Scalping robots make appointments for government services in Israel
Scalping robots are wreaking havoc on the Israeli government by trying to turn access to public services into a cash cow.
Bots, also known as web crawlers, are automatic systems programmed to perform specific functions.
Not all bots are bad; some index web content, others provide chat functions for business customers, and you may encounter bots that perform checks to find you the best product deals. However, so-called “evil” bots can also be programmed to perform brute force attacks, disrupt web services, and more.
SEE: Phishing gang that stole millions by luring victims to fake banking sites is busted by police
Scalpers fall into the second category. Although generally not dangerous, resellers are exploring online services to reserve and purchase products much faster than a human. Scalpers can target concert tickets, gaming consoles and other high-demand products, allowing their operators to resell them for a profit.
Now the scalpers also abuse government services.
June 23, Akamai researchers said that bots are used to take coveted meeting slots offered by Israeli government services. Unfortunately, these slots are gold dust, with an estimated 700,000 citizens trying to get an appointment for passport renewal alone, let alone requesting appointments related to transport, utilities, post office and national insurance.
According to the researchers, many bots have been trained on My visita platform for selecting and booking appointment slots.
The first bot in circulation was made public for free by a group of well-meaning developers. Dubbed GamkenBot, the bot was usable by anyone willing to provide their preferred meeting place and contact details.
However, variants of profiteering scalpers soon emerged, with bots being developed to enter passport appointments, alongside a variety of other government services.
Instead of waking up at 7 a.m. every morning and hoping to get a time slot, and sometimes waiting months for success, citizens are taking second place to scalping robots that automatically scan and enter appointments. you published via MyVisit. Operators then resell them for more than $100 each – when they should be free.
The operators might say they are providing a service, but, as the researchers note, the scalpers have turned a government service that citizens already pay for through taxation into “traded goods”, with essential services held in ” ransom”.
SEE: Why cloud security matters and why you can’t ignore it
MyVisit is not blind to scalping activities and has tried to stop bots by implementing CAPTCHAs. However, it only took a few days for this system to be bypassed.
The problem is that today’s robots avoid getting stuck by mimicking human behavior and interactions. Therefore, a CAPTCHA barrier is not sufficient; for now, the bots continue their profits.
“To beat today’s modern bots, much more advanced metrics are used by bot management products,” Akamai commented. “Device fingerprinting and behavioral analysis are combined with machine learning models, powered by billions of queries every day to detect trends and anomalies. Any anti-bot protection can be delivered by a malicious actor with enough motivation and resources, at least on a small scale. However, the bar should be set as high as possible, and we should always raise it higher.”
Previous and related coverage
Do you have any advice? Get in touch securely via WhatsApp | Signal at +447713 025 499, or more at Keybase: charlie0