Home / Blogs

Narcotics Traffic Is Not Part of a Healthy Domain System

A stack contrast is emerging within the DNS between providers who tolerate blatantly illegal domain use and those who do not. Our study, just published here focuses on five U.S.-based providers, their policies, and their response to reports of opioid traffic within their registry or registrar. There are many providers, not covered here, who removed hundreds of domains selling opioids and I applaud their efforts.

In January of this year on a single day, in a single town in Massachusetts police seized $1.2 Million worth of Fentanyl from one location and revived an infant who was exposed to Fentanyl in another location. These scenes are repeated regularly throughout the world as the specter of opioid abuse haunts us. What is Fentanyl? Let us use a description from a Namesilo-sponsored domain selling Fentanyl without a prescription:

Fentanyl is a powerful synthetic opiate analgesic similar to but more potent than morphine. It is typically used to treat patients with severe pain, or to manage pain after surgery. It is also sometimes used to treat people with chronic pain who are physically tolerant to opiates. It is a schedule II prescription drug.

Fentanyl is 50 times more powerful than heroin and over 100 times more potent than morphine. It is intended to be used as a slow-release, but people who abuse it take the entire dosage through various means. It is a quick route to overdose and death. When we reported this domain to Namesilo, something curious happened, there was no response from NameSilo but the site became “hidden” from certain IP addresses. As of today domain is still selling Fentanyl.

Different societies have struggled with different abuse issues throughout history, this one is ours and is being fueled from unexpected sources. I have written about various illicit pharmacy operations within the DNS before and the registrars who permit them to operate, but online opioid traffic is much worse. Online opioid traffic is inherently predatory, targeting people who will likely suffer and die.

From January 2016 until now I have been working with a variety of ad hoc teams in addressing the problem of online opioids. First, I lead a group of undergraduates to collect and analyze opioid trafficking domains to determine how easy it was to get controlled substances and which providers were most pervasive. Following the release of our findings I was asked to present the report at a number of different venues from Internet policy, security, and law enforcement groups. They were all shocked, but not surprised at the scope of open narcotics traffic on the Internet. The next step in this effort, starting in August 2016, was to begin notifying the various providers and measure their response. The results, overall, were actually encouraging.

Different providers (including registries, registrars, and ISPs) form India, Germany, China, Netherlands, and many other countries used their documented abuse procedures to suspend and remove domains, over 200 of them, engaged in opioids traffic. Domains either directly involved in the trafficking of narcotics or aiding them in transactions, marketing or Internet infrastructure were reported. The registries, registrars and hosting companies recognized that A) the illegal commerce occurring within these domains violated their policies, B) the registrants are likely criminals, and/or C) the threat to the public health does not support a positive model of the Internet. For these efforts, I thank all who participated. Some of the notified domains dropped opioids from their offerings, but continue to be illicit pharmacies and will have to be addressed in a different context, but this is still progress. That is the good news…

The bad news is that there are a handful of providers now knowingly allowing narcotics trafficking domains within their control to persist. This may or may not surprise the reader but these providers are all in the United States where this type of activity has been illegal for nearly a decade. The variety of explanations (and in some cases no explanation) for why opioid dealing domains sponsored by these providers do not violate policy beg credulity and logic. All of the companies listed below were directly notified about the domains and our intent to publish our findings.

Public Interest Registry (PIR) – The correspondence with PIR on this issue was one of the most disappointing and convoluted of this study. PIR prides itself on serving the public interest and holds up the Red Cross and UNICEF as examples of its public commitment, but PIR has a dark side. By some twisted logic, domains dealing in opioids are “public benefit organizations”. Some of you may be jumping up and down screaming that registries are not the proper place for enforcement, but you should know that the other TLDs not mentioned here had no problem removing domains selling controlled substances. This makes non-enforcement by PIR an arbitrary choice. Furthermore, PIR has an express policy prohibiting use of the registry for “Illegal or fraudulent actions”, but PIR would not clarify how narcotics traffic did not constitute abuse under their policies why other kinds of illicit use (spam, phishing, child exploitation) do qualify as abuse. There are a number of other inconsistencies in PIR policy described in the report, but the most troubling was an instruction from PIR staff to stop reporting domains selling narcotics. Here is the willful blind eye.

Verisign – Verisign has the largest collection of opioid trafficking domains, but unlike PIR it has no clear policy in terms of illegal activities in the registry, only vague “malicious conduct” reporting. The main problem in this case is that requests to Verisign to clarify their abuse process and policy went unanswered. As an example of the overall problem within .COM our report details a “Silk Road” site operating completely out in the open, not on the Dark Web.

XYZ – XYZ has a number of published policies concerning illegal activities yet has neither responded nor taken action on an opioid domain reported multiple times since August of 2016.

Global Knowledge Group (GKG) –  As a registrar, GKG has the largest collection of opioid domains still active following this work. One of the strangest interactions with GKG staff was a declaration that they “can not determine any illegal act occurring” and that “the domain name in question is not in any direct violation of GKG’s terms of service”. It is obvious GKG did not actually review the domain or its own policies which define abuse as use that “promotes illegal drugs”.

