Tag Archive for: Passport

IP address of Mumbai passport hacker traced to Noida | Mumbai News


MUMBAI: The Azad Maidan police, probing a case of hacking where an unidentified person illegally accessed the system of the city police passport verification branch, found that the accused had used an internet protocol (IP) address allotted to a device in Noida.The accused had cleared three passport application files pending for inquiry and forwarded them to the passport office.
The police had booked an unidentified accused for forgery, forgery of valuable security, will, etc, identity theft, punishment for cheating by using computer resources and a protected system under various sections of the IPC and IT Act.
The police inquiry for three passports belonging to women from Antop Hill, Chembur and Tilak Nagar in Mumbai were cleared by the accused. “We called the three applicants and their statements have been recorded. We have not found any common link between them so far,” said a police officer. Investigators are collecting call details records (CDR) and subscriber details records (SDR) of the persons concerned in this case.
Investigators are now waiting for details from the internet service provider (ISP) about the person the IP address was allotted. “We are also probing if the accused used a free virtual private network (VPN). However, the possibility of free VPN is low since its duration is for 15 minutes only and then the IP changes. In this case, a single IP was used for one and a half hours,” said an officer. A VPN hides a user’s identity. An ISP can find who was allotted an IP at that time or if it was a paid VPN used by the accused.A special branch-II officer who works in the passport branch had lodged an FIR in the case.

Source…

Tech recruiters jabbed by fake COVID-19 Passport scam • The Register


An IT recruitment agency says a “phishing scam” is behind a fake email sent to its customers with details on how to apply for a “Coronavirus Digital Passport.”

The email – sent to applicants and clients of Concept Resourcing, based in Dudley, England, on 14 September and seen by The Reg – claimed users could “Get your Digital Coronavirus Passports (HPS) today” and showed recipients a big juicy link where they could do so.

The link was not a genuine NHS website and appears to have been deleted shortly after.

The scam was quickly spotted by the recruitment biz, which sent an email several hours later warning people not to “interact with the email” and to remain “vigilant.”

A follow-up message sent early evening on 15 September confirmed that Concept Resourcing’s “email software was compromised” and that the email had been sent to a number of undisclosed “candidates and clients.”

“This email was NOT genuine and formed part of a phishing scam using our Concept Resourcing email address,” it said.

The company said it believed a “number of candidate and client email addresses relating to historic interactions had been compromised to conduct this attack.”

It told clients it is currently working with its email provider and security team to identify the cause of the breach.

Concept Resourcing told The Register: “From the moment we discovered this issue, we took steps to notify the affected parties about what had happened.

“We have engaged a well-respected cyber security consultancy to investigate the incident, how it happened and whether there are any steps that could be taken to mitigate the risk of this ever happening again.

“Our investigation is ongoing.”

The issue of COVID-related scams is nothing new and it seems few people or organisations are…

Source…

Fake vaccine and test certificates pose threat to ‘Covid passport’ plans


Covid passport schemes could “unravel” unless measures are taken to combat fake vaccine and counterfeit test certificates, experts have warned.

Cybersecurity experts at Check Point Research issued the warning today amid rising concerns over the volume of fake Covid credentials being sold on the dark web.

Between March and May, Check Point research revealed a 500% increase in the number of forged certificate vendors. This increase, researchers suggested, highlights a growing demand to evade inspections and circumvent rules.

New EU legislation coming into effect in July will provide free certificates in the form of a QR code on a smartphone, or as a paper document.

These new certificates will show that a person is either vaccinated, has immunity to the virus, or has recently received a negative PCR test result.

Similarly, UK travellers who have had both vaccine doses will be able to use the NHS App as a vaccine passport and are expected to be covered under the EU scheme as a third country.

Other nations, including France and Germany, are also exploring the launch of their own Covid passport schemes. However, Check Point researchers warned that without a unified global approach to verify certificates, “fragmented rules and ambiguity” will play into the hands of hackers and fraudsters.

“We urge governments to come together and act quickly to combat the increased sales of fake certificates on Telegram and the Darknet. Without a central system, it becomes much easier for hackers and fraudsters to fall through the cracks,” said Oded Vanunu, Head of Products Vulnerability Research at Check Point Software.

According to Check Point, many customers could be people who have tested positive, refused to take a test or are unwilling to have the vaccine.

It could also be down to the exploitation of innocent users looking for information and guidance, some of whom are lured to fraudulent or suspicious domains in the belief that they are legitimate.

Travellers need to be wary of misspelled websites and only install verified apps from official sources, Vanunu explained.

Similarly, travellers should also be wary of QR codes as these can serve as a…

Source…

IBM led consortium wins $3.2 million German Digital Health Passport contract – Ledger Insights


Yesterday German press reported that a consortium led by IBM, including blockchain cybersecurity firm Ubirch won the tender for digital vaccination certificates in Germany. The two firms beat competition from a joint initiative by Deutsche Telekom and SAP. According to the Official EU Journal the award is €2.7 million ($3.2 million), but IBM will subcontract 51% of the project.

The initiative is to create a digital version of yellow vaccine certificates. 

Frankfurter Allgemeine Zeitung reported that other consortium participants include Bechtle and Govdigital, which is a cooperative of 15 IT providers. In January, Ubirch and Govdigital were involved in a regional project in the Bavarian district of Altötting. It’s unclear whether that solution used IBM’s Digital Health Pass. 

A key feature of the regional trial was to issue a physical card, similar to a credit card but displaying a QR code. Given the first vaccines were provided to older people, the card proved popular. The QR code encodes personal information such as the name, ID and the details of the vaccination, and anyone scanning the code sees the information. The data is not saved elsewhere and the vaccine recipient can store the data on a mobile phone. When the QR code is created, a hash or fingerprint of the data is stored on a blockchain.

A similar solution for Corona test certificates has already been deployed by Ubirch at Frankfurt Airport, Berlin, Hamburg and Düsseldorf. For that, Ubrich partnered with Govdigital and Lufthansa Industry Solutions.

Ubirch positions itself as an IoT cybersecurity firm. It claims it created the world’s first blockchain-on-a-SIM solution together with 1NCE and G+D Mobile Security, a firm known as a currency solution provider to central banks.

Meanwhile, IBM’s Digital Health Pass solution is currently being trialed by the State of New York. It uses a mobile phone app and blockchain for verifiable credentials. 

There are a variety of solutions in the marketplace for COVID-19 health certificates. And airlines, in particular, are keen to adopt them. The solutions include GE Digital’s TrustOne app, IATA’s Travel Pass platform, and the 

Source…