Organized Crime Threat to COVID-19 Vaccine Distribution

Overview

On December 2, the International Criminal Police Organization (INTERPOL) issued a global alert to law enforcement across its 194 member countries warning them to prepare for organized crime network targeting of COVID-19 vaccines, physically and in cyberspace. Distributed as an ‘Orange Notice,’ the alert identifies new criminal activity related to falsifying, stealing, and illegally advertising COVID-19 and seasonal flu vaccines, including embedding malware via online websites. The new alert is just the latest pandemic-triggered criminal behavior, following counterfeit tests, fake cures, and misleading websites among other illicit activities by individuals and organized criminal groups alike. As international travel gradually resumes and testing for the virus becomes more important, parallel production and distribution of unauthorized and falsified testing kits are likely to result. OSAC members should take special care when going online to search for medical equipment or medicines for their organizations and personnel.

Additional Context to the INTERPOL Warning

As a number of COVID-19 vaccines gain approval and become available globally, there is a general short- and medium-term risk to the safety of the supply chain, with a likely proliferation of websites advertising, selling and administering fake vaccines or purporting to do so. The pandemic has already triggered unprecedented opportunistic and predatory criminal behavior by individuals and organized criminal groups; the same threat actors are likely to target vaccines. The public has been and will continue to be a primary target via fake websites and false cures, but vaccine manufacturers and their global supply chains are also likely targets, offering a potentially lucrative opportunity for criminal enterprises producing and distributing counterfeit and untrustworthy test kits.

Cyberspace is Key for Criminal Groups and Other Nefarious Actors

COVID-19 has significantly broadened the cyber threat landscape, allowing nefarious actors to prey on pandemic-related fears. Not only are criminals using online platforms to sell illicit (or nonexistent) medical supplies, but they are also using them to inject malware and steal personal information. An INTERPOL cybercrime unit analysis of 3,000 websites associated with online pharmacies suspected of selling illicit medicines and medical devices found that more than half (approximately 1,700) contained cyber threats. Cybercriminals are employing a variety of means, from voice and SMS phishing to fake advertisements on social media sites to lure victims into providing personal information or clicking on unsafe links. Similar to the wave of COVID-19 testing scams that emerged earlier in the pandemic, COVID-19 vaccines have been a key focus of recent scam campaigns. On December 21, the Federal Bureau of Investigation (FBI), Department of Health and Human Services Office of Inspector General (HHS-OIG), and Centers for Medicare & Medicaid Services (CMS) issued a warning to the public regarding fraud schemes related to COVID-19 vaccines. Specific fraud schemes mentioned include:

1. Advertisements or offers for early access to a vaccine upon payment of a fee;
2. Requests asking victims to pay out of pocket to obtain the vaccine or to put their name on a COVID-19 vaccine waiting list;
3. Offers to undergo additional medical testing or procedures when obtaining a vaccine;
4. Marketers offering to sell and/ or ship doses of a vaccine, domestically or internationally, in exchange for payment of a deposit or fee;
5. Unsolicited emails, telephone calls, or personal contact from someone claiming to be from a medical office, insurance company, or COVID-19 vaccine center requesting personal and/ or medical information to determine recipient eligibility to participate in clinical vaccine trials or obtain the vaccine;
6. Unverifiable claims of FDA approval for a vaccine;
7. Advertisements for vaccines through social media platforms, email, telephone calls, or online – from unsolicited/ unknown sources; and
8. Individuals contacting victims in person, by phone, or by email to tell them that the government or government officials require them to receive a COVID-19 vaccine.

The Better Business Bureau (BBB) and Federal Trade Commission (FTC) have also provided information to the public regarding expected scams related to COVID-19 vaccines, many of which could make individuals and organizations vulnerable to cyber threats. The U.S. Department of Justice also announced on December 18 that it had seized two internet domains that impersonated the biotechnology firms Moderna and Regeneron, both of which are involved with developing treatments for the coronavirus. Criminals had been using the sites as ‘watering holes,’ to collect visitors’ personal data as part of a scam. According to the FTC, Americans have reported over $211 million in losses from coronavirus-related fraud.

