　In its heyday, the "Silk Road" was the largest drug trading center on the dark web, with a monthly GMV ranging from US$15 million to US$50 million, with up to 1 million users, all traded through Bitcoin. In October 2013, Ross was arrested by the FBI (Federal Bureau of Investigation) in the library, and the "Silk Road" was subsequently closed.

　　After the "Silk Road", dark web transactions began to prosper, Tor became a hotbed for a large number of criminals, FBI and other agencies are also various "phishing law enforcement" on the dark web, eliminating many criminal activities. But once Pandora's box is opened, it is difficult to close. Due to the anonymity and difficulty of traceability of the dark web, while giving people more freedom, it also makes it more difficult to guarantee the value of order .

　　Information reselling is increasingly rampant

　　The number of dark webs is 400-500 times that of "clear webs", accounting for more than 90% of all information on the web. In other words, the online world that people can access only exposes 1/8 of the sea level, and the remaining 7/8 is hidden under the sea level. It can be said that the dark web makes summons in the name of freedom, and it does evil in the name of freedom, just like an underwater world with turbulent undercurrents and mixed fish and dragons.

　　On the dark web, people can find a lot of shocking content built by the shocking dark web technology: piracy, hackers, drugs, arms, blood, violence, pornography, conspiracy theories, professional thugs, terrorists, even passports, and US green cards. It can be traded with Bitcoin.

　　Dark Web is the criminals favorite trading platform, Dark Web also is the ugliest place of humanity. The fact is that almost anything is sold on the dark web. Guns, ammunition, drugs, counterfeit banknotes from various countries, and even human organs, almost all illegal things can be purchased on the dark web. Not only that, but the dark web sales are also responsible for door-to-door delivery and provide transportation services in multiple countries.

　　All of these are not under the control of website owners or government departments, and they are all protected by encryption, which provides natural breeding conditions for online crimes, including the sale of goods, pornographic services, personal information and data scalping, etc. All came to the dark net of tourists will be shocked at the arrogance and it's free .

　　Now, with the advent of the era of big data, the privacy crisis that has been intensifying in the "clear net" world is constantly magnifying in the "darkest place" of the Internet. "Economic Information Daily" reporters in-depth investigation found that the ubiquitous identity binding and excessive claims have increased the risk of personal information leakage through App and other channels . What is more noteworthy is that with the blessing of virtual currencies, uncontrollable dark web forums, Telegram and other social platforms are becoming the main channels for information trafficking .

　　Liu Chuanyi, executive dean of Harbin Institute of Technology (Shenzhen) Qi'anxin Data Security Research Institute, said that there are tens of thousands of leaked data sold on dark web platforms every year, and the total amount of leaked data every year is as high as billions, and the transaction amount exceeds 1 billion. Yuan Renminbi . The information leaked out for public sale includes citizen information of government agencies, customer information of financial institutions such as banks and securities, owners of major telecommunications operators, and various industries such as the Internet, express delivery, hotels, real estate, aviation, hospitals, schools, etc. Customer and user information.

　　The reporter saw on the dark web that a piece of 930,000 student identity data from a tutoring organization nationwide that had just been out of the library was sold at a package price of US$30. The poster stated that the data is the registration data recorded by the website from 2016 to 2018, which includes information such as name, mobile phone number, school, and address. The data package currently shows that there have been 18 transactions.

　　A FMCG brand's official flagship store sales information data is quoted at $16. The poster stated that the data package has a total of 15,623 sales data of the brand in 2020, including the purchaser, purchase information, price, purchase time, as well as the purchaser's phone number and address.

　　In addition, the front and back photos of the ID card and the hand-held half-length photos were also packaged and sold. From the screenshot of the attachment given by the poster, it can be seen that the relevant photos not only have the front and back sides of the party’s ID card, but also four photos of the party’s single photo and holding the ID card. And there are 1,500 sets of such photos, and the data package is priced at $20.

　　The dark web provides criminals with opportunities to challenge the " boundary " , including physical boundaries and network boundaries . Dark web governance is imminent.

