揭秘偽造“新冠護(hù)照”的黑市:暗流洶涌,“潛力”巨大
KATHERINE DUNN
2021-08-09
我個(gè)人購(gòu)買(mǎi)的“偽造疫苗接種套餐”的廣告上有一個(gè)gif動(dòng)圖。
這張gif圖以花卉圖案為背景,,快速縮放四張印有英國(guó)國(guó)家醫(yī)療服務(wù)體系標(biāo)志的疫苗接種書(shū),,并配有一張看起來(lái)很正式的空白文檔。為了顯得真實(shí)可信,,我的名字和申請(qǐng)日期都附在上面,。這些偽造的疫苗證明顯示此人已經(jīng)接種兩劑阿斯利康(幽靈)疫苗。實(shí)際上,,我已經(jīng)接種了兩劑輝瑞疫苗
賣(mài)家承諾,偽造疫苗接種證明的套餐還包括數(shù)字版本:一個(gè)二維碼,。我可以通過(guò)英國(guó)國(guó)家醫(yī)療服務(wù)體系(NHS)的跟蹤和追蹤的應(yīng)用程序查到新冠疫苗護(hù)照,。賣(mài)家說(shuō),只要我用比特幣支付200歐元(約合236美元)后,,疫苗護(hù)照將會(huì)在30分鐘內(nèi)發(fā)送給我,,快遞到我家。賣(mài)家還能幫我買(mǎi)一本法國(guó)的新冠護(hù)照或者德國(guó)的新冠護(hù)照,?這都沒(méi)問(wèn)題——每本200歐元,。
這并不是暗網(wǎng)最深的地方。這是一款即時(shí)通訊應(yīng)用Telegram,,該應(yīng)用的賣(mài)家背后有一個(gè)11.1萬(wàn)名成員的團(tuán)隊(duì),,應(yīng)用平臺(tái)上充斥著各種語(yǔ)言的新冠疫苗官方證書(shū)的照片以及反疫苗陰謀論。
這只是一個(gè)信息爆發(fā)并且顯而易見(jiàn)的新冠疫苗證書(shū)和護(hù)照黑市的入口,,富裕國(guó)家的人不想接種疫苗以及仍然無(wú)法接種疫苗的人都助長(zhǎng)了這個(gè)黑市的擴(kuò)張,。隨著高度接種疫苗的國(guó)家越來(lái)越多地強(qiáng)制要求人們接種疫苗。不僅是為了出國(guó)旅行,,而且是為了獲得從餐館到體育賽事的一切工作機(jī)會(huì),,這個(gè)黑市只會(huì)不斷壯大。
Check Point軟件技術(shù)有限公司的安全專家拉亞?米茲拉奇(Liad Mizrachi)表示:“這方面的市場(chǎng)潛力非常大,?!彼?月份以來(lái)一直在跟蹤偽造證件和假疫苗護(hù)照數(shù)量激增的事件?!巴瑫r(shí),,由于黑市引發(fā)的毀滅性后果令人十分沮喪,。”
亂象叢生的新冠疫苗護(hù)照黑市
米茲拉奇說(shuō),,假新冠疫苗護(hù)照的激增遵循了一個(gè)可靠的趨勢(shì):當(dāng)一個(gè)國(guó)家,,比如法國(guó),宣布基于疫苗接種的一系列限制措施時(shí),,偽造新冠疫苗護(hù)照的苗頭就開(kāi)始展露了,。
偽造的新冠疫苗護(hù)照仿佛唾手可得。米茲拉奇表示,,盡管黑客的報(bào)價(jià)最初出現(xiàn)在暗網(wǎng)上,,但搜索客戶的過(guò)程很快將交易轉(zhuǎn)移到了Telegram,甚至是用于加密消息的流行應(yīng)用程序WhatsApp,。Check Point的研究人員瀏覽了包括臉書(shū)在內(nèi)的反疫苗小組,,這導(dǎo)致Telegram小組的邀請(qǐng)明顯基于出售假護(hù)照和證書(shū)。
他說(shuō):“這兩隊(duì)團(tuán)伙之間肯定有協(xié)同合作,,或者至少有一方在利用另一方,。”
米茲拉奇表示,,信息平臺(tái)的最近活動(dòng)表明,,賣(mài)家有意將目標(biāo)鎖定在不熟悉暗網(wǎng)操作的買(mǎi)家身上,這些人也不太善于識(shí)別徹頭徹尾的騙局,。他補(bǔ)充說(shuō),,從那以后,Telegram集團(tuán)的規(guī)模呈現(xiàn)爆炸式增長(zhǎng),。有些團(tuán)體只有幾十名成員,,而該公司追蹤的一個(gè)團(tuán)體有50萬(wàn)名成員。
