Home / Blogs

Internet Drug Traffic, Service Providers and Intellectual Property

Don't miss a thing – sign up for CircleID Weekly Wrap newsletter delivered to your inbox once a week.
Garth Bruen

You could call this Part Three in our series on Illicit Internet Pharmacy. Part One being What's Driving Spam and Domain Fraud? Illicit Drug Traffic, Part Two being Online Drug Traffic and Registrar Policy. There are a few facts I'd like to list briefly so everyone is up to speed. The largest chunk of online abuse at this time is related to illicit international drug traffic, mostly counterfeit and diverted pharmaceuticals. Not only is this an Internet abuse issue but it also represents a grave public health risk since the entire chain of doctors, pharmacists, and patient education has been bypassed by criminals. We have also found that the lion's share of phony RX domains and IP hosts are in the U.S.(see Host Exploit's Top 10 Bad Hosts 2009). As we pointed out Registrars and ISPs have the technical ability and legal obligation to terminate these sites, but few of them are unless put under pressure. There is an additional threat, the one to Intellectual Property. Not just a threat to brand-holders, abuse of trademarks is a ticking time bomb for Registrars and ISPs.

Many ISPs and Registrars falsely believe they are protected from their customer's illicit activities by various statues. This is only true for certain types of crimes and lawsuits. Providers have even written in the Terms Of Service or Acceptable Use Policy that their customers are responsible for any legal action stemming from abuse, but this only covers some activities. Registrars and ISPs ARE in fact liable for Intellectual Property violations conducted by their customers. The Communications Decency Act only immunizes defendants from non-intellectual property claims and non-criminal complaints. Illicit pharmacy is both a criminal act as well as an IP violation since most deal in counterfeit or unauthorized sales of trademarked drugs. One critic of our first article was chagrined that we suggested that Registrars should act on abuse reports from the public, but doing just that is in their best interest. Failing to act can be seen as an act of complicity later when lawsuits begin.

We have a new proactive process that monitors IP abuse in the wild and during initial testing we found 85 compromised IP addresses at one provider's ASN that were hosting spam template content. These sites are never advertised themselves but rather provide low-level content delivery to thousands of spammed domains which are advertised, dumped and replaced. We found that many of the domains that used these templates had trademarks in the domain names. Words like Zoloft, Motrin, Norvasc, Celexa, Zyloprim and many others. None, of course, were the real sites controlled by the actual brand-holders.

One thing is for certain, they are making considerable amounts of money by abusing brands. So much so that they have gone beyond common spam, site hijacking, or paid search engine advertisements and are now issuing press releases to announce deployments of new illicit pharmacies. It seems mind-boggling that a completely illegal business would be so brazen as to use a press release but it shows us the lack of fear on their behalf.

So, folks may wonder why if there is an abundance of research data as well as legal authority. Reason is simple: no enforcement. Many IP attorneys have expressed their lack of faith in WIPO and ICANN enforcement. Brand holders feel that chasing IP violators on the Internet is like swatting at gnats. Recently, we got into a spat with a Registrar over an unlicensed pharmacy domain that was impersonating a pharmaceutical manufacture. The Registrar brushed off our concern until we made clear that their position was completely indefensible. They finally suspended the domain after the brief discussion. The pharma brands also share in the blame for not enforcing their marks. Some drug companies may have unfortunately lead to believe that there is no solution. Others fear the public perception of big pharma pursuing lost profits from illicit providers as if the rogue drug traffickers were some kind of Robin Hood. They are not. Illicit drug traffickers are only helping themselves and often replacing active ingredients with poison. Money in their pocket, garbage in your body.

Some Registrars and ISPs welcome the rogue pharmacy traffic because of the revenue generated by thousands of illicit sites that operate with impunity. Others are seemingly helping illicit pharmacies find variations of unclaimed trademark violation domains with "suggestion" utilities (see sample snapshot). For those that are not familiar with domain registration, some companies will allow you enter any word, including the name of a trademarked product, and return a massive list of unused variations containing that word. For anyone wondering how the spammers come up with so many different URLs with the names of male enhancers, they actually don't have to because Registrars will make them up on the fly for the spammers to buy in bulk. It is a puzzle to many people how the Registrars can sell off someone's trademark. This is, of course, the fundamental question. Adding a warp-speed engine that generates lists of potentially abused trademarked domains is the injury to the insult.

This is a wake-up call the pharmaceutical brands, I am telling you that something can be done to put the pharmacy fraudsters out of business. The problem can be quantified, minimized and managed. And, honestly, this is the case for any trademarked product or service being abused on the Net. It's a new year, let's move in a new direction. The best solution to the whole abuse problem is a shared solution between government, Internet users, brand-holders and service providers. If everyone lifts their weight we all benefit.

By Garth Bruen, Internet Fraud Analyst and Policy Developer. More blog posts from Garth Bruen can also be read here.