NameSilo, LLC – It could be complete coincidence that a reported opioid domain sponsored by NameSilo became hidden after being reported, but we will never know since NameSilo staff did not respond to our inquiry (see here).

One of the first arguments that will be thrown at me in response to all of this is the slippery slope, meaning providers feel that removal of certain domains will have a chilling effect and open the door to suspending domains of other types. For people who want to protect freedom of expression on the Internet, this would be the wrong issue to take a stand on. The flip side of chilling is creating safe havens for criminal activity. Once criminals realize that this registry and that registrar have unenforced policies concerning illegal commerce, they will flock there. No one really need the dark net when the open DNS allows unmitigated narcotics traffic.

Complying with the law and complying with a court order are not the same thing. Everyone has to comply with a court order or risk additional penalty. Complying with the law is something most of us do persistently because we understand the civilized intent of the law. If a law is fundamentally unfair, or inconsistently enforced by repressive government, that is a completely different story. A court order is merely an affirmation that a party did not follow the law. To sidestep collaborative Internet policy and demand a court order rejects the idea that the Internet is a space for reasonable process and should only respond to government. The argument frequently pushed forward within ICANN is to reduce the influence of government. Participants in Internet policy who’s first answer is “go to the police” risk the development of a fractured Internet controlled in its gated segments by local government. The right way to go is to listen to consumers, and our public health professionals on this issue.

By Garth Bruen, Internet Fraud Analyst and Policy Developer

Filed Under

Comments

Many invalid arguments - this is just vigilantism Brandt Dainow  –  Feb 17, 2017 10:05 AM

This is a classic example of vigilantism.  The reasons given above fail to justify the actions:

“Some of you may be jumping up and down screaming that registries are not the proper place for enforcement, but you should know that the other TLDs not mentioned here had no problem removing domains selling controlled substances. This makes non-enforcement by PIR an arbitrary choice”  - this argument works both ways - you can just as easily say it those TLD’s which removed domains made an arbitrary choice

“Participants in Internet policy who’s first answer is “go to the police” risk the development of a fractured Internet controlled in its gated segments by local government.” - the concept of “gated” segments of government simply fails to understand what government is - various groups created by various procedures with many ways of delimiting their authority (including geography and competance), all working within a system of laws which seeks to unify and harmonise their actions.  The idea that there is something wrong with this system begs the question - what’s the alternative, a monolithic dictatorship by a single political party?

Secondly, you don’t get to decide whether to report a crime or not to the police on the basis that it might make an internet you don’t like.  Crime is crime - see it, report it to the police.  In many cases, seeing a crime and failing to report it to the police, is a crime.

“the registrants are likely criminals” - No mention in the item on proper defence procedures for the accused, no recognition of “innocent until proven guilty”.  Let’s just convict people because they are “probably” guilty.  Similarly, for the TLD’s mentioned above, no chance for the accused to defend themselves.  A respectable journalist would have been expected to inform Verisign, XYZ, and the others named that this item was coming out, to warn them what it contained, and give them a chance to provide a response, which should have been included here.  Instead we have a sneaky name-and-shame game of “let’s play moral outrage.”

“One of the first arguments that will be thrown at me in response to all of this is the slippery slope, meaning providers feel that removal of certain domains will have a chilling effect and open the door to suspending domains of other types. For people who want to protect freedom of expression on the Internet, this would be the wrong issue to take a stand on. The flip side of chilling is creating safe havens for criminal activity.” - yep, freedom of speech means sometimes people will use speech to plan criminal activity.  The alternative is to monitor everything everyone says.  A “safe” balance is not possible here - liberty means accepting it will sometimes be misused.  We accept it in democracies because the alternative is worse - totalitarianism. If you want a world in which everyone is controlled and “safe”, move to North Korea.  Democracies learned the hard way that we need very carefully designed legal systems, with checks and balances, and many procedures, in order to control what people do without harming other aspects of society.  What we don’t need is vigilanties to start deciding for themselves that they will be cop, judge and executioner, then bad-mouth companies which refuse to submit.

