Top hacker confesses: I used to earn millions of dollars a month by stealing Bitcoin

     There are only a few hundred people in the world who can be called top hackers. They are God's favorites, who have obtained a key to open the door to the Internet world and get a glimpse of the ultimate secrets of the Internet world.

Their names will not appear in the so-called "top hacker rankings". They keep a low profile in their own technical world, like hermits who have escaped from the world and devote themselves to practice.

They are called the "gods" of the online world, free to do whatever they want. But in reality, they are still mortals who are worn down by reality.

They were all enthusiasts of hacker technology, but at the crossroads of interests, they went to opposite sides, one attacking and the other defending.

The attackers can capture all networked electronic terminals as if they were in an empty land. They are the attackers in the black industry chain and earn tens of millions of yuan a month. The defenders build a network security framework to fight against the black industry. Without their guard, the network will become a dark fishing ground and be fished at will by the black industry.

Money and interests are like a watershed, clearly dividing the two sides of human nature.

The rise of white hat hackers

"You are wrong." Cai Jingjing was interrupted by an expert.

All eyes at the round table were focused on Cai Jingjing. His face flushed, he was speechless, and sat down in a hurry.

This was an "anti-virus conference" in 2001. At that time, the Nimda worm virus was rampant and a large number of computers were disconnected from the Internet. Cai Jingjing was only 19 years old and had just joined the professional network security company "Venus" and attended the conference as a technical expert.

He said that in fact Microsoft had released an official patch seven months before the incident, and if the vulnerability had been patched, it would not have caused such a big impact. "This shows that the network administrator did not fulfill his responsibilities and the main cause of the incident was human factors."

Cai Jingjing, who was naive, didn't know that there were many network administrators at the scene. In their eyes, this 19-year-old boy was obviously not openly provocative.

An expert ruthlessly interrupted him, saying that the system should have been upgraded automatically and that the main cause of the incident was due to an incomplete security plan.

Cai Jingjing didn’t realize at the time that this incident would affect his entire life. The “butterfly effect” had already spread its wings, and in a sense, it had also changed the history of China’s cybersecurity talent training.

Before 2015, we could not find any reports about "Cai Jingjing". People were often fooled by his feminine name, but he was actually a handsome guy born in the 1980s with a gentle appearance and glasses.

Although the outside world has not heard of her, in the hacker circle, "Cai Jingjing" is a name that cannot be avoided. You will find that almost all hackers have some connection with her.

The beginning of an era requires a symbol. The emergence of real hackers in China can be traced back to 1997 when Shanghai hacker Gong Wei (Goodwell) established the first Chinese hacker site "Green Army". At this time, scattered technology enthusiasts in the private sector began to gather into groups - Cai Jingjing was one of them.

In 2001, the China-US collision incident occurred in the South China Sea, and the United States took the lead in launching attacks on Chinese websites. Chinese civilian hackers spontaneously launched a hacker counterattack, and the "Green Army" also participated in it.

During the battle, Cai Jingjing and several friends formed a hacker group called "0x557". Now, this team has many top hackers, who have almost built the framework of China's Internet security.

This battle between hackers from the private sector ended in a situation where no one won. American hackers paralyzed many Chinese websites, and Chinese hackers also attacked the White House website. But this "battle" made Chinese hackers realize the gap in technology between China and the United States. After all, operating systems, common protocols, and programming languages ​​are all in English, and even the Internet was created by the United States. This gap made many Chinese hackers settle down and focus on studying technology.

Cai Jingjing remembers that at the time, some mainstream media published comments saying that calling on all domestic Internet users to use their computers to ping down a website was "truly ignorant and ridiculous."

After the hacker war, Cai Jingjing began to focus on vulnerability mining. He found a vulnerability in Microsoft's IE browser that could cause Trojans to be injected into users when viewing pictures.

Cai Jingjing submitted the vulnerability to Microsoft, who replied via email saying, "This is a program bug, but not a vulnerability that will cause security issues." The young and energetic Cai Jingjing was not happy with this, so he posted the details of the vulnerability on a hacker forum, and "my friends were all shocked."

Microsoft finally realized the seriousness of the problem and took the initiative to find Cai Jingjing, hoping that he could join the Microsoft security department. At that time, Cai Jingjing was only 19 years old. China's earliest network security company "Venus Star" also discovered Cai Jingjing's uniqueness and invited him to join. "You can protect our country's network security." Cai Jingjing, who still had feelings for the Sino-US hacker war, chose "Venus Star".

