On one hand, it is difficult to find the number one patient, while on the other hand, "scalpers" openly claim to hang up expert accounts on their behalf. The phenomenon of "scalpers" maliciously seizing hospital expert account sources and reselling them at high prices in some places seriously disrupts medical order, exacerbates "registration difficulties" and "expensive medical treatment". The Nanjing Public Security Bureau recently destroyed three "hacker scalpers" gangs, uncovering the black industry chain of scalpers and hackers working together to steal accounts. One account has more than 5000 registration records a year, and the same IP address uses different ID number for high-frequency registration in a short time; Using the same payment account to pay registration fees for different medical cards; In January of this year, the Qinhuai Branch of the Nanjing Public Security Bureau established a special task force to compare and screen the appointment registration data of a well-known hospital in Nanjing, and found multiple abnormal IP addresses and payment accounts. Yao Xiang, deputy captain of the Criminal Investigation Brigade of Qinhuai Public Security Bureau, introduced: "Some well-known expert accounts were once hyped up to more than 1000 yuan per account, not including the cost of registration itself. We took the initiative to visit a key hospital in our jurisdiction and retrieved more than 40000 appointment registration data from the past year for modeling and analysis." Through tracking and investigating these abnormal IP addresses and payment accounts, Qinhuai Public Security Bureau discovered three "hacker scalpers" gangs. Afterwards, after several months of investigation, the gang structure and division of labor were gradually identified. On May 15, the Qinhuai Public Security Bureau launched a centralized network access operation in Henan, Anhui and Nanjing, Jiangsu, destroying the three "hacker scalpers" at one fell swoop and capturing 22 suspect. As of now, 18 of them have been subjected to criminal coercive measures, and 4 have been punished for public security. The average time for account snatching is only 0.02 seconds. Three "hacker groups" are led by personnel who master account snatching techniques, with downstream "first level scalpers" and "second level scalpers" assisting in reselling expert accounts. They each use different account grabbing software, some developed by themselves and some purchased online. There are also two ways to grab accounts and resell them. One method is "charging for robbery", which is adopted by the criminal gang led by Cao. Cao is a technician at the Nanjing office of a non local network company, proficient in network programming. Between 2023 and 2024, the "first level scalper" Zhong approached Cao to develop a number grabbing software. Cao quickly developed a registration software targeting a key hospital in Qinhuai District, Nanjing. After the case was solved, the police tested this software and found that its average registration time was only 0.02 seconds; Normal online appointment registration, from logging into the system to successful payment, takes at least 1 minute. The key to this software's fast number grabbing is that it can skip the verification and consultation process of the hospital appointment registration system, which is equivalent to sending the information that needs to be filled in and queried step by step for normal registration as a data packet in one go. ”Yan Yaohua, a police officer from the Qinhuai Branch of the Nanjing Public Security Bureau's Network Security Detachment who participated in the case, said, "They also rented some servers to help them grab numbers together; this is equivalent to hiring a group of people to block the registration channel and prevent others from entering." Yan Yaohua explained that the process of Cao's gang stealing and reselling expert numbers is as follows: the "second level scalpers" are responsible for attracting customers, and after collecting fees, they inform the "first level scalpers" of the buyer's relevant account name, password, and required expert number information; The 'first level scalpers' will then forward this information to Cao, who will fill it into their developed software. At the time of account release, the software will automatically grab the account. Another method is "occupying pits and washing accounts", which is used by criminal gangs led by Ni. Xia Xuan, a instructor from the Criminal Investigation Team of Qinhuai Public Security Bureau, introduced that Ni's gang first purchased more than 300 mobile phone numbers through the internet, registered an account in the relevant hospital appointment registration system, and then used number grabbing software to grab "account shares", and then resold them through multi-level "scalpers". After the buyer pays the fee, the gang will process the corresponding expert account they hold as a refund at a specific time, and then use account snatching software to retrieve the account from the buyer. Another criminal gang led by Yu also used this method to resell expert accounts. The difference is that their account snatching software was purchased from overseas social media platforms and their servers were periodically changed, making their methods more covert. However, this "occupying pits and washing accounts" method is relatively easy to block. At present, some hospitals in Nanjing have successively opened the "standby" function in their appointment registration systems to avoid "scalpers" returning their numbers and competing for them again. The "hacker scalpers" gang will split the profits from account grabbing and reselling according to a certain proportion. Taking Cao's gang as an example, its profit sharing model is 4:4:2, where Cao and the "first level scalper" Zhong each receive 40% of the profits, while the "second level scalper" receives 20%. In about a year and a half, Cao obtained over 200000 yuan by snatching expert accounts from a key hospital in Nanjing on behalf of others. After the police arrested Cao, they found that he was researching and developing account grabbing software for other hospitals. The phenomenon of "scalpers" grabbing hospital numbers is not unique to Nanjing. Since last year, many public security agencies have cracked similar cases. For example, in April 2024, the Chengdu Public Security Bureau in Sichuan Province destroyed two "scalpers" gangs targeting West China Hospital of Sichuan University; In September 2024, the Beijing Municipal Public Security Bureau arrested 33 hospital "scalpers" in one fell swoop; In October 2024, the Shenyang Public Security Bureau in Liaoning Province destroyed 9 "scalpers" gangs... "scalpers" maliciously seized and resold hospital expert accounts, seriously disrupting medical order and exacerbating "registration difficulties" and "expensive medical treatment". ”Yao Xiang said. Yao Xiang introduced that for the ringleader of the gang, the police will transfer him for prosecution on suspicion of illegally controlling computer information systems. First level scalpers can also be used as accomplices in criminal crackdowns; At present, it is difficult to crack down on "second level scalpers" in criminal cases, and they are generally punished for public security. The lack of deterrence is also an important factor in the difficulty of cracking down on "scalpers" in hospitals. The investigating police of Nanjing Public Security Bureau stated that they will take a dual approach. On the one hand, we need to upgrade and strengthen our 'technical defense'. Some hospital appointment registration systems have certain loopholes, such as real name verification being virtually non-existent, and entering any number can pass identity verification; The backend key remains unchanged for a long time without a "backup" function, giving "hacker scalpers" an opportunity to take advantage. It is recommended that major hospitals add facial recognition function to their appointment registration systems, increase the frequency of changing backend keys, add a "backup" function, and increase the difficulty of "scalpers" grabbing numbers. On the other hand, it is necessary to establish a collaborative mechanism. The "scalpers" stealing accounts are not untraceable, they always leave behind some abnormal data. The health department can establish a collaborative mechanism with the public security organs, regularly use big data modeling and analysis to screen for abnormal registration phenomena, add relevant IP addresses and accounts to the "blacklist", and crack down on them in a timely manner. (New Society)