A loophole in expired coupons could trigger the biggest black-and-grey production loss in China.
In the early morning of January 20, some netizens said that there was a big Bug in Pingduo, only 4 cents is needed to recharge 100 yuan of telephone fee, a large number of users began to scrape wool, more than 20 billion yuan a night are telephone fee recharge. According to screenshots sunned by netizens, the more than 100 yuan non-threshold vouchers (except for special commodities) are available for one year.
In many ways, Pingduo said that in the early morning of that day, black-and-grey gangs stole tens of millions of yuan of platform coupons through an expired coupon loophole to make improper profits.
In response to the incident, Pingduo said that the Shanghai police had filed a case for network fraud and set up a special team, and according to the relevant provisions of property preservation, the order involved was frozen in batches. Pingduo Platform is cooperating with the police to trace the origin of the related orders, and finally according to the police investigation results to make the relevant orders in accordance with the law.
Speaking of the loss of up to $20 billion, Pingduo responded that the figure was not true. Pingduo said that BLACK-GREY gangs stole coupons in large quantities, involving a total amount of tens of millions of yuan. It is estimated that the actual capital loss rate caused by this incident will be less than tens of millions of yuan.
A Bug-triggered wool scandal?
At 9:5 a.m. on January 20, Xiaonan received a link in her girlfriend group. Her girlfriend told her that if she clicked on the link, she could get more than 100 yuan coupons.
I thought it was a general promotion or promotion, so I downloaded Pingduo App, picked it up and ordered a smart stereo that I always wanted to buy. Xiao Nan told Xinjing News that the coupon she received was no threshold, valid for one year.
This link was seen by my roommate in her group of friends, and then forwarded to our group of friends. Later, when I saw the hot search on the Internet, I realized that my behavior might involve pickling wool. At 10:20 a.m. on January 20, I contacted Shunfeng Express for the goods I purchased with coupons. Even the courier number told me, but as of now, the goods are still in the state ofthe merchant is notifying the express company to pick up the parts.
In the latest information note, Pingduo refers to the relevant coupons stolen by coupon loopholes used by BLACK-GREY gangs. In order to cooperate with Jiangsu Satellite TV If You Are the One, Pingduo needs special types of coupons generated for the recording of programs, which are only for the use of on-site guests.
However, BLACK-GREY gangs get relevant coupons after scavenging the two-dimensional codes generated by abnormal ways, and the two-dimensional codes are mostly distributed among BLACK-GREY groups related to social platforms. Through the two-dimensional code, users of each authentication information can only get a 100 yuan coupon without threshold, instead of a single ID circulated in the previous network, they can get unlimited.
Therefore, BLACK-GREY gangs try to transfer such improper income quickly in a short time by illegal means such as cat pool (using mobile phone cards to keep a large number of virtual accounts) to realize the simultaneous operation of N mobile phone black cards and to steal the coupons in batches. The total amount of coupons involved is tens of millions of yuan.
The head of the Pingduo Wind Control Team said that after stealing huge coupons and transferring their improper earnings, the BLACK-GREY gangs hoped to achieve the effect of not blaming the public for the law, quickly sharing the two-dimensional codes through the network and social groups, and inducing some ordinary consumers to follow suit.
Pindo emphasizes that this type of coupon has never appeared at any time or in any way in the normal online promotional activities of the platform, nor even any online entrance, nor has Pindo generated any two-dimensional code for this type of coupon. However, the concrete generation and dissemination process of the two-dimensional code is still waiting for the final conclusion to be announced after the police investigation.
It is worth noting that the Professional Wool Party takes the charge of telephone charges and Q coins as automatic delivery, so it cashes coupons quickly. As far as Pingduo is concerned, it is doubtful whether it can recover the loss from the three major operators and Tencent. At present, Pingduo has not disclosed whether there is a specific plan to recover the loss.
Is it reasonable to withdraw coupons?
The phenomenon that Bug is pulled wool by users occurs from time to time in the domestic Internet industry.
During the New Years Day of 2018, Tencent Video launched a concessional recharge campaign, but because of the abnormal background data of the active server, some users should pay a discount price of 18 yuan when recharging for one month, which is actually only 0.2 yuan deducted. At that time, the vulnerability attracted 390,000 users.
