This article has participated in the “Digitalstar Project” and won a creative gift package to challenge the creative incentive money.


  • 💬 If the article is helpful to you, welcome to follow, like, bookmark (click three links) and subscribe.

💔 1. Preface


  • Hello, everyone, MY name is Xiao Cheng, again happy learning time, the first two weeks to write interface programming and face programming, small friends are not satisfied, unexpectedly let me write prison programming, good, take the advantage of this article to talk to you about prison programming! Think of it as a conversation piece after dinner!

  • If the article is helpful to you, you can help to subscribe to the three key and column oh! If you meet some strange or novel topics in the interview, welcome private letter to contribute, thank you for reading (private letter I can contribute)!

💔 2. Column recommendation


The JAVA and MySQL technical column is still free to share, you can help subscribe!

JAVA Essentials

Playing with Algorithms

💔 3. Jail-oriented programming


💔 3.1. Code leaks


Case 1: Employee code leakage event of certain Xinjiang

In early September 2017, the vulnerability reporting mailbox of a Certain Jiang received an email from overseas claiming that they had discovered a serious vulnerability in the network security of a certain Jiang company. The informant and his partner compiled a 31-page vulnerability report and pointed out that the vulnerability could allow attackers to obtain the private key of SSL certificates. In order to obtain sensitive information (including user information, government ID, driver’s license and passport, etc.) on the server of CERTAIN Jiang, the informant gave up the reward for reporting because certain Jiang needed to sign a confidentiality agreement or Sue them, and chose to expose the whole event, which caused a great sensation in the society.

An internal investigation in Xinjiang found that the code leakage incident was related to a former employee of the company, who was involved in the development of an agricultural uav management and spraying system. In the process, the code was pushed to Github’s “public warehouse”, which led to the incident.

Through the identification of the specialized institutions, leaked code with non-public intellectual, has been a xinjiang used in agricultural products, belong to the trade secrets, leakage of code on a xinjiang blamed for at least the loss of 1.164 million yuan, while after the incident the employee immediately delete the related code, and wrote a mail to whistleblowers suggests that unintentional leak code, We hope to minimize the impact of the incident, and are willing to actively cooperate with the investigation to prevent the situation from further expanding.

The case was later prosecuted by Nanshan District Procuratorate. In view of the employee’s voluntary surrender and willingness to actively cooperate with the investigation, the final judgment was made in the first instance, and the employee was sentenced to six months in prison and fined 200,000 YUAN for violating commercial secrets.



Case 2: The background code of a station was leaked by employees

In the same year, an employee of a website created a code base named “Go-common” on Github and pushed the background code of a website to it. Later, it was discovered that the matter quickly developed, and it obtained 6K+Star and Fork in just a few hours. The code contained many configuration files, keys, passwords and other sensitive information.

Station after receiving the message the first time to respond, and to “kill” the code base, but still can’t avoid the damage, it directly led to the site stocks fell four percent, although temporarily can’t find online about leakage code a disposal result of employees, but just penalties are not small.


summary

Similar cases abound, such as: A dry one engineer for the company, design staff after the departure of continue to use a certain intellectual property rights for the terminal to make money, was finally arrest and so on, we will find that the things seem to be all around us, many small and medium-sized companies, a management is not very standard, some people may think that I passed to the warehouse, the code for their learning or how, little imagine, In fact, you have one foot into the criminal boundary.

If we are careful will find, in when signing a contract with company has expressly provided otherwise, company public property, sensitive data leakage is forbidden, even if you don’t passed to the warehouse code, you copy on your computer this behavior itself is illegal, and how can you guarantee on your computer will not be leak out (Edison least…). , therefore, we usually in the company’s property operation, must think twice before you do, otherwise, a wrong step, may be jailed.

💔 3.2. Delete the library and run away

Although, a lot of programmers in the ordinary ridicule or ridicule will say, the biggest “delete library run away”, but really put into practice, this can never do, bragging force bragging force, don’t really blow yourself in!

Case 1: An alliance employee deletes a database

It was a hot search for two days! One day in 2020, an African union (au) research and development department of a core operational staff through personal VPN login to the company Intranet into stepping stones production environment, to malicious damage of online production, leading to millions of users online business directly affected, though, a union with the help of a cloud, has spent seven days and seven nights will eventually data retrieving, however, The impact of this accident is very serious, not including the compensation of 150 million yuan for customers, and the share price of a league has been down more than 22%, the cumulative market value of more than 3 billion Hong Kong dollars.

