24 June 2022

THE STATE OF ISRAEL SHOULDHAVE ENSURED ONLINE PLATFORM SECURITY BEFORE LAUNDING IT

NOTE: For now, Israel's state services and citizens that use them appear enslaved to this rogue operation and unable to find an easy way to stop it. The state should have ensured the security of the online platform before launching it.
According to Akamai, that has been following the situation, the fertile ground for the bot was created by a backlog of over 700,000 passport applications on the Ministry of the Interior, resulting from the lifting of travel restrictions to allow a post-pandemic travel boom. . .

Scalper bots out of control in Israel, selling state appointments

 June 23, 2022 04:47 PM

Out-of-control scalper bots have created havoc in Israel by registering public service appointments for various government services and then offering to sell them to disgruntled citizens.

The bot's operators attempted to sell appointments for a range of government agencies for over $100, including passport renewal, the Israeli Ministry of Interior, the Ministry of Transport, National Insurance, Israel Post, and the Israeli state Electricity Company. . .

As the bot was made publicly available for everyone to benefit, malicious actors grabbed it and modified its functions to scalp all the available appointments.

The unethical individuals who operated the rogue bot set up a Telegram group and offered "instant appointments," even giving special discounts for those who bought two.

Telegram channel set up by bot's operators
Bot's Telegram
(Akamai)

Discussion with bot's support agent(Akamai)

The sellers of the appointments present themselves as well-meaning developers who want to help people, but in reality, they are making it even harder for people to get appointments that are meant to be free.

Hard to stop

Putting the genie back in the bottle isn't straightforward now, as the state would have to scrap the current online platform, cancel many legitimate appointments, and generally create a highly problematic situation.

MyVisit attempted to stop the scalpers by adding CAPTCHA on the booking page, but the bot developers bypassed this step in a couple of days by adding CAPTCHA solving functionality.

"To beat today's modern bots, much more advanced measures are utilized by bot management products," comments Akamai.

"Device fingerprinting and behavioral analysis are combined with machine learning models, fed with billions of daily requests to detect trends and anomalies."

 

 

. . .If you live in the country, note that purchasing appointments via this illegal channel gives the operators an incentive to continue and even expand to more critical areas like hospital appointments, for example.

 

 

Related Articles:

Windows zero-day exploited in US local govt phishing attacks

Fake Binance NFT Mystery Box bots steal victim's crypto wallets

Costa Rica declares national emergency after Conti ransomware attacks

White House: Prepare for cryptography-cracking quantum computers

Microsoft's Azure SDK site tricked into listing fake package

No comments:

QOD: You can dig it