Home / Blogs

Narcotics Traffic Is Not Part of a Healthy Domain System

Garth Bruen

A stack contrast is emerging within the DNS between providers who tolerate blatantly illegal domain use and those who do not. Our study, just published here focuses on five U.S.-based providers, their policies, and their response to reports of opioid traffic within their registry or registrar. There are many providers, not covered here, who removed hundreds of domains selling opioids and I applaud their efforts.

In January of this year on a single day, in a single town in Massachusetts police seized $1.2 Million worth of Fentanyl from one location and revived an infant who was exposed to Fentanyl in another location. These scenes are repeated regularly throughout the world as the specter of opioid abuse haunts us. What is Fentanyl? Let us use a description from a Namesilo-sponsored domain selling Fentanyl without a prescription:

Fentanyl is a powerful synthetic opiate analgesic similar to but more potent than morphine. It is typically used to treat patients with severe pain, or to manage pain after surgery. It is also sometimes used to treat people with chronic pain who are physically tolerant to opiates. It is a schedule II prescription drug.

Fentanyl is 50 times more powerful than heroin and over 100 times more potent than morphine. It is intended to be used as a slow-release, but people who abuse it take the entire dosage through various means. It is a quick route to overdose and death. When we reported this domain to Namesilo, something curious happened, there was no response from NameSilo but the site became "hidden" from certain IP addresses. As of today domain is still selling Fentanyl.

Different societies have struggled with different abuse issues throughout history, this one is ours and is being fueled from unexpected sources. I have written about various illicit pharmacy operations within the DNS before and the registrars who permit them to operate, but online opioid traffic is much worse. Online opioid traffic is inherently predatory, targeting people who will likely suffer and die.

From January 2016 until now I have been working with a variety of ad hoc teams in addressing the problem of online opioids. First, I lead a group of undergraduates to collect and analyze opioid trafficking domains to determine how easy it was to get controlled substances and which providers were most pervasive. Following the release of our findings I was asked to present the report at a number of different venues from Internet policy, security, and law enforcement groups. They were all shocked, but not surprised at the scope of open narcotics traffic on the Internet. The next step in this effort, starting in August 2016, was to begin notifying the various providers and measure their response. The results, overall, were actually encouraging.

Different providers (including registries, registrars, and ISPs) form India, Germany, China, Netherlands, and many other countries used their documented abuse procedures to suspend and remove domains, over 200 of them, engaged in opioids traffic. Domains either directly involved in the trafficking of narcotics or aiding them in transactions, marketing or Internet infrastructure were reported. The registries, registrars and hosting companies recognized that A) the illegal commerce occurring within these domains violated their policies, B) the registrants are likely criminals, and/or C) the threat to the public health does not support a positive model of the Internet. For these efforts, I thank all who participated. Some of the notified domains dropped opioids from their offerings, but continue to be illicit pharmacies and will have to be addressed in a different context, but this is still progress. That is the good news…

The bad news is that there are a handful of providers now knowingly allowing narcotics trafficking domains within their control to persist. This may or may not surprise the reader but these providers are all in the United States where this type of activity has been illegal for nearly a decade. The variety of explanations (and in some cases no explanation) for why opioid dealing domains sponsored by these providers do not violate policy beg credulity and logic. All of the companies listed below were directly notified about the domains and our intent to publish our findings.

Public Interest Registry (PIR) – The correspondence with PIR on this issue was one of the most disappointing and convoluted of this study. PIR prides itself on serving the public interest and holds up the Red Cross and UNICEF as examples of its public commitment, but PIR has a dark side. By some twisted logic, domains dealing in opioids are "public benefit organizations". Some of you may be jumping up and down screaming that registries are not the proper place for enforcement, but you should know that the other TLDs not mentioned here had no problem removing domains selling controlled substances. This makes non-enforcement by PIR an arbitrary choice. Furthermore, PIR has an express policy prohibiting use of the registry for "Illegal or fraudulent actions”, but PIR would not clarify how narcotics traffic did not constitute abuse under their policies why other kinds of illicit use (spam, phishing, child exploitation) do qualify as abuse. There are a number of other inconsistencies in PIR policy described in the report, but the most troubling was an instruction from PIR staff to stop reporting domains selling narcotics. Here is the willful blind eye.

