A computer that appears to be in a black screen sleep state is secretly stealing users' virtual currency, simply because this computer had been secretly implanted with a remote-controlled Trojan virus...

After the Wenzhou Longwan District Prosecutor's Office in Zhejiang Province initiated a public prosecution, the court recently sentenced defendant Chen to four years in prison for the crime of infringing on citizens' personal information, illegally obtaining data from computer information systems, and illegally controlling computer information systems; Lan and five others were sentenced to prison terms ranging from one year and three months to six months for illegally obtaining data from computer information systems and illegally controlling computer information systems. All six defendants were also fined and had all illegal gains confiscated.

Hitting a wall in selling personal information

Finding alternative ways to 'hack' into others' computers

In February 2023, while playing on his phone, Chen accidentally clicked on a short video that popped up on his screen, which showed how to download and use an overseas instant messaging software through technical means. Out of curiosity, Chen followed the tutorial to download and log into the software, discovering that many people were looking to purchase citizens' personal information on that platform. Sensing a 'business opportunity', he downloaded various types of citizens' information from multiple resource groups for resale and settled through virtual currency. However, most of the personal information data Chen obtained for free had already been used by others, and this 'gray business' yielded meager profits.

By chance, Chen met an internet user with the nickname 'ak technology' on the software. The user taught Chen how to implant a Trojan virus into others' computers and bind it to the corresponding remote control endpoint. Through remote control, Chen could view and download files from the 'hacked' computer, secretly observe the screen's display, and even directly operate the other person's computer.

A bold idea flashed through Chen's mind—could he implant the Trojan virus into personal information folders and then send the Trojan virus to clients under the guise of selling private information?

Thus, Chen purchased Trojan virus control software and cloud service platforms from 'ak technology', pretending to sell personal information, and spread the Trojan virus to clients. He waited for a careless client to mistakenly click on the virus file, seizing the opportunity to illegally control that client's computer. To avoid detection, Chen usually chose to 'log in' quietly when the controlled computer was in black screen sleep mode, checking the owner's transaction habits and illegally obtaining the other's virtual currency. Unless the owner reinstalled the computer or checked for the Trojan virus, Chen could control the computer again at any time and repeat his tricks.

Spreading the virus widely

Collaborating to 'technically acquire' virtual currency

After a successful operation, Chen, who tasted the sweetness, started his 'wealth' journey. To control more computers by spreading the Trojan virus, Chen found his friend Shi.

He told me there was a project that could easily make money, and all I needed to do was chat with others and do some customer service on an overseas instant messaging software,” Shi said. “He mentioned that this project was a bit dangerous, mainly involving the black and gray industries.

At that time, Shi was unemployed at home. After hearing Chen's description, he couldn't resist the temptation of high returns and agreed to his proposal. Following Chen's advice, Shi used his speech techniques to show clients personal data screenshots, then 'switched' them, and immediately sent a compressed package containing the Trojan virus to the client, successfully earning his 'first pot of gold'.

Thus, Chen's team continued to expand, with Long, Zheng, and five others joining in succession. They sent clients files 'packaged' with Trojan viruses through various means such as buying and selling personal information data, pushing advertisements, telemarketing, receiving codes, and SMS bombing.

In this team, Chen acted as a technical consultant, responsible for teaching new studio members how to 'plant viruses', sharing personal information obtained in the studio group, purchasing and renting Trojan viruses and remote control software, and providing food and accommodation for the team. Once the team's accomplices successfully spread the Trojan virus, Chen's remote control endpoint could capture the client's computer information, providing Chen with opportunities to obtain virtual currency from that computer.

Every once in a while, Chen would withdraw the virtual currency he obtained from the overseas instant messaging software into RMB and transfer a commission to his accomplices who successfully spread the Trojan virus according to a three-seven split.

After investigation, it was found that by the time of the case, Chen and others had illegally controlled more than 100 computer systems, illegally profiting over 318,000 yuan.

Mining and integrating key clues

Breaking the stalemate to form a complete evidence chain

Due to the novel criminal methods, to accurately grasp the evidence and investigation direction of the case, the Longwan District Prosecutor's Office discussed investigation ideas with the investigative agency after approving the arrest, sorted out key evidence collection points, formulated a detailed investigation outline, and promptly seized the computers and mobile phones of the criminal group, extracting electronic data, collecting and fixing relevant objective evidence, and conducted further investigations around the criminal group's methods, the number of illegally controlled computer information systems, the flow of funds, and illegal gains.

During the case handling, the prosecutor found that due to the encrypted chat and unrecoverable records of the overseas instant messaging software, and the anonymity of virtual currency blockchain, it made it difficult to review and determine the amounts and other facts.

The evidence in the case relied mainly on verbal evidence, and the objective evidence for conviction and sentencing was still insufficient. This caused the case handling to fall into a stalemate,” introduced the prosecutor from the Longwan District Prosecutor's Office. “We dug deep into the data from multiple angles, trying to find hidden links to criminal activities in fragmented electronic evidence, and finally found a breakthrough in the case from the suspect's phone album.

The prosecutor carefully reviewed a massive amount of electronic data and found the last few screenshots of chat interfaces from the overseas instant messaging software in the phone album, which were screenshots of Chen's group chatting in that software. The prosecutor correlated the screenshots with witness testimony regarding the illegal profit-sharing part, and combined them with Chen's transaction records and other evidence for integration, corroborating to form a complete evidence chain, ultimately inferring Chen's illegal gains through his transfer records to Shi and the agreed three-seven split among the group.

During the review and prosecution stage, the prosecutor actively communicated with lawyers, explaining the law to the suspects. Chen and five others expressed their guilt and remorse and voluntarily withdrew their illegal gains.

In May 2024, the Longwan District Prosecutor's Office filed a public prosecution for this case to the Longwan District Court. After hearing the case, the court adopted all the prosecution's opinions and made the above judgment on September 11.

Follow me! Get more information about the coin circle!