Region-Specific Criminal Concerns

Organized criminality is certainly a worldwide phenomenon, as is the push for COVID vaccination. However, certain regions of the world may be affected more (or sooner) than others when it comes to the intertwining of the two. Below, OSAC identifies trends in Europe, Latin America, and Africa worthy of private-sector attention. But, evidenced by instances such as the Japanese Yakuza crime syndicates attempting to gain public favor by providing PPE, opening soup kitchens, and offering to sanitize the Diamond Princess cruise ship early in the pandemic, Asia is certainly not a stranger to this type of development.

Europe

The European Union’s current schedule has the distribution of an initial 200 million doses of the Pfizer developed COVID-19 vaccine completed by September, with additional shipments arriving thereafter. Authorities expect the primary risk in Europe to be organized criminal scams attempting to sell dangerous counterfeit vaccines or to hijack shipments of genuine shots.

Counterfeit and substandard medical equipment and COVID tests are already rampant. Similar schemes with vaccines are most likely representing a significant public health threat if they are ineffective at best or toxic at worst. Fake vaccines may even have a wider-reaching impact if new outbreaks emerge in communities assuming themselves to have received proper vaccinations. According to Europol, criminals have placed advertisements on dark web marketplaces “using the brands of genuine pharmaceutical companies that are already in the final stages of testing.”

Law enforcement agencies have also predicted a sharp rise in related crime, as actors attempt to gain access to vaccines by targeting the supply chain either by hijacking vehicles transporting shots or by illegally refilling empty vials not correctly disposed. There are also concerns of thefts and warehouse break-ins. Germany will reportedly involve federal police in the secure storage and transportation of the vaccines (As of yet, there have been no reported instances of actual supply chain hijackings).

Not only are criminal elements likely to target vaccine distribution networks, but nation-state actors are likely to do so as well – particularly in cyberspace. In December, IBM reported that it tracked a global cyber campaign aimed at the delivery ‘cold chain’ used to keep vaccines at the right temperature during transportation. Starting in September, an alleged nation-state actor targeted organizations in Italy, Germany, the Czech Republic, and elsewhere in Europe. Malicious actors sent phishing emails impersonating a business executive from a legitimate company involved in supply cold-chain storage to a number of organizations including the European Commission’s Directorate General Taxation and Customs Union; a German website-development company, which supports clients associated with pharmaceutical manufacturers, container transport, biotechnology, and manufacturers of electrical components for communications; and companies involved in manufacturing solar panels, which can help keep vaccines cold in places where reliable power is not available. The malefactors reportedly conducted the attack to harvest credentials for unauthorized access, monitor internal communications, and gather information on the methods and plans to distribute a COVID-19 vaccine. Microsoft and the United Kingdom’s National Cybersecurity Centre have each disclosed significant incidents involving nation-state targeting the vaccine development process.

Latin America

The vaccine roll out throughout Latin America is likely to be slow and patch worked, creating opportunities for organized crime to profit from a demand that far exceeds supply. The cold temperatures required to transport and store the Pfizer vaccine make it difficult and expensive to provide in rural areas that tend to be tropical and lack access to consistent electricity. Locked out of the market by limited vaccine supply, many countries are participating in Johnson & Johnson vaccine trials in the hopes of receiving preferential deals for the more temperature-stable, one-dose vaccine that will likely finish trials in February. Argentina, Brazil, Ecuador, Chile and Peru are also hoping to purchase large-scale doses of the Oxford-Astra Zeneca vaccine, and in the meantime have also agreed to test and purchase Russia’s Sputnik V and China’s Sinovac. Other countries with fewer resources like El Salvador are relying on the World Health Organization’s COVAX initiative, which aims to vaccinate 20% of Latin America and the Caribbean, but faces overwhelming difficulties rolling out vaccine distribution in least developed countries. The proliferation of different vaccines with varying transportation and storage requirements and effectiveness creates a system ripe for mismanagement, graft, and uneven access, playing into the hands of organized criminal groups seeking to expand their influence in the region.

