With the onset of winter in France and Europe, a new wave of Covid-19 infections has arrived. It is so cruel that some countries are now considering introducing vaccination obligations with new restrictions on freedom. But this situation is very depressing and makes people happy. A thug specialized in false way of selling Health must rub his hands well, because millions of Europeans who do not want to be vaccinated are likely to be tempted by this illegal purchase to maintain their freedom of movement.
In France, the problem continues to make noise. According to the Ministry of the Interior, around 110,000 health certificates circulate in France. 400 investigations have been launched and 100 people have been arrested.
Is this phenomenon growing? Obviously yes. Because you have to look at the dark web to see the explosive growth in sales. A group of researchers from Aalborg University in Copenhagen examined this parallel website for false certificates.
They found these precious sesame seeds in 17 markets and 10 individual stores (“Bender store”). Previous surveys of this type date from April 2021. At that time, only 5 outlets could be detected.
This trend is not so surprising. Last August, Checkpoint experts reported that the number of outlets and promotional channels (Telegram, Snapchat, WhatsApp) has increased dramatically and newsgroups can attract hundreds of thousands of people.
New research from the University of Copenhagen shows that the market supply is overwhelming today. Sellers provide certificates to almost all countries, especially those in the European Union. It also covers the peculiarities of certain countries, such as the German vaccination card on yellow paper and the American CDC certificate printed on white paper.
However, the most requested product is probably the European QR code, which will be emailed to you in PDF format when you make your purchase. Prices range widely from $ 39 to $ 2,800. This maximum is visible on digital and physical certificates of British origin. Payments are generally made in Bitcoin or in the Monera world. Knowing if it is a scam is obviously very difficult. Nobody knows the identity of the seller and the comments that the buyer leaves on the site are not always very reliable.
Screenshots from Aalborg University-Dark Web
Screenshots from Aalborg University-Dark Web
However, in some cases, the researchers were able to verify that the proposed certificate was actually valid. In fact, marketers struggled to make YouTube videos showing their “fabrication shops.”
You will see a newly created fake certificate that has been validated by the investigator. The seller even showed the interface of their counterfeit software. There, more than 1,700 sales were registered. At the price of € 250 per certificate, this equates to a turnover of more than € 400,000. Obviously, these people are filling their pockets behind collective health security.
But how can this vendor create a valid certificate? It should be remembered here that the Covid-19 certificate is only a set of data electronically signed by the private key of the issuing authority (surname, first name, date of vaccination, type of vaccine, etc.). These are hospitals, laboratory centers, health authorities, etc. Theoretically, this signature guarantees the integrity of the data and authenticates the author. However, it is clear that this is not always true.
There are three ways to get around this security. The first is private key leakage. This is quite unlikely as all the private keys of the issuing agency are centrally stored in a national database which is supposed to be very secure. The second means is unauthorized access to the software used by the issuing agency to sign the data of the vaccinated person.
Complices, major flaws in the system
This incident happened a month ago. Internet users have successfully used “open bar” access to the distribution organization’s servers to create authentication with the names of Adolf Hitler, Mickey Mouse, and SpongeBob SquarePants.
Since then, loopholes have been closed and certificates created in error have been revoked. Scan the QR code of Adolf Hitler, Mickey Mouse and SpongeBob SquarePants and you will see the word “illegal certificate” in red.
The third, and most likely, method is the accomplice of someone with legitimate access to the signature software. In this mode of operation, the dark web vendor collects the required personal data from the customer and transmits them to this accomplice responsible for generating the Covid certificate. Until the discovery of Pot Orose, it was impossible to distinguish between legitimate and fraudulent certificates.
This difficulty was also confirmed by the Minister of the Interior, Gerald Darmanin.
“The False Path Problem Health often means collaborating with real doctors and nurses. It is very difficult to prove, he told AFP.
But finding these thieves is not impossible. At the end of November, the Italian Guardia di Finanza arrested several people who were selling fraudulent certificates suspected of complicity with health workers. The sale price was around 100 euros. “Satisfied or reimbursed” ..
The gangs have used more than 30 Telegram groups to promote their offerings. Italian investigators have not disclosed how they identified it. We know that they especially relied on the analysis tools of the Russian publisher Group-IB.
In France, the government claims to have found 11,000 false health passports so far, without knowing if they have been sold on the dark web, social networks or another channel. Remember that the penalties for using these falsified documents could reach up to five years in prison.
Furthermore, “The decision has already been issued, the prisons have been suspended and prisons have sometimes been closed,” insists Gerald Dalmanin.
Does the existence of this scam prove the invalidity of the European certificate system?
“No, it is well built and it is elastic. It is not a technical problem, it is a human problem. Furthermore, there is no 100% perfect system, ”explains Emmanouil Vasilomanolakis, professor at Aalborg University and co-author of the aforementioned study.
In response to a question from 01net.com, the Commission also defends the system it helped establish.
“The fake QR codes seen so far are mainly due to illegal activities such as the unauthorized use of identification codes to generate certificates and identity theft. These are the European Covid digital certificate systems. There is no evidence of compromise of the encryption key used to generate the legitimate QR code, not generated by a technical flaw ”, explains the spokesperson.
In addition, the committee stated that “Phenomenon that can be ignored in relation to certificates issued for more than 740 million.”
Unfortunately, this opinion is not based on an accurate statement. Therefore, it is difficult to assess the real scope of the phenomenon. To stay out of it, the Commission is still working on a coalition-level certificate revocation system, which will allow it to act more quickly when fraud becomes apparent. Currently, revocation is only done at the national level.
Rank Math Seo Pro Weadown, Wordfence Premium Nulled, Yoast Nulled, PHP Script, Fs Poster Plugin Nulled, Astra Pro Nulled,Woodmart Theme Nulled, Wpml Nulled, Avada 7.4 Nulled, Woodmart Theme Nulled, PW WooCommerce Gift Cards Pro Nulled, Elementor Pro Weadown, Newspaper – News & WooCommerce WordPress Theme, Nulledfire, Slider Revolution Nulled, Elementor Pro Weadown, Jnews 8.1.0 Nulled, WeaPlay, Business Consulting Nulled, WP Reset Pro, Newspaper 11.2, Flatsome Nulled, Woocommerce Custom Product Ad, Premium Addons for Elementor, Jannah Nulled, Consulting 6.1.4 Nulled, Plugins, WordPress Theme, Dokan Pro Nulled