“We have the best logisticians in the world at the Department of Defense, working in conjunction with the CDC, to guide … every logistical detail you could possibly think of,” declared Paul Mango, the deputy chief of staff for policy at the Department of Health and Human Services. Though the military would not be involved in giving injections, he said, it would run an end-to-end system of surveillance to ensure that every dose of vaccine was administered with precision before it expired.
That supply chain, however, has come under attack.
In one case a pharmacist in Wisconsin managed to sabotage 500 vaccines, apparently driven by his belief in apocalyptic conspiracy theories. It wasn’t exactly the strike that Interpol warned about when it cautioned nations to remain vigilant against threats to the vaccine supply from organized crime, but it did show that the weaknesses in the system were there–and that they might be the consequence of bad decisions at the top.
Temporary fixes cause trouble
It has become increasingly clear that many hospitals, pharmacies, and other facilities that received vaccine deliveries are on their own: forced to oversee the logistics themselves, organize appointments with patients, and monitor follow-ups. Under pressure, they have started to make hasty or uninformed decisions, or turn to services that weren’t built for such critical purposes.
Reports started to trickle in about how different free websites, like SignUpGenius, were being used for vaccination reservations in Oklahoma. Princeton University sociologist Shamus Khan chronicled how he was frustratedly refreshing Eventbrite, an online event service website, in order to grab a spot for his elderly parents in Florida. Some health departments in the state had decided to use the system because it was “quickest, easiest, and most efficient way” to meet their pressing need.
Later, however, it was revealed that some people who thought they had paid to secure a spot via Eventbrite had been duped. Fraudsters had created fake listings pages to trick people into handing over their money for appointments that didn’t exist. Phone numbers for county health departments were jammed all day, and websites struggled with demand, compounding the problem.
The use of third-party websites creates the perfect opportunity for a low-tech supply chain attack. Typically when we think about supply chains and cybercrimes, images of malicious software, stolen passwords, or phishing come to mind. But no hacking was needed in this case. What happened in Florida was media manipulation in the form of impersonation: fraudsters had only to use the website as it was designed in order to run away with desperate seniors’ cash.
The rule of misinformation
These cases are alarming for a number of reasons. Imposter sites hiding behind suspect domains to sell fake wares have become common during the pandemic. So, too, has the use of social media to conduct low-grade information warfare claiming that the pandemic is a conspiracy.
But if there is a law of misinformation, it is this: Everything open will be exploited.