In Munich, the police arrested a gang of fraudsters who allegedly forged hundreds of digital corona vaccination cards and sold them on the Internet.
A vaccination card without a vaccination? A gang of fraudsters makes it possible. The unlikely scenario is now unfolding all over Germany.
- Germany: Fake vaccine passports widely circulated
- There needs to be harsher punishment for fake vaccine passports!
- Fraudsters put the health of others at risk
- Anyone who brings counterfeits into circulation is liable to prosecution
- Counterfeit vaccination records gain in value
- You can now get a fake vaccine passport on Instagram!
- Security Flaw: Vulnerabilities in the vaccination booking system
- Security Flaw: Computer systems in vaccination centers and medical practices are weak points
- Security Flaw: Signature exchange without countercheck
Germany: Fake vaccine passports widely circulated
The investigators have now succeeded in striking the counterfeiters. You speak of a procedure of “above average importance”: In Munich police officers arrested a gang of fraudsters who are said to have produced hundreds of fake QR codes for the digital Corona vaccination card and sold them on the Internet.
They found money and cryptocurrencies worth almost 100,000 euros in the action on Friday, and there were two arrests: an important blow against counterfeiters. But that should hardly solve the problem. Because Bavaria’s police are registering more and more vaccination cards with fake Corona certificates.
“We assume that more and more forged vaccination cards are in circulation.”
There needs to be harsher punishment for fake vaccine passports!
Bavarian Police: 500 fake vaccine passports in October
Regardless of the blow against the gang of counterfeiters on Friday, the Bavarian police registered 440 cases related to the forgery of vaccination passports, vaccination certificates or vaccine labels. At the beginning of September there were only 110 cases.
In the Munich case, a pharmacy and private apartments had been searched. Since mid-August, the fraudsters are said to have offered fake codes on a German-language cybercrime forum on the Internet, as reported by the responsible investigators at the Bavarian Central Office for Combating Fraud and Corruption in the Health Care System (ZKG).
In the end, you had to spend 350 euros to get a digital vaccination card – without having been vaccinated against the coronavirus. In October alone, the counterfeiters are said to have issued more than 500 vaccination certificates.
Berlin Police: 169 investigations of forged and fake vaccination passports underway
With the increasingly strict corona rules, vaccination certificates are becoming more and more important – and also in demand among those who have not been vaccinated. At the beginning of November, the Berlin State Criminal Police Office (LKA) processed 169 reports of forged vaccination passports, as the police told the German Press Agency.
According to police information, there were still 130 investigations at the end of October.
Fraudsters put the health of others at risk
▶ It is up to everyone whether they want to be vaccinated against Corona. But if you decide against a vaccination, you have to stand by it. To pretend to be vaccinated in order to go to the restaurant or the cinema without tests, for example , is not just a huge cheek.
▶ These people put the lives of others at risk because of the incalculable risk of infection. High penalties are rightly threatened.
Anyone who brings counterfeits into circulation is liable to prosecution
▶ Hundreds of people are likely to have obtained false digital vaccination cards from the fraudsters arrested in Munich on Friday. According to the ZKG, which is located at the Nuremberg Public Prosecutor’s Office, it is not possible to determine their names.
It is unclear whether their forged vaccination cards can be deleted or made invalid.
▶ Falsified vaccination cards can constitute criminal offenses such as forgery of documents. Anyone who puts them on the market or uses them is liable to prosecution, as a result of which even imprisonment is possible.
Counterfeit vaccination records gain in value
▶ Fake vaccination cards are a nationwide problem. Since unvaccinated people have had a much harder time in everyday life, for example when visiting restaurants or theaters, the Corona certificates have gained in value, as they usually make the tests that are otherwise chargeable for many people superfluous.
The State Premier’s Conference called on the federal government on Friday to examine at short notice how the forgery of vaccination, recovery and test certificates can be punished consistently and appropriately.
You can now get a fake vaccine passport on Instagram!
Trade in counterfeits on the Internet has reached a new quality: Fake vaccination certificates are no longer only traded in closed channels such as those on the messenger service Telegram, but also openly on platforms such as Instagram.
In the past few days, several dozen accounts could be found there on which vaccination records were more or less openly offered.
These accounts are offering forged vaccination certificates, which according to the information can be delivered within a few days – at a unit price of EUR 200 per vaccination certificate, payable either with Bitcoin or by transfer with the payment service Western Union.
Security Flaw: Vulnerabilities in the vaccination booking system
▶ There is no standardized test process for the transfer of the data from the submitted paper proof of vaccination to the recording systems. Whether and how the data from the paper vaccination certificate is checked is decided by the on-site employees who have not even been specially trained for the data transfer.
An obligation to compare the data with the vaccination booking system, for example, has not yet been provided. But that is not the only security hole that is likely to bring organized crime good business with forged vaccination cards.
Security Flaw: Computer systems in vaccination centers and medical practices are weak points
Another weak point in this system are the computer systems in vaccination centers, doctors’ offices, hospitals and pharmacies. Because online criminals with the relevant malware can remotely issue false vaccination cards with relatively little effort.
▶ The digital vaccination card essentially consists of a barcode or QR code. All vaccination data and a digital signature are stored in it. Those who want to identify themselves as ” vaccinated ” simply show the QR code on their smartphone, as a paper printout or as a plastic card.
Security Flaw: Signature exchange without countercheck
The inspection staff, for example border officials or airport employees, scan this code using a verification app on their smartphone or tablet. All trustworthy digital keys with which vaccination certificates can be signed are stored in this app. It is then only checked whether the signature was signed with a key from this list.
That is why every EU member state has to pass on all digital keys issued to vaccination centers and medical practices to all member states via an EU interface.
“In order for the system to work, these digital keys must not be stolen, the IT systems and servers of the hospitals and vaccination centers must not be hacked, and no one who gives vaccinations must be bribed – in every country that participates in the program.”