Home General Crime

Corrupt Vaccine Center Volunteers Sell Thousands of Queue Slots Amid Inept Gov’t IT Security

Thailand's government programmers again proving they haven't a clue how to build secure, functional websites & apps

Hacker working in the darkness

The mystery behind two days of vaccination bookings canceled at Bang Sue Grand Station has been revealed: Hackers again tapped into yet another government database, this time registering 7,000 people who a crime gang for priority shot slots.

The Thai government’s information technology skills long have been laughable but just how inept its app and online programmers are has never been as clear as during the coronavirus crisis. The government now has been through several different mobile apps to register people for vaccine appointments and even the third website for foreigners to use debut with a gaping privacy hole first-year college web programmers would have avoided.

This time, hackers working with a gang of at least 19 people compromised the Bang Sue Grand Vacciantion Center’s registration database and inserted 7,000 records. Each of those records belongs to a person who paid gangsters 400-1,200 baht for a place in line for the free jabs.

Mingkwan Wichaidit, the Director of the Institute of Dermatology, who is also running the center, emphasized that all people are eligible for vaccinations without any cost.

Mingkwan said that the center accepted 10,000-30,000 vaccine recipients per day via walk-ins and advance bookings made before June 29. Walk-in vaccinations have been discontinued due to the center’s inability to enforce even a modicum of social distancing and crowd control.

Walk-ins needed to register on-site, so the government center allowed volunteers to do the data entry and and edit registrants’ personal information using 200 terminals spread around the center.

Loosely supervised, these “volunteers” decided they could make some coin selling off spots in line.

Vaccination center officails didn’t catch on until July 18 when they spotted an unusually high 2,000 additional bookings for that date with much of the data uploaded into the system after 10 p.m. when the office was closed.

The first bunch of those suspect bookings were for appointments for July 28. So the center canceled all the day’s appointments so that people would show up and complain. They did and center officials interrogated those who purchased queue slots, which was “helpful” in the investigation, Mingkwan said.

According to their statements, either they, a relative or employer paid for the bookings at a price of 400-1,200 baht per queue. The center collected the names of the offenders and their bank accounts for further investigation.

The Central Investigation Bureau conducted an initial investigation, identifying 19 suspects including center volunteers. Meanwhile, the Technology Crime Suppression Division will conduct a deeper investigation.

To prevent a recurrence of such corruption, Mingkwan said that the Bang Sue Center canceled all suspicious advance bookings registered in the system on July 28-31 and up until Aug, 8, deactivated all user logins of outsiders and closed the system during the nighttime.

The admission of the security lapses came the same day as yet another website set up to register foreigners for vaccinations debuted with all personal information of everyone registered unencrypted and open to the entire internet. The site also was launched with insufficient email capability, leaving registrants unsure if their appointments confirmed. Many re-registered and then received error messages.