|
Spam is not about who sent it, it’s about who benefits from it. For a moment forget everything you know about filters, zombie PCs, firewalls, spoofing, viruses, beisyan algorithms, header forgery, botnets, or blacklists. These are all methods for sending spam or preventing spam delivery. None of these explain why spam is sent and for far too long all the attention has been paid to the effects and not the driving force. Under the endless onslaught of junk mail it is easy to feel that the goal of the game is send spam and annoy us all. But this isn’t the goal. The goal of spam is a transaction. Motivation not method.
A transaction in this sense could be many things. It can refer to the traditional meaning of the word: someone voluntarily exchanging some kind of money for a product or service, like buying illicit products from shady. In terms of cybercrime it can also refer to the involuntary exchange of information, like the reveal of a password, credit card, or bank account information. It could mean that a virus was installed on your pc that opens it up to abuse. An email recipient could follow a link charges and advertising account, click-fraud. Or, a transaction could simply be that the recipient of the spam comes to believe that something is true and then acts on it. Examples of this being stock spam and urban legends. A consumer believes that a stock price will increase so they buy some. An email user believes a chain-hoax to be true so they forward it to more people. Sending spam is not a transaction, it’s just an advertisement. The transaction only occurs when the spam recipient takes action or provides money, information, or access.
There are two broad categories of spam emails: ones that advertise a URL and ones that do not. Stock spam, degree mills, and advance fee scams (so-called 419 or Nigerian scams). For the purposes of this discussion we’re focusing on the URL-based spam.
Transactions for products and services occur at websites. There is certainly a diversity of products advertised in spam but far and away the number one item: Drugs. Not heroin, cocaine or marijuana but illicit pharmaceuticals. This should not come as a surprise to anyone as Viagra has become synonymous with spam and vice-versa. But it’s not just lifestyle drugs. Painkillers, psychotropics, anti-depressants, diabetics, and pretty much any drug that requires a prescription are being sold on domains sponsored by ICANN Accredited Registrars. The only problem here is that these drugs are being sold without a prescription. No, the drugs do not come from Canada. Even though “Canada” is a favorite term for these websites the pills come from Turkey, Serbia, Moldova, and India. The medicine may be real or it may not be, but anyone consuming them is risking their health as well as giving money to organized crime.
Spam offers everything from septic tanks to prostitution, but illicit prescriptions are most of the problem. Rogue pharmacy is now at least at $100 Billion illicit industry and the Internet is driving its growth with absolute impunity.
Criminals hire spammers to promote websites where drugs are sold illegally. Because spammed websites are quickly discovered and complained about they are often taken down soon after a spam campaign. To deal with this problem drug traffickers use multiple layers of linked and redirected domains that are not spammed, stay intact and endure. Spammers may in fact be the Registrars best customers. Whereas the ordinary business may buy one or two domain names, spammers buy thousands and then dump them. The Registrar can then resell the defunct domain names, so they get paid twice for the same item.
Some reading this may think that Registrars are the fall guy here as it is impossible to track the activity of the thousands of domain names they sponsor. Problem is, they have been specifically informed of which domains are conducting illegal activities multiple times. Some might wonder then who is KnujOn to tell a Registrar about fake pharmacy domains? Actually, our reports have been endorsed by the National Association of Boards of Pharmacy(NABP), The National Center on Addiction and Substance Abuse at Columbia University (CASA), The American Pharmacists Association (APhA), and the Partnership for Safe Medicines.
Regardless of our endorsements, if a Registrar receives information of an illicit pharmacy site sponsored by them from any consumer and does not investigate and terminate, that Registrar is now aiding criminals. If a Registrar continues to accept payment from the domain owner after being notified, they are then receiving money from organized crime.
Bottom line is that the Registrars have the authority and technical ability to terminate a domain, even though many claim they do not. Registrars have the power to stop rogue pharmacy domains. The illicit networks rely on stable domains just like any other business. However, until the Registrars are told to stop sponsoring illicit drug traffic they will continue to do so. It is a ridiculous dance that cannot go on much longer. This farce is going to come to an end. No more pointing fingers at the ISPs only, terminating a domain breaks the spam link and closes the transaction platform.
Sponsored byVerisign
Sponsored byCSC
Sponsored byRadix
Sponsored byWhoisXML API
Sponsored byIPv4.Global
Sponsored byDNIB.com
Sponsored byVerisign
Pills yesterday, fake rolexes some other day .. malware URLs that broadcast trojans some other day. It varies.
Yes, we want to make pill traffic yesterday’s problem so we can tackle fake rolexes tomorrow. Thanks for making that point.
That sounds like an invitation for successful lawsuits against the registrars(as well as registries) on two fronts:
* the finding if some operation is a “rogue pharmacy” is usually reserved to courts of law and similar institutions
* what happens if a registry establishes a no-rouge-pharmacy policy and fails to enforce it against a registered domain(e.g. the registry wasn’t aware)
That said, registries and registrars should of course enforce their TOS: valid name/address/means of payment.
Nope, the licensing is done at the local level by board certification
If they’re not aware they can’t enforce. The problem begins when they are informed and do nothing.
The typical TOS also includes “no illegal activities” clause (as does the UDRP) as well as clauses that forbid activities that may harm the public or result in a lawsuit against the provider.
I've done a cursory look at the TOSs of Go Daddy, Enom, Tucows and Networksolutions. While all of them contain rules against illegal use, the wording seems only to apply to value added services like DNS hosting, email forwarding etc. and not the domain registration itself. The UDPR does contain (2.c and 2.d) wording against illegal use but also requires an UDPR proceeding(or order of court) to establish the illegal use and decide applicable actions. Unless I'm missing anything, the registrars would have to request an UDPR decision to cancel domains registered with them.
I suppose cybercrime is a myth and the Registrars have no responsibility to anyone, that’s one theory.
But if that were true Interpol and 24 governments wouldn’t be conducting massive sweeps of fake Internet pharmacies: http://www.interpol.int/Public/ICPO/PressReleases/PR2009/PR2009111.asp
The FDA, Customs, DEA and Postal Inspectors wouldn’t be taking down illicit pharma operations and including Registrars and ISPs as part of that: http://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm191330.htm
And I suppose MarkMonitor’s excellent report on the rapid growth of pharma brandjacking is also an exaggeration: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=220300056
This is a dark, dangerous illicit market that cares little for public safety as they prey on consumer fears and market fake flu medicine online: http://blogs.wsj.com/digits/2009/11/18/cybercrime-capitalizes-on-swine-flu-fears/
The Registrars have a choice. They can help end the illicit use of their products or they will soon find themselves more heavily regulated. The heavy regulations will surely lead to the increases in pricing you fear.
The guidelines are quite clear. The crime is quite clear. We’re not talking about “shutting down domains for whatever reason they want”, we’re talking about a very specific set of circumstances. Registrars are providing an easy portal for international drug traffickers to meet victims in ways they could not dream of 20 years ago. The amount of money flowing through this portal is unprecedented and actually quantifiable. The Internet has erased the protective layers of doctors, pharmacists, regulatory inspections, and industry standards. The role of the Registrar in this dramatic shift has not gone unnoticed and will continue to be the focus of regular scrutiny.
Google, Microsoft, Others Join Obama to Fight Phony Pharmacies
http://www.pcworld.com/article/213677/google_microsoft_others_join_obama_to_fight_phony_pharmacies.html