Current location - Trademark Inquiry Complete Network - Overdue credit card - How many codes constitute a crime?
How many codes constitute a crime?

Criminal characterization of the behavior of the parties involved in the code receiving platform

Wu Qihang

People's Procuratorate of Xuzhou City, Jiangsu Province

Abstract: Related to the code receiving platform Fang obtained a large number of mobile phone numbers and verification codes through the code receiving platform, and registered and converted them into Internet accounts in batches, which continuously provided blood and food for the downstream black and gray industry, and built a huge network for black and gray industry practitioners to hide their identities. Barrier has great social harm and infringement of legal interests. At this stage, criminal regulation of the behavior of relevant parties in the docking code platform still needs to be strengthened. By analyzing the subjects involved in the code connection, the operation process, etc., real-name cards and non-real-name cards can be distinguished, so as to accurately criminalize the behavior of relevant parties in the docking code platform.

Keywords: Black and gray products of code reception, infringement of citizens’ personal information, illegal acquisition of computer information system data technology, illegal full-text code reception is constructed with three parties as the core entities: card dealers, account dealers, and code reception platform operators. An industrial chain that delivers a large number of mobile phone numbers and Internet accounts to downstream black and gray industries. In October 2020, the State Council decided to launch a nationwide "card-breaking" operation to severely crack down on and rectify the criminal activities of illegally opening and selling mobile phone cards and credit cards. As the source of efficiently providing a large number of mobile phone numbers and Internet accounts to downstream black and gray industries, the code receiving platform is the key target of the "card disconnection" operation.

1. Basic overview of the code receiving platform (1) The three main card merchants involved in the code receiving platform refer to users who have a large number of physical mobile phone cards. They sell these cards directly or to numbers through the code receiving platform. Business or downstream black ash industry practitioners. The mobile phone cards in the hands of card dealers are divided into real-name cards and non-real-name cards. The main sources of real-name cards are the acquisition of mobile phone cards registered with other people's real names, mobile phone cards registered with other people's identities or registered with false identities, and those obtained from other people's real-name cards. The card is obtained from the operator staff in the card opening task; non-real-name cards include IoT cards and overseas cards. An account dealer refers to a person who purchases a mobile phone number directly from a card dealer or through a code receiving platform and obtains a verification code. The account dealer registers the obtained mobile phone number and verification code into various Internet accounts and sells them to black and gray industry practitioners. Or for your own use in black and ash production. The code receiving platform is an intermediary that connects card dealers and account dealers. It is like a supermarket. It displays the mobile phone numbers of card dealers on the platform for account dealers to select, and provides card dealers with receiving, transmitting verification codes, and fund settlement services. . (2) The operation process of the code receiving platform The code receiving platform generally has three-party ports, including the management end of the platform, the client provided to account dealers, and the card dealer end provided to card dealers. The card dealer inserts a large number of mobile phone cards into the "Mao Chi" device, and uploads the mobile phone number to the code receiving platform through the card reading software. The number dealer can see the number on the platform on the computer client. The account dealer recharges money on the code receiving platform. After selecting a number, enter the number into the Internet software registration page and click to obtain the verification code. "Maochi" will directly upload the received verification code to the code receiving platform. The account dealer can view it on the platform. After receiving the verification code, enter it into the registration page to complete the registration. After the account provider receives a verification code, the platform will automatically deduct the cost of a verification code. After the card merchant sells the mobile phone number and verification code through the code receiving platform, it will initiate a settlement application to the platform, and the code receiving platform will settle the settlement with the card merchant based on the sales situation. The above-mentioned code receiving process, which is mainly composed of card dealers, code receiving platforms, and account dealers, starts over and over again and is carried out in batches. Internet companies such as Tencent and JD.com clearly prohibit malicious and batch registration behaviors, and have set up special security prevention mechanisms for this purpose. Account merchants will use flash software to change the mobile phone device identification number, switch the mobile phone IP address, and continue to implement the above-mentioned verification code acquisition and registration. Account behavior to bypass the security protection measures of Internet companies.

2. Operating characteristics of the code receiving platform In the context of diversified network platforms, Internet accounts obtained through the code receiving platform and registered with verification codes are widely used, including scamming orders, Low-level methods such as "snatching wool", sending advertisements, voting in mini programs, and authorized game logins also include high-level methods such as telecommunications fraud, spreading obscene materials, and gambling. The social harm is self-evident. However, based on the operating characteristics of the platform, there are also certain difficulties in punishing relevant parties of the docking code platform. (1) Huge scale Due to low cost investment and large profits, the code receiving platform has expanded rapidly. The number of mobile phone cards obtained by card dealers, the number of verification codes received by the code receiving platform, and the number of Internet accounts registered and sold by account dealers are often in the tens of thousands. Hundreds of thousands, even millions.