Too many irrelevancies and tangents Garth Bruen  –  Feb 19, 2017 2:08 AM

This is a classic example of blaming the messenger

you can just as easily say it those TLD's which removed domains made an arbitrary choice
Nope. Choice was based on documented policy.
In many cases, seeing a crime and failing to report it to the police, is a crime.
Exactly, , now each of these entities have seen and not reported it.
Let's just convict people because they are "probably" guilty.  Similarly, for the TLD's mentioned above, no chance for the accused to defend themselves
Not a conviction, a term of service violation. They have plenty of opportunity to defend themselves, produce a valid pharmacy license as required by law.
A respectable journalist would have been expected to inform Verisign, XYZ, and the others named that this item was coming out, to warn them what it contained, and give them a chance to provide a response, which should have been included here.  Instead we have a sneaky name-and-shame game of "let's play moral outrage.”
Wrong again, each entity was given ample opportunity to respond and was fully informed.
yep, freedom of speech means sometimes people will use speech to plan criminal activity.  The alternative is to monitor everything everyone says.
This isn’t free speech, its a transaction for an illegal item, not protected.
A "safe" balance is not possible here - liberty means accepting it will sometimes be misused.
A safe balance is completely possible and there is no excuse for accepting harmful activity that can be stopped.
We accept it in democracies because the alternative is worse - totalitarianism.
Reasonable people do not accept blatant narco traffic, policy obfuscation, negligence, or collusion.
If you want a world in which everyone is controlled and "safe", move to North Korea.
Illicit drugs are being manufactured and smuggled out of NK ,you’ve got it backwards here.
Democracies learned the hard way that we need very carefully designed legal systems, with checks and balances, and many procedures, in order to control what people do without harming other aspects of society.
The checks and balances exist here, they’re just being ignored by the entities in question.
What we don't need is vigilanties to start deciding for themselves that they will be cop, judge and executioner, then bad-mouth companies which refuse to submit.
The definition of vigilantism is “law enforcement undertaken without legal authority by a self-appointed group of people.” Reporting illegal opioid trafficking to the companies who sponsor the domains is nowhere near vigilanteism, it’s how the abuse reporting process is supposed to work. When the Internet companies do not follow their own published policies, that's hypocrisy and negligence. I’m sorry if this all this blunt talk is problem, because its about to get worse.

Is Brandt Dainow connected to cyber crime? Fred Showker  –  Mar 15, 2017 12:49 PM

When this kind of response comes it makes one suspect if it is coming from the cyber crime side of the isle.  So, what you are saying, Brandt Dainow, is that it’s the bomb’s fault people died, and not the guy who came in wearing the vest? 

There’s no vigilantism in that essay.  It’s solid research and reporting. Many people will not like it—and I understand why. Too many people are profiteering on illegal activities on the internet because they know they don’t need to be accountable, and they’ll be gone before slow justice catches them.  What we really don’t need is profiteering at others expense. 

Garth . . . it’s already worse.  Get a copy of “FUTURE CRIMES” and read it ... there you’ll find why Mr. Dainow’s mindset is enabling the cyber crime world.

http://amzn.to/2nEvBHH


:-)

Didn't understand my objection Brandt Dainow  –  Mar 15, 2017 5:30 PM

Dear Fred,
I really fail to see how you could possibly have drawn such an illogical conclusion from my concerns. 

I am not defending the actions of the websites selling illegal goods
.  That is illegal and should be stopped.  They should be suitably punished in court. 

I am not defending the ISP’s who knowingly left the sites in place after being informed.  They should have reported these sites to the police, documented the sites as evidence, and assisted in whatever way the police wanted so as to ensure the maximum punishment for the people behind the site.  For example, the police may have wanted the site to remain active so they could conduct “sting” purchases and get better evidence for court. 

I am not criticising Garth for finding and reporting these sites.  Good for him, that is exactly what we need citizens to do.

HOWEVER - it is not appropriate for Garth to demand that the ISP’s merely remove the sites, and it is not appropriate for Garth to publish the names of those ISP’s who fail to obey him as some form of punishment, especially without giving them the chance to respond, as any fair journalist would.  What Garth should have done is report these sites to the police.  If the police had failed to act, then he would have been justified in publishing that information as a matter of public interest, provided he also pursued whatever actions were available to complain about the lack of police action.

Garth’s vigilantism lies in demanding ISP’s obey his orders and then publishing about it when they didn’t.  Furthermore, fair debate would have been to offer those ISP’s the chance to explain their actions.  For all we know, those sites stayed up at the request of the police so they could gather evidence.  Who knows?  Giving the ISP’s a chance to respond to this column would have been fair, and could actually have scared them into action.  Furthermore, by merely forcing these sites down, the perpetrators can easily create more, but the police miss the chance to catch them.  These are serious crimes - merely taking the site down is like moving a dealer from one corner to another. 

So let’s be clear - my criticism is about the publishing of the details of the ISP’s who failed to comply, and the fact Garth never went to the police.

Sorry, still wrong and presumptive Garth Bruen  –  Mar 16, 2017 8:48 AM

Brandt, I already addressed this

HOWEVER - it is not appropriate for Garth to demand that the ISP's merely remove the sites,
I never actually requested site removal. I reported the illegal use under the abuse published terms of each provider. Furthermore, the transparent multi-stakeholder model ICANN operates dictates these providers accept reports of abuse from the public and follow the law and regulation in their business practices. The registrant agreements also forbid domains from being used for an illegal purpose. By precluding my ability to report illegal sites you are violating these accepted and important models.
and it is not appropriate for Garth to publish the names of those ISP's who fail to obey him as some form of punishment, especially without giving them the chance to respond,
Again, you presume this is true without actually asking. The providers in question would prefer to respond in private or even not at all. But anyway, we don't need to argue about this data when we can argue about the new data: ICANN Complaint System Easily Gamed

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign