Stolen the keys to generate the Green Pass, EU alarm • Imola Oggi

Stolen the keys to generate the Green Pass, EU alarm • Imola Oggi
Stolen the keys to generate the Green Pass, EU alarm • Imola Oggi

Some keys that allow the generation of the European Green pass would have been stolen and with them programs to create fake certificates would have been published and disseminated online. The theft of the ‘keys’ would not have occurred in Italy: according to what is learned, from the first investigations carried out, there would be no cyber attacks on Sogei, the Information Technology company of the Ministry of Economy which provides the codes to generate green certificates.

It is learned from qualified Italian sources according to which it has already been decided to cancel all the passes generated with those keys. In addition, a series of meetings at European level between all the technical stakeholders involved would be scheduled in the morning for an in-depth analysis of the situation. It is not known at the moment the number of codes stolen or if the problem also concerns Italy, even if investigations are in progress.

The keys to generate the Green Pass

It all started with a discussion on Raidforums, one of the most popular forums on the dark web, where a user asks a Polish seller to create a European Green pass in the name of Adolf Hitler. Result? With 300 euros he obtained a perfectly functional certificate, as confirmed by the “customer” himself. For a few hours these fakes have also been running on some Telegram groups and the QR codes are valid on verification apps, in Italy and in Europe. There are at least two circulating ones, both in the name of Adolf Hitler, but with different dates of birth: one indicates January 1st 1900 and the other 1930. When the QR codes are framed by the appropriate apps, the green check and the phrase “certification valid throughout Europe” appears on the display, which would allow access to workplaces and meeting places if the verifier did not notice the fact that they are registered in the name of the Nazi dictator.

Users hypothesize that the fake Green pass was produced by someone who works in a pharmacy or hospital and therefore has access to the certificate production system, while a well-known French leaker (who in turn tested the validity of the fake certificates) I immediately understood the problem: someone had access to the encryption keys used to sign the digital certificate of the European Green pass.


PREV Blackout risk | Broccoli and pathologies
NEXT Super Cashback, waiting for refunds: that’s when the missing payments will arrive