Original link: https://missuo.me/post/information-security-in-china/
Information security, maybe you have never paid attention to this word. Or maybe the information leak never happened to you, so you don’t care.
In fact, before college, I, like most people, barely paid attention to the field of information security. It was not until I went to college and started to get in touch with computer-related knowledge that I began to pay attention to my personal privacy and tried to protect my privacy as much as possible in my daily life. The recipients of all my shopping platforms do not have real names, almost all of them are names like Cook. My delivery addresses are not specific to several buildings or rooms, so they are generally placed in Fengchao. But in doing so, there is a very inappropriate place, that is, your mobile phone number must be filled in real, otherwise you will not be able to find the pickup code of Fengchao. SF Express and JD.com are my favorite express companies. Of course, they are also the largest in the express delivery industry. The mobile phone numbers of the users on their waybills are not complete. If you usually pay attention, they are replaced by asterisks. Members can only make calls through virtual numbers. On the waybill of other courier companies, almost all 11-digit complete phone numbers. Imagine that if the cleaning staff of the community cooperates with an organization and collects the mobile phone number on the express waybill in the garbage dump every day, then almost the phone number of the owner of the entire community can be obtained. This may seem like a not-so-smart way, if you look for a property to buy, you can easily get all the owner information, as far as I know, this kind of thing is indeed done in most properties. In addition to express delivery, take-out is another important way of information leakage. Although the current mainstream take-out platforms, Ele.me and Meituan, print take-out orders with virtual numbers, there is one more important than the mobile phone number on the take-out order. The information is a very specific address. I believe that no one will write the name of the community in order to protect the privacy of the address, instead of writing a few buildings and several rooms, and then go to the door of the community to get takeaway every time, which does not seem to highlight the advantages of takeaway. Be careful not to go to any platform to buy Ele.me annual membership, it is very likely that you will log in to your account and reveal all your delivery addresses.
After talking about the express delivery and takeaway of daily life, let’s talk about homestays and hotels. The hotel needs to register the information of the occupants, but I believe that the information of the slightly higher-end hotels is only entered into the system and passed to the public security. But for homestays, on software such as Airbnb and Meituan, you need to fill in your real name and ID number when you order. But the strange thing is that when you arrive at two o’clock in the afternoon on the day of check-in, when you ask the landlord how to check in, most of the landlords will ask you to photograph the front and back of your ID card and send it to him (note that it is through WeChat). Generally, under such circumstances, I am very disgusted and ask for other people’s documents in private through WeChat. In most cases, I will explain to the landlord that it is not possible to ask for ID documents without going through the platform. Some landlords are good enough to talk, so they will not pursue it any further. And some landlords insist on sending it to him. At this time, you actually have two choices. One simple choice is to compromise, and the other is to insist on yourself. The platform feedback this matter, but the second option will definitely bring you a lot of trouble. If you can’t choose, you have to change to another place, and you are not sure whether the new place you are looking for still needs to let you post your identity. If you file a complaint with the platform, the platform customer service has to find the landlord to verify, which will inevitably waste tens of minutes or even hours. Back to the front, if you compromise and send your ID to the landlord, how can you ensure that the landlord, in addition to renting homestays, has a side business that sells personally identifiable information (of course I have no evidence, just malicious speculation ).
So apart from daily life and travel, is there really no other way for information to be leaked? The reality is far from that. In 2020, I saw a link in a group. Just open the link and enter the QQ number to know the mobile phone number bound to the QQ. Later, I got the Weibo number to check the bound mobile phone. This is the crazy 800 million QQ and 500 million Weibo on the Internet. I am honored to have seen these two databases with my own eyes. What are the consequences of these two databases? As long as QQ and Weibo are registered before 2020, you can easily get the other party’s mobile phone number, add WeChat, and transfer money through Alipay to know the other party’s name. The phone number and name can also know a lot of information. This is not the most serious, and later I found that a lot of information about him, including educational experience and so on, can be known by just one name. After my research, almost all students who have accepted primary school, junior high school, high school or vocational school in Zhejiang Province can find out their name, ID number, parent’s name, parent’s phone number, home address, school and class just by name. I suspected that the school staff had sold the data, but I later rejected the idea. It is very likely that the Education Bureau leaked the data. Of course, schools may also be selling, otherwise, why would your parents receive calls from training institutions on their mobile phones every day when you were in school, and even know how many points you scored in the mid-term exam before you.
These are all past data breaches, let’s talk about the most recent ones. On June 21, 2022, the data of 170 million users of Chaoxing Xuetong was leaked. Although the official denied this rumor, it has been confirmed that this is the truth. Some people have already put 500 USDT on the shelves, and this can already be found in some places. data. You may not know what this means if you haven’t used Chaoxing Xuetong. It is no exaggeration to say that 80-90% of colleges and universities in mainland China are using Chaoxing Xuetong for teaching, which means that the information of all students who are studying will be collected. leaked. This data includes name, student ID, gender, mobile phone number and password. The official understatement came out to refute the rumor, and also said that the password is encrypted, and the problem of this password will be discussed later.
If 170 million is not worth mentioning compared to China’s 1.4 billion population, then the rumored leaked data on July 2, 2022 contains more than 1 billion Chinese citizens, including personal information, criminal records, and epidemic data. . This is by far the largest information leak in mainland China. The overseas website wrote the data leaked by the vulnerability of Shanghai GOV National Police , which is currently being confirmed, and the price is 10BTC. Combined with the well-known domestic hacker sunwear ‘s Weibo, it should be true.
Finally, I want to talk about social accounts and passwords. It is recommended on social accounts that Douyin and WeChat accounts should not be set up related to their full spelling of names, abbreviations, birthdays, mobile phone numbers, and QQ numbers. In your Douyin profile, try not to write your own Weibo account. When sending WeChat to others, try not to give your QQ number or mobile phone number. Alipay must turn off mobile phone number search. When it comes to passwords, I believe most people have the same habits. Almost all platforms have the same password, and the password is ZJL021212, with the initials plus the date of birth, or the date of birth plus the initials. It is highly not recommended to use such a password, preferably a password that has nothing to do with your personal information. For websites and software that do not involve property, the same password can be used. Of course, it is better to be different for each platform, but the cost of remembering passwords is too high. Please do not believe that the password encryption said by Xuetong will not be leaked. For example, MD5 encryption. This encryption method is irreversible when designed. For example, 12345, after encryption, it is 827ccb0eea8a706c4c34a16891f84e7b. If you want to know what the plaintext of 827ccb0eea8a706c4c34a16891f84e7b is, you must have 123, 1234, and 12345 plaintext one by one. After encryption, compare it. It seems that the encryption algorithm is seamless. In fact, almost all MD5 ciphertexts can be cracked with rainbow tables. Therefore, the encrypted password is not necessarily safe if it is leaked.
In the end, I hope that China will have more cyber security experts, and I hope that each of our privacy can be well protected.
The above information is not necessarily true, a lot of it comes from the Internet, please treat it rationally.
This article is reprinted from: https://missuo.me/post/information-security-in-china/
This site is for inclusion only, and the copyright belongs to the original author.