"Thursday, the ticket from Beijing to Zhengzhou is lost again, and the train ticket is gone."
Whether it's going home during the Chinese New Year or visiting relatives during holidays, everyone will encounter problems like "hard to get a ticket". Why is it so difficult to grab a ticket every time? Are these air tickets and train tickets really gone? As the holiday time approaches, ticket grabbing has been "accelerating", at this time most people will start looking for scalpers.
And this result is just right in the scalpers' arms. When we are still struggling to accelerate the ticket grabbing, the scalpers can easily grab the designated flights/trains in a specified time period according to the needs of customers, and gain a reward. A lot of commissions.
Why can scalpers easily grab tickets? In fact, this reflects bad behaviors such as illegal stealing of illegal products and illegal occupation of seats. In recent years, "upgrading direct flights and downgrading generations" has been the top priority of the civil aviation industry. Previously, the SASAC required Air China, China Southern Airlines, China Eastern Airlines and other airlines to increase the proportion of direct ticket sales to 50%. The increase in the proportion of direct sales may greatly improve the marketing model of airline companies and help them save high distribution costs.
However, public data shows that illegal stolen visits and illegal seat occupations by black products have directly caused huge losses of nearly 1 billion yuan to airlines. In order to gain a deeper understanding of the black industry "ticket grabbing" ecosystem behind these huge losses, Xiao Zhao (pseudonym) of the Sumiy Black Industry Research Institute first aimed at the domestic railway transportation industry and began "entry investigation".
Why do you never get a ticket?
1. Illegal crawling upstream
On July 10, Xiaofang (a pseudonym of the black product) first cracked the signature algorithm of 12306 on the web, and then registered and logged a small number of accounts to conduct illegal crawling and real-time monitoring of the content of the 12306 page. The main purpose is to check whether there are tickets for each time train from Beijing to Zhengzhou, as well as the specific travel time and train seats.
"The train tickets from Beijing to Zhengzhou, 12306 will be released at 10 am on July 13, Xiao Zhang (a pseudonym of the black production) remembers that the script is set to 10 o'clock to start grabbing tickets." Xiao Zhao saw Xiao Fang posted this in the group Notice.
2. Illegal seat occupation in the middle reaches
Xiao Zhang’s set goal is to grab 10,000 tickets, and an account can grab an average of ten tickets (one account can enter 10 ID numbers), so Xiao Zhang will use 1,000 accounts to grab tickets. The most indispensable thing for black production is personal information resources such as account number, IP, ID number.
As soon as Xiao Zhang received the notice, he divided the 4,000 IP accounts and 40,000 ID numbers purchased through "Xun Agent" into four combinations (combination A, combination B, combination C, and combination D). Each combination has 1,000 accounts. Due to the need to grab numbers in large quantities, the server used by Xiao Zhang has extremely low latency, and then he sends the package through the interface, requesting access to the 12306 server.
Tickets were released on time at 12306 at 10 am on July 13. After Xiao Zhang grabbed 10,000 tickets through Combination A, he would not pay immediately and would only occupy his seat illegally. The 12306 payable time is 30 minutes, 10:30, and these 10,000 tickets are returned to the system again. Subsequently, Xiao Zhang began to use the thousand accounts of combination B to grab tickets for the second time, repeat the steps of occupying votes of combination A, and cycle in turn...
3. Downstream scalpers reselling
Until a customer, Xiaomei, came to Scalper Xiaowang, she needed to buy a ticket for "G653 train from Beijing to Zhengzhou, second-class seat at 3 pm on October 1st", with a commission of 50 yuan.
Xiao Wang will register Xiao Mei's name, ID number and mobile phone number, and then send it to Xiao Zhang, Xiao Zhang will add Xiao Mei's personal information to combination C that he is about to grab tickets at 11:00.
After helping Xiaomei to grab the tickets, Xiao Zhang will continue to start the fourth wave of ticket grabbing at 11:30. As long as a customer comes to buy tickets again, Xiao Zhang will add the customer's personal information to the next wave of ticket grabbing accounts.
At the same time, Xiao Zhang will also monitor page information in real time and steal it. 12306 found that the tickets issued in the morning were all robbed, many people did not buy the tickets and are still waiting. Tickets will continue to be released at 10 am on July 14th, and Xiao Zhang will repeat the ticket-grabbing steps on July 13th and operate again on the morning of the 14th.
Why is it so difficult to buy a ticket to go home? Because the current ticket grabbing is no longer a question of fighting for hand speed and Internet speed. For the same ticket, you need to grab the artificial intelligence. Obviously, this is impossible. This is true for train tickets, and the same is true for air tickets. Through the example of black production "ticket grabbing", the current black production chain has been perfected and optimized to the point where it is heinous.
Black production "grab tickets" inertial routine
From the above, it can be seen that the black production "grab tickets" has a complete upstream and downstream supply chain. For example, upstream Xiaofang (responsible for illegal crawling visits, real-time monitoring of page information), midstream Xiaozhang (responsible for mass ticket grabbing, illegal seat occupation), downstream Xiaowang (part-time scalpers, docking customers to earn commissions). At the same time, the black production "grab tickets" has its own "advantages": ultra-low latency servers, and endless access to other people's private data resources.