Verisign – Verisign has the largest collection of opioid trafficking domains, but unlike PIR it has no clear policy in terms of illegal activities in the registry, only vague "malicious conduct" reporting. The main problem in this case is that requests to Verisign to clarify their abuse process and policy went unanswered. As an example of the overall problem within .COM our report details a "Silk Road" site operating completely out in the open, not on the Dark Web.

XYZ – XYZ has a number of published policies concerning illegal activities yet has neither responded nor taken action on an opioid domain reported multiple times since August of 2016.

Global Knowledge Group (GKG) – As a registrar, GKG has the largest collection of opioid domains still active following this work. One of the strangest interactions with GKG staff was a declaration that they "can not determine any illegal act occurring” and that "the domain name in question is not in any direct violation of GKG's terms of service”. It is obvious GKG did not actually review the domain or its own policies which define abuse as use that "promotes illegal drugs”.

NameSilo, LLC – It could be complete coincidence that a reported opioid domain sponsored by NameSilo became hidden after being reported, but we will never know since NameSilo staff did not respond to our inquiry (see here).

One of the first arguments that will be thrown at me in response to all of this is the slippery slope, meaning providers feel that removal of certain domains will have a chilling effect and open the door to suspending domains of other types. For people who want to protect freedom of expression on the Internet, this would be the wrong issue to take a stand on. The flip side of chilling is creating safe havens for criminal activity. Once criminals realize that this registry and that registrar have unenforced policies concerning illegal commerce, they will flock there. No one really need the dark net when the open DNS allows unmitigated narcotics traffic.

Complying with the law and complying with a court order are not the same thing. Everyone has to comply with a court order or risk additional penalty. Complying with the law is something most of us do persistently because we understand the civilized intent of the law. If a law is fundamentally unfair, or inconsistently enforced by repressive government, that is a completely different story. A court order is merely an affirmation that a party did not follow the law. To sidestep collaborative Internet policy and demand a court order rejects the idea that the Internet is a space for reasonable process and should only respond to government. The argument frequently pushed forward within ICANN is to reduce the influence of government. Participants in Internet policy who's first answer is "go to the police" risk the development of a fractured Internet controlled in its gated segments by local government. The right way to go is to listen to consumers, and our public health professionals on this issue.

By Garth Bruen, Internet Fraud Analyst and Policy Developer. More blog posts from Garth Bruen can also be read here.

Related topics: Cybercrime, DNS, Domain Names, Registry Services, ICANN, Internet Governance, Law, Policy & Regulation, Top-Level Domains

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Many invalid arguments - this is just vigilantism Brandt Dainow  –  Feb 17, 2017 2:05 AM PST

This is a classic example of vigilantism.  The reasons given above fail to justify the actions:

"Some of you may be jumping up and down screaming that registries are not the proper place for enforcement, but you should know that the other TLDs not mentioned here had no problem removing domains selling controlled substances. This makes non-enforcement by PIR an arbitrary choice" - this argument works both ways - you can just as easily say it those TLD's which removed domains made an arbitrary choice

"Participants in Internet policy who's first answer is "go to the police" risk the development of a fractured Internet controlled in its gated segments by local government." - the concept of "gated" segments of government simply fails to understand what government is - various groups created by various procedures with many ways of delimiting their authority (including geography and competance), all working within a system of laws which seeks to unify and harmonise their actions.  The idea that there is something wrong with this system begs the question - what's the alternative, a monolithic dictatorship by a single political party?

Secondly, you don't get to decide whether to report a crime or not to the police on the basis that it might make an internet you don't like.  Crime is crime - see it, report it to the police.  In many cases, seeing a crime and failing to report it to the police, is a crime.