Since March, criminal organizations in Latin America have managed to infiltrate medical supply chains. They have stolen legitimate PPE, COVID tests, and ventilators from suppliers, trafficked in counterfeit goods, and engaged in scams, promising PPE and treatments that never materialized. If the vaccine rollout is slow, uneven, and improperly protected, organized criminal groups will also take advantage of the vaccine in similar ways. First, a lack of a cohesive, well-regulated vaccine roll out increases the risk that organized criminal groups will distribute fake or diluted vaccines, leaving people who falsely believe they are vaccinated vulnerable to the virus, and undermining trust in legitimate vaccines. Second, it puts vaccine suppliers at risk, either of theft during the transportation process or of extortion as gangs demand payment for movement through certain areas as has occurred with the PPE supply chain in Latin America. Third, it increases the risk of corruption and graft, where organized criminal groups can mark up prices to extract more money from local populations, selling falsified paperwork attesting to vaccinations that may not have occurred, and encouraging local officials overseeing vaccine roll outs to be complicit in these criminal economies.

A key lesson from the last several months is that many organized criminal organizations in Latin America are poised to take advantage of perceived state failures to distribute the vaccine. Throughout the region, organized criminal groups have enforced public health measures and distributed public goods like food and soap in a bid for more legitimacy and territorial control. In Rio de Janeiro, the Red Command (CV), a major gang, announced curfews on social media and distributed hand sanitizer in the city’s favelas. The 18th Street gang in Guatemala announced it would temporarily stop its extortion rackets and threatened any price gougers; criminal organizations in Venezuela, Colombia, and El Salvador also enforced strict quarantines and stay-athome measures in areas that they control. While some of these practices may have provided temporary public health relief in communities where governments were unable to provide support, the gangs operated by relying on the threat of force. They successfully undermine state institutions by acting as gatekeepers to effective policing and social services. If criminal organizations can exert influence over vaccine distribution, either by theft, counterfeiting, or extortion, they will continue to profit while undermining trust in local governments.

Mexico

In August, Mexico entered into an agreement with Argentina to produce 400 million doses of the Oxford AstraZeneca vaccine, given the high number of COVID cases in the country and fears from the government that the country would not get the vaccine in time. It is not uncommon for criminal groups to target manufacturing centers for theft and extortion, many of which produce medical devices and pharmaceuticals.

Anecdotally, organized criminal groups have begun to target cargo shipments carrying PPE and treatments for COVID (e.g., masks, ventilators, hand sanitizer) for its resale value, to stock their own medical centers (some cartels in Mexico operate legitimate clinics for their members and allies), and potentially play a pivotal role in distribution as a means of marking territory and recruiting. In cities like San Luis Potosí, the CJNG (Jalisco Cartel) distributed PPE in the summer as a means of announcing its arrival to the city. Similar to other regions, there are storage and distribution concerns. First, many parts of Mexico (particularly border regions, which are home to many manufacturing centers) are hot and arid, presenting a challenge on storing vaccines that require cold temperatures. Second, the population’s ability to access the vaccine is a major issue. Mexico’s many public hospitals generally provide a lower standard of care, have been overwhelmed by the pandemic, and may not have the storage infrastructure needed for the vaccines. Private hospitals, which provide state-of-the-art care, are generally very expensive for the average Mexican, increasing the likelihood that most of the population may not have effective access to a vaccine.

Storage and distribution challenges, coupled with cartel’s infiltration into every level of government in Mexico, create a fertile ground for corruption, especially as local governments choose where to allocate vaccines. In some instances, officials may pass over supplies to organized criminal groups, who may use them to treat their own members or to resell at higher values. Corrupt officials may also charge mark-up fees on vaccinations and sell fakes such as in the case of a Mexican state governor currently under investigation for selling fake children’s cancer treatments. Because extortion demands and redirection of vaccine materials along the supply chain can lead to significant delays in getting the vaccine to populations needing treatment, it may lead to degradation of vaccine efficacy. Corruption and collusion with cartels will likely be the greatest risk organized crime poses to the delivery of the vaccine. Although cartels will likely target cargo shipments for theft when the opportunity arises, their influence over government officials – won through bribery, intimidation, and installation of their members into office – will be the primary means in which they influence the vaccine’s distribution.

