Earlier, I shared an article titled “Programmer in Jail for 456 Days due to Outsourcing! 20,000 words long expose the sad and true Experience”. I received many feedbacks from my friends, saying that the industry crimes of code farmers are sometimes completely unconscious and they have no idea whether their behavior is illegal or criminal. Today fish brother to comb out the code farmers caught in recent years some cases, I hope you can gain from it. Brother Fish also asked my lawyer classmate, in recent years, the cases of programmer crimes have increased than before, indicating that the awareness of code farmers in this area is very weak. Fish felt the need to share a wave.

1. Copy the key information data and source code of the original company after resignation

According to a notice on the official website of the Beijing Municipal Public Security Bureau on October 29, 2018, the Haidian Branch of the Beijing Municipal Public Security Bureau has uncovered a case in which a former employee illegally obtained computer information system data by illegally enhancing his/her personal authority and stealing the company’s key information data and reselling the data for a profit of nearly 8 million yuan.

2, after leaving, malicious destruction

On April 27, 2016, software engineer Xu mou resigned because the company failed to settle wages as scheduled, they will use its in the design of the website installed in the back door file to delete all the website source code, resulting in the website can not operate normally. Through appraisal, cause direct economic loss 265,000 yuan. Eventually, the court sentenced Xu to destroy the computer information system crime was found guilty, sentenced to five years in prison. The court has been found out: Xu ignored national laws, malicious damage to the computer information system, resulting in the normal operation of the computer information system, direct economic losses of RMB 265,000 yuan, the consequences are particularly serious, its behavior has constituted the crime of destroying the computer information system, should be punished according to law. In view of the defendant Xu to the case truthfully confessed the facts of the crime, actively compensate for the loss, confession and repentance attitude is good, so the court gives a lighter punishment.

3, illegal intrusion, access to sensitive information

On August 27, 2018, zheng, a security engineer at Tencent, made it a pastime to hack into the hotel’s WiFi system while attending a cybersecurity conference in Singapore. He also wrote a blog about the hack. By searching Google, he found that the default account passwords console/admin and ftponly/Antlab used by the hotel management system were not disabled. Using the default account, he found more information about the system and searched for the database password. After logging in to the database, he found the administrator password. He posted all this information on his personal blog.

His blog attracted the attention of the Cyber Security Agency of Singapore (CSA), and prosecutors said the publication of the information meant the hotel’s WiFi system could be used by others for malicious purposes. CSA later arrested him. The engineer, who pleaded guilty, was spared a jail term and fined $5,000 because he acted out of curiosity and caused no physical harm.

4, write plugins, illegal profits

On May 26, 2019, Dongming County, Heze City, Shandong Province, cracked a production of online game plug-in illegal profit case, after investigation, since 2017, the suspects Cheng, Wu and others for illegal profits, specifically for a large domestic online game production plug-in program sold on the Internet. This plug-in program avoids the game has the computer information system security protection measures, interferes with the control of the game’s original rhythm and process. Preliminary investigation, the gang through selling game plugins a total profit of more than 3 million yuan. Public security organs have been to Guangdong, Anhui, Henan and other places, travel more than 10,000 kilometers, have been arrested to cheng and wu headed the production, programming, sales as one of the gang members of 14 people.

On October 23, 2019, police in Guangling, Yangzhou city, Jiangsu Province, uncovered a case of illegal profit-making plug-ins. The plug-in software named “Bingyan” was sold online in large numbers with monthly fees ranging from 5 yuan to 30 yuan. It had 180,000 active users and made more than 3 million illegal profits in more than three years of operation. According to the suspect confessed, they hired a university of Science and Technology reading doctor to write, monthly to the doctor thousands of dollars of part-time wages, the doctor did not know he and involved in illegal crime. He confessed that coding was just a hobby.

Selling plugins violated two kinds of legal behavior at the same time, one is illegal business behavior, the second is tort behavior. About plugins, first of all, this kind of behavior seriously infringes others’ legitimate ownership, including intellectual property right of computer software registration, and also seriously violates the provisional provisions of Internet publishing management. In view of the huge amount of his behavior constitutes a criminal act, he should bear the criminal law and other legal provisions and economic responsibility. The main body of this kind of plug-in illegal behavior because it is an individual, without national industrial and commercial administration registered, bring about its profit-making behavior belongs to illegal business behavior. And if the amount is huge, criminal and administrative liabilities shall be borne in accordance with the provisions of the criminal law and other laws.

