COVID-19 vaccines have been rolled out in many countries and with them a number of vaccination certificates. For instance, the EU is utilizing a digital certificate in the form of a QR-code that is digitally signed and can be easily validated throughout all EU countries. In this article, we document the current state of the COVID-19 vaccination certificate market in the darkweb with a focus on the EU Digital Green Certificate (DGC). We investigate 17 marketplaces and 10 vendor shops that include vaccination certificates in their listings, and discover that a multitude of sellers in both types of platforms are advertising forging capabilities. According to their claims, it is possible to buy fake vaccination certificates issued in many countries worldwide. We demonstrate some examples of such sellers, including how they advertise their services, and we develop a taxonomy of EU COVID-19 certificate forging capabilities, describing the potential methods that the vendors are utilizing to generate certificates. We highlight two particular cases of vendor shops, with one of them showing an elevated degree of professionalism, showcasing forged valid certificates, the validity of which we verify using two different national mobile COVID-19 applications.
- Additional Key Words and PhrasesCOVID-19
- digital certificates
- electronic crime