About the core staff destroying the production environment, but this behavior is in violation of the law, finally the baoan district people’s court of first instance verdict of the case in Shanghai, the core operations staff be sentenced to fixed-term imprisonment of not more than 6 years, seen here, a little sigh, is both; more than companies and individuals who have been affected, More often than not, third parties using the platform have been shot lying down.





summary

In reality, to this kind of case is not rare, such as 18 years, before a company staff deployed a malicious code in the project accounts, leading to the company’s 456 virtual machine is removed, the behavior lead to direct costs as much as $2.4 million ($16.52 million), the employee could face five years in prison and a $250000 fine.

So, as a technician, you’d better just delete run like normal life and the fun of a friend, don’t because on impulse, make the wrong decision, let themselves into illegal crime, of course, some some delete library because of technicians, improper operation, in this case, with the fastest speed and reported to the technical director, Minimize the damage.

💔 3.3 pornography, gambling and drugs

Case 1, some university graduate builds yellow website to get punishment

Kuo, university to learn some of the network technology, once in a yellow BBS met a need for web page move, in the process of help “move”, he found that this is a yellow web site, and left a back door, he found the pornographic websites through collecting links can get a few hundred dollars a day, so he had a plan, The collection link to their own, was found by the site management after the administrator will be closed the server.

Through this matter, he found it easy to make yellow web site to make money, so he build in yellow BBS before download a yellow web site source code, according to the above instructions to fool installation, the yellow site contains four pages, and web pages without any member prepaid phone function, content is open free of charge (very some humanitarian…). .

In the police interrogation, he confessed to build is a yellow web site in order to test your network architecture technology, the second is to make money, so he crazy will share links to each QQ group, unceasingly absorb “like-minded” the word of friend, he knew, as long as the traffic, advertisers will themselves to contact, then you can earn money.

However, until he was caught, he did not receive a advertiser contact, later X Development zone people’s Court of first instance judgment, the defendant Guo for profit for the purpose of using the Internet to spread 629 obscene pictures, its behavior has constituted the dissemination of obscene materials for profit crime, sentenced to one year in prison, fined RMB 8,000 yuan.

Case 2: shenzhen some company 4 employees develop gambling software to be punished



According to some media reports, shenzhen x company in the business of formal software development at the same time, has not been gambling sites to software development, in order to convenient for gamblers betting, tang a four people as companies such as developers, knowing is to develop gambling sites, provide technical support, and the charge amount is larger, belongs to the accomplice casino sin, should be punished by penalty.


summary

Pornography, gambling and drugs refers to the illegal and criminal phenomenon of prostitution, prostitution, selling or spreading pornographic information, gambling, buying and selling or taking drugs. In China, pornography, gambling and drug abuse are strictly prohibited activities and are the main targets of the government’s crackdown. Penalties for prostitution and drug gambling range from detention to death. Do not touch gambling drugs, or life will be more and more judgment


💔 3.4 crawlers

Case study: In one day in 2019, xiao Ming (a pseudonym) is fishing on the workstation, suddenly received led a need, asked to write a crawlers batch fetch the data from an interface to climb on the network, xiao Ming development and test no problem passed back to the server, a few days later, don’t know because of changes in demand or xiao Ming want to optimize application, He modified the thread number of the crawler to a relatively large value, and then passed it to the server, the speed is not bad, Xiao Ming is quite satisfied.

In another company at this point, the developers really nasty head blaze, for some reason, the server pressure of the company, directly cause a system crash can’t access the company, through technical personnel investigation, found that the company’s customer information by fetching, the traffic of the interface, after further screening, they found all the clues point to a big data company, And this company’s main business is to sell resume number database, they also sold in the company’s data, found their own company customer’s resume information, reported to the leadership, the company decided to report to the police.