Corresponding to different card dealers, account dealers, and various downstream industries, the objects supported and helped by the code receiving platform are not fixed, and it is a "many-to-many" model. Compared with traditional crimes of "one-to-one" and "one-to-one" "Multiple" model, the operation of the code receiving platform is more harmful to society and affects a wider range. (2) The loose organizational structure is different from the traditional "pyramid" management structure. There is no obvious hierarchical division among the card merchants, code receiving platforms, and account merchants. It is essentially a kind of collaboration, that is, each actor is in a position based on division of labor. At different links in the industrial chain, services are provided based on division of labor. The members of each link of the code receiving platform are not fixed, highly mobile, and distributed across regions. They do not clearly identify each other, nor are they closely connected or frequently communicated with each other. The overall organizational structure is relatively loose. This feature often makes it difficult to hold relevant persons accountable and prone to jurisdictional objections. (3) Technology is illegal. The nature of coding technology has always been controversial. According to the "technology neutral" perspective, technology itself does not represent value orientation, and needs to be comprehensively judged through its research and development process, usage methods, scope of use, etc. The code receiving technology itself is not obviously intrusive or destructive, but it is produced to provide a large number of mobile phone numbers and verification codes to downstream efficiently to avoid network real-name supervision, and it has a certain degree of illegality or violation. However, it does not follow that the numbers and verification codes obtained through the code receiving platform must be used for illegal crimes. In reality, there are also cases where the code receiving platform is used to obtain mobile phone numbers and verification codes in order to use the account for advertising promotion, or for individuals to use the Internet for advertising purposes. Space hides identity to enhance experience and freedom. To sum up, the coding industry that provides services for downstream black and gray products is itself a type of black and gray industry, which has great social harm. However, black and gray products are not legal terms, and they are by no means criminal insulators. The behavior of relevant parties in the coding industry Criminal regulation should always be based on the provisions of the criminal law, starting from analyzing whether the specific behaviors of card dealers, code-receiving platform operators, and account dealers conform to the composition of crimes, and exploring the criminal regulation path for the behavior of relevant parties in the code-receiving platform.

3. Criminal characterization of the behavior of relevant parties on the code receiving platform (1) Criminal characterization of the behavior of relevant parties on the real-name card code receiving platform Relevant parties on the code receiving platform transmit, provide and obtain real-name mobile phones with real personal information recorded Ka’s behavior complies with Article 253-1 of the Criminal Law, which constitutes the crime of infringing on citizens’ personal information. First, real-name mobile phone cards that record real personal information can be identified as the criminal object of the crime of infringement of citizens' personal information - "citizen personal information", which meets the characteristics of identifying the identity of a specific natural person or reflecting the activities of a specific natural person. Second, the behavior of card dealers and code receiving platform operators is consistent with the description of the crime of "violating relevant national regulations and selling or providing citizens' personal information to others" stipulated in this article. According to Article 4 of the "Interpretations on Several Issues Concerning the Application of Laws in Handling Criminal Cases of Infringement of Citizens' Personal Information", the behavior of phone number dealers purchasing and obtaining mobile phone numbers is "illegally obtaining citizens' personal information by other methods", that is, the operator of the code receiving platform The actions of , card dealers, and account dealers all meet the constituent elements of the crime of infringing on citizens’ personal information. Special attention should be paid to the fact that although the mobile phone card registered with a false identity is in the form of "real name", it records false identity information. Therefore, the act of selling, providing, or purchasing the mobile phone card and verification code registered with a false identity should not be treated as "real name". Convicted of infringement of citizens’ personal information. In addition, regarding the situation where the real-name mobile phone cards involved are voluntarily provided or sold by others, there are different opinions in practice. Some believe that voluntary provision by individuals prevents the infringement of citizens' personal information rights, while others believe that natural persons have no rights to their own personal information. There are no exclusive rights. The author agrees with the latter view. The legal interests protected by the crime of infringing on citizens' personal information include not only the rights and interests of citizens' personal information, but also the state's management order of citizens' personal information, and the large-scale acquisition or sale of real-name mobile phone cards that citizens voluntarily sell. Personal information seriously violates the state's management order of citizens' personal information, has great social harm, and should be characterized as a crime of infringement of citizens' personal information. (2) Criminal characterization of the behaviors of parties related to non-real-name card access platforms. Regarding the behaviors related to the mobile phone card access industry involving non-real-name cards and false identity registrations, at this stage, there are mainly discussions on the application of the following crimes. 1. The crime of illegal business operations. Some people believe that the behavior of relevant parties of the code receiving platform in selling, transmitting, and obtaining non-real-name mobile phone numbers and verification codes is essentially a violation of the country's regulations on the real-name system on the Internet and operating SMS collection services. The relevant parties of the code receiving platform operated the SMS collection business without a license, disrupting the market order and constituting the crime of illegal operation. This view is questionable.

