The CSDN user data leak case cracked suspects using the website vulnerability

people.com.cn March 20 Beijing Xinhua recently, which lasted more than and 40 days of careful investigation, the Beijing police cracked CSDN (micro-blog) website user data leak case, and successfully broken with 4 other cases, and arrested on suspicion of illegal access to computer data criminal detention Zengmou 5 suspects. Actively carry out the investigation of the case at the same time, the Beijing police on the CSDN site without the implementation of the national information security level protection system caused by user information leakage events to make administrative punishment of warning, this is the first in China to implement the "information security protection system since the ticket".

December 22, 2011, Beijing police received a report from CSDN company, said the company’s servers were compromised, the core data were leaked.

through a large number of online leaked CSDN data in time and other aspects of careful comparison, the task force found that most of these data from July 2009 to July 2010. Thus speculated that the server was hacked before July 2010. Because of the invasion of the server has a year ago was to do with it, the log was not retained, the data can not be restored, technical staff was responsible for the majority of existing staff turnover, do not understand the situation, coupled with the loss of data has two years of time, to find the original source data by intruders are difficult.

after careful investigation of a large number of visits, the panel eventually locked a key clue, in September 2010 the post exposes the master CSDN database requires a user to cooperate with the company to enter into the panel view, and on February 4, 2012 in Zhejiang Wenzhou will suspect was arrested.

after preliminary examination, the man on April 2010 by CSDN website vulnerabilities trespassing server access to user data confessed to the crime, Zengmou also confessed that once invaded a recharge platform and a system of stock crime. So far, the task force investigators, which lasted 40 Yu Tian, removed more than 10 provinces and cities, successfully cracked the CSDN data breach case. Currently the case is under further work.

after the incident, the Beijing police launched an investigation on the CSDN website, found that it did not implement the national information security protection system, safety management system and technical protection measures are not in place is mainly caused by the leakage of user information. City Public Security Bureau to the network operator CSDN company made specific rectification requirements, and on the basis of the "People’s Republic of China Computer Information System Security Protection Ordinance" (People’s Republic of China State Council Decree No. 147) article twentieth (a) the provisions of Beijing Lezhi, innovative information technology limited company to make administrative punishment of warning.

since January this year, Beijing police to carry out information security inspection of the city’s 106 Internet sites, and found correct 206 security risks, effectively improve the safety management level of the capital of the Internet website.

since last year, Beijing police adhere to deepen the concept of public opinion leading police work, the full implementation of the fight

Leave a Reply

Your email address will not be published. Required fields are marked *