Cracking DingTalk to earn five million, a tech CEO sentenced to five and a half years
[4] Compiled from: Red Star News
[2] A monthly membership fee of 25 yuan or an annual fee of 89 yuan allows users to use the APP's virtual positioning technology to send fake locations to the DingTalk system, enabling remote check-ins without being at the company.
[3] The feature sounds quite "tempting," but Zhang, the developer of this APP, was sentenced to five years and six months in prison for the crime of disrupting the computer information system.
Case review
[4] Red Star Capital Bureau learned that the involved APP is called BigBull Assistant, developed by Beijing Deniu Technology Co., Ltd. It purchased the usage rights of a virtual program APP from Shenzhen Luohe Technology Co., Ltd., optimized the APP's interface, added a recharge interface, and then launched it.
[5] According to Zhang's confession, BigBull Assistant, without altering the source code of other APPs, modifies their location, Wi-Fi, and photo information by simulating virtual data. When users do not want to expose their real location while using other APPs, BigBull Assistant masks their location; when users want to change their location, they can add the target software to BigBull Assistant's list, select "modify location," and achieve simulated positioning.
[6] The verdict shows that after analysis by Alibaba's technical staff of "BigBull Assistant Android System 1.1.1," it was found that the software bypassed DingTalk's infinite security guard module and hijacked DingTalk's parallel space detection interface. When DingTalk's parallel space detection interface needed to obtain device information, BigBull Assistant used replay technology to forge fake data, directly transmitting false data to DingTalk's parallel space detection interface, resulting in forged check-in records and disrupting the normal operation of the DingTalk system.
It is reported that within two years, the "Big Bull Assistant" attracted 100,000 users and made a profit of four to five million yuan.
"Criminal Law of the People's Republic of China"
Article 286 [Crime of Destroying Computer Information Systems]
Whoever, in violation of state regulations, deletes, modifies, adds, or interferes with the functions of a computer information system, causing the system to fail to operate normally, and if the consequences are serious, shall be sentenced to fixed-term imprisonment of not more than five years or criminal detention; if the consequences are especially serious, shall be sentenced to fixed-term imprisonment of not less than five years. Whoever, in violation of state regulations, deletes, modifies, or adds data or application programs stored, processed, or transmitted in a computer information system, if the consequences are serious, shall be punished in accordance with the provisions of the preceding paragraph. Whoever intentionally creates or disseminates destructive programs such as computer viruses, affecting the normal operation of a computer system, if the consequences are serious, shall be punished in accordance with the provisions of the first paragraph. Where a unit commits any of the crimes mentioned in the preceding three paragraphs, a fine shall be imposed on the unit, and the directly responsible supervisor and other directly responsible personnel shall be punished in accordance with the provisions of the first paragraph.
[1] Court Opinion
The Haidian District People's Court of Beijing held that the defendant Zhang intentionally created and disseminated destructive programs such as computer viruses, affecting the normal operation of the computer system, with especially serious consequences, and his actions constituted the crime of destroying computer information systems, for which he should be punished. The defendant Zhang was sentenced to five years and six months of fixed-term imprisonment.
[1] The author's perspective
The author believes there are two key points in this case: first, whether the "Big Bull Assistant" caused damage to the DingTalk system, affecting its normal operation; second, whether the actions have resulted in especially serious consequences.
Regarding the first issue, the author agrees with the court's judgment. There is no doubt that the "Big Bull Assistant" blocked and altered the real location in the DingTalk system without authorization, demonstrating subjective malice and affecting the normal operation of the DingTalk system. Although the "Big Bull Assistant" obtained a computer software copyright registration certificate and the virtual positioning system function is not the software's sole function, its impact on the DingTalk system is an established fact.
Regarding the second question, the author believes that "Big Bull Assistant" has also caused relatively serious consequences. Although the developer claims that it only led to some employees arriving late or leaving early, without reaching an extremely severe level, the fact that it has had 100,000 users within two years indicates that many companies' attendance systems have been disrupted. The profit of four to five million yuan also proves the extraordinary severity of this illegal activity.