Can you buy your privacy for 300 yuan?! How terrible is "opening the box"...

Is your privacy still safe? Do you dare to believe that you can buy your name, age, address, photo, ID number, and mobile phone number for 300 yuan?

Recently, the daughter of an Internet platform executive has repeatedly "opened the box" of others' privacy on the Internet due to a dispute over star chasing, which has attracted the attention of many netizens. The 13-year-old girl maliciously exposed the private information of many ordinary people on the Internet and used the method of "opening the box" to cyberbully the ordinary people.

As the incident continued to ferment, the Internet platform later issued an official statement saying that the "opening" information did not come from the company's internal data, but from an overseas "social engineering database." This response not only failed to calm public opinion, but also caused greater public concern. In this era of big data, how far are we from being "opened"? How can we ensure the security of our personal information?

Image generated by AI

What is "opening the box"?

The "opening of the box" in this incident does not literally mean "opening the box". Many people may have heard this term for the first time, but its harm is far beyond your imagination. "Opening the box" specifically refers to the criminal behavior of the offender obtaining the private information of others through various means and publicly publishing it on the Internet.

The privacy information here includes but is not limited to name, ID number, mobile phone number, home address, social account, assets under the name, bank flow, work unit, etc. It is like Pandora's box in Greek mythology. Once it is opened, countless evil consequences will be released.

Image generated by AI

Those who have their profiles "opened" are often subjected to phone harassment, cyberbullying, and threats from strangers. In recent years, "human profile opening" incidents have become more and more common. Zhang Xinyu, Zhao Lusi, Wang Yibo, Yang Di and many other artists have had their personal information exposed by "profile opening".

Personal privacy leakage

The "Special Report on Judicial Big Data on the Characteristics and Trends of Information Network Crimes (2017.1-2021.12)" released by the China Judicial Big Data Research Institute in 2022 shows that from 2017 to 2021, the first instance of people's courts at all levels across the country concluded more than 282,000 cases of information network crimes, and the number of cases has increased year by year. This data shows the effectiveness of the work of protecting the security of citizens' personal information, but also reflects the severity of the problem of personal privacy leakage.

Every piece of leaked private information is enough to ruin an ordinary person's normal life. Everyone may become the next person to be "opened".

Where does the “opening box” data come from?

As one of the important tools for "human box opening", the "social engineering database" is the product of the combination of hackers and big data. Hackers obtain a large amount of personal privacy data by attacking websites, defrauding users, etc., and integrate and analyze the data, and archive it in one place for query at any time and for the next hacker attack.

Image generated by AI

These data include user accounts and passwords of major websites and platforms, as well as various data such as occupations, hobbies, home addresses, etc. that we usually fill out online. It can be said that it is all-encompassing.

In fact, "opening the box" is much easier than you think. A reporter from Southern Metropolis Daily found that there are many groups on overseas social platforms that sell other people's privacy. The reporter spent only 300 yuan to buy the household registration information of a colleague, and the customer service also said that "240 yuan of it was the cost of taking a screenshot of the household registration on the public security website." Here, everyone's privacy is clearly marked with a price. Just thinking about it makes people shudder.

But why is it so easy to “open the box”? This is inseparable from the black industry chain with clear division of labor and intricate structure behind it. The upstream of the industry chain is hackers and “insiders”, the midstream is the “social engineering database” team, and the downstream is the “data traffickers”.

There are two main sources of data in the "social engineering database": one is that hackers steal data and information by invading government websites and corporate databases through loopholes, phishing software, etc.; the other is that industry "insiders" use their position to sell data within the industry, such as operator employees selling users' phone numbers and call records.

There may be "insiders" in transactions in express delivery, hotels, banks, real estate, social security agencies, and even the public security system.

After obtaining the raw data, the "social engineering database" team in the middle reaches will clean, summarize and analyze the data, and can even obtain more information about users by linking to other platforms. For example, they can link social platforms and shopping software through mobile phone numbers. After completing more information about users, they can proceed with subsequent sales.

On overseas platforms such as Telegram, "opening the box" is industry jargon. Some sellers will conduct transactions in code through encrypted communication tools. According to CCTV news, in January this year, Hangzhou police cracked a case of infringement of citizens' personal information. The suspect illegally obtained personal information through the "social worker database" and then made hundreds of thousands of yuan by accepting advertisements or paid surveys.

How to avoid being "opened"?

In this era of big data where everything is connected, everyone seems to be "running naked". But who would be willing to do that? In addition to regulatory authorities stepping up their efforts to investigate and crack down on information trafficking, and platforms strengthening supervision and technical governance, what can we as users do?

0 1

Application permission access needs to be carefully reviewed

When an APP pops up a permission request, do you agree to all of it or think twice? Applications requesting storage permissions often involve obtaining sensitive information such as personal photo albums and documents. If not properly protected, it is easy to cause privacy leaks. Therefore, when installing an application, it is best to grant only necessary storage access permissions and encrypt sensitive files for storage.

0 2

Location information turns on fuzzy positioning

Do you know how many apps on your phone require location information? Maps, taxis, food delivery, weather, all require your location. Every day our location information is frequently collected and used, and our home addresses and workplaces can be easily obtained based on this information. We can choose to only enable fuzzy location permissions in location permissions, and map software can be authorized separately.

0 3

Avoid using unsecured public WiFi

All free gifts have a hidden price tag. The common "free WiFi" in life actually has huge security risks. Because most of them are not encrypted, hackers can easily obtain your information after you log in. Therefore, please avoid connecting to unsafe public WiFi and protect your passwords and other private data.

Image generated by AI

0 4

Be careful to protect your personal information on social media

The selfies you share on social media can lock your location, and sensitive pictures you don't mosaic may reveal your family information. It is recommended to use a nickname instead of your real name and avoid posting sensitive information such as phone numbers and home addresses on public social platforms.

After reading this article, go and “lock” your personal privacy protection!