"the registrants are likely criminals" - No mention in the item on proper defence procedures for the accused, no recognition of "innocent until proven guilty".  Let's just convict people because they are "probably" guilty.  Similarly, for the TLD's mentioned above, no chance for the accused to defend themselves.  A respectable journalist would have been expected to inform Verisign, XYZ, and the others named that this item was coming out, to warn them what it contained, and give them a chance to provide a response, which should have been included here.  Instead we have a sneaky name-and-shame game of "let's play moral outrage."

"One of the first arguments that will be thrown at me in response to all of this is the slippery slope, meaning providers feel that removal of certain domains will have a chilling effect and open the door to suspending domains of other types. For people who want to protect freedom of expression on the Internet, this would be the wrong issue to take a stand on. The flip side of chilling is creating safe havens for criminal activity." - yep, freedom of speech means sometimes people will use speech to plan criminal activity.  The alternative is to monitor everything everyone says.  A "safe" balance is not possible here - liberty means accepting it will sometimes be misused.  We accept it in democracies because the alternative is worse - totalitarianism. If you want a world in which everyone is controlled and "safe", move to North Korea.  Democracies learned the hard way that we need very carefully designed legal systems, with checks and balances, and many procedures, in order to control what people do without harming other aspects of society.  What we don't need is vigilanties to start deciding for themselves that they will be cop, judge and executioner, then bad-mouth companies which refuse to submit.

Too many irrelevancies and tangents Garth Bruen  –  Feb 18, 2017 6:08 PM PST

This is a classic example of blaming the messenger

you can just as easily say it those TLD's which removed domains made an arbitrary choice

Nope. Choice was based on documented policy.

In many cases, seeing a crime and failing to report it to the police, is a crime.

Exactly, , now each of these entities have seen and not reported it.

Let's just convict people because they are "probably" guilty.  Similarly, for the TLD's mentioned above, no chance for the accused to defend themselves

Not a conviction, a term of service violation. They have plenty of opportunity to defend themselves, produce a valid pharmacy license as required by law.

A respectable journalist would have been expected to inform Verisign, XYZ, and the others named that this item was coming out, to warn them what it contained, and give them a chance to provide a response, which should have been included here.  Instead we have a sneaky name-and-shame game of "let's play moral outrage.”

Wrong again, each entity was given ample opportunity to respond and was fully informed.

yep, freedom of speech means sometimes people will use speech to plan criminal activity.  The alternative is to monitor everything everyone says.

This isn’t free speech, its a transaction for an illegal item, not protected.

A "safe" balance is not possible here - liberty means accepting it will sometimes be misused.

A safe balance is completely possible and there is no excuse for accepting harmful activity that can be stopped.

We accept it in democracies because the alternative is worse - totalitarianism.

Reasonable people do not accept blatant narco traffic, policy obfuscation, negligence, or collusion.

If you want a world in which everyone is controlled and "safe", move to North Korea.

Illicit drugs are being manufactured and smuggled out of NK ,you’ve got it backwards here.

Democracies learned the hard way that we need very carefully designed legal systems, with checks and balances, and many procedures, in order to control what people do without harming other aspects of society.

The checks and balances exist here, they’re just being ignored by the entities in question.

What we don't need is vigilanties to start deciding for themselves that they will be cop, judge and executioner, then bad-mouth companies which refuse to submit.

The definition of vigilantism is “law enforcement undertaken without legal authority by a self-appointed group of people.” Reporting illegal opioid trafficking to the companies who sponsor the domains is nowhere near vigilanteism, it’s how the abuse reporting process is supposed to work. When the Internet companies do not follow their own published policies, that's hypocrisy and negligence.

I’m sorry if this all this blunt talk is problem, because its about to get worse.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Startup League Reports from WebSummit, Lisbon

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

.SPACE Becomes the Choice of the First Ever Space Nation Asgardia

Afilias Chairman Jonathan Robinson Wins ICANN's 2016 Leadership Award at ICANN 57

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

8 Tips to Find Your Perfect .COM Domain Name

Why .com is the Venture Capital Community's Power Player

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

The .cancerresearch TLD: Search for Cure Drives Digital Innovation

New TLD? Make Sure It's Secure

Radix Launches Startup League at TechCrunch

Celebrating One Year of .online

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

Sponsored Topics