Welcome to visit netease Cloud Community to learn more about Netease’s technical product operation experience.


Guide language: wool party infringed the interest of manufacturer not only, also infringed the interest of consumer, let should belong to the coupon of consumer, red envelope to wait entirely by pulling away. 315 is Consumer Rights Day, and we take this opportunity to talk about the Wool Party.


Mention of the Fleece party and the corporate response is not just a look of disgust, but a visceral loathing. Give new, old user welfare, blink of an eye is brushed clean. Enterprises spend a lot of cost and energy to do activities, not only lost money, no effect, but also will be questioned by normal users — XX is a liar, said to do activities, in fact, nothing.


And once associated with the Sheep’s Hair party, it is often in everyone’s dinner table, the news:


  • Listed companies: a company lost 1 billion yuan in half a year;

  • The company invested 1.76 million and got 600,000 visitors only 5,000 of which were real

  • An O2O online takeout catering platform orders hundreds of thousands


There is even a person in charge of a start-up company who is at a loss to ask in a post on Zhihu: “The company invested millions and brought hundreds of thousands of users, but after a month, only a few thousand of these hundreds of thousands of users are real. What should I tell the investors?”


In order to avoid tragedy, many enterprises adopt various protection measures, such as verification code, SMS verification code, device fingerprint, IP high frequency limiting, data and request encryption and data and request signature, etc.


Now that even hackers are using ARTIFICIAL intelligence, can these methods still protect the rights and interests of normal users? Let’s keep going.




You know what? None of these tactics for dealing with the Fleece party are working


Admittedly, the above approach can work at first, but it can only limit the fleece party for beginners. The reality is that today’s black ash industry has already formed a complete industrial chain — from batch access to account, batch login, wool collection to reselling profit, on each chain, black ash industry has a clear division of labor, strong technology, can continue to upgrade their own technology.


In the case of captcha, conventional ones can be identified with OCR. If OCR is not satisfactory, the Fleecers can also use a coding platform to crack. Coding platform is a very mature means of cracking verification code, the platform is behind the coding personnel, pure manual cracking verification code, enterprises can not block the wool party batch registration.


After the verification code, the enterprise platform verifies the SMS authentication code. Enterprises think, a mobile phone number can only register an account, if you need to register more, you need more mobile phone cards and mobile phone equipment, which can always stop the locust like wool party? “Too Young Too Simple”, in fact, the Wool party used the cat pool to defeat this trick. The cat pool is a device that can be simulated as a mobile phone terminal and can put multiple cards at the same time. After the cat pool “matrix”, there are thousands of mobile phone cards. The wool party only needs to connect its resources to perfectly bypass the SMS verification.


There are three necessary steps to collect wool, one is to have a large number of accounts, another is to solve the login problem, and the last is to be able to simulate normal user activities, such as getting red envelopes, snatching coupons and so on. Some companies try to do something about login, such as filtering out fleece through device fingerprints or IP high-frequency restrictions. In fact, none of this works very well. For example, for equipment fingerprint, the wool Party can modify the corresponding value with the aircraft modification software, and use the modified value to establish the prevention and control strategy. Do you think it will be effective? In fact, the interception strategy based on IP high-frequency behavior is useless. It will only block normal users. Because many large companies export only a few IP addresses, if relying on high-frequency behavior, these normal users will be blocked, while the fleece-party relies on proxy IP pool to get away with it, such contrast, the platform fans will be disheartened.


Companies with strong technology will encrypt and sign data and requests, which is effective, and the average fleecer will have no idea what the parameters in the request mean when faced with encryption. Encryption and signatures raise the bar, but sophisticated fleeces hire professional hackers to reverse engineer them, and ordinary encryption and signatures can be done in a matter of hours.


Two, top security companies how to ensure the rights and interests of users?


See above, is not a little confidence collapse, this is not good, that is not good, is not really no countermeasures to deal with? No, the top security companies can solve these problems.