Sub-Saharan Africa

Widespread COVID-19 vaccination in Africa will occur more slowly than other regions for a number of reasons; the most optimistic expectations place early rollouts in mid-2021. Fake and substandard medical products and pharmaceuticals are already a continent-wide phenomenon, aprecedent that criminal syndicates will likely take advantage of as vaccine distribution progresses. As a regional market, Africa is likely to see a larger variety of vaccines from more source countries than other regions of the world, in a patch work effort to vaccinate as much of the continent as possible. This could exacerbate quality assurance problems and concerns of efficacy if patients combine doses from different vaccines. Additionally, the safety and efficacy of some vaccine options may vary. Trials have not yet verified the efficacy of various global vaccines against COVID-19 variant strains, which may be more prevalent due to geographic proximity and porous borders. In addition, the distribution of numerous types of vaccines will require numerous different handling procedures, which in a limited-capacity healthcare system could lead to confusion in vaccine administration or supply-chain breakdowns. Vaccine arrivals and rollouts may also lag behind other regions due to logistics and access constraints, especially outside major cities and regional powerhouse countries. Insecurity will likely compound the enormous safety, security, and logistical challenges inherent in mass vaccination campaigns in many parts of Africa due to regional conflict, poor infrastructure, recurring natural disasters, physical access constraints, and lack of host-nation capacity. Unreliability of roads and electricity in particular will affect vaccines that require any amount of refrigeration. While successful large-scale vaccination campaigns have occurred in Africa in the past, these were generally localized and targeted, rather than continent-wide and simultaneous.

Once rollouts begin in earnest, other broad regional risks may impact the distribution of vaccines across the continent. Economic desperation caused by COVID-19 disruptions has already affected crime trends in some areas. As the vaccines roll out, violent crime may get worse or crop up in new ways or new areas. Criminals may also steal vaccines for redistribution without taking the infrastructure involved in administration into account. If vaccine deliveries are traveling by sea, piracy could become a concern. Given existing popular disgruntlement with government response, vaccine delays may become polarized and politicized and could likely exacerbate rural-urban divides leading to civil-unrest. Finally, widespread community suspicion could lead to attacks on health workers despite the high profile of the pandemic and sensitization over time.

Perhaps most relevant to the U.S. private sector operating on the continent is the situation in South Africa, which has one of the best private healthcare sectors in the world. Despite this, the government will not receive any of the early millions of doses of vaccines that will be manufactured within the country; these are instead bound for Europe and other nations that ordered them. The Government of South Africa announced in mid-January that the country secured 20 million vaccines, but has not yet announced a schedule for widespread vaccination. Once rollout begins, however, analysts predict counterfeiters will saturate the market, and criminal syndicates may easily penetrate the distribution chain. Police in South Africa have already uncovered warehouses full of large amounts of illegal, unregistered COVID-19 vaccines and counterfeit N95 masks. The fake vaccines and personal protective equipment arrived in South Africa through O.R. Tambo International Airport in Johannesburg (JNB), which notoriously serves as a transshipment point for illicit drugs destined for European and other African destinations, as well as for local consumption. Criminal groups in South Africa are well-organized, and law enforcement expects that the vaccine’s introduction may result in a spike in criminal activity. Civil unrest, which occurs frequently in South Africa, is especially likely given the inequity of access to the vaccine, which may mirror other social inequities in the country.

Implications

Key issues as global vaccination campaigns get underway include a potential threat to transportation and distribution networks for the COVID-19 vaccines, as well as cyberattacks and counterfeit or diluted products. OSAC members should take special care when searching for medical equipment or medicines for their organizations, and should echo this need for caution to their personnel.

The most effective countermeasures aimed at combatting malicious cyber activity related to COVID-19 are often those that organizations and employees should already practice regularly. Measures such as avoiding clicking on unusual links and attachments, only using trusted sources for fact-based information, and never giving out personal information over email or the telephone can protect users against many of the low-level cyber scams proliferating alongside the COVID-19 pandemic. The previously mentioned joint warning from FBI, HHS-OIH, and CMS includes a more thorough list of cyber fraud prevention techniques.

Be aware that the ambient threat level in areas with active criminal organizations may increase as these groups take advantage of vaccine distribution to increase their control. Organizations operating in areas with less host government presence should also be wary of the potential for increased corruption and ties between local law enforcement and criminal organizations.

---

---