One day, xiao Ming is still in a cubicle with product managers need to details, all of a sudden, a bunch of the police rushed in, will they all away from me, the back, xiao Ming knew about because another company crawlers server system crash issue, xiao Ming felt oneself is follow the instructions of the leadership, should has very little to do with yourself, as the trial, Many irrelevant personnel of the company, such as HR, were released, but the core staff of the company (36 people) were arrested, most of whom are developers of the company’s system. It is said that Xiao Ming did not think he was guilty, and finally missed the chance to get bail because he refused to admit guilt.

  summary

A technology master once said: “technology itself is not shameful”, when you use kuaisov porn and free movies, you will say: Kuaivod is great, in the face of kuaivod copyright infringement, you say: you say that technology is immoral, Kuaivod should be responsible. Technology itself is not guilty, but the use of technology to do illegal things, that should bear the corresponding consequences! A reptile is a powerful tool, which can get twice the result with half the effort if used properly, or send you tumbling off a cliff if not!

💔 3.5 outsourcing

The issue of outsourcing is too deep. If we are forced to outsourcing, we must sharpen our eyes! Portal: Programmer jailed for 456 days for receiving outsourcing, do you still dare to see the experience inside?

💔 3.6 plugins

When we play games at ordinary times, we envy others cow force, think about it if they have a plug-in! Some things are just good to think about, don’t do, or you may not be able to afford the consequences!

Case study: 19 years straight yangzhou city public security bureau branch is a game operator to report, said there are a called “flame” ice plugin software in selling, brought huge economic losses to the company, through the public security bureau of investigation, found that the software development team have 4 people, a clear division of responsibilities, the main developers and software for a certain university, PhD, according to the survey, Since the software was put on the Internet to sell 19 years, more than three years, has been sold more than 600,000 times, the amount of more than 300. However, the income of the doctoral student in the team is only 400 yuan per month “consulting fee”, but by the time of the crime, he has made more than 120,000 yuan of illegal profits.

In the end, the doctor graduates deep for invasion, illegal control of computer information system program crime, was sentenced to fixed-term imprisonment for one year suspended for one year, and fined 20,000 yuan.

💔 4. Some suggestions

IT industry with the development of the industry, the good and evil people mixed up gradually in recent years, people at the time of entry, be sure to polish eyes, made sure the company’s main business involves illegal category, now network so developed, want to understand a company’s business is not too difficult, here share some common illegal business!

  • A company that operates illegal websites such as gambling and gambling.

  • To illegally misappropriate a work protected by copyright for the purpose of making profits

  • All crawler data involving personal information and privacy, is illegal. [According to article 44 of the Network Security Law, any individual or organization shall not steal or obtain personal information in other illegal ways. Therefore, if the crawler captures a large number of users’ personal information without the consent of users, it may constitute illegal behavior of collecting personal information illegally.

  • Illegal use of forbidden crawler interface in violation of relevant regulations. Crawling public data is generally not considered infringement. Google, Baidu and other search engines do this. Only two behaviors cause violations: not following the Robots protocol and circumventing the protection measures to access the data by forcing through anti-crawling measures.

  • P2P companies involved in fund-raising, pyramid selling and other businesses

  • Production, sales of online games plug – in procedures

  • Crimes of online fraud. [such as: through the computer and other equipment, the use of virtual positioning so that the victim search, disguise can provide miss door-to-door service micro signal, the implementation of fraud]

  • Distributed denial of service (DDOS) attacks constitute a crime. Don’t show off your skills, or you will suffer the consequences.

  • Take mobile phone, computer as carrier, copy, sell pornographic electronic information behavior. Just like the song written in the future: if you do not mention I do not recall. Some things their own “appreciate” good.

  • .

Related business use ten articles are also introduced, so, the best way to understand the relevant laws and regulations, I specially find two websites for you to learn laws and regulations, you want to have oh, we do not have to climb so much legal provisions, how to find what you want to find, not to miss oh!

  • Laws and Regulations database

  • A magic weapon of Peking University

💔 5. Reference materials


  • Programmers beware: Nine common types of Cybercrime

  • 200 programmers arrested, how can programmers use crawlers to get data

💔 6. Write at the end


After reading the article, have you found that xiao Cheng is a treasure blogger! Can write technology, can brag force! If you can help, remember to follow, click three links, subscribe column oh! If you want to talk about technology and braggadocio, you can go to the main page of the blogger to see how to add oh!

The JAVA and MySQL technical column is still free to share, you can help subscribe!

JAVA Essentials

Practice of Algorithms