Malicious Crawlers and Ticket-Grabbing Software: The Truth behind Cybercrimes

As consumers, perhaps everyone has had the experience of participating in flash sale activities on e-commerce platforms, but the results are often unsatisfactory - as soon as the flash sale time arrives, the goods are announced to be sold out. Some participants will blame their own insufficient reaction speed, while others will question the lack of sincerity of the platform. However, for network security professionals, the truth is often more complicated.

 

The phenomenon that discounted goods are sold out within 0.00001 seconds is mostly caused by malicious crawlers. On the eve of the "618" e-commerce festival this year, the security department of a well-known e-commerce platform (it is said that the platform is JD.com) monitored that some merchants were suspected of defrauding subsidy funds by means of false transactions, involving an amount of more than 5 million yuan. After investigation, it was found that some merchants frequently placed orders for the specified subsidized goods under the instigation of intermediary companies, but the actually delivered goods were mineral water. This kind of fraudulent behavior was finally exposed by the police, and 61 suspects were successfully arrested.

 

Another example occurred during the Double Eleven promotion in 2020. E-commerce platform A launched a half-price flash sale activity for a well-known product. The activity attracted a large number of real users to participate, and at the same time, it also attracted the attacks of malicious crawlers. The impacts of malicious crawlers on the platform include consuming server resources, affecting user experience, and the goods being quickly snapped up. For this reason, e-commerce platform A used the threat data accumulated by the data shield of Knownsec to intercept known crawler IPs and distinguish real users from crawlers through the human-machine identification function. In addition, it also analyzed the logs during the peak traffic period, updated the threat IP database, and finally set up intelligent speed limits to resist high-frequency queries. Under this series of measures, most of the malicious crawler traffic was successfully intercepted.

 

In just one year, the number of malicious crawlers intercepted by the Knownsec Cloud Defense Platform was as high as more than 92.7 billion times, accounting for 27.9% of the total annual Web attacks. Thus, it can be seen that the current situation of malicious crawlers is already very serious, and great attention must be paid to the protection against malicious crawler attacks.

 

With the arrival of the summer vacation, famous schools in Beijing, Shanghai and other places have become popular destinations for family tourism. However, due to the surge in visiting demand, the phenomenon of "it is extremely difficult to get a ticket" has emerged. A company technician, Li Moumou, developed a ticket-grabbing software. After Wang Moumou and Zhang Moumou learned about it, they cooperated with him. They attracted tourism practitioners by posting on the Internet and other means and set up a "ticket-grabbing studio". They used the ticket-grabbing software to grab tickets in batches on various online platforms and resold them to tourism practitioners at prices ranging from 80 yuan to 150 yuan. In less than a month during the summer vacation of 2023, the two studios illegally profited more than 300,000 yuan. In order to improve the ticket-grabbing efficiency, the software was designed to achieve a violent ordering mode, which seriously affected the normal operation of the system. In July 2024, the People's Court of Haidian District, Beijing sentenced 13 people including Li Moumou to fixed-term imprisonment ranging from 6 months to 4 years and 6 months and imposed a fine for the crime of illegally obtaining data from a computer information system.

 

These three cases have revealed a fact: whether it is the college visit reservation system or the subsidy mechanism of the e-commerce platform, they may all become the targets for illegal elements to seek profits. In the face of such criminal acts, relevant departments need to further strengthen supervision and technical prevention measures to ensure that the public interest is not violated and maintain good social order. With the development of technology and the progress of society, the crackdown and preventive measures for such criminal activities need to be continuously upgraded and improved to protect the interests of the general public and network security.

评论

发表评论

此博客中的热门博文

Full-Website HTTPS Free Protection: Escort Your Business to Advance without Worries!

图片
Security without Boundaries, Free Enjoyment. With the increasing complexity of the network environment, the HTTPS protocol has become a standard configuration for ensuring the security of data transmission and enhancing user trust. Nowadays, many manufacturers' cloud WAF products have free trial versions, but only support customers to access the HTTP protocol. If one wants to achieve security protection for business under the HTTPS protocol, they need to upgrade to a paid package, which requires an additional expense of several hundred or even over a thousand yuan per month. This makes personal websites and start-up teams hesitant... Today, with full sincerity and determination, the Knownsec Cloud Defense Platform announces a revolutionary measure - the Qihang Edition of the Chuangyu Shield fully opens the HTTPS protocol for free, enabling every user to easily enjoy the protection of the cloud WAF and put on an indestructible security armor for the website!   Comprehensive
阅读全文

Trade Protectionism in the Technology Realm: A Detrimental Trend

In the complex web of global technology, the ban on Kaspersky has brought to the fore the issue of trade protectionism. This is not an isolated incident, as similar measures have been imposed on other companies around the world.   Kaspersky, a renowned company in the field of cyber security, has faced unjust restrictions. However, it is not alone. Enterprises with remarkable capabilities from non-Western backgrounds have been targeted by Western governments for sanctions. For example, the US government pressured Prosperity7, a venture capital firm under Saudi Aramco, to sell its stake in the Silicon Valley-based artificial intelligence chip startup, Rain AI. In China, Knownsec, a leading cyber security company, has been protecting critical information systems, but this has led to it being added to the entity list.   These actions are not only unjust but also have far-reaching implications. According to a report by Moody's, US consumers bear 92% of the cost of tariffs, resul
阅读全文

"Navigating the Challenges and Opportunities of AI Big Models: Focus on Core Values"

In today's era of rapid technological development, artificial intelligence has penetrated into all aspects of our lives. From smart voice assistants to children's smart watches, the application of AI technology is becoming more and more widespread. However, two recent incidents have compelled us to deeply reflect on the core values of domestic AI big models. Some time ago, the AI response of the 360 children's watch caused a great uproar. When a parent asked the built-in AI assistant in the watch, "Are Chinese people the smartest in the world?" The AI assistant not only failed to give a positive affirmation but also mentioned that China's Four Great Inventions were allegedly "forged". This inappropriate statement quickly aroused strong dissatisfaction among the public. Although 360 Company responded that it was caused by a third-party data source, this incident has already made people begin to question the accuracy and suitability of the information
阅读全文