近日,推特网友Victor Gevers @0xDUDE (bio信息自称黑客、安全研究人员)声称在中国互联网上发现了一个“社交网络监控程序”。
Can anyone (from China) identify these Messaging services?
imsg <–…
qg <–…
qqmesg. <– https://t.co/AnxlLDLztf
wwmsg <–…
wxmsg <–…
yymsg <–…In China, they have a surveillance program on social networks which looks like a jerry-rigged PRISM clone of the NSA.
— Victor Gevers (@0xDUDE) March 2, 2019
中国普通民众的大量隐私聊天内容(来自QQ、微信、YY、旺旺等六家聊天平台,除聊天内容外还包含账号名、头像、gps位置、网络信息等)均被导入了一个大型的在线数据库。
So this social media surveillance program is retrieving (private) messages per province from 6 social platforms and extracts named, ID numbers, ID photos, GPS locations, network information, and all the conversations and file transfers get imported into a large online database.
— Victor Gevers (@0xDUDE) March 2, 2019
这个庞大的数据库可以每天处理大约3.64亿数据量,所监控的所有账户均连接到了真实的个人,然后这些数据被交由分布在每个省/城市的公安局数据中心进行处理。这些数据会以运营商名称进行分类。
Around 364 million online profiles and their chats & file transfers get processed daily. Then these accounts get linked to a real ID/person. The data is then distributed over police stations per city/province to separate operators databases with the same surveillance network name
— Victor Gevers (@0xDUDE) March 2, 2019
有关执法部门会调查约2600-2900条具体的内容,并且每天进行持续的进度追踪。由此可以看出它们在对社交媒体信息(公共/私人)进行非常具体的手动审查。
With these "operator databases" the local law enforcement investigate 2600 to 2900 messages and profiles. The name new table per day to keep track of the progress. So they manually review the social media communication (public/private messages).
— Victor Gevers (@0xDUDE) March 2, 2019
最值得注意的是,该网络还将所有数据同步到了18个分布式MongoDB数据库。
And the most remarkable part is that this network syncs all this data to open MongoDBs in 18 locations.
"r_Capture_Time" : "2019-03-03 02:58:08.0",
"r_QQMsg" : "2019-03-03 02:58:08 "ζ°? 、XXX丶ζ说:!收【【【46–48道士号】】】卖的微信XXXXXXXXXXXぁ"
}— Victor Gevers (@0xDUDE) March 2, 2019
监控的大多数对话都是典型的青少年对话。至于触碰哪些“敏感词”需要对对话进行审核,目前还不完全清楚。
The most dialogs which are being monitored are typical teenager conversations. Which conversations need to be reviewed by a human based on "trigger words" is at this moment still not entirely clear. pic.twitter.com/hrPD7yU0Gm
— Victor Gevers (@0xDUDE) March 2, 2019
Because doing IT right requires knowledge and skill. Not the pressure of Time to Market or the pressure of an impatient employer. Understanding technology requires you to Read The Fine Manual. And until you get IT right, we will be knocking on your door. https://t.co/9iq2BzYAzf
— Victor Gevers (@0xDUDE) March 3, 2019
其中一个例子:这些触发事件被发送到由数字标识的警察局。(截图中有两个疑似警察局地址:盐南西路4号、龙岗居委会三组青龙华庄5幢)
One of the multiple intelligence feeds showing the distribution of triggered events routed to the police stations identified by numbers. It's a very effective way of spreading the workload from a single source to multiple operators. It will require tremendous work ethics as well pic.twitter.com/JOXus89GPf
— Victor Gevers (@0xDUDE) March 3, 2019
这位良心黑客正在分析中国当局社媒监督体系的内部操作。当局一天收集三亿六千万账户(微信、qq等六个app)对话与文件,能把账户、真实身份与地理位置连起来
This hacker is getting into the guts of some of China's social media surveillance, confirming some suspected capabilities.@paulmozur https://t.co/2YsaGSlMDd
— Kevin Slaten (@KevinSlaten) March 3, 2019
https://twitter.com/fdmove/status/1102238231389564928
https://twitter.com/fdmove/status/1102245972967477248
https://twitter.com/fdmove/status/1102251259644411904
黑客展示的记录截图看出应该是中国普通民众里的一对男女,一对一的QQ聊天记录。这对男女,在探讨女方的胸的大小。 都出来学习一下别人的聊天。敲黑板,本课知识要点: 你是猪么,衣服紧,才会显得胸大,你们都知道了么? pic.twitter.com/eiIK4ydk7l
— Dasmz (@fdmove) March 3, 2019
相关阅读:
