Black and Gray Market Threats and Countermeasures in the Residential Services Industry (Beike)

Guest speaker: Du Zhongwei (Beike). Organizer: DataFunTalk.

Overview : The residential services industry consists of information aggregation platforms, transaction platforms, and self‑operated platforms like Beike. Black and gray market activities span traditional internet fraud (traffic attacks, device farms, account abuse, business abuse, data theft) and industry‑specific issues such as fake listings, private deals, data theft, performance fraud, and external operations.

Typical Scenario 1 – C‑end Fake Registrations : Black‑card vendors obtain phone numbers from card merchants and SMS platforms, use spoofed devices and proxy environments to create accounts, and sell them either to agents for fake viewings and B‑end acquisition or to “wool‑party” users for incentive programs. The supply chain includes primary and secondary account merchants, with sales channels such as forums, Taobao, and Xianyu. Monitoring of these accounts and material pricing helps assess the effectiveness of anti‑fraud measures.

Typical Scenario 2 – Crawler Software : Over 60 commercial crawlers target Beike data, priced between 199–455 CNY per year. These tools automate large‑scale property data extraction for resale. The crawler ecosystem includes developers, direct sales, agents, and a minimal technical team (cracking, data, product). Harm includes real‑time business opportunity theft, privacy breaches via leaked phone numbers, and resource consumption.

Intelligence System Construction : Three‑layer architecture – (1) Intelligence collection (city reports, external monitoring, internal white‑hat intel), (2) Trace processing (focus on agent accounts, devices, business actions, producing blacklists and tool libraries), (3) Operational use (coordination with law‑enforcement, risk control, product teams). Incentives are provided to agents who supply useful intel.

Tracing Capability Building : (1) Weapon library – acquisition of typical black‑market devices, software, proxy resources, and IP profiles. (2) Tracing technical architecture – logs and intelligence feed into rule engines, producing audit and risk‑control platforms. Example: automated tracing of leaked property data by correlating timestamps, device anomalies, and behavior patterns to generate high‑risk agent lists for manual investigation.

Counter‑measures and Evidence Collection : Five stages – (1) Tracing (log and behavior analysis to identify tools), (2) Analysis (determine legal violations), (3) Reporting (prepare documentation for police), (4) Evidence collection (third‑party forensics, screen recordings), (5) Arrest (technical staff assist in on‑site seizure of tools and data).

Q&A

Q: Are many black‑market operators using broadband? A: No specific ratio calculated; focus is on identifying suspicious UA patterns.

Q: Is there any blockchain involvement in tracing incentives? A: Not currently, but may be considered for future suitable scenarios.

Thank you for attending.