So how did they do it? To sum up, there are two aspects:


  1. A combination punch;

  2. Do depth;


Hit the combination boxing is actually very good understanding, is the above means, can use, of course, this is only a very basic first step.


The second step is depth. To do depth is to apply technology deeper. For example, by reinforcing the SDK and App, it suddenly increases the cost of cracking — from a few hours to two or three days; Second, the collected data and signatures are dynamically encrypted, meaning that one algorithm today is customized to another algorithm tomorrow. Will the Fleece party be devastated when they crack it and find they have to crack it again? If I had to, I’d run into a wall.


Some companies have also developed their own hacking technologies. Liu Qing, a product expert at netease Yunyi Shield, said in an interview that they made two breakthroughs in device fingerprint: one was stability; Another is to use big data to make the fox show its tail. Any device has two characteristics. One is that the device fingerprint is immutable, and the other is unique — the device fingerprint will not be repeated with other devices. Although the computer modification software on the market can modify the value of the system, netease Cloud can use complex technical processing to get the original value of the bottom layer. Second, using big data for verification, even if some data is changed, but when it comes to correlation data matching, the fox will show its tail — one place changed, another place not changed.


Liu qing gave an example that everyone could understand: “There is a situation where 1+1=88, which is illogical and obviously suspicious.”



How does artificial intelligence crack the wool party?


While conventional methods have lost their luster, artificial intelligence has become a mainstay.


Ding Yong, business security technology expert of netease Cloud Yi Shield, shared some of their application experience. The first thing to mention, he says, is behavioral modeling. People and machines are two different things, and machines always behave in a regular way. Artificial intelligence can be used to model touch, mobile phone gyroscope data, mouse movement, click behavior and other multidimensional data, and then match with the previously trained data model to determine whether it is a human or a machine operated by the wool party.


Followed by IP portrait: if rely on IP rules, would be wrong to kill normal users, but from another perspective, is of an IP from the network level and business level do a portrait, and by grading model, a 7 x24 hours for each IP output dynamic risk value, through dynamic risk value to increase the dimension of the party’s chances to judge its wool.


In addition to repairing the wall, Easy Shield will also be active. Combined with unsupervised learning and supervised learning methods to explore the network model of wool gang crime. Then, based on the rule engine, behavior modeling, IP portrait, other associated network models and the risk list database accumulated by netease in the past 20 years, we make a comprehensive judgment.


“Customer satisfaction is very high because accuracy is high and miscarriage rates remain at a very low level.” Speaking of the results, Ding yong said the combination of old and new technologies was very successful.



Fourth, concluding remarks


Technology is not the answer to every problem, and in this case, it will take a very experienced operational intervention to make the best of it.


“Netease’s 20 years of experience in attack and defense of various products has also precipitated our own theory.” Jialu Lu, head of E-Shield operations, shared their approach to operating beyond technology — strengthening business rules and weakening rules.


Business rules should be strengthened from the device and account level. Some business rules have big problems, so the operation will analyze them from the business level and help the other party to improve them. Weakening rules from the copy, interest level, when the intelligent security platform has determined that the other party is the Wool party, the copy should not be too straightforward, can be “gentle” point, tell the other party network is not good, please try again; Or send red envelopes, coupons a little bit smaller, such as a few minutes, a few corners, so that the wool party is not enough, and to the normal users a little more… “It’s just one of those typical business strategies.” “Said Lu.


In general, as one expert in the industry puts it, the fleece party is essentially a cost war, and when there is no profit to be had, the Fleece party will not go after you. Capable security enterprises, is to continue to push up the cost of cheating, so that the terebinth party on terebinth without love, so that the normal user rights and interests are guaranteed, so that enterprises no longer back to do false activities of the name.


Netease ESHIELD provides you with verification code, anti-ddos and other services. Please click to try them for free.




A ScaleDown strategy problem in AWS AutoScaling and its solution