The e -commerce website was attacked by hackers.| 9:30 tonight
Author:Supreme inspection Time:2022.09.21
An e -commerce website server
At the "Double Twelve" Shopping Festival
Be paralyzed by hackers
After investigation, it is done by competitors
... ...
▶ Destroying computer information system is a new type of cyber crime. The case occurred between two innovative peer competitive companies. It tests the specialized case handling capacity and business environment of the procuratorial organs.
▶ The prosecutor handling the case has repeatedly explained to the relevant responsible persons of the Tengfei Company. In the end, Tengfei voluntarily compensated 500,000 yuan to the Yuanda Company, and the two parties reconciled.
▶ After the case is settled, the procuratorial organs are still concerned about the development of the two companies. The prosecutor handling the case has visited the two companies many times, and put forward targeted suggestions such as paying attention to fair competition order and improving corporate network prevention and control mechanism.
Walking into the far network technology company (a pseudonym, hereinafter referred to as the "Great Company"), an Internet "tide" came from. More than a hundred young employees are busy and busy, and the company can see publicity words such as "creating space to win the future". On August 30, in the face of the attorney of the Procuratorate of the Chongchuan District Procuratorate of Nantong City, Jiangsu Province, Huang Ya and his party, the company's person in charge of the company said: "Our career is bigger and better, and the benefits are good." At present, the company's owner of this company owner There are more than 8,000 merchants on the home textile e -commerce platform, nearly 500,000 users in the industry, and a total of more than 64 million products. It has become a leading company in the Nantong home textile e -commerce service industry.
"If there is no public security organs and procuratorial organs that year, our business reputation will probably be greatly damaged." Thinking back to the company's website was paralyzed by hackers DDOS four years ago, Huang still memories.
The website was attacked by a hacker in the "Double Twelve"
In 2014, Huang returned to China from Australia to start a business and founded a large company. This is a private enterprise sold in a spinning e -commerce business. It is registered in Chongchuan District, Nantong City, Jiangsu Province. Nantong is a well -known home textile production base in the country. With the rise of the Internet economy, small and medium -sized traditional home textile companies have transformed from physical store terminal sales models to online sales models. Huang saw that business opportunities founded a spinning network, and gradually became a foothold in the field of Internet home textile e -commerce platform.
After the website was founded, it was a competitive relationship with several local Internet companies in the same type of Internet companies. According to Huang, the company's servers were often attacked by some networks at that time, but they were successfully intercepted by security protection measures, which did not cause great impact, but what was not expected was that a more violent network "storm" was waiting for him to wait for him to wait for him Essence
Beginning in June 2017, the legal representative of the competitors (pseudonym) of Yuanda Company, the legal representative of the company, suspected that Yuanda Company had attacked the website of his company and reported to the Public Security Bureau, but it was not in the end because there was no evidence. Wan Mou couldn't swallow this breath and decided to "counterattack".
In early December 2017, Yang Mou, the technical director of Wan Mou Consulting, attacked the opponent's website. Yang said that the traffic attack (DDOS) could cause the website to be unable to open and it was not good for defense. As a result, the two of them settled the plan and decided to hire a hacker attack on the websites of Yuanda Company, and the cost was borne by the company. Soon, Wan Mou found Liu in a hacker group and asked him to take the task of attacking the website of Yuanda's company. Later, Liu "packed" the task to Zhu, Wan, Yang and others formed the DDOS network attack command team.
On December 12, 2017, it coincided with the "Double Twelve" sales festival of e -commerce sales festivals. The attack team conducted by Wan and Yang began to move. In order to evade the investigation, they first "low density" attacks including the websites including the Big company. Steve a website and include its own company website in the attack target. Since the afternoon, Zhu and others have launched a "high -density" DDOS attack on the website of Yuanda Company. This time the Internet attack was fierce than the imagination of the large company, the original network protection lost its effect, the server rented by the website was blocked, and the website was paralyzed. normal operation. Because the normal transactions cannot be completed and the webpage cannot be opened, users on this website have complained to Yuanda Company.
"'Double Twelve' was the most transaction volume. At that time, the company was most afraid of damage to the company's business reputation." attack. Although the website has returned to normal after the protection upgrade, it is a huge blow for the far -reaching company. In addition to direct losses, it is difficult to estimate the loss of reputation, merchant and customer loss. In the next few days, the website of Yuanda Company has been attacked by some small networks.
On January 3, 2018, Huang went to the public security organs to report that his company's website was attacked by hackers. The public security organs found that Liu was suspected of committing crimes. In April 2018, Liu was arrested and brought to justice. After the case, he confessed that he was employed by Wan Mou and asked Zhu to attack the website of the Yuanda Company. Subsequently, the public security organs arrested Wan, Yang, and Zhu.
Is their behavior a crime?
The website server is attacked by hackers. Such things happen every day in the Internet world, but it is not easy to use criminal law to crack down on such crimes. Even Huang himself did not have much hope for the case of the judicial organs: "I have learned a computer major. This kind of thing is too difficult to obtain evidence."