Like Cai Jingjing, many kids with outstanding skills were discovered by security companies at that time. They were given opportunities to grow up in a professional and healthy environment. Today, they have grown into the backbone of China's cybersecurity.

Cai Jingjing soon became a star. Once, the website of the former Ministry of Information Industry was hacked, and the government asked Venustech to send security experts to "put out the fire". Cai Jingjing was sent there overnight, but was stopped by security guards at the door. How could a kid in a T-shirt and slippers be an expert? Although he was young, he proved himself with his super strength every time and soon became the core force of the company.

Cai Jingjing has been the head of the hacker team for 14 years at Venustech. He insists that "human factors" are the main cause of security incidents and that talent training is crucial. Cai Jingjing brought some elites from "0X557" into Venustech and trained nearly 100 top security talents.

These hackers who defend the network security are called "white hat hackers." Venustech has become the Huangpu Military Academy for white hat hackers.

In a sense, Cai Jingjing is the godfather of white hat hackers.

  The crazy growth of black production

Just like the scenes in martial arts movies, white hat hackers have always been the image of knights in the history of network security, with white clothes whiter than snow and cloaks fluttering in the wind. Their opponents are black hat hackers: a group of mysterious and highly skilled masked men.

The rise of black hat hackers is later than that of white hat hackers. The hacker community in 2000 was all security enthusiasts with chivalrous spirit and tenderness. They adhered to their original aspirations and were neither humble nor arrogant. Hackers that emerged after 2000 were more affected by the black industry (hacker black industry chain).

Slippers, T-shirt, dark, thin, unkempt... If you say that this kid born after 1985 sitting in front of the Entrepreneur reporter is China's top hacker, probably no one will believe it.

We call him K. He has been lurking in the darkest corners of the online black market for many years and is a pioneer in conquering the upper reaches of the black market chain. His story sounds like a fairy tale, but we can see the madness of the lucrative black market from him.

Like other post-80s kids, K is one of the first Internet users in China. He is self-taught and has learned from masters everywhere. At first, he also stole QQ and monitored the computers of girls he liked to satisfy his voyeurism.

K's genius soon became apparent. Hackers would join some organizations, discuss technology, and form alliances, and K was no exception. Because of some personal grudges, the head of the organization kicked K out and posted "hacks" on him everywhere. K, who had only learned technology for half a year, found a loophole in the forum, directly took over the administrator's authority, and began to retaliate, locking all the posts and ruining the forum.

The pleasure of revenge made him taste the sweetness of technology.

K only has a junior high school education and it is difficult for him to find a good job in real life. As his technical ability grows, he begins to have the opportunity to get involved in China's black industry. "DDoS extortion" is his first "toy". DDoS (Distributed Denial of Service) is a network attack method that occupies a large amount of network resources through a large number of legitimate requests in order to paralyze the network.

A more vivid metaphor is that you run a small noodle shop, and hackers send hundreds of people to swarm into your shop, occupying the place without making any purchases, making it impossible for other customers to squeeze into the shop.

"Want to start a business? Give me 100,000 or 100,000 yuan a month for protection." K's extortion targets were some e-commerce websites, earning millions of yuan a month by collecting protection fees. But he soon got tired of it because DDoS technology was very low-tech, "It was just a waste of my top-notch equipment."

The Internet is iterating at a very fast speed. , New stuff After 2009, the electronic virtual currency "Bitcoin" emerged. Mining software can be installed on the computer, and after a series of cumbersome steps and specific algorithms, "Bitcoin" can be generated with a certain probability. There are powerful computers on the market that are sold as "Bitcoin mining machines", but they are expensive.

"The whole world belongs to the king, and all the servers in the world can be used by me." K hacked into some large foreign companies with tens of thousands of servers and secretly ran Bitcoin mining software in their background.

K sat in a dark room and controlled the operation remotely. Millions of servers started to operate simultaneously. He ate hamburgers and drank Coke in front of his computer, watching the mining army being invincible. Bitcoins fell into his wallet one by one. In the best years of Bitcoin, he could earn millions of dollars a month.

In addition to Bitcoin, K occasionally steals some game accounts. Theoretically, K can break into almost all websites, it's just a matter of how much time and energy to invest. If a direct attack is too energy-consuming, he will find another way.

Once, he made a tampered resume and sent it to the HR of a game company with strict security defense, pretending to apply for a job. When the other party clicked on it, the backdoor program was automatically activated. K successfully hacked into the game company's intranet and looted game accounts. This business made him tens of millions.

