Forensic Fraud Investigation of Social Network Group Control System

Editor’s note: Nowadays, we often received a variety of fraud messages when we used a mobile phone, a little careless will fall into the trap of outlaws. Especially in China, the common use social chat APP: WeChat related many fraud cases, it had become commonplace. In the constantly exposed fraud cases, we can make sure that there are so many illegal fraud groups behind using group control system, and in the case of forensic fraud investigation on social network also brought new challenges.

 

1. How fraud messages spread on the social network?

Group control system is a wide concept, the narrow meaning refers to the implementation of a one-to-many management system based on the internet carrier technology. Through the system automation control and integration skills, a number of mobile phone operation interface directly mapped to the computer monitor, the computer can control hundreds of mobile phones completely.

From the control object, group control system can be divided into mobile phones and SIM cards,  first one is to control mobile phones sending APP messages automatically, the second one is to send SMS controlled SIM cards by a software.

Group control system usually consists of software and hardware, some of the hardware includes server, hub and terminal mobile phone, some software with the support of the control function of the system, and it can be operated in the LAN.

 

2. “Underground Industry Chain” behind the social network group control system

Group control system used to improve sales and communications between shops and customers. BUT now it went to the illegal way.

Control WeChat for illegal profit

Because of the large users and the high frequency of using WeChat in China, fraudsters often use group control system on Wechat to make the illegal profit. They normally hide their actual location or they located their phones in various parts of the country, so they can safely do operations on WeChat. The most common is pornography, by posting to different places, using false beauty identification to add friends, then ask you for a red packet of WeChat or recommend you to buy some stocks and selling porn videos to cheat money. Even by giving away free gifts, trick you filling out personal information and sell them to other people who do the same thing.

Use group control system to become “water army”

Now there are so many “hired WeChat readers”,  those who are paid by operators of public accounts on WeChat,  to boost the number of clicks on articles published on their platform in the hope of attracting advertisers. Most of the hired readers are so-called “water army”,  fraudsters also used group control system to become hired readers.

Use group control system to make illegal profit

Fraudsters often dealt with the promotion’s activities of some companies, free benefits, such as red packets, coupons, commissions, cash back and so on. Use a large amount of WeChat account to brush these activities, and finally to bring out or resell to profit.

 

3. Difficulties in gathering evidence from group control system

There’re too many different group control system have sold in the market, there is no forensic tool to against them.

Because of the needs of Law Enforcement,  SalvationDATA‘s forensic experts are researching for forensic fraud investigation on group control system. We had carried out in-depth analysis and research.  Eventually, we found a way and unique technology helping to gather evidence of these cases.

 

4. Research on WeChat group control system

WeChat group control system comes with software and hardware. It can act like normal user behavior to avoid WeChat security. It is a group control system plus a variety of bulk imitation script method to complete the WeChat batch operation, the essence is a WeChat underground industry chain.

There are two types of WeChat group control system on the market: USB control and cloud control. USB control refers to the mobile phones connect to USB cable transferring data to PC for controlling the phone. Cloud control refers to the mobile phones and PC connect to the server, through network communication for controlling the phone.

SalvationDATA’s forensic experts installed the WeChat group control system on PC and mobile phone.

And we found that the WeChat group control system consists of PC side controlling software and mobile phone side controlling software. All the data are stored in the directory: C:\Users\Administrator\AppData\Local\DaWeiGe\account\accounts

But, no valid data was found from “LLRecorder” and “llrecorder.test” on the mobile phone side controlling software,  then we can assure the system will not store a lot of data traces but will store some platform login information on the PC side controlling software.

Then, for the WeChat forensic fraud investigation, we can extract and analyze the login information of these platforms and get the evidentiary data. And we will continue to do the research and improve our products to help fraud investigation.

This research results had already integrated into our mobile forensics product SmartPhone Forensic System(SPF), and computer forensics product DF(temporary only for the Chinese market),  you can download the software from our resources page of the website to have a free trial.