　　From rectifying the roots to technological innovation

　　To solve the problem of information reselling on the dark web, correcting the source is the primary measure. Knowing the source of the data and curbing the disclosure of information from the source is a key part. In fact, behind many information leakage cases, "hackers" and "inside ghosts" are often inseparable.

　　Yao Lei, head of Qi'anxin Data Security Subsidiary, told the reporter of "Economic Information Daily" that hackers can use online system vulnerabilities to drag the database, use social engineering database or weak password to hit the database. The previous data breaches of QQ group, 163 mailbox, Tianya, Marriott, and Huazhu were all related to hacker attacks.

　　"Some hackers can also exploit mobile terminal operating system vulnerabilities, public WIFI network vulnerabilities, and incomplete deletion of old terminal device data, etc., to attack terminal corporate data and cause personal privacy data leakage."

　　"Hackers" are hard to hide, and "inside ghosts" are also hard to prevent . The assistant prosecutor of the People’s Procuratorate of Chaoyang District, Beijing said that as far as criminal subjects are concerned, cases of illegal acquisition or trafficking of citizens’ personal information by internal employees or former employees of the unit take advantage of their positions or work convenience.

　　She gave an example that during his tenure in an online company, the defendant Fang illegally copied and obtained more than 100,000 pieces of citizen's personal information from the company's system server and sold them for profit. Later, the company found in the investigation that the employee’s account was used abnormally, downloading a large amount of citizen personal information including the user’s name, ID card, phone number, etc., so it was reported.

　　The number of data breaches far exceeds people's imagination. In my country, in April 2018, a certain food delivery platform was exposed to user information leakage, and the lowest selling price for each piece of information was less than a dime. The information is accurate to private information such as the specific meal ordered and where to eat. In August 2018, a courier company was exposed to leaking 300 million pieces of user data. Dark web forums sell for 2 bitcoins. The data includes personal information such as the sender and recipient's name, address, and phone number.

　　In September 2018, a hotel group was exposed to the sale of its in-house customer data on the dark web. The leaked data included 123 million official website user registration data, 130 million passenger identification information, and 240 million detailed room opening records, all of which totaled about 500 million. The price is about 370,000 yuan. A survey report by the China Consumers Association shows that 85.2% of app users in China have experienced data breaches .

　　Obviously, if data leaks are not cleaned up from the source and the use of data is regulated, with the technological development and update of the Internet, it will be more difficult to crack down on dark web data scalping.

　　In addition, for the management of information trafficking on the dark web, it is necessary to deepen technological innovation and squeeze the dark web's living space . Regarding the unpredictable and turbulent dark web, permanent blocking is not a permanent solution, and it is necessary to continuously dig deep and strictly investigate all illegal and criminal activities on the dark web. In fact, it's not just criminals who rely on the anonymity of the dark web, but law enforcement officers can also use the dark web for their own purposes.

　　Although the dark web can easily become a “hotbed” of crime, it does not mean that the dark web is “useless”. The dark web can be used in many fields, especially military communications, e-commerce and other fields that require high data security and communication security. If you want to deal with dark web crimes from a technical level, the most important thing is to be able to detect crimes on the dark web in time Information, which requires the improvement of technology monitoring and technology application for the dark web.

　　Relevant measures include strengthening the cooperation between the government and enterprises on dark web technology, and give full play to the advantageous role of Tencent, 360, Baidu, Meiya, Fiberhome and other well-known Internet security companies in my country, and continue to research and develop to block and crack the tracking of illegal and criminal information on the dark web. The difficulty of finding the source is to strengthen the research on the interception and cracking of anonymous illegal information on the dark web. While protecting the legitimacy of personal anonymous information, we strive to achieve point-to-point accurate discovery of information.

　　The birth of the dark web was not a natural malice, but the activation of human desires that caused the "darkness" to grow like weeds. It is not possible to completely isolate the two worlds of the dark web and reality. The dark web world is related to everyone, and the governance of the dark web is imminent.