China's underground black industry has formed a dark and profitable empire with a very clear division of labor. Most of the hackers' online attacks are difficult to track. Some attack tools and codes are stored in encrypted hard drives. Once the computer is restarted, the hard drive is permanently locked, making it difficult to obtain evidence. Even if public security personnel break into the hacker's lair and catch him in the act, there will be no direct evidence once the hacker unplugs the power cord.

Most hackers are caught in offline transactions. A popular saying in the black industry is "you can earn money but not spend it". High risk brings high returns, and cash-out is the most profitable type of work.

Most hackers work in teams, each with their own strengths. Hackers like K are rare. According to K, the monthly income of top hackers can reach tens of millions of US dollars. They never appear in the media and protect themselves very closely. Many of them disappear after making enough money.

  A battlefield without gunpowder

In front of me is a special world map. There are many bright spots appearing one after another on it. There are lines connecting the dots.

This is the real-time cyberspace defense and tracking system of Knowsec. Here, you can have a bird's-eye view of the real-time attack and defense war in the hacker world. Any line is an attack. Any point is an attack target. This big network is the ultimate battlefield in the cyber world without the smoke of gunpowder.

"The world is dangerous, not because of the evil people, but because of the indifferent people." This sentence comes from Einstein and is also Zhao Wei's life creed.

Zhao Wei, CEO of Knowsec, is a member of 0X557 founded by Cai Jingjing and also a close friend of Cai Jingjing for many years.

Zhao Wei is like a genius among white hat hackers. His arguments are extremely advanced. He believes that the real world and the Internet world are essentially the same: both input information and output information. When a person acquires knowledge, he is inputting information. When a person creates value and forms theories, he is outputting information. Therefore, he regards the Internet world as equally important as the real world. The deeper he understands the online world, the more dangerous it seems to him, and he cannot remain indifferent.

In the game of offense and defense, both the offensive and defensive sides "look down on" each other.

"The gangs in the black market are not hackers. They are just robbers. You have a knife and you rob unarmed people. That's it." Zhao Wei has a moral obsession. He will not accept people with black market backgrounds into his team, even if they are extremely talented.

"Can they defend against me?" K sneered. He even felt that white hat hackers were just people with inferior skills who flattered themselves.

It’s like the two sides hurling threats at each other before a war, and then they say “see you on the battlefield”.

In fact, the hacker world's attack level is much higher than the defense level. Just like the black and white game of Go, the one who takes the initiative to seize the key points will have the first-mover advantage. In addition, the black industry is driven by huge profits, and their ability to integrate resources is far greater than that of the defender.

Unlike other white hat hackers, Zhao Wei does not simply defend himself, but tries to change the rules of the network. "Every world has rules, such as gravity, thermodynamics, relativity, etc. Our world is what it is now because of these rules." Zhao Wei believes that only by forming new security rules can the offensive and defensive situation be fundamentally reversed.

In September 2012, Zhidaochuang, Tencent, Baidu and Kingsoft jointly founded the "Security Alliance". Zhao Wei tried to participate in the integration of the network security industry chain and jointly fight against the black industry.

The amazing thing about this alliance is that, using the security products developed by Knowsec, hacker attacks can be locked, locations can be obtained, and network behavior can be observed for a period of time. Once a hacker is labeled as a "hacker", all websites of the security alliance will deny access to that hacker. In addition, some websites that have risks such as fraud, phishing, and hacking will be labeled "risk reminder" on the back of Baidu search.

Zhao Wei cut the cake of the black industry into pieces. Some hackers came to beg for mercy and asked to be released; some hackers threatened to kill him for 2 million in the forum, using hacking technology to conduct human flesh search and make all his private information public. Zhao Wei's mobile phone received a large number of threatening text messages and threatening calls every day, and he had to change his mobile phone. "I feel a deep malice from the world, and this malice is ready to take your life at any time." He hired a new assistant, a Taekwondo black belt, who also serves as a bodyguard.

But what Zhao Wei felt most threatened by was the Snowden incident in the United States. After the incident, the "Prism Project" was exposed, showing that the US government can monitor people in all aspects, including emails, messages, videos, photos, stored data, and even voice chats.

This means that the United States has entered "God mode". The mining of big data and intelligence collection have made the Internet world completely free of blind spots. This also proves that the advent of the big data era and the use of cloud computing have infinitely upgraded the capabilities of hackers.

Zhao Wei used a metaphor, saying that the Internet world is like an ocean fishery, where people used to fish with spears, but now they use giant fishing boats. "Thousands of fish fall into the net, and they may only pick the fattest and most valuable one and let the rest go, just as they please."

