good network danger

Recently watched a documentary on Netflix: Cyber Hell: Exposing an Internet Horror. It is a film about the incident of Room N in South Korea. The documentary is from a tracing point of view. First, a reporter learned that someone was sending nude photos of women through Internet communication software. Later, it was found that it was a man with the code name of "Doctor".

How did the "Doctor" let the woman fall into this abyss? It's an opportunity to make quick money. And these women are not afraid of cheating, uploading their sexy photos and even personal information online. As a result, the "Doctor" used this as a lever to ask the woman to take more nude photos as he requested, otherwise it would be made public. The victims were called "slaves". And "Doctor" also opened a paid chat room for this, and subscribers have to pay: of course, it is encrypted currency to watch.

In fact, long before "Doctor" ran this "Nth Room", there was another one who ran it as "Godgod". He uses the most straightforward technique: phishing. "Gaga" sent a message to the target woman: "This website seems to have indecent photos of you, do you want to check it?". If the victim presses, the personal data of the mobile phone will be obtained. As a result, it fell into the abyss of irreversible redemption. And "Doctor" is scary because he can control his victims, watch videos, and help him do things.

After an undercover investigation by the police, "Doctor" was finally arrested. When Kei asked for a response to his crimes, he said:

"I apologize to all the victims, and I also thank you for giving me an inextricable demonic life and pressing the stop button." [Note 1 ]

In the video, the police said that they had to make sure that "Doctor"'s online account was online before arresting him. Otherwise, he might delete the account and all the evidence would be wiped out. Therefore, the police chose to arrest "Doctor" and his father on their way home.

I was wondering how his father would have thought that his son would be arrested by the police; even less could he have committed such a horrific crime.

～～～～～～～～～～

After watching this documentary, it reminded me of the book "Zero-Day Attack" that I read a few months ago, author Nicole. Burroughs, senior security reporter for The New York Times.

What is the concept of zero-day attack? It comes from a "zero-day exploit" - a hacker attack when you don't expect it:

The so-called zero-day vulnerability refers to the existence of security vulnerabilities in software that can be exploited, but most people, including the software developers and suppliers, are unaware of the existence of vulnerabilities. From the perspective of the life cycle of zero-day vulnerabilities, the software developers wrote the program at the beginning, but the code has some errors (this is actually a common thing); however, these errors do not affect the operation of the program, so even the program developers themselves It is conceivable that users will not know the existence of these loopholes.
However, maybe one day, this software bug is discovered, and the well-intentioned discoverer will notify the software developer to provide users with a patch update. However, if they encounter people with bad intentions, such as ulterior motives, black hat hackers or cybercriminals, they may invest in researching whether the vulnerability has an opportunity or not. Once they find that the exploit is very valuable, for example, they can use By hacking into the Microsoft Windows operating system or Apple's iOS operating system, which is used by most people, the hacker will go further and design an attack program to use this vulnerability to infiltrate the computer. And as long as this vulnerability has not been exposed, the network attack can continue, which is a zero-day vulnerability. (page 5)

The author interviewed 300 white hat hackers, security companies, and even former government officials. Some of them were "eye-opening" for me. For example, a programmer interviewed said that unless the entire program is written by himself, as long as one section uses Open Source Software (OSS), there will be loopholes. OSS is like a prefabricated component, and everyone can use it for free under certain conditions. But "free" things always have risks, and security breaches are one of them.

It is because of this "invisible bomb" that it has a great impact at any time. The author's foreword is that on June 27-28, 2017, the Ukrainian power grid was attacked by Russian hackers. As a result, Chernobyl's radiation monitoring system was offline, and government departments and banks were affected, but because the "Internet of Things" was not so popular, there was no greater impact.

Looking back at the Ukrainian-Russian war today, hackers, like "soldiers", attacked each other in an invisible "environment".

The author also clearly points out in the book that China has also joined this international information security war and attacked the United States. Of course, the United States is not a good country either, because its NSA is also using loopholes to monitor, until Snowden revealed the NSA's misconduct, it was called "convergence".

Information security is always something that everyone faces every day - even if you don't use a smartphone or computer. The only thing you can do is to be careful first, and then you can only hope that the world does not have a black, wicked government.

Only, the latter will not appear.

～～～～～～～～～～

[Note 1 ] Chen Qingde, "Dr. Zhao in "Room N ", which made others fall into "Devil's Life": If you don't do as I say, your personal information will be spread on the Internet" (change date)
https://crossing.cw.com.tw/article/13210

Room N Incident (Wikipedia)
https://en.wikipedia.org/en-tw/Room N Incident#cite_note-34

Internet Purgatory: Unmasking Room N (Netflix)
https://www.netflix.com/title/81354041

Zero-day attack: Paralyze the world in one second! "New York Times" reporters tracked for 7 years and interviewed more than 300 key figures, revealing the dark truth of the underground industrial chain of digital arms in the 21st century (from blog)
https://www.books.com.tw/products/0010903622