Later, Tencent announced that it was a mistake in the companys work. The company cashed all these unusual orders without deducting any fees. In the end, Tencent paid more than 50 million yuan for the Bug, but at the same time won the praise of netizens.
But Pingduo did not conform to the public opinion from his own pocket. After discovering the loopholes, Pingduo urgently removed all the coupons from the shelves around 9:00 on the same day, and cancelled the coupons that users had received but not used. The reporter noticed that Pingduo also optimized and updated App at that time. In order to compensate users, Pingduo will issue 5 yuan no-threshold coupon to the affected users with a validity period of 50 years.
Pingduo said that the incident was essentially different from a series of other companiescapital loss incidents caused by Bug. This time, it was a case of fraud by fraudulent vouchers on the Internet. If the former is analogized by the phenomenon ofATM machine mistakenly spitting out moneyin the network, the latter is equivalent to the theft by illegal gangs after they pry open ATM machine.
Cao Lei, director of E-Commerce Research Center, believes that from the perspective of legal liability identification and user rights protection, if the platform actively launches activities, then it should follow the official instructions to fulfill commitments, which is equivalent to signing agreements with users online, and the platform of course should be implemented. But many related statements have shown that the coupons were stolen through an expired voucher loophole. According to the relevant provisions of the Contract Law, it is not necessary to bear legal liability to cancel or withdraw coupons by spelling out more or more.
He said that if the excessive voucher loopholes were malicious acts of the Mafia wool party, such transactions belonged to contracts concluded with a major misunderstanding, and the excessive voucher could be revoked.
According to the reporters understanding, around 11:00 on that day, many staff members have sent a notice to some businesses that no shipment is allowed for orders that have used 100 yuan without threshold vouchers.
According to Article 49 of the Electronic Commerce Law, if the information of goods or services released by the electronic commerce operator meets the requirements of the offer, the user chooses the goods or services and submits the order successfully, and the contract is established. Where the parties agree otherwise, the agreement shall prevail. E-commerce operators may not agree that a contract is not established after consumers pay the price by means of format clauses, etc. If format clauses contain such contents, their contents are invalid.
Cao Lei said that the practice of putting together more does not conflict with the Electronic Commerce Law. The coupons obtained by malicious use of system vulnerabilities can not effectively offset the corresponding payment obligations in payment, so they should be regarded as incomplete payment obligations, not subject to paragraph 2 of Article 49 of the Electronic Commerce Law, and the merchants can not deliver goods.
Zhao Zheng, a special researcher at the Intellectual Property Center of China University of Political Science and Law, told reporters that if users have used coupons to buy more goods from third-party businesses, contracts between users and businesses have been established, and Pingduo can be held responsible for users, but it can not prevent businesses from delivering goods.
Why did the wool scraping happen?
On the issue of wind control, Pingduo said that the company has been building a wind control system, and this incident does not involve any data security issues, platform consumers normally receive coupons will not be affected. In order to further strengthen the relevant wind control system of special coupons, Pingduo disclosed that the company has set up a technical team.
In the case of wool grabbed, Chen Feng, an expert of an anti-fraud security team, said that there were many ways to prevent the platform from being maliciously wool grabbed, including restricting the total number of coupons and the application scenarios of coupons. For example, setting up up up up to 100,000 coupons can only be used for real orders of up to 200 yuan, plus the most basic anti-cockling wool strategy, can guarantee it. There is no big problem.
As to why the wind control system did not monitor the abnormal situation, Pingduo responded that the event happened at the time of platform promotion, during which a large number of coupons issued by the platform were consumed. Until 9:00 a.m. that day, the total of stolen coupons and normal coupons broke through the preset threshold of the platform, the system monitored the anomaly and automatically alarmed, mostly in the first time to repair the relevant vulnerabilities.
According to screenshots of netizens, most of the coupons put together in this event belong to no threshold, all-purpose. Some netizens also exposed screenshots of charging telephone fees and purchasing Q coins, some of which even amounted to as much as 50,000 yuan. In this incident, there was a problem with the business rules of the Pingduo Group, and the most basic anti-mopping wool means were not set up. Chen Feng said.
In Chen Fengs view, there really exists a professional wool party. For different platforms, these wool parties have registered accounts (involving mobile phone numbers, access platforms, etc.), downstream payment channels, cleaning and transfer channels, etc. Whether they are well-informed or not and the professional level of equipment determines the income of these wool parties.