1. The logic of illegal train tickets
Taking the train ticket as an example, the Sumiy Black Industry Research Institute has thoroughly explored the main evil logic of the black industry and summarized the following points:
First, the black product needs to crack the 12306 signature algorithm on the web; then use a large number of proxy IPs, batch accounts, and low-latency servers to register/log in through verification codes; first log in to a small number of account monitoring page information, mainly to check whether there are tickets, And the travel time; next is to send out packages, requesting access to the server of 12306; finally, a large number of continuous ticket grabs and scalpers start reselling.
2. The path of airlines' illegal production
Similarly, similar to the evil methods used for train tickets, taking an airline as an example, the Sumiy Black Industry Research Institute found that the black industry engages in content stealing activities, the main purpose of which is to use the program to automatically access the airline's website to obtain the required information.
These crawlers mainly inquire about airline class, ticket price information, flight status information, etc. After the black industry obtains this information, it is often used for malicious occupation, display of information on third-party platforms, and even illegal acts such as SMS fraud. The main reason for the higher airline check-and-determination ratio (query-order ratio) is also crawlers.
In terms of breakdown, in the air travel industry scenario, the business path of the black industry is mainly concentrated in two parts: general links and business links. As shown below:
Obviously, the evil tactics of black production are concentrated in registration, login, theft of page information, fraud in marketing activities, mass occupation of seats, and scalpers. At the same time, these links are also important ways for airlines to effectively prevent and control illegal production.
Analysis of the Abnormal Behavior of Black Production
In the face of the pervasive penetration of black production in the entire consumer ecological industry chain of railway transportation/airlines, and the huge losses caused by serious data theft and illegal occupation of seats, SUMEI Black Industry Research Institute’s abnormal behavior of "grabbing tickets" for black production The path is fully analyzed.
From the perspective of the path of criminal behavior, there are mainly the following four aspects:
1. When black production cracks the 12306/airline verification code, it usually uses Lianzhong coding and machine learning methods. The device fingerprint on the web is extremely unstable, which requires a high degree of recognition for forgery.
2. When black production uses bulk proxy IP, account number and other resources to log in, there will be a strong aggregation of a large number of IPs.
3. Since the black production needs to monitor the page information in real time and view the related information of the fare, it will make frequent account request access.
4. When black products start to grab tickets and resell in large numbers, irregularities such as IP abnormal behavior and resource separation will occur.
Therefore, by taking reinforcement measures on the web side, illegal production can be intercepted from the "source", and the cost of illegal production can be continuously increased. At the same time, the associated frequency strategy can also be used for efficient prevention and control.
Responding to the "Ticket Grab" Risk Control Strategy for Black Production
For airlines, basic risk control measures can inevitably serve certain prevention and control purposes, but how to accurately identify and effectively combat such criminals is the most important. Therefore, the optimization and iteration of the service architecture and system platform is more practical and effective from technical means to solutions.
SUMEI Black Industry Research Institute found that from the perspective of the risk control strategy of abnormal behavior, it mainly involves the following aspects:
1. In terms of solutions, based on basic risk control rules, in order to ensure data security, it can be supported by combining with a private cloud architecture. For example, deep learning models are used to build a variety of intelligent network models, and private clouds are used to regularly update black product images, so as to continuously improve and optimize the accuracy of the black product abnormal behavior recognition rate.
2. In terms of practical value, dig deeper and formulate flexible risk strategies for specific risk control scenarios. Such as cancellation of order group mining; malicious accounts, equipment, contacts, and passengers mining; machine timing mining; event missing group mining; multi-entity time interval/event sequence/entity timing similar group mining; airline ordering scenario strategy, etc.
3. In terms of application costs, consider resource estimation and flexible expansion to avoid redundancy in the risk control management process. Try to use as few servers as possible to deploy web interfaces, access modules, business logic modules, decision engines, basic engines, statistical engines, metadata information, etc., so as to achieve full utilization of resources and reduce resource waste.
4. In terms of system optimization, use privatized system monitoring to prevent, inspect and alert various abnormal risk control phenomena. For example, actively call the API interface to alarm, and synchronize the occurrence of abnormal information of relevant business personnel in time; operation and maintenance personnel regularly call and conduct system inspections; directly discover and report abnormal behaviors such as sudden increase in traffic.
So on the whole, the interconnected, layered AI online business risk control solution is the most powerful prevention and control weapon, and precise defense and high-precision identification technology are the best prevention and control methods.
By deploying a global SaaS risk network and using a rule engine, SUMEI can prevent industry competition data, high-value content, private data and other stolen and crawling behaviors in real time. The Skynet of Sumei Technology, a full-stack real-time intelligent risk control engine, can also accurately identify and intercept abnormal accounts, efficiently protect the interests of airlines and railway transportation platforms, and escort their online business operations.
At present, in response to problems such as illegal stealing and illegal seat occupation, SHUMI has formulated professional AI online risk control solutions for the aviation travel industry, and has reached in-depth cooperation with many large airlines. In the future, SUMEI Technology will continue to unlock new ways of committing evil by illegal products, continuously optimize and iterate its own technical strength, and provide customers with the most accurate and high-quality service solutions in all aspects.