Police in Spain have arrested 69 people accused of using bots to circumvent the asylum system in the country. Spanish authorities said on Friday a gang had used the bots to obtain open time slots for the country’s online booking system, which is free, and resold the appointments to asylum seekers for 200 euros ($217) each.
Spain’s asylum site takes measures to identify bots, but the group’s automated software system was able to break through and take “practically all” of the appointments throughout the country. Police said in a statement to Reuters that the intermediaries and lawyers and advisers were aware of the existence of a hack “and of the corresponding problems they were causing to foreigners who, on many occasions, were in a situation of great vulnerability and desperation.”
The application process in Spain can be a lengthy one, and incoming asylum seekers are required to apply within the first 30 days of arriving in the country. If they do not apply within that time frame, they can be automatically rejected unless there is a valid reason for the delay. After receiving a receipt confirming the asylum application had been submitted, the individual is assigned an appointment for their interview and to finalize their application.
But without open slots, thousands of asylum seekers were unable to be assigned an appointment, making a lengthy and time-consuming process even more so. The police conducted raids and arrested the four alleged leaders of the gang responsible in both Barcelona and Valencia. During the raids, police confiscated documents, although the contents have not been revealed, and found more than 200,000 euros ($217,000) in cash.
Bots are becoming increasingly more common, providing hackers with a new-age way to get through online security measures. In April, the FBI and international law enforcement seized Genesis Market, an online marketplace operating on the Dark Web, that was responsible for using bots to buy and sell hacked user data. Through the marketplace, criminals could purchase bots that contained data stolen from users’ devices from saved login information to autofill forms and digital files used to track a user’s online activity.
In another attempt to use bots to steal money from unsuspecting individuals, Joseph James O’Connor was extradited from Spain to the U.S. last month for his role in using bots to hack high-profile Twitter accounts. O’Connor pleaded guilty and was forced to pay back $794,000 in restitution.
Assistant Director Bryan Vorndran of the FBI’s Cyber Division said in a news release that O’Connor’s guilty plea showed that their effort to combat cybercrime is working. “It’s also indicative of what can be accomplished when we work closely with our partners to bring these perpetrators to justice and make the cyber ecosystem more secure,” he said. “O’Connor’s extradition is as a warning to all dangerous cyber criminals that the FBI will work tirelessly to find them and hold them accountable wherever in the world they may try to hide.”