The most qualified party to speak on this issue is probably Keen, China's top white hat hacker team. In an international security competition, they once shocked the world by finding a loophole in the Apple mobile phone system in 30 seconds.

On the surface, the Keen team is the attacking party, but in reality, they are looking for vulnerabilities and patching them in time. The purpose of the attack is to better defend. The Keen team is already the world's top vulnerability hunter.

Keen team founder Wang Qi (nicknamed "Big Bullfrog") said that in the era of big data, we can see that obvious attacks (such as stealing bank cards, etc.) will no longer be the mainstream, and covert attacks will be the mainstream.

"In the era of big data, data is money," Wang Qi said. Hackers can steal all kinds of data from the Internet, and the "underground social engineering database" is the result of its development.

The underground war of social engineering

The social engineering database is said to be an underground treasure on the Internet. Hackers who steal user data have formed a coalition of interests to aggregate and analyze data obtained from various channels. Name, ID card, bank card, and password are only the most basic information. This underground database can even be as detailed as credit, physical examination, medical history, personality and hobbies. These data can sketch a complete portrait of the stolen user.

Internet user data leaks have never stopped. JD.com user passwords have been leaked, 12306 train ticket purchasing website user data is flying all over the place, etc. These exposed data are just the tip of the iceberg in the underground social engineering database.

Just search for "social engineering database" and you can find some websites that can query leaked data. The reporter of "Entrepreneur" entered his frequently used email address and username and found that the password had been leaked. At the same time, he entered the email addresses of several friends and was able to find the leaked passwords.

The user information on the Internet has been swept away to such an extent that there is a saying in the industry that "nine out of ten tombs are empty", which shows that it is already riddled with holes.

In recent years, China's Internet finance has emerged, and P2P finance has blossomed everywhere, with one or two new companies added every day. In K's eyes, these companies are all fat meat: they are rich, entrepreneurial companies, and do not pay attention to security. It is easier for him to enter these websites than to enter the back garden.

K entered the backstage of the Internet financial platform and stole valuable information, which is called "de-database" in professional terminology.

K has an extraordinary talent for finding valuable information from the vast amount of data. He has a lot of practical experience and has fought against many security personnel. He knows all their routines and tactics. He can guess their next move and even the administrator password.

He once hacked into an Internet finance company and accurately found the confidential folder of the backup system among several GB of background data within one minute.

"I guessed the name of the folder that the administrator might have set up." It was such a terrible intuition.

K then sold the user data to a blackmail agency, who then used the data to threaten an Internet finance company. "Once the data is released, the company will lose its reputation and even face bankruptcy. Therefore, most companies are willing to pay money to keep things quiet."

Another form of cooperation for data theft is customized services. Some companies want to purchase the core data and user information of competitors or partners, so they let hackers steal data.

"After understanding the black industry, you will feel that there is no fairness in the business battlefield. If you want to buy your opponent's core data, as long as you find a reliable person, it can be done with 20,000 yuan." K said.

The accumulation of data forms a social engineering database. Hackers like K who have a large amount of data will cooperate with some similar hackers to aggregate the data at hand. The more data is accumulated, the greater the value.

If the Internet has entered the era of big data, then the social engineering database is the underground illegal big data. The hacker groups that are now compiling the social engineering database are all accumulating data. Its details have reached a terrifying level, and these data can be used to completely simulate a person. At present, the main use of social engineering database data is advanced financial fraud.

Future potential? The potential of big data is as great as that of the social engineering database.

Fortunately, there are many moralists like Zhao Wei in this world. They try to build a safe castle for core information data and defend the last line of defense of the network.

Zhang Fu, CEO of Qingteng Cloud Security, is a hacker born in the 1980s. He showed amazing hacker talent in college and joined Shanda, Kunlun Wanwei and other companies after graduation to take charge of technology and business security departments. He is one of the few hackers in China who has mastered the two fields of network business development and security system.

In 2014, Zhang Fu gave up his million-dollar annual salary and the tens of millions of shares that were about to be cashed in, and founded Qingteng Cloud Security Company with legendary hacker Feng Ning. They are developing a cloud security product in the SaaS model. The charm of this product lies in the adaptive construction of the security system according to the needs of different enterprises.

In a sense, Qingteng Cloud Security's products are also trying to reverse the disparity between attackers and defenders. When traditional Internet companies are attacked, even if they are eventually resolved, this experience will not be passed on to the next company. "As the saying goes, 'Family disgrace should not be made public.' Its closed nature is an important reason for the slow growth of the defenders. But if 100 companies use Qingteng Cloud Security products, as long as one of them blocks the attack, the others will be protected from the same threat. "Attackers attack in batches, and we defend in batches."