記者采訪Telegram的一名發(fā)言人時(shí),,他提到了意大利政府公布的出售假證書(shū)的組織,,并表示Telegram已經(jīng)關(guān)閉了這些賬戶,當(dāng)局也沒(méi)有進(jìn)一步聯(lián)系,。該發(fā)言人沒(méi)有對(duì)現(xiàn)有的虛假英國(guó)國(guó)家醫(yī)療服務(wù)體系(NHS)賬戶和歐洲賬戶發(fā)表進(jìn)一步看法,。臉書(shū)頒布政策禁止在該平臺(tái)發(fā)布合法和偽造的醫(yī)療文件,包括疫苗接種證明,。
但米茲拉奇指出,,大多數(shù)國(guó)家早期新冠疫苗證書(shū)的保真度較低,加上缺乏國(guó)際合作,,為偽造證明創(chuàng)造了一個(gè)完全開(kāi)放的市場(chǎng),。許多疫苗接種證書(shū)仍然是紙質(zhì)的,很容易偽造,。不法分子經(jīng)常利用社交媒體上合法疫苗接種卡的照片,,偽造相關(guān)細(xì)節(jié),。
米茲拉奇說(shuō),在英國(guó),,新冠數(shù)字護(hù)照正在通過(guò)英國(guó)國(guó)家醫(yī)療服務(wù)體系(NHS)的跟蹤和追蹤的應(yīng)用程序推出,,賣(mài)家現(xiàn)在似乎在努力解決如何繞過(guò)系統(tǒng)追蹤的問(wèn)題。但其他國(guó)家也經(jīng)常利用系統(tǒng)中的漏洞,。(在德國(guó),,當(dāng)局政府最近補(bǔ)充了允許通過(guò)藥房進(jìn)行數(shù)字注冊(cè)的相關(guān)條款。)
就通行證問(wèn)題,,一名歐盟官員表示,,歐盟委員會(huì)意識(shí)到偽造的新冠疫苗證書(shū)越來(lái)越多,但表示,,歐盟數(shù)字新冠疫苗接種證書(shū)的數(shù)字加密手段完全安全,,不會(huì)被篡改。該證書(shū)可用于在歐盟國(guó)家內(nèi)部旅行,。
“重要的是區(qū)分歐盟數(shù)字新冠通行證和偽造的歐盟數(shù)字新冠安全證書(shū),”這位官員表示,,并補(bǔ)充說(shuō)歐盟成員國(guó)需要確保自己的證書(shū)是受法律保護(hù)并且安全可靠。
但是,,米茲拉奇指出,,在全球各地,許多時(shí)候邊境服務(wù)沒(méi)有配備掃描,、解讀其他國(guó)家護(hù)照和證書(shū)的設(shè)備,這為欺詐行為留下了更多空間,。
據(jù)他描述,,通常工作人員只是看一眼護(hù)照,說(shuō)“看起來(lái)不錯(cuò),,下一位”,,直接放行?!斑@種局面相當(dāng)混亂,。”米茲拉奇說(shuō),。
但是,,畢竟技術(shù)復(fù)雜性沒(méi)能阻止賣(mài)家“提供數(shù)字解決方案”的宣傳口號(hào),這一點(diǎn)或許揭示了遏制假新冠護(hù)照傳播的最佳方法:讓人們知道他們可能會(huì)被騙,。
劍橋大學(xué)(Cambridge University)研究虛假信息和陰謀論的社會(huì)心理學(xué)家桑德?范德林登指出,,反疫苗者“極其討厭被騙”。從騙子的角度來(lái)看,,新冠護(hù)照越來(lái)越強(qiáng)大,,這并不是一個(gè)障礙,。“他們只會(huì)佯裝向你出售任何東西,?!彼f(shuō)。
第二位賣(mài)家告訴我,,他們提供的紙質(zhì)護(hù)照只能讓我“匆忙地”進(jìn)入餐館和商店,。目前在英國(guó)甚至沒(méi)有這么做的必要。另一位賣(mài)家則聲稱,,他們可以為我建立一個(gè)數(shù)字護(hù)照,,鏈接到我真實(shí)的NHS號(hào)碼、地址和全科醫(yī)生注冊(cè)信息,。
“它被存入NHS數(shù)據(jù)庫(kù),,”這位賣(mài)家表示,“我們?cè)谀怯袃?nèi)部人員,?!?/p>
當(dāng)我表示疑惑時(shí),賣(mài)家表示,,在我以比特幣的形式轉(zhuǎn)賬200英鎊(約合278美元)之后,,他們會(huì)提供證據(jù)。但是,,我無(wú)法核實(shí)賣(mài)家的身份和位置,。
