The Sunday Herald Sun can reveal the Australian Federal Police are investigating black market vaccine passports being sold on the dark web, with criminals offering “packages” to hack and update medical records.The sellers, who also operate on encrypted phone apps including Telegram, advertise “a fake digital applet wallet passport for $500” and the option to have personal Medicare details updated on medical records for $1000 for one person, $1800 for two people and $4000 for five people”.The Sunday Herald Sun also saw examples of the fake document, which resemble legitimate vaccine passports. One seller wrote on Telegram: “We accept only crypto for the privacy of ourselves and yours.“If you’re interested please let us know as we’re busy with orders and turn around time is around 3-6 hours.” Professor Matthew Warren, director of the RMIT University Centre for Cyber Security Research and Innovation, said he was aware of cyber criminals advertising fake vaccine passports online. “There are serious risks involved including being scammed and also becoming involved in illegal criminal activity including fraud,” Prof Warren said. “I imagine the government will very quickly make it illegal for people to have or create falsified vaccine passports.” University of Melbourne epidemiologist and public health medicine specialist Professor Tony Blakely said people who broke the rules with false vaccine passports would be fuelling transmission. “It’s going to keep us in lockdown longer because if people who are unvaccinated go out there and masquerade as vaccinated, they will just tip the balance on transmission,” he said. An Australian Federal Police spokeswoman said police were monitoring the potential for fraudulent Covid-19 passports being sold on the dark web and on encrypted phone apps, as well the potential for access to medical records to declare the person is vaccinated. “The AFP is working closely with Commonwealth and state and territory authorities to share relevant information and intelligence to support and maintain the integrity of the Covid-19 vaccine rollout in Australia,” she said. The spokeswoman said forgery of commonwealth documents could carry a 10-year penalty. “The new powers under the Surveillance Legislation Amendment (Identify and Disrupt) Act 2021 … would enable the AFP to more effectively identify and disrupt serious criminals who use the dark web and anonymising technology to facilitate and disguise their criminal activities, including the forgery of Covid-19 documents, and will assist us in keeping the community safe,” she said. Services Australia General Manager Hank Jongen said: “Services Australia takes the integrity of the Medicare system and the Australian Immunisation Register extremely seriously.” “We are continually evolving proof of vaccination certificates, including strengthening security measures,” he said. “We have contemporary cybersecurity in place to protect people’s personal information. This includes robust monitoring and fraud detection mechanisms that protect people’s Medicare details, including Covid-19 digital certificates. “We are working with The Australian Cyber Security Centre who are providing cyber security guidance to government entities to support vaccine certificate initiatives.” Mr Jongen said the current version of the Covid-19 digital certificate had several anti-fraud measures.“Any fraudulent creation of a Covid-19 digital certificate does not mean Medicare systems or personal data have been compromised.”
Powered by WPeMatico