Scalper Bots Out of Control in Israel, Selling State Appointments

Out-of-control scalper bots have created havoc in Israel by registering public service appointments for various government services and then offering to sell them to disgruntled citizens.

The bot’s operators attempted to sell appointments for a range of government agencies for over $100, including passport renewal, the Israeli Ministry of Interior, the Ministry of Transport, National Insurance, Israel Post, and the Israeli state Electricity Company.

A passport problem

According to Akamai, that has been following the situation, the fertile ground for the bot was created by a backlog of over 700,000 passport applications on the Ministry of the Interior, resulting from the lifting of travel restrictions to allow a post-pandemic travel boom.

Also Read: The impact of GDPR and PDPA in Singapore

To help with the situation, software developers created an appointment scheduling bot named ‘GamkenBot’ that checks available appointments on the state’s site (MyVisit) and books them automatically.

As the bot was made publicly available for everyone to benefit, malicious actors grabbed it and modified its functions to scalp all the available appointments.

The unethical individuals who operated the rogue bot set up a Telegram group and offered “instant appointments,” even giving special discounts for those who bought two.

Bot’s Telegram (Akamai)

Discussion with bot’s support agent (Akamai)

The sellers of the appointments present themselves as well-meaning developers who want to help people, but in reality, they are making it even harder for people to get appointments that are meant to be free.

Hard to stop

Putting the genie back in the bottle isn’t straightforward now, as the state would have to scrap the current online platform, cancel many legitimate appointments, and generally create a highly problematic situation.

MyVisit attempted to stop the scalpers by adding CAPTCHA on the booking page, but the bot developers bypassed this step in a couple of days by adding CAPTCHA solving functionality.

“To beat today’s modern bots, much more advanced measures are utilized by bot management products,” comments Akamai.

“Device fingerprinting and behavioral analysis are combined with machine learning models, fed with billions of daily requests to detect trends and anomalies.”

Also Read: Free 8 Steps Checklist for Companies to Prevent Data Breach

For now, Israel’s state services and citizens that use them appear enslaved to this rogue operation and unable to find an easy way to stop it. The state should have ensured the security of the online platform before launching it.

If you live in the country, note that purchasing appointments via this illegal channel gives the operators an incentive to continue and even expand to more critical areas like hospital appointments, for example.