The "Measures for the Administration of Internet Information Services" stipulates that the state implements a licensing system for commercial Internet information services, that is, if information or web page production and other services are provided to network users for a fee through the Internet, if the permission of the management department is obtained, the service is legal. It is illegal if permission is given by the administration. There is a hidden premise here that the service itself is neutral. However, the code receiving technology is not a completely neutral technology. It transmits a large number of mobile phone numbers and verification codes to downstream with the illegal intention of evading real-name supervision. The technology is illegal. Based on this, there is a dilemma in demonstrating that the behavior of the relevant parties of the code receiving platform constitutes the crime of illegal business operations. 2. The crime of providing intrusion and illegal control of computer information system programs and tools, the crime of illegally obtaining computer information system data, the crime of illegal use of information networks, and the crime of assisting information network criminal activities. These four crimes are all crimes related to cyber crimes in Chapter 6 of the Criminal Law, the crime of obstructing social management order. Among them, the crime of illegal use of information networks and the crime of assisting information network criminal activities are newly added provisions of the "Criminal Law Amendment (9)". The former It is "the transformation of a preparatory criminal into a principal offender", and the latter is "the transformation of an accomplice into a principal offender". As the cover clauses of cybercrime, the two crimes should be considered for application when other cybercrime crimes in this chapter cannot be applied. Therefore, the following will first Explore the possibility of applying the crime of providing intrusion and illegal control of computer information system programs and tools and the crime of illegally obtaining computer information system data. (1) The crime of providing programs and tools to invade and illegally control computer information systems. The "programs and tools" in this crime refer to "programs and tools specifically used to invade and illegally control computer information systems." The functional design of the code receiving platform does not have the function of intruding into other people's computer information systems. It is a program that can be used for both network crimes and legal purposes. To be incompatible with this crime, it must be a program or tool specifically used to achieve illegal and criminal purposes. requirements, this crime cannot be applied. (2) The crime of illegally obtaining computer information system data. The application of this crime needs to be considered from three aspects: "whether it violates national regulations", "whether it is data among the elements of the crime of illegally obtaining computer information system data" and "whether it is a technical means". First, whether it violates national regulations. The author believes that the behavior of the relevant parties of the code-receiving platform violates the provisions of Article 27 of the "Network Security Law" which stipulates that "you shall not engage in activities that interfere with the normal functions of other people's networks." Some people believe that the behavior of the relevant parties of the code receiving platform violates the national regulations on the real-name system, mainly referring to the violation of Article 24, paragraph 1, of the "Cybersecurity Law", but this article refers to the network operator providing relevant services and should require If the user provides true identity information, that is, the illegal subject is the network service provider. According to this regulation, card dealers and account dealers cannot of course be considered to have violated the national regulations on the real-name system. However, what is clear is that in order to implement the real-name system provisions of the "Network Security Law" for network operators and to maintain network order, Internet companies explicitly prohibit malicious registration and batch registration, and have specially set up a series of preventive and confrontational security measures for this purpose. mechanism, and card dealers, code receiving platforms, and account dealers cooperated with each other to complete the behavior of obtaining non-real-name mobile phone numbers and verification codes, bypassing security prevention mechanisms, and registering Internet accounts in batches. This is an act that interferes with the normal functions of other people's networks and is serious. It endangers the security order of the network and is therefore illegal. Second, whether it is data that is one of the essential elements of the crime of illegally obtaining computer information system data. The mobile phone number and verification code are data used to confirm the user's authority to operate on the computer information system. According to the "Interpretation on Several Issues Concerning the Application of Laws in Handling Criminal Cases Endangering the Security of Computer Information Systems", they are among the elements constituting the crime. data. Some people point out that what is actually obtained through the code receiving platform is the account number and password. However, analyzing the generation principle of the account number and password, it is not difficult to find that the account number is written by Internet companies using batch programs. Although the password is set by the user, it is also passed on the platform. The setting can only be successful if the use is allowed, so the password is actually delivered to the user by the platform. From the registration process, the mobile phone number and verification code act as the account number and password, and are the predecessors of the account number and password. In addition, the determination of a set of identity authentication information should not be based on whether it can actually be logged in and used during the case handling process, but should be based on the specific method of illegal acquisition to determine whether the mobile phone number and verification code are usable when they are obtained.

