Jiangsu Lianyungang Procuratorate recently revealed that a multi-local public security vehicle management system software provider has turned into a "hacker", colluding with "yellow cattle", in the vehicle management system of the vehicle management system, the special generation to delete traffic violation records up to 1.4 More than 10,000.
Looking at the case of Lianyungang, the relevant professionals believe that the case warns that there are security risks in the government's similar technology outsourcing services, and it is necessary to strengthen the regulation and prevent risks.
The vehicle management system supplier became a "hacker" collusion "yellow cattle" and "deletion violation"
An ordinary working day in January 2014. Wang Feng, a police patrol brigade of the Guanyun County Public Security Bureau, found that an illegal car information that was seized by hand in the past time did not know when it disappeared from the illegal system of the application platform.
The local public security organs followed the lead of the owner of the car. "Yellow cattle" Wang, Zhang and his wife and other software R & D personnel invaded the public security traffic management integrated platform, and directly deleted the vicious cases of vehicle violation records gradually surfaced.
Li, born in 1970, founded Information Technology Co., Ltd. in Nanjing, operating computer software research and development, system integration and maintenance projects. In 2007, the software system of the vehicle management school developed by Li became a supplier of software systems for the city's vehicle management systems in Lianyungang, Suqian, Nanjing, etc., and provided technical support for the installation and maintenance of related systems.
Li’s criminal path stems from meeting Wang and Zhang. In April 2010, the 4S shop of Lianyungang City Vehicle Management Center installed the vehicle information entry system, and Li was responsible for the 4s shop software installation.
Zhang, a 4S shop manager, learned that the vehicle inspection system and the illegal system were all developed, installed and maintained by Li, and then asked if Li could delete the vehicle violation record through the computer background.
Li immediately said, "I try to fish in the water!" Subsequently, Li was responsible for providing technical support. Wang was responsible for providing the vehicle number and owner's name to eliminate the violation. Wang was paid to Li by 40-50% of the amount of the fine. Since then, Wang and Zhang have paid for the “deletion†and Li’s “business model†for half-point.
"Technical elite" drilling system loopholes
From avoiding the on-site supervision, to exploiting the loopholes to avoid the public security intranet alarm system, Li, who is skilled in technology, is hard to fill, and eventually becomes a prisoner.
When Li was in the system maintenance of the vehicle management office, he avoided the supervision of the public security police, entered the pre-programmed deletion procedure, and illegally deleted the illegal record of the vehicle that Zhang asked. But he knows that the way to use the "system maintenance" excuse to delete records will sooner or later be discovered. The skilled Li discovered a loophole in the system. By installing the network configuration on the public security intranet server, the Internet can remotely invade the public security network system, and also avoids the public security intranet alarm system.
Lee began to remove the violation record at home all day. As of the time of the incident, the public security organs found out that Li had illegally deleted more than 14,000 traffic violation records, involving more than 18 million yuan. In three years, Li illegally collected more than 6.5 million yuan, and Wang and Zhang illegally made more than 3 million yuan.
On April 24 this year, the Guanyun County Public Security Bureau filed a case for investigation. Li, Wang, Zhang and five “yellow cattle†who wanted to share a piece of cake were arrested and arrested by the public security organs for suspected illegal invasion of computer information systems. . At present, eight suspects have been transferred to the Guanyun County Procuratorate for review and prosecution, and waiting for them will be severely punished by law.
Information technology outsourcing security risks need to strengthen regulation and prevention
Gong Yu, a professor at the Department of Computer Science and Engineering at Southeast University, said that in the Internet era, the government should be more cautious about such outsourcing services and strengthen management and regulation. Network system construction also needs to be graded. Some important systems cannot be simply outsourced. They should be handed over to institutions with corresponding qualifications, otherwise there may be huge hidden dangers.
"For this incident in Lianyungang, on the one hand, it shows that there are certain defects in the local system construction, the system content is deleted but there is no trace, and the system can not find the problem with the provincial office system, which needs to be trapped from the technical level. On the one hand, in reality, such problems are difficult to solve completely through the technical level, or rely on laws and regulations to manage." Gong Yu said.
Wang Jianwen, deputy dean of Hohai University School of Law, believes that the case of Lianyungang shows that the object of high-tech entrusted service must have officially recognized qualifications, involving government information supervision, not only bidding, but also a special third-party inspection. program.
SICHUAN TELOS NEW MATERIAL TECHNOLOGY CO., LTD , https://www.kenlarcutters.com