Is the wool partys behavior suspected of being a crime?
As a matter of fact, it has been made clear in the prohibition of Pingduo Multiplex Service Agreement 7.1 that users use Pingduo Multiplex plug-ins and/or use Bugs in Pingduo Multiplex Platforms to gain unfair benefits.
Han Miao said that users may be suspected of theft if they take advantage of the system vulnerabilities to obtain a large number of platform coupons and make profits from them. If the amount of profits reaches the relevant standards, they may need to bear criminal responsibility. However, he emphasized that if the platforms ordinary customers, not consciously through this security loophole to get a large number of coupons for profit, but only a small number of coupons, no subjective intent to steal, objectively profiting did not meet the sentencing standards, it does not constitute theft.
Chen Feng said that it is difficult to judge whether the black product of cotton wool is suspected of committing a crime or not. Generally speaking, the company must report the case first, but in the previous actual cases, the most cases may be negotiated, and the negotiation can not be done according to fraud, but whether it is illegal or committing a crime depends on the nature of the public prosecution law organ.
In the latest announcement, Pingduo said that the platform would not be further accountable for the subjective intentions of ordinary consumers, but did not support such abnormal behavior.
According to Fang Chaoqiang, a special researcher at the E-Commerce Research Center and a lawyer at Beijing Yingke (Hangzhou) Law Firm, black ash production is actually a network term, and there is no clear concept and extension; judging from the multiple incidents, several facts of the so-called black ash production team should be clear: 1. It should actively seek system loopholes, rather than carry out system damage and tampering. 2. Subjectively knowing is a loophole; 3. objectively exploiting loopholes for profit; 4. Coupons should be valuable property. Judging from the constitutive elements of the crime, the individual thinks that he is suspected of theft.
Zhu Wei, deputy director of Communication Law Research Center of China University of Political Science and Law, said that when coupon Bug appeared on the platform for unknown reasons, there were two kinds of situations: first, if there was a Bug involved in computer system damage, it belonged to the crime of computer information system damage in the Criminal Law, and the circumstances were particularly serious with a prison term of more than five years. Secondly, if it does not involve system damage, it is only exploiting loopholes. If this kind of situation is serious, in practice, it involves the crime of theft and infringement of intellectual property rights. If it is not serious, the securities captured belong to improper enrichment and should be returned.
In this multi-party event, after brushing enough coupons to make profits, the BLACK-GREY production team published the coupon links to the public out of the mentality of not blaming the public for the law. Zhu Wei believes that in addition to their own brushing, but also publishers of relevant information, dissemination of such information may involve accomplices of previous charges, can also constitute a crime of teaching criminal methods alone, or constitute administrative penalties for disrupting market order.
In Zhu Weis view, a small amount of brushes generally do not constitute a crime, but its income belongs to unjust enrichment, should be returned in time. If it is returned after the fact is published, it will constitute theft.
Cao Lei said that in a strict sense, the identification of black and grey products should be carried out by the corresponding regulatory authorities or public security network supervisors. Of course, if the platform party can provide sufficient and effective evidence and materials, it will also help the supervision, judicial, public security and other departments to identify.
How much impact does it have on spelling?
With the brand-new way of social e-commerce, the company has been one of the most successful unicorns in China since its establishment in just three years. Morgan Stanley recently released a research report, for the first time, putting Pingduo within the scope of the study, giving it an overweight rating and setting its target stock price at $29.
In the third quarter of last year, Pingduo achieved revenue of 3.372 billion yuan, an increase of 697% and 24% year-on-year; in the first three quarters of last year, Pingduo achieved revenue of 7.466 billion yuan, an increase of about 12 times. However, it is not optimistic that the net loss of Pingduo has further expanded, with a loss of 1.098 billion yuan in the third quarter of last year, much higher than that of 221 million yuan in the same period of the previous year; a total loss of 7.793 billion yuan in the first three quarters of last year and 539 million yuan in the same period of the previous year.
Pingduo is still investing a lot of money in the renovation, through the title variety show and other ways to continue to pull the growth rate and activity of users. According to the financial report, the sales and marketing expenses in the third quarter of last year amounted to 3.23 billion yuan, an increase of 655% over the same period last year, mainly due to the increase of brand promotion activities and online and offline advertising and promotional activities.
