The green pass control system bypassed by an old low-tech weapon of cyber scammers: social engineering. Thanks to scam calls to pharmacists, in short, about fifteen people throughout Italy managed to generate green pass certificates to no vax, for a fee. Certificates that were valid on verification before the authorities noticed the deception and invalidated them from the central green pass platform.
The investigation started by the Postal Police of Naples with 40 searches throughout Italy and 67 kidnappings. Fifteen suspects for the hypothesis of belonging to the criminal association aimed at falsifying health documents. Investigated 67 of their alleged customers, who bought the fake passes created in this way and for sale on the web or on Telegram channels. The cases in the provinces of Naples, Avellino, Benevento, Caserta, Salerno, Bolzano, Como, Grosseto, Messina, Milan, Monza-Brianza, Reggio Calabria, Rome and Trento.
The health systems of Campania, Lazio, Puglia, Lombardy, Calabria and Veneto are affected. One hundred and twenty,
How the scam happened
The scammers were able to convince pharmacists – who are among the entities authorized to create green passes for those entitled to – to give them the credentials to generate them. Classic phishing, in short, digital scams, with social engineering: techniques of “social engineering” where the criminal pretends to be someone else and lies to obtain confidential information. It happens very often via email or any chat; it also happened on the phone of the unfortunate pharmacists, who were reached by alleged health or regional managers who, for various bogus reasons, asked for the access password. Or whoever telephoned pretended to be an assistance technician to convince the pharmacist to install a program with which to steal credentials or access the green pass generation platform via the user’s PC.
The techniques
Sometimes VoIP systems (telephone calls via internet) were used with caller ID spoofing: in short, the criminals, with simple software methods, made the pharmacist appear a calling number compatible with who they said they were (a number of the Region for example). Another technique used is the sending of scam emails with a fake sender from the health system to convince the pharmacist to click on a link, towards a site that simulated the normal platform. The pharmacist entered his credentials here, which criminals could then steal. A bit like stealing eBanking or Amazon credentials.
In detail, “to my knowledge, the criminals used the credentials of pharmacists to attribute fake vaccinations to people who paid for the bogus green pass,” says Pierluigi Paganini, founder of Cybhorus. “Possible to discover the scam if the authorities realize that certain pharmacies have done more vaccinations than the ampoules available,” he adds. Once a green pass has been generated locally (even doctors, vaccination centers can do it), the central platform digitally “signs” it to validate it. This will make it legitimate to check. “Perhaps this is how they generated the bogus green pass in Hitler’s name, discovered long ago,” explains Dario Fadda, a cyber expert who has been following the story since its inception, having also discovered several apparently valid green pass packages available on Internet. «Phishing, then. But in the cyber forums the suspicion arises that perhaps some pharmacist or his collaborator has been paid by the criminals; in fact, in the sales channels of bogus passes, some criminals have claimed this type of relationship with those who generated them, even if perhaps they did it only to better attract customers ”, he adds. In addition to the credentials, it is necessary to have the web address where to generate the pass. “To get the address of the platform used to create the green pass, perhaps the criminals exploited the ‘anti-web’ vulnerability of an old server of the Ministry of Health“, speculates Fadda.
That’s not all.
The connection between this criminal network and the approximately one thousand valid green passes found online, on the web and on eMule in recent weeks is not clear. “Perhaps they were collected from various sources: photos of passes published on social networks, abusive access to systems and phishing against those who can generate them”. The Privacy Guarantor and the Guardia di Finanza are still investigating this point. It must be said that the passes found online are immediately invalidated on the national platform and therefore no longer usable to circumvent the controls, but a solution to the scams that allow you to make green passes for a fee has not yet been found.