The obtained mobile phone number and verification code will be fed back to the platform when there is a problem when registering the APP, and the feedback content will be recorded in the database, thus confirming the purpose and effectiveness of the verification code. This also solves the problem of suspects’ defense in judicial practice. What is obtained is the account number and password. Many accounts registered using mobile phone numbers and verification codes have been blocked. The amount of data obtained is difficult to obtain evidence and difficult to calculate. Third, whether other technical means are used. The crime of illegally obtaining computer information system data is described as "intrusion or use of other technical means". The behavior of the parties involved in the code receiving platform does not belong to "intrusion", so it is necessary to focus on whether it belongs to "other technical means". After searching the China Judgment Documents Network, among the documents that were sentenced for the crime of "illegal acquisition of computer information system data", it was determined that other technical means were used, including: "credential stuffing", using phishing websites to obtain data, using software to change passwords in batches, and changing passwords. Mobile phone to obtain account number, etc. Among them, the most common cases of obtaining data are through "credential stuffing", and the judgments all regard the obtained large number of account numbers and passwords as "technical means" to re-obtain a set of valid and operational data through "credential stuffing" (exposing secrets). To determine whether the data acquisition behavior of the parties involved in the coding platform belongs to "other technical means", we can start by comparing it with the above-mentioned technical means that have been judged and found to be uncontroversial. The core security strategy of existing Internet companies to combat "credential stuffing" is to establish verification code security protection measures. The principle is to provide pictures and texts that can usually only be recognized by humans, and allow operators to answer questions to confirm that the subject of the operation is a human and not a machine. In order to improve the efficiency of "credential stuffing" verification, the suspect gave birth to a coding platform. In current judicial practice, coding platforms with verification code recognition and number scanning software for batch login are identified as programs that “have the function of circumventing computer information system security protection measures and obtaining computer information system data without authorization or exceeding authorization.” ,tool. During the code receiving process, operations such as obtaining a large number of verification codes to register, changing IP, and flashing the phone are all security measures set up by Internet companies to prevent the same device from using multiple mobile phone numbers to register multiple accounts multiple times. Therefore, the coding technology discussed in this article and the coding technology mentioned above both have the effect of piercing the security protection measures of the platform verification code. The means and behavior of the parties involved in the coding platform are equivalent to the methods used for credential stuffing, and should be classified as "using other technical means." Paragraph 2 of Article 285 of the Criminal Law stipulates "the use of other technical means", indicating that legislators have noticed that in practice there are a variety of illegal acquisitions of computer information system data other than "intrusion", and with the technological threshold of Internet platform security protection With the improvement of the crime, the black and ash production technology that confronts it is also constantly improving. Therefore, the specific behavioral methods of this crime are difficult to exhaust through detailed enumeration, and must be defined through a specific analysis of behavioral and technical principles. Fourth, whether the relevant parties of the code receiving platform constitute a crime of rape. The card dealer, the operator of the code receiving platform, and the account dealer all knew the specific actions jointly carried out by the three parties and knew the purpose of illegally obtaining mobile phone numbers and verification codes in batches to register Internet accounts, but they still cooperated with each other to complete the above actions. All three parties are indispensable. , played a major and active role in the process of obtaining computer information system data, constituting a homosexual crime. (3) Crimes of illegal use of information networks and crimes of assisting information network criminal activities. When the behavior of the relevant parties of the code connection platform constitutes the crime of illegally obtaining computer information system data, it does not rule out the possibility of coexistence with the crime of illegal use of information networks or the crime of assisting information network criminal activities. However, unlike the act of obtaining data itself, which constitutes the crime of illegally obtaining computer information system data, the prerequisite for constituting the crime of illegal use of information networks and the crime of assisting information network criminal activities is to verify the downstream crimes, such as verifying that the person or others use the established code receiving platform to publish illegal Only those who obtain criminal information or commit other specific illegal and criminal activities such as fraud can be held accountable for the crime of illegal use of information networks; it is verified that the mobile phone number and account registered with the verification code obtained through the code receiving platform are used for illegal and criminal activities such as telecommunications network fraud. , can relevant parties of the docking code platform be convicted and punished for the crime of assisting information network criminal activities.

Related articles
  • What is a credit card?
  • Bachelor degree, just working, salary 3000, how much can I get for China Merchants Bank credit card?
  • Does credit card overdraft charge interest?
  • Can I still use the Pacific student card after it has expired?
  • How to check the credit of Bank of Communications credit card
  • The credit card of China Merchants Bank has a fixed credit line of 11, yuan, and I have a temporary credit line of 24, yuan, so I will put the card.
  • Minshengzi defines the benefits of employment card
  • How many days does Ping An Bank's credit card repay?
  • How much is the annual fee of CITIC Bank Southern Pearl Credit Card?
  • Does Bank of Communications really need credit records and social security card payment records to negotiate repayment?

    • copyright 2024 Trademark Inquiry Complete Network All rights reserved