The former supreme leader of 1940s Germany appears to be alive and well, if the European Union digital vaccination certificate program is to believe. In fact, he’s doing better than “fine” he was vaccinated against covid-19.
Yes, no, Hitler is still dead, don’t worry. But it looks like someone got their hands on the private cryptographic key used to certify digital Covid-19 vaccination cards in some European countries and forged bullshit certificates for real people.
Cybercriminals on the Dark Web were recently spotted sell access to what they claimed to be fake digital vaccination certificates for $ 300 a coin. When asked by journalists what they were doing, a criminal provided them with a working vaccine certificate for Adolf Hitler. In addition to the former dictator, vaccine passports approved for “Mickey Mouse” and “SpongeBob Squarepants’ were also apparently peddled.
False but trusted certificates were recently viewed by Beeping computer, who was able to verify that Hitler’s was still working on Thursday.
The fake certificates appear to come from some kind of EU compromise digital vaccination certificate program, Which one is Europe’s recent effort to ensure that all citizens are vaxxed before traveling or attending most recreational events. Also called “Green Pass”, the certificate can be obtained in different ways, either through health agencies or through screening centers, after vaccination. anything that involves fun. According to the European Commission, the laissez-passer contains “a QR code with a digital signature to protect it from tampering.”
G / O Media may earn a commission
However, it would appear that the private key responsible for validating these certificates has been disclosed or misused by someone with legitimate access to it.
When contacted for comment by threat post, the European Commission told the point of sale that the certificates were created by “people with valid credentials to access national IT systems, or by someone misusing those valid credentials “. They further added that this whole episode was caused by “illegal activity, not technical failure.” As it’s not clear what all of this actually means, we’ve reached out to the European Commission for clarification and will update this story if they respond.
If private cryptographic keys were in fact leaked, it would pose a whole assortment of bureaucratic and public health problems and could cause a lot of chaos in affected countries. With a fabricated certificate, unvaccinated people would largely be able to escape reasonable health restrictions and, hypothetically, could pose significant health risks to their communities. At the same time, a leak of this magnitude could force affected governments to revoke the legitimacy of some vaccination certificates.
All that said, it’s not 100% still clear what happened or why these forged certificates actually appear. But euh, so far it doesn’t sound great.