Another important reason is that the cost of getting customers is rising. In the third quarter of 2017, the cost of getting more new customers was 13 yuan, but it soared to 55 yuan in the first half of last year.
It is worth mentioning that although the R&D expenditure invested by Pingduo in the third quarter of last year increased by 828% year on year, its R&D expenditure is only one-tenth of the sales and marketing expenditure.
Reporters from the Beijing News noted that Pingduo had released several positions related to wind control on the recruitment platform in the afternoon of January 20, including the director of wind control, the expert of wind control strategy/model, etc.
After this incident, the R&D expenditure will probably maintain a high growth rate.
A highly differentiated industrial chain has been developed for the black production of cockroach wool.
Chen Feng told reporters that pulling wool behavior refers to the new consumer groups gathering online lending platforms, e-commerce malls, banks, physical stores and other channels of preferential promotional activities, free business and other information, registering a large number of trumpets to simulate a large number of normal users to participate in activities, so as to exchange material benefits with relatively low cost or even zero cost. This group is called sheep. Mao party.
Not only wool, but also praise and be a sailor.
Many experts interviewed by the reporter of Beijing News learned that the black production of cotton wool now has a highly differentiated industrial chain, mainly including: upstream software developers, script developers, access platforms and other tools to provide batch registration accounts; the middle-class black production team through the purchase of a large number of mobile phone SIM cards, and then through these software tools and cat pools and other hardware devices to simulate themselves into a large scale. Quantity of ordinary users, malicious registration and maintenance of platform accounts, in the wool opportunity to use a large number of accounts to earn revenue; downstream has the ability to quickly transfer funds out of the platform such as coupons payment and cleaning transfer channels.
Someone familiar with the network black products told reporters that the hardware necessary to engage in wool black production includes mobile phone SIM card, cat pool, etc., while the software includes the access platform, dynamic IP technology and so on. For example, in order to limit the behavior of mowing wool, many platforms will record the IP of registered users. At this time, the black products which provide technical support upstream can form a larger dynamic IP pool through dynamic IP technology, and then rent and sell to the downstream black mowing team for use.
In his view, with the upstream hardware and software equipment, the black production of garlic wool has the conditions to register a large number of platform accounts and receive coupons. And when the coupons are finished, there is still a need for fast cash flow channels. In this multi-party event, a large number of black producers chose to turn coupons into Q coins for automatic delivery, mobile phone charges and so on. At present, there are gray production platforms that can reasonably cash Q coins and mobile phone charges, and coupons can also be bought and sold on some shopping websites, which are all channels for wool party to cash in.
The essence of the wool partyspulling woolis that it can imitate a large number of users, so that the enterprises that issue coupons can not identify. But generally speaking, the black team with a large number of accounts can do more than just scrape wool, a large number of accounts can be used to brush praise, do Navy and so on, the person said.
To crack down on the black production of cotton wool, we should start from the source
In the interview, several experts told Xinjing Daily that the most effective way to crack down on the black production of cotton wool is to directly knock down the malicious registration tool providers upstream of its industrial chain.
New Beijing News reporter learned that Liaoning Provincial Public Security Bureau had launched a special attack called 610 on malicious registration of upstream tool software. A network security expert who had participated in the case said that in the project, it locked in several header malicious registration tools. One of them, a key-wizard software named XXTouch, can simulate the behavior of people operating mobile phones, and has the function of simplifying the implementation of revamping tools, including camouflaging mobile phone information and GPS information functions. In short, without considering the effect, XXTouch software has achieved malicious registration except IP changes in all aspects of technology, in its seemingly neutral camouflage, in fact, malicious registration of black products equipped with a full range of weapons.
The expert said that the best way to combat malicious registration is to cut off the upstream of malicious registration black production chain and squeeze the living space of malicious registration ecologically. This includes forging the hardware information of equipment to achieve multiple switch tools, no change tools, malicious registration does not have the implementation; and group control and key wizard software to assist automation operations, without automation, malicious registration can not get rid of high human costs.
But he also thinks that because of the popularity of malicious registration software in the black circle, the threshold for setting up malicious registration Studios is very low. A cluster operation can destroy a group of gangs in one area, but it is likely that new gangs will spring up in other areas soon.