Article 225 of the Criminal Law stipulates that whoever, in violation of state regulations, conducts illegal business operations that seriously disrupt market order and disrupt market order, if the circumstances are serious, shall be sentenced to fixed-term imprisonment of not more than five years or criminal detention and shall also, or shall only, be fined not less than one time but not more than five times his illegal gains; If the circumstances are especially serious, he shall be sentenced to fixed-term imprisonment of not less than five years and shall also be fined not less than one time but not more than five times the illegal gains or be sentenced to confiscation of property.

The Supreme People’s Court on the trial of criminal cases of illegal publications “the explanation of the concrete application of law, prescribed in article 11 of the violation of state regulations, publishing, printing, copying, distribution of other serious harm the social order and disrupt the market order of illegal publications, if the circumstances are serious, in accordance with item (3) of article two hundred and twenty-five of the criminal law, convicted and punished for illegal business crimes. At the same time for illegal income and other judicial interpretation. According to the notice issued by the General Administration of Press and Publication and other five ministries and commissions in 2003, “plug-in” illegal activities belong to illegal Internet publishing activities and should be severely punished in accordance with the law. Therefore, “plug-in” operators constitute illegal business crime, should assume criminal responsibility.

Article 286 (3) of the Criminal Law stipulates that whoever intentionally creates or disseminates destructive programs such as computer viruses to affect the normal operation of a computer system, if the consequences are serious, shall be sentenced to fixed-term imprisonment of not more than five years or criminal detention; If the consequences are especially serious, he shall be sentenced to fixed-term imprisonment of not less than five years. “Plug-in” is a destructive procedure, operators should bear criminal responsibility according to this article.

Article 29 of the Law on Penalties for Public Security stipulates that, in violation of state regulations, deleting, modifying or adding the data and application programs stored, processed or transmitted in the computer information system; Whoever intentionally makes or spreads computer viruses or other destructive programs to affect the normal operation of a computer information system shall be detained for not more than five days; If the circumstances are serious, he shall be detained for not less than five days but not more than 10 days.

The provisions of article 17 of the interim provisions on the Internet publishing management, Internet publishing is not “infringes on the lawful rights and interests of content”, the offenders shall be determined by various provinces, autonomous regions and municipalities directly under the central government press and publication administrative department or the general administration of press and publication to confiscate the illegal income, illegal business revenue of 10000 yuan of above, and be fined 5 times and 10 times the illegal operations. If the amount of illegal business operation is less than 10,000 yuan, a fine of not less than 10,000 yuan but not more than 50,000 yuan shall be imposed; If the circumstances are serious, it shall be ordered to stop business for rectification within a time limit or the approval shall be revoked. “Plug-in” operators whose content infringes the rights and interests of legitimate manufacturers shall bear administrative responsibility in accordance with this article.

5. Crack protocol packet data and make illegal profits

On August 28, 2019, Shanghai police rushed to Shenzhen, Guangdong Province and arrested 14 suspects, including Li, Zhang and Hu, and seized 68 servers on the scene. Shanghai police announced on Oct 26 that they had cracked a universal App that unlocked shared bikes. Police said they received a report from Harlow and other bike-sharing companies in August that an App called “All-round Car” had affected many bike-sharing companies’ normal services, causing them to lose about 300 million yuan. The company said it was a bike-sharing company, but it did not own any shared bikes, police said. The company hacked into the bike-sharing servers through its APP and made illegal profits by offering users less than the monthly service fee of a shared bike.

6. Selling personal information illegally

On September 18, 2018, police in Shenzhen received a report that someone was illegally selling citizens’ personal information online. The police used big data analysis to identify the suspect as Xiao Mou Xuan, a programmer in Shenzhen. After illegally collecting citizens’ personal identity information, Internet company user registration information and hotel check-in information online, the suspect registered an account on an overseas online forum and posted the illegally collected information on the forum for sale. Police arrested the suspect on the spot.

7. Set up VPN illegally and provide VPN

In March 2017, a recent graduate surnamed Deng was sentenced to nine months in prison and fined 5,000 yuan by the First People’s Court in Dongguan, Guangdong Province, for selling VPN software and making 13,957.57 yuan in profit.

On October 9, 2018, Shanghai Baoshan District People’s Court heard a case in which the defendant, Surnamed Dai, was engaged in software development at a securities management company. Since April 2016, in order to seek illegal profits, he created a website and sold an account of VPN wall climbing software on the website. At the same time, multiple servers from overseas service providers are rented to provide the accounts sold with access to foreign websites that cannot be accessed by domestic IP. Dai was arrested on October 10, 2017. As of October 2017, Dai had provided VPN services illegally to hundreds of people.

