Hackers Start Forging “Official” Vaccination Certificates on Darknet

Check Point Research has highlighted a new trend of forged negative COVID-19 test results and fake vaccine certificates offered on the Darknet and various hacking forums for people seeking to board flights, cross borders, attend events or start new jobs. While the global roll-out of COVID-19 vaccinations continues to accelerate, it’s worth remembering that only around 1% of the world’s population have received their full course of injections.

Billions are still waiting for their first dose, which inevitably leads those people to question exactly when they will get it. Especially as plans are being made internationally to allow those that have been vaccinated, or can prove they have had a recent negative test, the freedom to travel to other countries, attend large-scale events, take a new job, and more.

So there’s a strong and growing demand for vaccinations and test results because of the greater freedoms they will give to people. And of course, there will always be people who don’t want to wait for their official vaccination, or for an official negative test result – and shady people willing to service that demand.

Back in January, CPR had reported how there were hundreds of advertisements on the darknet were advertising COVID-19 vaccines for sale from $500 – and now the number of adverts has more than tripled to over 1,200. Further, vendors are also offering a range of fake vaccination certificates and negative test results to people who need proof of either.

A range of counterfeit coronavirus vaccines are offered, often touted from just $500 per dose. In recent weeks CPR’s researchers have spotted an increasing amount of advertisements for vaccines within Darknet markets: currently numbering over 1,200, with sellers based in the U.S. and European countries including Spain, Germany, France, and Russia. This represents over a 300% increase since January 2021. The vaccines advertised include Oxford – AstraZeneca (at $500), Johnson & Johnson ($600), the Russian Sputnik vaccine ($600), and the Chinese SINOPHARM vaccine.

As a means to prepare society for restarting tourism, flight routine, and border crossing, the European Commission, the EU’s executive arm, has proposed a vaccination certificate to be used as the ultimate ‘door opener’ across countries and societies. The commission suggested that EU citizens should be allowed to use a “digital green certificate” to prove that they have been vaccinated against the virus; that they have received a negative Covid-19 test, or they have recovered after contracting the coronavirus.

In other words, the vaccination certificate, for the foreseen future, will become the passport, bilaterally agreed between countries, which will give holders an entrance ticket to, and enable them to participate in many activities (e.g. live shows, cultural activities, and entrance to public areas).

“It seems that various threat actors and hackers have quickly realized the potential market for fake documents, and have been quick to grab the monetization opportunity,” the CPR report said. “In an ad, vaccination certificates are offered for the price of 10,000 RUB (approx. $135). On a different ad on the Darknet marketplace, a seller, supposedly from the U.K., offers a vaccination card for $150, accepting cryptocurrencies as the payment method.”

CPR claims its researchers reached out to one of these Darknet sellers to understand the process and get as many details as possible regarding delivery, price, and authenticity. To our question regarding a signature of a physician on the certificate and indicators of its authenticity, the seller reassured us they have done this many times previously, for many people, and had no issues with it.

“All we needed to do was provide the exact names and dates we wanted on the certificate (of the vaccinations supposedly made), and pay $200. “You don’t have to worry…It’s our job….We have done this to many people and it’s all good,” the vendor told us,” the report said.

In addition to the Darknet and hacking forums, CPR said it also spotted different websites that offer the ability to quickly create authentic-looking negative COVID test documents, created promptly according to data input by users, in a very friendly user interface, for just $25. “Results are produced within 30 minutes and are sent discreetly to users’ email inbox,” CPR said.

“Though the website clearly states that the documents are not genuine test results, and goes on to highlight that the user must understand and agree that they will not use this website, any information contained within this website, or any fake negative COVID Test generated by this website to commit a crime, hurt, damage, injure, or otherwise maliciously mislead or deceive any other person or organization …. despite this, the results are very authentic and professionally made, and can potentially be used to fake negative test results,” the report from CPR said.

As our societies struggle to return to pre-COVID norms, a negative COVID test result or a vaccination certificate is becoming the golden key that will unlock restrictions and enable people to move and mingle with greater freedom. And of course, this creates an opportunity for criminals and scammers to exploit those people who are willing to risk using fake documents to achieve that freedom.

As COVID-19 is likely to play a major role in dictating what we as individuals can and cannot do in our daily lives for the foreseeable future, countries’ Governments should be aware of this fast-growing illegal and dangerous trend for fake vaccination certificates and “official” medical records being sold and produced to whoever wishes to pay for them. Check Point Researchers will continue to closely monitor troubling trends on the darker sides of the Internet.

Show More

Chris Fernando

Chris N. Fernando is an experienced media professional with over two decades of journalistic experience. He is the Editor of Arabian Reseller magazine, the authoritative guide to the regional IT industry. Follow him on Twitter (@chris508) and Instagram (@chris2508).

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button