Frame-14

Privacy Ninja

Scalper Bots Out of Control in Israel, Selling State Appointments

Scalper Bots Out of Control in Israel, Selling State Appointments

Robot typing on a laptop

Out-of-control scalper bots have created havoc in Israel by registering public service appointments for various government services and then offering to sell them to disgruntled citizens.

The bot’s operators attempted to sell appointments for a range of government agencies for over $100, including passport renewal, the Israeli Ministry of Interior, the Ministry of Transport, National Insurance, Israel Post, and the Israeli state Electricity Company.

A passport problem

According to Akamai, that has been following the situation, the fertile ground for the bot was created by a backlog of over 700,000 passport applications on the Ministry of the Interior, resulting from the lifting of travel restrictions to allow a post-pandemic travel boom.

Also Read: The impact of GDPR and PDPA in Singapore

To help with the situation, software developers created an appointment scheduling bot named ‘GamkenBot’ that checks available appointments on the state’s site (MyVisit) and books them automatically.

As the bot was made publicly available for everyone to benefit, malicious actors grabbed it and modified its functions to scalp all the available appointments.

The unethical individuals who operated the rogue bot set up a Telegram group and offered “instant appointments,” even giving special discounts for those who bought two.

Telegram channel set up by bot's operators
Bot’s Telegram
(Akamai)
Discussion with bot's support agent
Discussion with bot’s support agent (Akamai)

The sellers of the appointments present themselves as well-meaning developers who want to help people, but in reality, they are making it even harder for people to get appointments that are meant to be free.

Hard to stop

Putting the genie back in the bottle isn’t straightforward now, as the state would have to scrap the current online platform, cancel many legitimate appointments, and generally create a highly problematic situation.

MyVisit attempted to stop the scalpers by adding CAPTCHA on the booking page, but the bot developers bypassed this step in a couple of days by adding CAPTCHA solving functionality.

“To beat today’s modern bots, much more advanced measures are utilized by bot management products,” comments Akamai.

“Device fingerprinting and behavioral analysis are combined with machine learning models, fed with billions of daily requests to detect trends and anomalies.”

Also Read: Free 8 Steps Checklist for Companies to Prevent Data Breach

Scalper bot evolution
Scalper bot evolution and applicable protections (Akamai)

For now, Israel’s state services and citizens that use them appear enslaved to this rogue operation and unable to find an easy way to stop it. The state should have ensured the security of the online platform before launching it.

If you live in the country, note that purchasing appointments via this illegal channel gives the operators an incentive to continue and even expand to more critical areas like hospital appointments, for example.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us