Upgrading security products, reinforcing walls and raising barriers is one solution. Cai Jingjing provided another solution, he sent more reinforcements.

In November 2014, the Electronic Technology Information Institute of the Ministry of Industry and Information Technology pointed out that my country currently has a shortage of more than one million cybersecurity talents. As of 2014, only 103 of my country's more than 2,500 universities have opened "information security majors", and there are less than 40 doctoral and master's programs. The number of talents trained in the "information security major" of universities each year is less than 11,000.

As early as 2012, Cai Jingjing realized this. He left Venustech and started his own business, trying to promote the talent training experience accumulated by Venustech to more companies. His company launched the "e Spring and Autumn" system, which is specifically used for internal talent training. In June this year, he launched the "i Spring and Autumn" system to train civilian security talents. "i Spring and Autumn" not only invites industry experts to record teaching videos, but also provides a competitive platform for online practice and competitions.

If Cai Jingjing could go back to the age of 19 and face the expert again, he would say: "We are both right. Security products need more humanized designs, and security talents are equally important."

"Who am I?"

K's recent "business" is to hack into foreign consumer websites and obtain user credit card data. Foreign credit card consumption does not require a password. He sells the black cards to fraud gangs and earns tens of millions of yuan a month.

He worked overtime day and night, and his previous life of only "working" 4 hours a day was completely broken.

He had a reason to do it. K said that his girlfriend, whom he had been dating for many years, was recently diagnosed with a terminal illness. The cost of treatment was an astronomical figure, and he had to save enough money for her life.

On the Internet, K does whatever he wants. In reality, he sometimes feels helpless and can only grasp at the last straw. Call him cruel or childish, he just wants to achieve his goal by plundering the world. God gave him a key, but he turned it into a money-making stick. K has no faith, and the only thing he believes in is money. When money is no longer omnipotent, he doesn't know what to believe in.

K is sometimes confused, not because of moral judgment, but because of his self-worth. "Who am I? I am undoubtedly selfish. I have spent my entire life illegally stealing other people's gains. I may just be a virus, a bug."

K said that when his girlfriend recovers from her illness and earns enough money to last a lifetime, "I will retire from society, buy a beachfront villa abroad, and take her to face the sea and enjoy the spring."

"Do you feel guilty?" Ask such a question and K will laugh at you. But he is not at peace. K has always used a BlackBerry, which is said to have the most secure system in the world, and no one can steal the information in it. K's BlackBerry is never connected to the Internet, and is only used to make calls and send text messages. He completely isolates himself from the Internet, hides in a dark corner, and lives cautiously. He is panic because he has not found the answer to "Who am I?"

As for Zhao Wei, he knows very well who he is and he is well aware of his mission, but he cannot escape the bumps and grinds of reality.

The biggest problem was money. In the early days of the business, Zhao Wei had to eat steamed bread for a month due to tight funds. He found that his minimum monthly consumption was 3,000 yuan, of which 2,000 yuan was for rent and 1,000 yuan for living expenses, so he only paid himself 3,000 yuan a month. The company had to go through several difficult times of bankruptcy every year, and Zhao Wei had to ask friends for money. Later, his friends were afraid of borrowing money, so he went to borrow money from loan sharks. The borrowed cash of one million yuan was piled up into a small mountain on the desk. In a blink of an eye, the mountain was empty and turned into the employees' wages.

Since the company was founded, it has developed dozens of security products, but only a few have been accepted by the market. "The security products we designed are too advanced, and many companies simply cannot understand them." Zhao Wei said that all he can do is to persuade them repeatedly.

"It's really hard to be a security guard. We are just like a security guard." Zhang Fu said that the biggest obstacle to the development of China's cybersecurity is the low security awareness. "The first step for a startup is to survive. Security needs are not the most important."

After market research, Zhang Fu found that a company needs to invest at least 1 million yuan every year to build a security system. One or two security personnel and some necessary security products are just the minimum configuration. Startup companies are basically in a "naked" state. Managers of companies are usually unwilling to pay for security expenses, but rely on luck. But once they are attacked, the impact is fatal, and they may even face bankruptcy.

It is difficult to realize the importance of safety without experiencing personal pain, but by the time you realize it, it is already too late," said Zhang Fu.

Zhao Wei's team once discovered security loopholes in many companies through scanning. When they called to remind the companies, the other party's attitude was mostly indifferent, and those with a bad temper would start to curse.

The market is gradually eating away at Zhao Wei's ideals, but Cai Jingjing is more optimistic.