Home / Blogs

Internet Drug Traffic, Service Providers and Intellectual Property

You could call this Part Three in our series on Illicit Internet Pharmacy. Part One being What’s Driving Spam and Domain Fraud? Illicit Drug Traffic, Part Two being Online Drug Traffic and Registrar Policy. There are a few facts I’d like to list briefly so everyone is up to speed. The largest chunk of online abuse at this time is related to illicit international drug traffic, mostly counterfeit and diverted pharmaceuticals. Not only is this an Internet abuse issue but it also represents a grave public health risk since the entire chain of doctors, pharmacists, and patient education has been bypassed by criminals. We have also found that the lion’s share of phony RX domains and IP hosts are in the U.S.(see Host Exploit‘s Top 10 Bad Hosts 2009). As we pointed out Registrars and ISPs have the technical ability and legal obligation to terminate these sites, but few of them are unless put under pressure. There is an additional threat, the one to Intellectual Property. Not just a threat to brand-holders, abuse of trademarks is a ticking time bomb for Registrars and ISPs.

Many ISPs and Registrars falsely believe they are protected from their customer’s illicit activities by various statues. This is only true for certain types of crimes and lawsuits. Providers have even written in the Terms Of Service or Acceptable Use Policy that their customers are responsible for any legal action stemming from abuse, but this only covers some activities. Registrars and ISPs ARE in fact liable for Intellectual Property violations conducted by their customers. The Communications Decency Act only immunizes defendants from non-intellectual property claims and non-criminal complaints. Illicit pharmacy is both a criminal act as well as an IP violation since most deal in counterfeit or unauthorized sales of trademarked drugs. One critic of our first article was chagrined that we suggested that Registrars should act on abuse reports from the public, but doing just that is in their best interest. Failing to act can be seen as an act of complicity later when lawsuits begin.

We have a new proactive process that monitors IP abuse in the wild and during initial testing we found 85 compromised IP addresses at one provider’s ASN that were hosting spam template content. These sites are never advertised themselves but rather provide low-level content delivery to thousands of spammed domains which are advertised, dumped and replaced. We found that many of the domains that used these templates had trademarks in the domain names. Words like Zoloft, Motrin, Norvasc, Celexa, Zyloprim and many others. None, of course, were the real sites controlled by the actual brand-holders.

One thing is for certain, they are making considerable amounts of money by abusing brands. So much so that they have gone beyond common spam, site hijacking, or paid search engine advertisements and are now issuing press releases to announce deployments of new illicit pharmacies. It seems mind-boggling that a completely illegal business would be so brazen as to use a press release but it shows us the lack of fear on their behalf.

So, folks may wonder why if there is an abundance of research data as well as legal authority. Reason is simple: no enforcement. Many IP attorneys have expressed their lack of faith in WIPO and ICANN enforcement. Brand holders feel that chasing IP violators on the Internet is like swatting at gnats. Recently, we got into a spat with a Registrar over an unlicensed pharmacy domain that was impersonating a pharmaceutical manufacture. The Registrar brushed off our concern until we made clear that their position was completely indefensible. They finally suspended the domain after the brief discussion. The pharma brands also share in the blame for not enforcing their marks. Some drug companies may have unfortunately lead to believe that there is no solution. Others fear the public perception of big pharma pursuing lost profits from illicit providers as if the rogue drug traffickers were some kind of Robin Hood. They are not. Illicit drug traffickers are only helping themselves and often replacing active ingredients with poison. Money in their pocket, garbage in your body.

Some Registrars and ISPs welcome the rogue pharmacy traffic because of the revenue generated by thousands of illicit sites that operate with impunity. Others are seemingly helping illicit pharmacies find variations of unclaimed trademark violation domains with “suggestion” utilities (see sample snapshot). For those that are not familiar with domain registration, some companies will allow you enter any word, including the name of a trademarked product, and return a massive list of unused variations containing that word. For anyone wondering how the spammers come up with so many different URLs with the names of male enhancers, they actually don’t have to because Registrars will make them up on the fly for the spammers to buy in bulk. It is a puzzle to many people how the Registrars can sell off someone’s trademark. This is, of course, the fundamental question. Adding a warp-speed engine that generates lists of potentially abused trademarked domains is the injury to the insult.

This is a wake-up call the pharmaceutical brands, I am telling you that something can be done to put the pharmacy fraudsters out of business. The problem can be quantified, minimized and managed. And, honestly, this is the case for any trademarked product or service being abused on the Net. It’s a new year, let’s move in a new direction. The best solution to the whole abuse problem is a shared solution between government, Internet users, brand-holders and service providers. If everyone lifts their weight we all benefit.