In April 2018, the public security organs took the initiative to invite the procuratorate to send staff to intervene in advance to fully understand the case. According to the existing evidence, the procuratorial organs believe that Wan and Yang discussed hiring hackers. Wan Mou hired Liu. Liu hired Zhu to conduct traffic attacks on the website of the large company. Interference, causing computer information systems to not run normally. It is illegal to destroy the computer information system. So, does Wanmou and others make a crime? "This proves whether this matter is done by Wanmou and others. Whether the consequences of this matter are serious, that is, causal relationships and social harm." Prosecutors handling cases said that everything should be spoken by evidence.
Because Huang's reporting time was late, the public security organs failed to seize the computer of hackers Liu and Zhu, and failed to obtain electronic evidence that can directly prove that the hacker's implementation of cyber attack behavior can be proved. To this end, the procuratorate put forward multiple guidance investigations: retrieve objective evidence such as DDOS attack records, traffic data, defense logs, cloud server work orders, etc., and clarify the facts such as attack methods, attack time, and unable to run normally.
The public security organs were investigated and transferred the case to the procuratorate for the prosecutor's prosecution for suspected damage to the computer information system. After the case, the prosecutor handling the case found that during the period when the large company suffered a hacking attack, Wan and Yang and others had multiple chat records. (Yuanda Company) The technology of the technology is still very good, and they must be broken ", and during this period, Wanmou transferred multiple transfers to hackers. These evidences are enough to make Wanmou and other people's network attack behavior and big company suffer from hacking" "For the number", the cause and effect relationship is established.
"The consequences of Wanmou and others are serious or not, depending on the identification of the number of users of computer systems and the determination of economic losses." The prosecutor handling the case explained that according to the "Explanation of Several Issues on the Application Law of the Security Criminal Cases of Computer Information Systems" Article 4 stipulates that "the computer information system that causes more than 10,000 users can not run more than an hour or more" or "causing economic loss of more than 10,000 yuan" belongs to Article 286, paragraph 1 and 2 of the Criminal Law The "consequences" stipulated in the model.
Wan Mou's defense lawyer believes that when Wanmou and others implement traffic attacks, the number of online users of Yuanda Company cannot be verified and cannot prove the seriousness of its consequences. According to laws and regulations, the prosecutor handling the case believes that if there are registered users, according to the statistics of the number of registered users, there is no statistics of the number of registered users according to the number of their service objects. Therefore, the procuratorate suggested that the public security organs retrieve the user's situation before the incident of the victims, including individual users, merchants' registration time, quantity, transaction situation, etc., and clarify the number of users of computer information systems. In the end, the number of invalid data and repeated registered individual users and merchants determined that the number of major companies can determine that the number of users can exceed 10,000.
In terms of economic losses, prosecutors believe that the cost of purchasing Tencent Cloud Height Defense Service Packages and Resisting DDOS attack services should be regarded as economic losses to respond to traffic attacks and restore website functions. According to the opinions of the procuratorial organs, the public security organs retrieve the contract and pay the contract of the victims to purchase security services, and to find out the direct economic losses caused by the network attack to the victims, and the necessary expenses for the restoration of data and functions. According to the provisions of the witness testimony, the victim's statement, and the security agreement, and settlement agreement, the public security organs found that the victims, Yuanda Company, had a lot of expenses in response to traffic attacks on December 12 and restored website functions.
On November 30, 2018, the Procuratorate of Chongchuan District of Nantong City filed a public prosecution to the court with the crime of destroying the computer information system.
With the help of the "external brain" solve the problem
The crime of destroying the computer information system is a new type of cyber crime. The case occurred between the two innovative peer competitive companies. It tests the specialized case handling capabilities and business environment of the procuratorial organs. The Chongchuan District Procuratorate started from the approved arrest stage to regulate the backbone force from the professional handling team of the financial network crime and handle the case.
"DDOS attack cases have problems such as difficulty tracing, difficulty in causal relationships, and inconsistent economic losses." In order to overcome technical problems, during the process of handling the case, the prosecutors handled the case widely listened to the opinions of experts. In order to accurately identify the facts of crime and applicable laws, the institute relies on Nantong's financial network crime research base, and goes to Zhejiang with college scholars and Alibaba network technicians in the crime of destruction of computer information systems Perform full discussions to provide theoretical support for case processing.
These academic and technical discussions have inspired the prosecutor of the case, providing strong support for successful prosecution cases. During the trial of the court, the defender proposed that the cause and effect relationship between the attack and the result was not exclusive. The number of registered users of the website could not rule out new defense opinions after the incident. In this regard, the public prosecutor applied for the appraiser to appear in court, and expressed opinions on the website's traffic attacks that could not run normally.