“購(gòu)買(mǎi)和使用假卡,假裝你已經(jīng)接種了新冠病毒疫苗,,實(shí)際上并沒(méi)有——這可能對(duì)你和其他人有害,,并可能導(dǎo)致病毒的進(jìn)一步傳播?!庇?guó)國(guó)家欺詐和網(wǎng)絡(luò)犯罪報(bào)告中心(National Fraud and Cyber Crime Reporting Centre)——防止詐騙行動(dòng)處(Action Fraud)主管寶琳?史密斯在一份評(píng)論中表示,。她補(bǔ)充說(shuō),在英國(guó),,疫苗只能從NHS處獲得,,而且當(dāng)然是免費(fèi)的。
反疫苗者(原詞是一個(gè)新詞,,意思是要么不相信新冠存在,,要么認(rèn)為根本沒(méi)有政府說(shuō)的那么糟糕,指一種不相信政府和媒體的人群)
在新冠疫情的世界里,,假疫苗接種證書(shū)的激增,,只是眾多騙局中的一個(gè)。
網(wǎng)絡(luò)安全專家還指出了疫苗本身在黑市上出售的情況,以及各種欺詐行為:如假裝衛(wèi)生當(dāng)局竊取個(gè)人數(shù)據(jù),、迫切需要檢測(cè),,針對(duì)衛(wèi)生服務(wù)和供應(yīng)商的復(fù)雜的網(wǎng)絡(luò)攻擊等。
“自疫情開(kāi)始以來(lái),,我們的威脅情報(bào)分析師已經(jīng)發(fā)現(xiàn)了數(shù)千起與疫情有關(guān)的網(wǎng)絡(luò)攻擊,。”網(wǎng)絡(luò)安全咨詢公司Anomali的網(wǎng)絡(luò)情報(bào)戰(zhàn)略高級(jí)主管A?J納什表示,,“我們還看到了暗網(wǎng)論壇出售假的新冠疫苗接種卡,、檢測(cè)結(jié)果,甚至還有疫苗,?!?/p>
盡管納什表示,他們公司還未看到專門(mén)針對(duì)NHS軟件的仿冒品,,但他表示,,“考慮到地下論壇廣闊的范圍和網(wǎng)絡(luò)罪犯的復(fù)雜程度,我們有理由認(rèn)為這樣一個(gè)市場(chǎng)可能會(huì)出現(xiàn)”,。
除此之外,,假新冠護(hù)照的爆炸式增長(zhǎng)似乎映射著全球疫苗接種的兩個(gè)截然不同但同時(shí)存在的障礙:不信任,以及缺乏獲取渠道,。
說(shuō)到不信任,,肯定是那些拒絕接種疫苗的人。在美國(guó),,大約一半未接種疫苗的人說(shuō)他們“肯定”不會(huì)接種疫苗,。
還有跡象表明,美國(guó)和英國(guó)的年輕人對(duì)疫苗的猶豫程度略高,,他們是最懂技術(shù)的人,,同時(shí)也是目前最不可能接種疫苗的人。YouGov的一項(xiàng)跟蹤調(diào)查顯示,,與其他國(guó)家相比,英國(guó)總體上在疫苗問(wèn)題上的猶豫相對(duì)較少,。
與此同時(shí),,由于全球疫苗推廣速度緩慢,很多地區(qū)缺乏疫苗獲取渠道,。根據(jù)世界衛(wèi)生組織(World Health Organization)的數(shù)據(jù),,截至今年5月,富裕國(guó)家為每100人注射了約50劑疫苗,,而較貧窮國(guó)家僅注射了0.1劑,。米茲拉奇指出,后者群體正在推動(dòng)全球?qū)π鹿谝呙缂僮C件的需求,,一些人只是為了探望家人,,或者為了工作,。
范德林登說(shuō),假新冠證明市場(chǎng)的大部分人群,,可能來(lái)自后者,,也就是渠道缺乏者。他指出,,經(jīng)過(guò)充分研究,,真正的反疫苗者應(yīng)當(dāng)仍然是少數(shù)。
但是,,對(duì)新冠護(hù)照的如此推銷(xiāo)的推崇或也吸引了一群新的人——這些人不認(rèn)為自己反疫苗,,但仍然不愿意注射疫苗。
“或許我們現(xiàn)在還沒(méi)有一個(gè)確切的數(shù)字,,但這一群體確實(shí)存在,。”范德林登說(shuō),。
無(wú)論如何,,銷(xiāo)售仍在繼續(xù)。就在我寫(xiě)完這篇文章的時(shí)候,,一封來(lái)自Telegram的通知從我手機(jī)里跳出來(lái),。
“事實(shí)是,永遠(yuǎn)不要接種那些瘋狂的,、惡心的疫苗,。”賣(mài)家寫(xiě)道,。
這位賣(mài)家還附上了他們商品的照片:新冠疫苗文件在拼花地板上鋪開(kāi),,上面有偽造的印度尼西亞、荷蘭和巴基斯坦政府的字體和信頭,。(財(cái)富中文網(wǎng))
這篇文章已被修改:關(guān)于桑德?范德林登的職務(wù)關(guān)系部分,。
編譯:於欣、楊二一