By Garth Bruen, Internet Fraud Analyst and Policy Developer

Filed Under


"Response to expertise" etc Suresh Ramasubramanian  –  Jan 7, 2010 3:31 AM

My main grouse so far has been (and I told you this back when we had dinner at that chinese restaurant, during MAAWG San Fran last february) that knujon has been, so far, way too confrontational and media oriented to be actually effective.

You’ll find that a lot of the constitutencies you’re trying to target are going to work far better with you if you’re not out to

1. Lump them with genuinely bad actors [your registrar list had a strange mix of extremely whitehat registrars that’d have a problem - and quickly deal with it .. and extremely shady ones.. all tarred with the same brush]

2. Make them look bad in the media

Real work goes on - a lot of it - that you just don’t see (and won’t ever see, I suspect).

Hi Suresh Bob Bruen  –  Jan 7, 2010 4:05 AM

Well, you have outed yourself. I Hope you are well. The Chinese dinner was excellent, including the discussion. All the presentations I have given have been well received, so you are in a minority. Yes, you did say the same thing. However, I said (and still say) that not much was done before we used the sunshine approach - all backed up by statistics and real research. Nothing was ever refuted, only disliked. Each registrar was offered a chance to work with us (for free) to fix things and only a handful took us up on it. My feeling was that the money was too good. If a registrar was lumped in with others that seemed inappropriate, it was based on data. They should have responded to us. We are only interested in working with those who are sincere. Stop whining and contact us. The fact they are unhappy means very little. They would not work with before and they won't work with us now. Nothing has changed and your contention that they would work with us if they were not so unhappy has not been verified. It is just your opinion at the moment. Feel free to alter that at any time. Show me the "real work" that I don't see. I am open minded, and public about my goals. No hidden agenda. None of the work in the shadows has produced long term changes, as have the changes to the RAA, for example or the FDA letters to the registrars. Take the recent changes in China. Xinnet was the worst registrar in the world on both of KnujOn's top 10 lists. ICANN was afraid to de-accredit them, but the Chinese government has shut then down. Real work does go on, in spite of hiding in the shadows hoping that KnujOn will go away. There are more people like us showing up everyday. If they look bad in the media, it's their own fault. We are merely reporting the facts. If they don't like it, they should change the facts - and they can. We will continue to do research, gather data and make it public until the Internet is cleaned up. Those that make money from the 'Net have a responsibility to all the users in the world to keep it clean and safe.

Outed? Thought everyone knew me :) Suresh Ramasubramanian  –  Jan 7, 2010 4:18 AM

Xinnet seems to have gone down in a general chinese campaign on online porn. Nothing much at all to do with fast flux etc .. that's a campaign that's strictly local, appears totally unconnected with icann politics, or with knujon (or any other) campaigns, (except for post hoc, ergo propter hoc assumptions, of course). There's at least three or four chinese registrars with far more problems than xinnet, for several months now.

People do know you Bob Bruen  –  Jan 7, 2010 4:36 AM

I meant that you were outed as someone I actually spoke with (previous post). I did not name names to protect the innocent. Yes, Xinnet went down as part of a general campaign. I mentioned it only to show things do happen that are not caused by us, fastflux was not a factor. ICANN though they were too big to take down, thus protecting them. Sooner or later though, the bad guys get caught or worse, don't make any money ;) I can only hope that China has made some progress that will last. And yes, we are aware of the other bad Chinese registrars. They will get theirs sooner or later. All countries have people who are willing to work to put the Internet in a safe place.

There are more people like us showing Derek  –  Jan 11, 2010 2:52 AM

There are more people like us showing up everyday.
Agreed. Also, with many of them are extremely knowledgeable and being experts in their own right and many making a living from IT. We need to ask why? Maybe they are not happy seeing the promise of the net and things they worked for rapidly going to the dogs. Maybe you could consider it the masses asking for a bit of integrity and accountability. The Illicit Internet Pharmacies just once again illustrates the sick Internet and the shortcomings of the appointed custodians. What trust or respect should we have for any registrar, hosting provider or like that is willing to idly stand by and allow people with criminal intent, selling drugs that may harm that registrar's or provider's fellow citizens, to abuse their services all for his few dollars of the pie. When confronted, the wish to hide behind something erroneously called the Communications Decency Act. I find nothing decent about this.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byVerisign

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API