Li Weijia Wang Jinyu, editor of Lu Yifu-yidan, reporter of Beijing News, proofread He Yan
Black production of cotton wool is a crime
All that should be returned must be returned. Early in the morning, some users who participated in the carnival of Pingduo wool found that Pingduo platform had forcibly cancelled some orders, and some netizens who had charged the telephone fee found that their telephone fee was forcibly refunded by operators. Unexpectedly, the wool can stand on the moral high ground. Some users were indignant in interviews, thinking that they only received a coupon, the platform should not be forced to cancel, many people believe that the mistakes of the platform should not allow users to bear losses.
Respect for other peoples property rights is part of the basic social rules, and mowing wool and cybermotherhood, in most cases, are fraud and theft in the data age.
In the detailed statement provided by Todo, we can clearly see how the wool party encroaches on the interests of the enterprise. The statement shows that the coupons used by the wool party are temporary coupons generated in cooperation with a TV program, and they have never appeared publicly in any promotional activities, nor have they opened their doors. The Black Sector team found vulnerabilities through abnormal ways and generated two-dimensional codes, which were disseminated in the public domain.
This is already a very obvious technical crime, which is totally different from the traditional sense of pulling wool. Generally speaking, its a professional team that finds loopholes in other peoples door locks and breaks them to steal. In order to avoid responsibility, its just to open the door and let everyone come in and move something home, in order to create the illusion of publicly issuing coupons to avoid the responsibility of theft.
Therefore, there is absolutely no justification for users to complain that the platform should not withdraw coupons. Whether its when someone else opens the door or when a truck rolls over on a highway, theres no reason for users to take something that belongs to the platform. This is a basic respect for other peoples property rights, and the owner should be able to take various means to recover the lost assets.
For new e-commerce giants like Pingduo, the attack exposed fundamental loopholes in its wind control system. But what is more worth rethinking is why a serious case of corporate financial theft has plunged into a carnival of innocence in public opinion.
When the three words wool party appeared in newspapers, it did enjoy the privilege of moral immunity for a while. At that time, Internet companies often had discount loopholes that could be exploited by users because of the problems of wind control system and system design. Then, the Wool Party also had the illusion of individual bargaining with business giants through smart calculation in many peoples minds. However, with the upgrading of technology and wind control means, there is almost no room for ordinary people to cotton wool in the sense of cotton wool. The Woollen Party has become a professional criminal gang, which has a large number of mobile phone black cards and exploits the technological loopholes of Internet companies to make mad profits. In fact, there are now many wool parties, which use technological loopholes to commit high-tech crimes and roam the edge of fraud and theft. Professional organizations have done statistics. There are more than 1.6 million practitioners in the upstream and downstream of online black products in China, with annual output value exceeding 100 billion yuan. From traditional banks, insurance companies to e-commerce platforms, they have become the target of attack. This is a blatant violation of the business environment and consensus. The public should realize that the black production team is neither a rash hero nor a grass-roots representative. They not only violate the interests of enterprises, but also deprive users of dividends, and ultimately destroy the trust link between enterprises and users. And cracking down on the Mafia and Wool Party should also be the most important consensus in the era of big data. Source: Author of Beijing Newspaper: Hu Han Liable Editor: Li Xi_NN2587
When the three words wool party appeared in newspapers, it did enjoy the privilege of moral immunity for a while. At that time, Internet companies often had discount loopholes that could be exploited by users because of the problems of wind control system and system design. Then, the Wool Party also had the illusion of individual bargaining with business giants through smart calculation in many peoples minds. However, with the upgrading of technology and wind control means, there is almost no room for ordinary people to cotton wool in the sense of cotton wool. The Woollen Party has become a professional criminal gang, which has a large number of mobile phone black cards and exploits the technological loopholes of Internet companies to make mad profits. In fact, there are now many wool parties, which use technological loopholes to commit high-tech crimes and roam the edge of fraud and theft. Professional organizations have done statistics. There are more than 1.6 million practitioners in the upstream and downstream of online black products in China, with annual output value exceeding 100 billion yuan. From traditional banks, insurance companies to e-commerce platforms, they have become the target of attack.
This is a blatant violation of the business environment and consensus. The public should realize that the black production team is neither a rash hero nor a grass-roots representative. They not only violate the interests of enterprises, but also deprive users of dividends, and ultimately destroy the trust link between enterprises and users. And cracking down on the Mafia and Wool Party should also be the most important consensus in the era of big data.