我個(gè)人購(gòu)買(mǎi)的“偽造疫苗接種套餐”的廣告上有一個(gè)gif動(dòng)圖,。
這張gif圖以花卉圖案為背景,,快速縮放四張印有英國(guó)國(guó)家醫(yī)療服務(wù)體系標(biāo)志的疫苗接種書(shū),并配有一張看起來(lái)很正式的空白文檔,。為了顯得真實(shí)可信,,我的名字和申請(qǐng)日期都附在上面。這些偽造的疫苗證明顯示此人已經(jīng)接種兩劑阿斯利康(幽靈)疫苗,。實(shí)際上,,我已經(jīng)接種了兩劑輝瑞疫苗
賣(mài)家承諾,偽造疫苗接種證明的套餐還包括數(shù)字版本:一個(gè)二維碼。我可以通過(guò)英國(guó)國(guó)家醫(yī)療服務(wù)體系(NHS)的跟蹤和追蹤的應(yīng)用程序查到新冠疫苗護(hù)照,。賣(mài)家說(shuō),,只要我用比特幣支付200歐元(約合236美元)后,疫苗護(hù)照將會(huì)在30分鐘內(nèi)發(fā)送給我,,快遞到我家,。賣(mài)家還能幫我買(mǎi)一本法國(guó)的新冠護(hù)照或者德國(guó)的新冠護(hù)照?這都沒(méi)問(wèn)題——每本200歐元,。
這并不是暗網(wǎng)最深的地方,。這是一款即時(shí)通訊應(yīng)用Telegram,該應(yīng)用的賣(mài)家背后有一個(gè)11.1萬(wàn)名成員的團(tuán)隊(duì),,應(yīng)用平臺(tái)上充斥著各種語(yǔ)言的新冠疫苗官方證書(shū)的照片以及反疫苗陰謀論,。
這只是一個(gè)信息爆發(fā)并且顯而易見(jiàn)的新冠疫苗證書(shū)和護(hù)照黑市的入口,富裕國(guó)家的人不想接種疫苗以及仍然無(wú)法接種疫苗的人都助長(zhǎng)了這個(gè)黑市的擴(kuò)張,。隨著高度接種疫苗的國(guó)家越來(lái)越多地強(qiáng)制要求人們接種疫苗,。不僅是為了出國(guó)旅行,而且是為了獲得從餐館到體育賽事的一切工作機(jī)會(huì),,這個(gè)黑市只會(huì)不斷壯大,。
Check Point軟件技術(shù)有限公司的安全專家拉亞?米茲拉奇(Liad Mizrachi)表示:“這方面的市場(chǎng)潛力非常大?!彼?月份以來(lái)一直在跟蹤偽造證件和假疫苗護(hù)照數(shù)量激增的事件,。“同時(shí),,由于黑市引發(fā)的毀滅性后果令人十分沮喪,。”
亂象叢生的新冠疫苗護(hù)照黑市
米茲拉奇說(shuō),,假新冠疫苗護(hù)照的激增遵循了一個(gè)可靠的趨勢(shì):當(dāng)一個(gè)國(guó)家,,比如法國(guó),宣布基于疫苗接種的一系列限制措施時(shí),,偽造新冠疫苗護(hù)照的苗頭就開(kāi)始展露了,。
偽造的新冠疫苗護(hù)照仿佛唾手可得。米茲拉奇表示,,盡管黑客的報(bào)價(jià)最初出現(xiàn)在暗網(wǎng)上,,但搜索客戶的過(guò)程很快將交易轉(zhuǎn)移到了Telegram,甚至是用于加密消息的流行應(yīng)用程序WhatsApp,。Check Point的研究人員瀏覽了包括臉書(shū)在內(nèi)的反疫苗小組,這導(dǎo)致Telegram小組的邀請(qǐng)明顯基于出售假護(hù)照和證書(shū),。
他說(shuō):“這兩隊(duì)團(tuán)伙之間肯定有協(xié)同合作,,或者至少有一方在利用另一方。”
米茲拉奇表示,,信息平臺(tái)的最近活動(dòng)表明,,賣(mài)家有意將目標(biāo)鎖定在不熟悉暗網(wǎng)操作的買(mǎi)家身上,這些人也不太善于識(shí)別徹頭徹尾的騙局,。他補(bǔ)充說(shuō),,從那以后,Telegram集團(tuán)的規(guī)模呈現(xiàn)爆炸式增長(zhǎng),。有些團(tuán)體只有幾十名成員,,而該公司追蹤的一個(gè)團(tuán)體有50萬(wàn)名成員。
記者采訪Telegram的一名發(fā)言人時(shí),,他提到了意大利政府公布的出售假證書(shū)的組織,,并表示Telegram已經(jīng)關(guān)閉了這些賬戶,當(dāng)局也沒(méi)有進(jìn)一步聯(lián)系,。該發(fā)言人沒(méi)有對(duì)現(xiàn)有的虛假英國(guó)國(guó)家醫(yī)療服務(wù)體系(NHS)賬戶和歐洲賬戶發(fā)表進(jìn)一步看法,。臉書(shū)頒布政策禁止在該平臺(tái)發(fā)布合法和偽造的醫(yī)療文件,包括疫苗接種證明,。
但米茲拉奇指出,,大多數(shù)國(guó)家早期新冠疫苗證書(shū)的保真度較低,加上缺乏國(guó)際合作,,為偽造證明創(chuàng)造了一個(gè)完全開(kāi)放的市場(chǎng),。許多疫苗接種證書(shū)仍然是紙質(zhì)的,很容易偽造,。不法分子經(jīng)常利用社交媒體上合法疫苗接種卡的照片,,偽造相關(guān)細(xì)節(jié)。
米茲拉奇說(shuō),,在英國(guó),,新冠數(shù)字護(hù)照正在通過(guò)英國(guó)國(guó)家醫(yī)療服務(wù)體系(NHS)的跟蹤和追蹤的應(yīng)用程序推出,賣(mài)家現(xiàn)在似乎在努力解決如何繞過(guò)系統(tǒng)追蹤的問(wèn)題,。但其他國(guó)家也經(jīng)常利用系統(tǒng)中的漏洞,。(在德國(guó),當(dāng)局政府最近補(bǔ)充了允許通過(guò)藥房進(jìn)行數(shù)字注冊(cè)的相關(guān)條款,。)
就通行證問(wèn)題,,一名歐盟官員表示,歐盟委員會(huì)意識(shí)到偽造的新冠疫苗證書(shū)越來(lái)越多,,但表示,,歐盟數(shù)字新冠疫苗接種證書(shū)的數(shù)字加密手段完全安全,不會(huì)被篡改,。該證書(shū)可用于在歐盟國(guó)家內(nèi)部旅行,。
“重要的是區(qū)分歐盟數(shù)字新冠通行證和偽造的歐盟數(shù)字新冠安全證書(shū),”這位官員表示,,并補(bǔ)充說(shuō)歐盟成員國(guó)需要確保自己的證書(shū)是受法律保護(hù)并且安全可靠。
但是,,米茲拉奇指出,,在全球各地,許多時(shí)候邊境服務(wù)沒(méi)有配備掃描,、解讀其他國(guó)家護(hù)照和證書(shū)的設(shè)備,,這為欺詐行為留下了更多空間。
據(jù)他描述,,通常工作人員只是看一眼護(hù)照,,說(shuō)“看起來(lái)不錯(cuò),下一位”,,直接放行,。“這種局面相當(dāng)混亂,?!泵灼澙嬲f(shuō)。
但是,,畢竟技術(shù)復(fù)雜性沒(méi)能阻止賣(mài)家“提供數(shù)字解決方案”的宣傳口號(hào),,這一點(diǎn)或許揭示了遏制假新冠護(hù)照傳播的最佳方法:讓人們知道他們可能會(huì)被騙。
劍橋大學(xué)(Cambridge University)研究虛假信息和陰謀論的社會(huì)心理學(xué)家桑德?范德林登指出,,反疫苗者“極其討厭被騙”,。從騙子的角度來(lái)看,新冠護(hù)照越來(lái)越強(qiáng)大,,這并不是一個(gè)障礙,。“他們只會(huì)佯裝向你出售任何東西,?!彼f(shuō)。
第二位賣(mài)家告訴我,,他們提供的紙質(zhì)護(hù)照只能讓我“匆忙地”進(jìn)入餐館和商店,。目前在英國(guó)甚至沒(méi)有這么做的必要。另一位賣(mài)家則聲稱,,他們可以為我建立一個(gè)數(shù)字護(hù)照,,鏈接到我真實(shí)的NHS號(hào)碼、地址和全科醫(yī)生注冊(cè)信息,。
“它被存入NHS數(shù)據(jù)庫(kù),,”這位賣(mài)家表示,“我們?cè)谀怯袃?nèi)部人員,?!?/p>
當(dāng)我表示疑惑時(shí),,賣(mài)家表示,在我以比特幣的形式轉(zhuǎn)賬200英鎊(約合278美元)之后,,他們會(huì)提供證據(jù)。但是,,我無(wú)法核實(shí)賣(mài)家的身份和位置,。
“購(gòu)買(mǎi)和使用假卡,假裝你已經(jīng)接種了新冠病毒疫苗,,實(shí)際上并沒(méi)有——這可能對(duì)你和其他人有害,,并可能導(dǎo)致病毒的進(jìn)一步傳播?!庇?guó)國(guó)家欺詐和網(wǎng)絡(luò)犯罪報(bào)告中心(National Fraud and Cyber Crime Reporting Centre)——防止詐騙行動(dòng)處(Action Fraud)主管寶琳?史密斯在一份評(píng)論中表示,。她補(bǔ)充說(shuō),在英國(guó),,疫苗只能從NHS處獲得,,而且當(dāng)然是免費(fèi)的。
反疫苗者(原詞是一個(gè)新詞,,意思是要么不相信新冠存在,,要么認(rèn)為根本沒(méi)有政府說(shuō)的那么糟糕,指一種不相信政府和媒體的人群)
在新冠疫情的世界里,,假疫苗接種證書(shū)的激增,,只是眾多騙局中的一個(gè)。
網(wǎng)絡(luò)安全專家還指出了疫苗本身在黑市上出售的情況,,以及各種欺詐行為:如假裝衛(wèi)生當(dāng)局竊取個(gè)人數(shù)據(jù),、迫切需要檢測(cè),針對(duì)衛(wèi)生服務(wù)和供應(yīng)商的復(fù)雜的網(wǎng)絡(luò)攻擊等,。
“自疫情開(kāi)始以來(lái),,我們的威脅情報(bào)分析師已經(jīng)發(fā)現(xiàn)了數(shù)千起與疫情有關(guān)的網(wǎng)絡(luò)攻擊?!本W(wǎng)絡(luò)安全咨詢公司Anomali的網(wǎng)絡(luò)情報(bào)戰(zhàn)略高級(jí)主管A?J納什表示,,“我們還看到了暗網(wǎng)論壇出售假的新冠疫苗接種卡、檢測(cè)結(jié)果,,甚至還有疫苗,。”
盡管納什表示,,他們公司還未看到專門(mén)針對(duì)NHS軟件的仿冒品,,但他表示,“考慮到地下論壇廣闊的范圍和網(wǎng)絡(luò)罪犯的復(fù)雜程度,,我們有理由認(rèn)為這樣一個(gè)市場(chǎng)可能會(huì)出現(xiàn)”,。
除此之外,,假新冠護(hù)照的爆炸式增長(zhǎng)似乎映射著全球疫苗接種的兩個(gè)截然不同但同時(shí)存在的障礙:不信任,以及缺乏獲取渠道,。
說(shuō)到不信任,,肯定是那些拒絕接種疫苗的人。在美國(guó),,大約一半未接種疫苗的人說(shuō)他們“肯定”不會(huì)接種疫苗,。
還有跡象表明,美國(guó)和英國(guó)的年輕人對(duì)疫苗的猶豫程度略高,,他們是最懂技術(shù)的人,,同時(shí)也是目前最不可能接種疫苗的人。YouGov的一項(xiàng)跟蹤調(diào)查顯示,,與其他國(guó)家相比,,英國(guó)總體上在疫苗問(wèn)題上的猶豫相對(duì)較少。
與此同時(shí),,由于全球疫苗推廣速度緩慢,,很多地區(qū)缺乏疫苗獲取渠道。根據(jù)世界衛(wèi)生組織(World Health Organization)的數(shù)據(jù),,截至今年5月,,富裕國(guó)家為每100人注射了約50劑疫苗,而較貧窮國(guó)家僅注射了0.1劑,。米茲拉奇指出,,后者群體正在推動(dòng)全球?qū)π鹿谝呙缂僮C件的需求,一些人只是為了探望家人,,或者為了工作,。
范德林登說(shuō),假新冠證明市場(chǎng)的大部分人群,,可能來(lái)自后者,,也就是渠道缺乏者。他指出,,經(jīng)過(guò)充分研究,,真正的反疫苗者應(yīng)當(dāng)仍然是少數(shù)。
但是,,對(duì)新冠護(hù)照的如此推銷(xiāo)的推崇或也吸引了一群新的人——這些人不認(rèn)為自己反疫苗,,但仍然不愿意注射疫苗。
“或許我們現(xiàn)在還沒(méi)有一個(gè)確切的數(shù)字,,但這一群體確實(shí)存在,。”范德林登說(shuō),。
無(wú)論如何,,銷(xiāo)售仍在繼續(xù),。就在我寫(xiě)完這篇文章的時(shí)候,一封來(lái)自Telegram的通知從我手機(jī)里跳出來(lái),。
“事實(shí)是,,永遠(yuǎn)不要接種那些瘋狂的、惡心的疫苗,?!辟u(mài)家寫(xiě)道。
這位賣(mài)家還附上了他們商品的照片:新冠疫苗文件在拼花地板上鋪開(kāi),,上面有偽造的印度尼西亞、荷蘭和巴基斯坦政府的字體和信頭,。(財(cái)富中文網(wǎng))
這篇文章已被修改:關(guān)于桑德?范德林登的職務(wù)關(guān)系部分,。
編譯:於欣、楊二一
My personal "fake vaccine pack" came advertised with an animated gif.
