The Spring Festival ticket rush is not new, compared to the traditional train ticketing method, nowadays nearly 70% of passengers choose to buy tickets online, and all kinds of ticketing software has emerged. However, the ticket grabbers claiming to be efficient and accurate are hiding a variety of risks such as information leakage and money fraud. On the eve of this year's Spring Festival, a reporter conducted an investigative interview.

Captcha recognition in 300 milliseconds

On January 4, Ms. Zhang, who works in a bank in Beijing, wanted to buy a train ticket from Beijing to Anyang on February 10, and chose an online travel app to make an appointment to grab the ticket. "The app claims to have different speeds for ticketing, depending on how many accelerator packs you have." The company's main business is to provide a wide range of products and services to its customers.

There are few people who use ticketing apps like this, and each has their own tricks up their sleeves. The system defaulted to hook up a 20 yuan acceleration package after Zuo Xiaotang, who is employed in a central enterprise, logged on to a ticketing app. "This ticket grabbing app actually logged into my 12306 account to operate," said Zuo Xiaotang, "After the app grabbed the tickets and reminded me to pay, I immediately went to the 12306 website to pay and avoid extra fees. "However, doing so also discounted his credit worthiness on the app.

In addition to online travel companies and ticketing APPs, there are two main ways to grab tickets on the Internet today: browsers or websites with built-in "ticketing plug-ins" and "ticketing teams" lurking on social networking platforms such as QQ. Ultimately, all of this relies on specialized software.

The reporter contacted a "professional ticket grabber" through QQ, he claimed to use his 12306 account and professional software to grab tickets, once the ordinary pre-sale period to grab tickets successfully charged a fee ranging from 100 yuan to 120 yuan, "pick up" cost to pay another 20 to 30 yuan. After a brief introduction, he then repeatedly urged the reporter to submit the rider's ID number, mobile phone number, train schedule and other information.

"The ticketing software can automatically refresh the remaining tickets and automatically identify the verification code. Some software on the market claims that it takes only 300 milliseconds to complete image identification, while ordinary users need 5-10 seconds to operate," explained Luo Taisan, a website security operations and maintenance staff, "If you use a variety of means such as cloud server ticketing and a large number of accounts, the efficiency will be even higher. "

"Synthetic magic" directly forged tickets

Are ticketing apps really reliable?

Many users reported that after using the ticketing software, they did not get tickets, but received many spam messages and harassing phone calls, and their personal information was leaked.

Train tickets need to be purchased in real names and personal information has to be provided when looking for online "scalpers" to grab tickets. "This may hang their ID numbers and other personal information in the air," said Internet engineer Cai Xin, also does not exclude these software and network "scalpers" take the opportunity to hoard personal information of passengers.

And some seemingly regular ticket grabbers require users to bind their 12306 accounts. 12306 website related technical person in charge said, as long as the passengers will be their 12306 website user name, password revealed to the proxy party, it is equivalent to open the door to their own home, others can enter and exit at will.

Many ticketing software claim not to keep any personal information, but it is not known if they really do. In addition, if security is weak, user privacy can easily be accessed directly or even stolen. Whether or not private information is leaked depends on the strength of the company's network technology, in addition to corporate ethics," Cai Xin said. "

Some even carry out various forms of scams under the guise of online ticketing. Recently, the media reported that Mr. Li, a Beijing citizen, was looking for a "scalper" to buy train tickets online for an additional 100 yuan per ticket, but unexpectedly encountered a "train ticket synthesizer", the ticket information was all forged.

"Internet ticketing is prone to breed some new fraud opportunities," said Luo Taisan, "In addition to the relatively obvious 'synthetic artifacts,' some unscrupulous elements steal personal information through account bundling or implanting Trojan viruses, and then disguise themselves as 12306 customer service to implement accurate fraud. "

How cyber attacks and defenses are "one step ahead"

In the face of the ticketing chaos, Hui Zhibin, executive director of the Internet Research Center of the Shanghai Academy of Social Sciences, believes that only a comprehensive approach can take into account the fairness and efficiency of the ticketing process. "This includes providing ticket information more scientifically and transparently, improving the 12306 platform, strengthening the regulation of the technical functions of ticketing software, and especially the collection and use of personal information in a legal and compliant manner."

"The risk of ticketing software actually depends on its technical setup; some information may be stored only on the user's client, and some may have to be retrieved to operate in the cloud." The latter has a massive collection and use of personal information, with the risk of being stolen by hackers and transferred by illegal use of ticketing software," Huizibin said. "

"Network security offense and defense are constantly progressing, it is impossible to be permanent, and the 12306 platform should continuously enhance the technical iterative capacity of network offense and defense." In Cai Xin's view, the 12306 platform should be powerfully monitored and effectively curbed by ticket grabbing software or hackers who maliciously attack and crash the bank.

Of course, trying to technically eliminate ticket grabbers is not a little difficult. 12306 website related technical person in charge said, 12306 website is also the essence of the Internet, page and page transmission is open. From a technical point of view, there are indeed automated programs that can simulate the operation of a website and gain a faster time advantage over the average traveler by "brute force decoding".

prior, It's law enforcement regulation that can't be missing。“ Some ticketing software may involve unscrupulous industry chains。 It is the responsibility of the regulators to fight it according to the law, Pay particular attention to the upstream and downstream chains in the‘ internal reaction’。” Jiang Qiping, Secretary-General of the Center for Informatization Research at the Chinese Academy of Social Sciences, said。 editor:

