Covid-19 vaccines, vaccine passports and faked negative test papers are being sold on the darknet.
Prices range between $500 (£360) and $750 for doses of AstraZeneca, Sputnik, Sinopharm or Johnson & Johnson jabs.
Fake vaccination certificates are also being sold by anonymous traders for as little as $150.
Researchers say they have seen a “sharp increase” in vaccine-related darknet adverts, while the BBC has been unable to verify if the vaccines are real.
The darknet, also known as the dark web, is a portion of the internet that is only accessible through specific browser tools.
Researchers at cyber-security company Check Point have monitored hacking forums and other marketplaces since January, when vaccine adverts first appeared.
They say the number of adverts they have seen has more than tripled to more then 1,200.
Sellers of vaccines appear to be from the US, Spain, Germany, France and Russia.
The team found multiple adverts in Russian cyrillic text as well as in English.
The vaccines advertised include the Oxford-AstraZeneca at $500, and Johnson & Johnson and Sputnik each at $600, and Sinopharm at $750.
One seller is offering next-day delivery, saying: “For overnight delivery/emergency leave us a message.”‘
‘Buy two get one free’
Another advert on a hacking forum is offering fake negative tests and reads: “We do negative Covid tests, for travellers abroad, for getting a job etc. Buy two negative tests and get the third for free!”
Some holiday operators require vaccination certificates for passengers.
A vaccine passport system is also being considered in the UK and could be used to allow visitors entry to venues such as bars, or sports stadiums.
It’s no surprise then that faked documents are being offered on the darknet for sale.
Check Point investigators found many sellers offering forged documents, including one supposedly from the UK, with a vaccination card for $150 using the hard-to-trace cryptocurrency Bitcoin as the payment method.
When they got in touch with the seller, the team were told that they just needed to provide their names and some dates for when the fake jabs occurred. The seller messaged: “You don’t have to worry…it’s our job….we have done this to many people and it’s all good.”
Oded Vanunu, head of product vulnerabilities research at Check Point said: “It’s imperative for people to understand that attempting to obtain a vaccine, a vaccination card or negative Covid-19 test result by unofficial means is extremely risky, as hackers are more interested in your money, information and identity for exploitation.”
Mr Vanunu also told the BBC that his team purchased a dose of the Sinopharm vaccine from a vendor for $750 as part of their research, but are yet to receive it.
His team has told the BBC that they believe this seller was a scammer, but say others may or may not be selling real vaccines.
Check Point is urging countries to adopt a QR code system across all vaccine documentation to make forgeries more difficult.
(Reuters) – The kingpin or kingpins of the world’s biggest illicit credit card marketplace have retired after making an estimated fortune of over $1 billion in cryptocurrency, according to research by blockchain analysis firm Elliptic shared with Reuters.
The “Joker’s Stash” marketplace, where stolen credit cards and identity data traded hands for bitcoin and other digital coins, ceased operations this month, Elliptic said on Friday, in what it called a rare example of such a site bowing out on its own terms.
Criminal use of cryptocurrencies has long worried regulators, with U.S. Treasury Secretary Janet Yellen and European Central Bank President Christine Lagarde calling last month for tighter oversight.
While terrorist financing and money laundering are top of law-enforcement concerns, narcotics, fraud, scams and ransomware are among the chief areas of illegal use of digital currencies, according to Elliptic co-founder Tom Robinson.
Joker’s Stash was launched in 2014, with its anonymous founder “JokerStash” – which could be one or more people – posting messages in both Russian and English, Elliptic said. It was available on the regular web and via the darknet, which hosts marketplaces selling contraband.
The darknet, or darkweb, is a part of the internet that isn’t visible to regular search engines, and requires a form of browser that hides a user’s identity to access.
Elliptic, whose clients include law-enforcement agencies and financial firms, estimates that JokerStash raked in more than $1 billion in profits in cryptocurrencies over the years, at current prices. Bitcoin has soared from just over $300 in 2014 to hit a record $49,000 on Friday, pulling up other coins in its wake.
The blockchain firm reached the over $1 billion figure by analysing the marketplace’s revenue and the fees it charged, and said it was at the lower end of its estimates.
In December, Interpol and the FBI seized the domain names used by the site, but it continued operating via the darknet, Elliptic said here. Cyber-security firm Digital Shadows also said in December that the darknet site remained live after the seizure.
Interpol did not respond to a request for comment. The FBI could not be reached outside regular business hours.
Trading illegal credit cards is “a billion-dollar business,” said Robinson. “It’s also providing a means of cashing out other types of cyber-criminality.”
On Jan. 15. Joker’s Stash posted a message announcing it would close permanently on Feb. 15. In fact it went offline on Feb. 3, Elliptic said.
“Joker goes on a well-deserved retirement,” said the message, which Reuters saw a screenshot of. “It’s time for us to leave forever.”
Accompanying it was a picture of the 1862 painting “Stańczyk” by Polish artist Jan Matejko, which depicts a court jester sitting forlornly in a bedroom as a party goes on in the background.