Set against a floral-patterned carpet, the gif rapidly zoomed in and out of a neatly arranged spread: four fake paper vaccine cards stamped with the logo of the U.K.'s National Health Service, paired with a piece of official-looking blank paperwork, and—for authenticity's sake—my (real) first name, and the date of the request. In this world, I had received two (phantom) doses of AstraZeneca. In reality, I am fully vaccinated—with two doses of Pfizer.
The other part of the package, the seller promised, was digital: a QR code that would supposedly give me access to a COVID-19 passport on the NHS's Track and Trace app. It would be sent within 30 minutes after I transferred €200, or about $236, in Bitcoin, the seller said. The paperwork would be sent to my home address. Could the seller get me a French COVID-19 passport, or a German one? No problem—€200 each.
This isn't the farthest reaches of the dark web. It's Telegram, a messaging app, where this seller runs a 111,000 member group flooded with photos of official looking COVID-19 certificates in various languages—and anti-vaccine conspiracy theories.
It's just one entryway into an exploding and barely hidden black market for COVID-19 certificates and passports, fueled both by people in wealthy countries who don't want to get vaccinated, and people who still can't get access to vaccines. As highly vaccinated countries are increasingly mandating vaccination passes not just for international travel, but also for access to everything from jobs to restaurants to sports events, the market is only growing.
"There is such huge potential," says Liad Mizrachi, a security expert at Check Point Software Technologies, who has followed the explosion of fake certificates and passports since March. "Sad potential and destructive potential, as well."
“A chaotic situation”
The explosion of fake COVID-19 passports has followed a reliable trend: The moment a country—say, France—announces a battery of restrictions based on vaccination, the offers start appearing, says Mizrachi.
They're also easy to find. Though offers among hackers first appeared on the dark web, the search for customers quickly moved the trade to Telegram and even the popular encrypted messaging service WhatsApp, says Mizrachi. Researchers at Check Point browsed anti-vaccination groups—including on Facebook—which led to invites to Telegram groups explicitly based on selling fake passports and certificates.
“There is definitely synergy between these two groups, or at least one group is using the other one,” he says.
The movement onto messaging platforms suggests the sellers are purposely targeting buyers inexperienced with navigating the dark web, who are also less equipped to recognize outright scams, says Mizrachi. Since then, the Telegram groups have exploded in size, he adds. Some groups have just a few dozen members, while one group the company tracks has half a million.
Contacted for comment, a Telegram spokesperson referred to groups selling the fake certificates that were reported by Italian officials, and said that Telegram had shut down the accounts and received no further contact from the authorities. The spokesperson did not respond to a further request for comment on existing accounts offering fake NHS and European accounts. Facebook policy bans the posting of both legitimate and fake medical documents, including vaccine certificates.
But the low-fi nature of the early COVID-19 certificates in most countries and the lack of international cooperation have created a wide-open market for fraud, Mizrachi points out. Many of the vaccination certificates are still paper only and easy to forge, often using details ripped off strangers' celebratory social media photos of legitimate vaccine cards.
In the U.K., where the digital COVID-19 passport is being rolled out through the NHS's Track and Trace app, sellers now appear to be grappling with how to reliably get around the system, Mizrachi said. But loopholes have frequently been exploited in other countries. (In Germany, the government recently closed one gap that allowed digital registration through pharmacies.)
Contacted about the passes, an EU official said that the commission is aware of the increasing number of fake COVID-19 certificates, but said that the digital encryption on the bloc's Digital COVID Certificate, which can be used for travel within the EU, is entirely secure and can't be tampered with.
"It is important to distinguish between the security of the EU Digital COVID Certificate and the possible falsification of vaccination certificates that are used to generate [the] secure EU Digital COVID Certificate," the official said, adding that member states needed to make sure that their own certificates were properly secured and checked.