Related topics: Access Providers, Cybercrime, Cybersquatting, Domain Names, Registry Services, ICANN, Internet Governance, Law, Malware, Policy & Regulation, Security, Spam, Top-Level Domains



"Response to expertise" etc Suresh Ramasubramanian  –  Jan 06, 2010 8:31 PM PDT

My main grouse so far has been (and I told you this back when we had dinner at that chinese restaurant, during MAAWG San Fran last february) that knujon has been, so far, way too confrontational and media oriented to be actually effective.

You'll find that a lot of the constitutencies you're trying to target are going to work far better with you if you're not out to

1. Lump them with genuinely bad actors [your registrar list had a strange mix of extremely whitehat registrars that'd have a problem - and quickly deal with it .. and extremely shady ones.. all tarred with the same brush]

2. Make them look bad in the media

Real work goes on - a lot of it - that you just don't see (and won't ever see, I suspect).

Hi Suresh Bob Bruen  –  Jan 06, 2010 9:05 PM PDT

Well, you have outed yourself. I Hope you are well. The Chinese dinner was excellent, including the discussion. All the presentations I have given have been well received, so you are in a minority.

Yes, you did say the same thing. However, I said (and still say) that not much was done before we used the sunshine approach - all backed up by statistics and real research. Nothing was ever refuted, only disliked. Each registrar was offered a chance to work with us (for free) to fix things and only a handful took us up on it. My feeling was that the money was too good. If a registrar was lumped in with others that seemed inappropriate, it was based on data. They should have responded to us.

We are only interested in working with those who are sincere. Stop whining and contact us. The fact they are unhappy means very little. They would not work with before and they won't work with us now. Nothing has changed and your contention that they would work with us if they were not so unhappy has not been verified. It is just your opinion at the moment. Feel free to alter that at any time. Show me the "real work" that I don't see. I am open minded, and public about my goals. No hidden agenda.

None of the work in the shadows has produced long term changes, as have the changes to the RAA, for example or the FDA letters to the registrars. Take the recent changes in China. Xinnet was the worst registrar in the world on both of KnujOn's top 10 lists. ICANN was afraid to de-accredit them, but the Chinese government has shut then down. Real work does go on, in spite of hiding in the shadows hoping that KnujOn will go away. There are more people like us showing up everyday.

If they look bad in the media, it's their own fault. We are merely reporting the facts. If they don't like it, they should change the facts - and they can. We will continue to do research, gather data and make it public until the Internet is cleaned up. Those that make money from the 'Net have a responsibility to all the users in the world to keep it clean and safe.

Outed? Thought everyone knew me :) Suresh Ramasubramanian  –  Jan 06, 2010 9:18 PM PDT

Xinnet seems to have gone down in a general chinese campaign on online porn. Nothing much at all to do with fast flux etc .. that's a campaign that's strictly local, appears totally unconnected with icann politics, or with knujon (or any other) campaigns, (except for post hoc, ergo propter hoc assumptions, of course).

There's at least three or four chinese registrars with far more problems than xinnet, for several months now.

People do know you Bob Bruen  –  Jan 06, 2010 9:36 PM PDT

I meant that you were outed as someone I actually spoke with (previous post). I did not name names to protect the innocent.

Yes, Xinnet went down as part of a general campaign. I mentioned it only to show things do happen that are not caused by us, fastflux was not a factor. ICANN though they were too big to take down, thus protecting them. Sooner or later though, the bad guys get caught or worse, don't make any money ;) I can only hope that China has made some progress that will last.

And yes, we are aware of the other bad Chinese registrars. They will get theirs sooner or later. All countries have people who are willing to work to put the Internet in a safe place.

There are more people like us showing Derek  –  Jan 10, 2010 7:52 PM PDT

There are more people like us showing up everyday.

Agreed. Also, with many of them are extremely knowledgeable and being experts in their own right and many making a living from IT. We need to ask why?

Maybe they are not happy seeing the promise of the net and things they worked for rapidly going to the dogs. Maybe you could consider it the masses asking for a bit of integrity and accountability.

The Illicit Internet Pharmacies just once again illustrates the sick Internet and the shortcomings of the appointed custodians.

What trust or respect should we have for any registrar, hosting provider or like that is willing to idly stand by and allow people with criminal intent, selling drugs that may harm that registrar's or provider's fellow citizens, to abuse their services all for his few dollars of the pie. When confronted, the wish to hide behind something erroneously called the Communications Decency Act. I find nothing decent about this.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Sponsored Topics

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

Leading Internet Associations Strengthen Cooperation

5 Afilias Top Level Domains Now Licensed for Sale in China

Radix Announces Largest New gTLD Sale with Casino.Online

2016 Year in Review: The Trending Keywords in .COM and .NET Domain Registrations

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Startup League Reports from WebSummit, Lisbon

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

.SPACE Becomes the Choice of the First Ever Space Nation Asgardia

Government Guidance for Email Authentication Has Arrived in USA and UK

Afilias Chairman Jonathan Robinson Wins ICANN's 2016 Leadership Award at ICANN 57

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

8 Tips to Find Your Perfect .COM Domain Name