January 17, 2012 - The NationalCybersecurityBriefing Center today informed that recently, Guangxi Guilin public security net security department work found that Guilin City, Yangshuo County, an attraction ticket reservation platform there are traces of abuse. Upon investigation.The "scalper" gang used the platform's CAPTCHA component flaws to carry out illegal ticket-snatching behavior.Guangxi Guilin public security net security department through the investigation successfully arrested the "scalping" gang. Guangxi Guilin public security network security department through the investigation, successfully arrested the "scalper" gang, seized a number of computers and other tools. At the same time found thatSome graphical CAPTCHA components have outstanding risks and are very easy to be utilized by unscrupulous elements., reminding the majority of units and individuals to take greater precautions.
1AICase-specific information is attached below:
I. Status of cases
2024 During the National Day holiday, the Guangxi Guilin public security network security department worked to discover that theA large number of netizens reflected that it was "difficult to find a ticket" for a certain attraction, and travel agencies and "scalpers" colluded to release advertisements on behalf of ticket-snatching on social media platformsThe Guangxi Guilin public security network security department attaches great importance to, immediately set up a task force to carry out investigations.
After analyzing the running logs of this ticket reservation platform, it was found that there wereHigh frequency and uninterrupted duration of appointment behaviorObviously by the "plug-in" software abuse traces. Through further investigation, successfully locked the implementation of crime "scalper" gang, the task force went to Beijing, Chongqing, Sichuan, Guangxi arrested 12 suspects, seized a number of computers and other tools. After verification, the "scalper" gang using external softwareIllegally grabbed approximately 10,000 tickets during the 2024 Fourth of July vacation.
ii. modus operandi of the crime
It was found that the suspects pre-empted the plug-in software in theEnter the name of the visitor, cell phone number and other necessary information, the platform release tickets when the plug-in software automatically initiates a request to grab ticketsThe software has been analyzed and found to have a technical core. Upon analysis, the technical core of the plug-in software was found to beGraphical Class Validation Mechanism for Automated Quick Answer Ticket Reservation Platforms.
Under normal circumstances, visitors reserving tickets need toManually select randomly arranged patterns to pass validation.The suspects advance by initiating frequent registration requests.Downloaded tens of thousands of captcha images of the same type, manually label the correct answers in the validation images, and then use the labeled data toTraining a highly accurate image recognition model, utilizing the model when grabbing ticketsAutomatically and quickly deduce the correct CAPTCHA.
III. Risk Warning
The graphic class CAPTCHA components involved in this case are used in a wide range, coupled with the current popularity of image recognition tools easily accessible, the relevant network application verification mechanism is cracked (bypass) the risk of outstanding. The Spring Festival holiday is approaching, in order to prevent the recurrence of similar cases, prompted the relevant units and individuals to strengthen prevention:
- First, the majority of network operating units, individual users should be network applications such as registration, login, key business operations and other aspects of the verification code components to check, in particular, the use ofPattern selection, text selectiontypes of authentication methods, assess the security risk of CAPTCHA schemes, and simultaneously strengthen the monitoring and blocking of abnormal behaviors such as short-time and high-frequency network requests, and block abnormal IPs in a timely manner.
- Second, CAPTCHA service providers should takeAdding noise, distorting and warping, changing fontsand other measures to enhance the complexity of the CAPTCHA to make it difficult for automated tools to recognize it, and continuously investigate the security defects and risk vulnerabilities of the CAPTCHA component, provide upgrading and improvement solutions, and fulfill the statutory notification obligations.