Dai came to the case truthfully confessed his crime. Baoshan district court believes that the defendant Dai mou provides specialized for the invasion, illegal control of computer information system procedures, tools, the circumstances are particularly serious, its behavior has constituted the invasion, illegal control of computer information system procedures, tools crime. It is reported that the case is the first case in Shanghai that constitutes the provision of intrusive, illegal control of computer information system procedures and tools.

Finally, the defendant dai mou was sentenced to fixed-term imprisonment of three years, suspended for three years, and fined RMB 10,000 yuan.

As early as 2017, the Ministry of Industry and Information Technology clearly stipulated that VPNS could not be established or rented without the approval of the telecommunications authorities, and VPNS were officially included in the scope of supervision. If a citizen establishes a VPN privately, and makes profits from it to a certain amount or provides the software to others for a certain number of times, the circumstances are serious and he/she will be subject to criminal punishment.

To put it simply, individuals are not allowed to sell VPN for profit, nor are they allowed to spread VPN to more people for use. Enterprises must apply for VPN in principle, otherwise it is illegal behavior, serious circumstances, and will be subject to criminal punishment.

8. The reptile is caught

In March 2019, Beijing police recently cracked a high-profile case of Qiaoda Technology illegally obtaining data from computer information systems. The company illegally accessed user data and made huge profits. 36 people including wang, the legal person of the company, were arrested by the procuratorial organ according to law.

Qiaoda technology is claimed to be the largest user portrait key data service provider in China, focusing on the research and development of forward-looking products in the field of big data and artificial intelligence, with customers covering the Internet industry and pan-financial field.

Most of its executives are from Baidu, which netted 186 million yuan in 2017.

Founded in July 2014, the company is valued at $200 million in the B round and has reached the C round of financing. Investors include Kai-fu Lee Innovation Works, Qi Yujie of Baidu Venture Capital, CITIC Industry Fund, artificial Intelligence Industry Fund and so on.

Qiaoda’s founder, Cheng Yu, was baidu’s first head of product department, and co-founder, Shen Yi, was Baidu’s technical director of e-commerce division and Baidu’s Vice President of Technology.

The company claimed to have mapped out multidimensional data involving 800 million people in China by integrating up to 220 million resumes of natural persons, 10 billion user ID combinations and 100 billion + user aggregate data. Including personal and non-private information.

In addition, Qiaoda technology has more than 1 billion contacts, and holds relevant social relations, organizational relations, family relations data. Combined with resumes, address books, and more than 100 billion other user data obtained externally, Qiaoda claims to have cognitive data of more than 800 million natural persons.

In other words, more than 57 percent of the Chinese population’s information is in qiaoda’s database.

9. Intentionally or accidentally transfer company source code to Github

On April 23, 2019, the Shenzhen court made a first-instance judgment on the dJI source code leakage case, and sentenced the former DJI employee to six months in prison and a fine of 200,000 YUAN for violating commercial secrets, taking into account the circumstances of the crime, voluntary confession and repentance. It is reported that these leaked codes, has been used in the company’s agricultural drone products, has practical. Despite reasonable confidentiality measures taken by DJI, the incident still caused economic loss of 1.164 million YUAN to DJI.

It is reported that an investigation by DJI found that an employee of its subsidiary (DJI Agricultural UAV Business Division) uploaded the codes of two modules (agricultural UAV management platform) and (agricultural spraying system), which he was responsible for coding, to a public code repository set up on GitHub, thus causing the source code leakage.

After the incident, the employee immediately deleted the relevant code repository on GitHub, and actively cooperated with the investigation to prevent the situation from expanding. In his email to Kevin, he said, “I did not intend to divulge dJI’s secrets”, “I regret my lack of legal awareness, and I am willing to bear the corresponding legal responsibility. An attacker can use the public private key to access sensitive customer information stored on DJI servers, which may lead to user information, flight logs and other private information on DJI servers being downloaded and leaked.

In many of these cases, whether intentional or not, programmers lack the legal awareness to respond. I think I’m just writing code. Arresting people should not be catching themselves, in fact, are all very wrong.

Welcome to forward to the programmer friends around, to avoid mistakes!!

Welcome to forward to the programmer friends around, to avoid mistakes!!

Welcome to forward to the programmer friends around, to avoid mistakes!!

Welcome to follow my wechat public account “code farmers break out” to receive first-hand technical dry goods