But in many cases globally, border services aren't equipped to scan or even understand the passports and certificates from other countries, leaving more options for fraud, noted Mizrachi.
“Usually you just look at it, and ‘It looks fine, okay, carry on,’” he said. “It’s just kind of a chaotic situation.”
After all, potential technical complications haven't stopped sellers from claiming they can offer digital solutions, which might point toward the best way of combating the spread of fake COVID-19 passports in the first place: letting people know that they’re likely to get scammed.
Anti-vaxxers are "really, really averse to getting duped," points out Sander van der Linden, a social psychologist from Cambridge University who studies misinformation and conspiracy theories. From a scammer's perspective, increasingly robust COVID-19 passports aren't a barrier, he points out: "They'll just pretend to sell you anything."
While a second seller told me their paper-card offerings were only workable for cursory entry to restaurants and shops—which, at the moment, is not even necessary in the U.K.—another claimed they could set up a digital passport for me linked to my genuine NHS number, address, and GP registration.
"It gets puts [sic] into the NHS database," the seller said. "We have inside people."
When I expressed doubt, the seller said they would provide proof—after I transferred £200 ($278)—in Bitcoin, of course. (I was not able to verify the identity or the location of the seller.)
“Buying and using fake cards to pretend you have received the coronavirus vaccine, when you haven’t, could be harmful to you and others, and could result in the further spread of the virus," said Pauline Smith, director of Action Fraud, the U.K.'s National Fraud and Cyber Crime Reporting Centre, in a provided comment. She added that in the U.K., the vaccine is available only from the NHS and is, of course, free.
The scamdemic
In the world of COVID-19, the explosion of fake vaccination certificates is just one scam among many.
Cybersecurity experts have also pointed toward black market offers of the vaccines themselves, along with a vast universe of fraudulent schemes: from low-tech scammers pretending to be health authorities to rip off personal data or take advantage of desperation for tests, to sophisticated cyberattacks aimed at health services and providers.
"Since the start of the pandemic, our threat intel analysts have detected thousands of pandemic-related cyberattacks," said AJ Nash, senior director of cyber intelligence strategy at Anomali, a cybersecurity consultancy. "We’ve also seen dark web forums selling fake COVID-19 vaccination cards, test results, and even vaccines."
While Nash said the firm hadn't seen fakes specifically for the NHS app, "given the range of underground online forums and the levels of sophistication cybercriminals have achieved, it’s reasonable to presume that such a market will emerge, if it hasn’t already."
The fake COVID-19 passport explosion seems to cater to two disparate but powerful barriers to global vaccination: distrust, and lack of access.
When it comes to distrust, the market is coming from people who refuse to get vaccinated—in the U.S., about half of those who are unvaccinated say they will "definitely" not get the shot.
There are also indications that vaccine hesitation is slightly higher among younger people in both the U.S. and the U.K., who are both the least likely to be currently vaccinated and the most tech-savvy. (The U.K., in general, actually has relatively little vaccine hesitancy compared to other countries, according to a tracker from YouGov.)
The lack of access, meanwhile, is largely due to the slow pace of the global vaccine roll out. According to the World Health Organization, wealthy countries had administered about 50 doses per 100 people by May, while poorer countries had administered just 0.1 doses per 100 people. That group is fueling global demand for fake certificates in order to travel to see family, or simply to work, points out Mizrachi.
The majority of the market for fake COVID-19 documents are likely to be from this second group, says van der Linden. Genuine anti-vaxxers remain a well-studied minority, he notes.
But the fairly overt marketing for the COVID-19 passports might also be drawing in a new group of people—those who don't consider themselves to be generally anti-vaccine, but still don't want to take the COVID-19 jab.
"I don’t think we have a number for that group now, but they’re their own group," said van der Linden.
Either way, the selling continues. While I was finishing this story, a notification from Telegram popped up on my phone.
"The truth is always don't take that crazy sh*tty vaccine," the seller wrote.
The person attached a photo of their wares: paperwork fanned out across a parquet floor, and bearing the forged fonts and letterheads of the governments of Indonesia, the Netherlands, and Pakistan.
This article has been corrected to reflect Sander van der Linden's affiliation.
財(cái)富中文網(wǎng)所刊載內(nèi)容之知識(shí)產(chǎn)權(quán)為財(cái)富媒體知識(shí)產(chǎn)權(quán)有限公司及/或相關(guān)權(quán)利人專屬所有或持有,。未經(jīng)許可,,禁止進(jìn)行轉(zhuǎn)載、摘編,、復(fù)制及建立鏡像等任何使用,。
