This operation reveals a nationwide network in Spain that depended on automated bots to hijack the immigration appointment system. Investigators describe how a group planned ahead, obtaining every available appointment and reselling them later. The crackdown resulted in 69 arrests and 25 additional investigations across the country, including seven in the province of Alicante. The bots performed repetitive, automated tasks to bypass the system’s filters and pull all open immigration slots. One of the Alicante suspects is identified as a key organizer who delegated the task of arranging major appointments to a company. During searches, investigators found a computer with multiple browser tabs open to the electronic center’s appointment page and a spreadsheet that appeared to be updated automatically or remotely.
For many people, booking an administrative appointment in advance is nearly impossible. Procedures such as asylum requests, invitation letters to bring relatives to Spain, or issuing a NIE were effectively out of reach for numerous citizens and professionals. From the outset, authorities suspected a coordinated scheme or hacking activity that disrupted the public administration’s website. The free appointments, which do not require any payment from citizens, were put up for sale on a shadow market with prices ranging from 30 to 200 euros, leaving many individuals unable to receive timely assistance.
The case, led by the Center for Illegal Immigration Networks and Documentary Frauds (UCRIF) and coordinated by Valencia City Immigration and Border Brigade after a technical report from the Central Cybercrime Unit of the Judicial Police, is being handled by Valencia Instruction 8 Court, with proceedings centralized there.
A cybercrime expert analysis helped unblock investigations conducted by several Provincial Immigration Brigades, revealing problems accessing the national system used to request pre-appointments. The police traced a criminal network that operated a computer bot to perform repetitive, predefined actions to secure all needed immigration slots and then distribute them across the country. As a result, the system became unavailable to users and the free public service managed by the National Police for immigration procedures was disrupted.
payments
Foreign nationals seeking an appointment sometimes turned to the bot operators or their agents for a fee, ranging from 30 to 200 euros, when normal access failed.
The bot, designed by the criminal network, could bypass security measures and even evade captchas meant to detect automated programs. The organization instructed intermediaries to use a Virtual Private Network to hide the broker’s real IP address, enabling more appointments to be requested without triggering automatic blocks from the server.
Initial phases included statements from various sources, economic analyses of the companies involved, and additional inquiries that led to the first police operation. Investigators recovered four logins and registrations and seized computer equipment, documents, and 206,950 euros in cash.
Following these arrests, prosecutors began an economic probe against the parent company and the entity used to rent robot services for appointments. Documentation analysis and further investigations revealed intermediaries coordinating with the primary operator to influence the bot’s activities.
Boat rental for 24/7 operation
The arrested individuals rented the bot for nonstop operation, allowing data to be entered into the immigration appointment system in a way that severely impaired the normal functioning of the online service across Spain.
The investigation also uncovered multiple agreements among intermediaries and the main providers of bot services. Records show that the business flow was labeled as “robot rental,” with intermediaries earning substantial sums from selling immigration appointments to applicants who otherwise could not obtain them for asylum or other procedures.
Those involved included agents, lawyers, managers, and consultants who were aware of the computer disruption and the impact on foreign applicants. Each broker used separate bot licenses for different agents, and data fed into the bot was used to post appointment information online. Data management allowed provincial targeting and the execution of immigration procedures by intermediaries.
The bot detected when appointments were released in various provinces, preloaded data, and allocated slots with 24-hour control of appointment releases. This arrangement compromised the system’s fairness and operability.
second scene
In the second stage, investigators identified two individuals in Alicante and Cáceres using a company to obtain large numbers of appointments. After entering an address in Alicante, a computer with several browser windows opened to the immigration appointment page, while another window displayed a spreadsheet that appeared to be altered remotely. This pattern pointed to the ongoing manipulation of appointment data.
Following the initial operations, Central UCRIF agents, together with several Provincial Immigration and Border Brigades, continued to map the network and locate intermediaries or those responsible for hiring the bot that interfered with the public administration site.
Subsequent phases led to the arrest of 69 members across Madrid, Albacete, Alicante, Almería, Badajoz, Barcelona, Vizcaya, Burgos, Cádiz, Córdoba, Balearic Islands, Marbella, Murcia, Tarragona, Tenerife, Toledo, and Valencia. Those detained were charged with belonging to a criminal organization and impairing computer operations. A total of 25 individuals were not detained in Madrid and Cádiz during the operation.