The public prosecutor believes that according to the defendant's confession, witness testimony, WeChat chat records, transfer records, Tencent Cloud Server abnormal diagnosis reports, Tencent Cloud Workers, security agreements, etc. Points that do not actually run normally with the website. The time points of the victims to purchase protective packages and entrust the security company to protect the security company to form evidence chains, which is enough to confirm that the defendant's unit hires a hacking of the victim's website and the website cannot run normally for more than 1 hour. At the same time, the public prosecutor pointed out that investigators extracted the website registered user data in accordance with the legal procedures. After removing invalid data and repetitive data, the number of website users should be identified; the website appraisal documents provided by the victims and the declaration of the first two years of the crime should be reported. Materials and news reports also show that websites and growth are also displayed, which consolidates the foundation of evidence for accurate identification of the number of websites.
On October 21, 2019, the court accepted the allegations of procuratorial organs to destroy the computer information system and sentenced the Tengfei Company to a fine of 100,000 yuan, and the punishment ranging from two years to three years in prison was sentenced to probation. After learning the results of the verdict, Yuanda Company wrote to the Chongchuan District Procuratorate to thank the letter, thanking the prosecutor for "strictly handling the case according to law and maintaining fairness and justice."
Pay attention to the protection of the development of the private economy
"Both parties in this case are e -commerce private enterprises in Nantong's home textile sales. The cause of the case is that the enterprise is in unfair competition. When punishing crimes, it should also pay attention to protecting the development of the private economy." The hospital suggested that all criminal suspects have adopted non -detention measures.
"In the unit crime, personnel who have participated in the implementation of certain criminal acts for the assignment or ordered by the unit leader, generally should not be held criminally responsible for the person who directly responsible." If the leaders of the unit assign to the payment, one person does not implement the specific criminal act, and it is not advisable to investigate the criminal responsibility of the two. He agrees that the public security organs will withdraw their opinions of the two employees.
In the handling of the case, the hospital also focused on protecting the business secrets of private enterprises. The number of websites is an important evidence to destroy the crimes of the computer information system. It is also the core competitiveness of the e -commerce platform to survive. To this end, the prosecutor suggested that the investigators extracted the electronic data of the relevant membership information of the victims according to law, and must be booked into a secret volume. Only the case handling unit and lawyer were reviewed. Measures and scope of knowledge. The victims eliminated the concerns of worrying about data leakage and actively cooperated with the investigation authority to investigate and obtain evidence.
"Payon is an enemy, but it is also a potential partner." In order to promote the healthy development of the e -commerce industry in the home textile sales and maintain a fair market competitive environment, the prosecutor handling the case has repeatedly explained to the relevant person in charge of the Tengfei Company. In the end, the Tengfei Company voluntarily voluntarily voluntarily voluntarily voluntarily. Compensate 500,000 yuan to the Yuanda Company, and the two parties reconcile.
"The occurrence of such cases has revealed that emerging e -commerce platform companies have shortcomings and loopholes in the construction of the rule of law and compliance systems. Both companies involved in the case must take goodbye to the rule of law classes." Chongchuan District Procuratorate invited Peking University Law Law The college professor went to Nantong to give a lecture on the e -commerce law, and asked the person in charge of the two companies to listen to the class to allow online e -commerce platform companies like Yuanda Company and Tengfei Company to learn about the forefront of laws and regulations.
The Chongchuan District Procuratorate invited a professor at the School of Law of Peking University to teach the special lectures on the E -Commerce Law.
Huang, the person in charge of Yuanda Company, said, "Thanks to the procuratorial organs for inviting me to listen to classes. The teacher's lectures have started from e -commerce and network space. Cyber security management and improvement of the security and controlling levels of network products and services can allow enterprises to run safely and orderly. "
At present, Yuanda Company has set up a special platform for supervision and inspection, accepting the relevant intellectual property complaints of the platform, conducting consumer disputes involving complaints, conducting corresponding compliance training, and incorporating all business activities into the track of rule of law.
After the case was completed, the procuratorate still cares about the development of the two enterprises. The prosecutor handling the case has visited the two companies many times. In response to the company's operation status, analyze the problems of poor market competition, inadequate compliance and legal operations, and inadequate network security mechanisms. Targeted suggestions such as network prevention and control mechanisms and strengthening employees' rule of law and training.
At present, through fair and benign competition, the development momentum of the two companies has a good development momentum. The scale of the company's operating scale has expanded 10 times compared to the incident, and the operating scale of Tengfei has also doubled. According to Huang, Yuanda Company has actively participated in public welfare undertakings in recent years, donated and donated money for the family and the affected people, and set up special funds in colleges and universities to reward outstanding students and scientific research and innovation projects to achieve a good social effect.
In August of this year, the case handled by the Procuratorate of Chongchuan District was rated by the Supreme People's Procuratorate as a typical case of punishment and damage to the market competition order in accordance with the law. (Procuratorate Jiang Yifei Ge Ge Liang Liang)
- END -
Centennial Action | Huizhou Public Security Organization launched the "Dongjiang No. 3" centralized precise inspection operation
In order to promote the Hundred Days of Action in the summer public security strik...