This article is more than 1 year old
Cops crack gang that used bots to book and resell immigration appointments
Keeping files that mention 'robot rental' may not have been the best way to cover their tracks
Police have arrested 69 people alleged to have used bots to book up nearly all of Spain's available appointments with immigration officials, and then sold those meeting slots for between €30 and €200 ($33 to $218) to aspiring migrants.
The bots essentially shut down the nation's online booking system by overloading it, according to Spanish National Police, who identified 94 people allegedly involved in the automation caper. In addition to cuffing dozens of those individuals, officers are still investigating the remaining 25.
Those arrested include the four alleged leaders of the crime ring, plus lawyers, managers, advisors, recruiters, and intermediaries, who reportedly received "large amounts of money" from the sale of the immigration appointments.
"Those arrested rented the bot for uninterrupted use of the online appointment computer system, entering or transmitting data, in a way that seriously affected the normal and correct functioning of the appointment management website for immigration procedures throughout the national territory," the Spanish plod stated.
The suspects were aware of the scam targeting those seeking asylum "for whom there was no other option than to resort to paying to get an appointment," according to law enforcement.
Many of these foreigners "were in a situation of great vulnerability and despair," the cops added.
Building better bots
The criminals employed several measures to avoid detection, including methods to bypass I-am-not-a-robot CAPTCHA challenges that websites use to detect non-human users. In this case, the website required the person — or bot — seeking an immigration appointment to solve a puzzle to sign up for a meeting slot.
The leaders also told their intermediaries to use a virtual private networks (VPNs) to hide their true public IP addresses, and also to avoid tripping server-side protections that watched for excessive connections from lone IPs. It would appear to us that the bot automated at least some of the immigration appointment booking process, and humans involved in the scam completed the rest.
- 'Top three Balkans drug kingpins' arrested after cops crack their Sky ECC chats
- Spain gets EU cash to test next gen network, and US 'scrum for 6G' already under way
- Ex-Ubiquiti dev jailed for 6 years after stealing internal corp data, extorting bosses
- UK cops score legal win in EncroChat snooping op
When collaring the four suspected leaders, in Barcelona and Valencia, police also seized "a large number" of computers, documents, and €206,950 ($225,052) in cash.
The records and documents included business contracts for bot rental services and transactions that mentioned "robot rental" — which led the police to intermediaries and others allegedly involved in the scam.
Each intermediary had a license to use the bot and access to a spreadsheet for scheduling appointments across the country.
"The bot detected the moment in which appointments were released in the different provinces and appropriated them by having the data preloaded and being programmed 24 hours a day, controlling the release of appointments, compromising the functional operability of the system," according to the Spanish cops. ®