Category: Online Pharmacy

Background
The proliferation of counterfeit and pirated goods poses considerable challenges for legitimate trade and the sustainable development of the world economy. Trade in these counterfeit and pirated goods causes significant financial losses for right holders and legitimate businesses. It also hinders sustainable economic development in both developed and developing countries and, in some cases, represents a health or safety risk to consumers.

As a result, in October 2007, the United States, the European Community, Switzerland and Japan simultaneously announced that they would negotiate a new intellectual property enforcement treaty, the Anti-Counterfeiting Trade Agreement, or ACTA. ACTA represents a significant achievement in the fight against the infringement of intellectual property rights, particularly against the proliferation of counterfeiting and piracy on a global scale, and provides a mechanism for the parties to work together in a more collaborative manner to achieve the common goal of effective Intellectual Property Rights (IPR) enforcement. When it enters into force with all participants, ACTA will formalize the legal foundation for a first-of-its-kind alliance of trading partners, representing more than half of world trade.

Read the rest of this entry »

This week the Department of Justice announced that Google will forfeit $500M for “allowing online Canadian pharmacies to place advertisements through its AdWords program targeting consumers in the United States”. Read the rest of this entry »

If there is one thing we know about criminal activity on the internet, we know it changes constantly. Because the most illicit gains are to be found where defenses are few, online fraudsters are always seeking new territory to exploit their victims.

One current trend in the world of online fraud is the shift toward the mobile arena. For example, many reports are emerging about attacks against Google’s Android operating system for mobile devices. ISS recently examined malware designed to target Android.

In that vein, today we bring you images from the world of illegal online pharmacies. These organizations put lives at risk by offering prescription medications without a prescription, or worse, by sending fake medications that can cause great harm. Moreover, consumers’ credit card numbers are sometimes stolen when they make purchases from these sites.

Consider this screenshot of one a typical illegal online pharmacy website as viewed on an iPhone:

A traditional illegal online pharmacy as viewed on a mobile device.

As you can see, the type is small, not easy to read, and navigation is difficult.

Knowing that consumers are using mobile devices more than ever, cyber criminals have created the site below specifically to illegally sell prescription drugs in a format that is native to mobile devices. The images below were screenshots taken on an iPhone, and you can see how the presentation is different than a regular website tailored specifically for increased usability on a mobile device: larger font, less clutter… In short, they attempt to make it as easy as possible to make a purchase from this website. You can see that they have even gone to the trouble of incorporating a .mobi internet domain for the site to reinforce the mobile computing experience. It would be praiseworthy if it were not so recklessly endangering consumer safety.

The homepage of the rogue online pharmacy which is optimized for mobile devices.

The site’s product page for its generic Viagra. Note that Viagra is not off patent in most of the world, and is certainly not so in India, where this site claims its products originate. By definition this product is made outside the law and carries risk.

While most illegal online pharmacies will claim to offer a safe shopping experience, most (including this site) do not encrypt your credit card information when the purchase is made.

Here, offerings like “Cialis Professional” are made available for purchase. Unfortunately the maker of Cialis, Eli Lilly, has never offered such a drug. Only the maker of this counterfeit drug knows what the patient is really putting in his body if this is taken.

Regular readers of the Cyveillance Blog are well aware of the significant risks involved in online pharmacies. If you are looking for an easy way to help tell friends and family about this danger, MarketWatch just posted a video interview last week with a Special Agent in Charge from the Department of Homeland Security where they discuss the risks of online pharmacy.

It is our hope that consumers will remember examples like this site and recall that as technology advances, enterprising cyber criminals will likely have already considered ways to take advantage of the new landscape in ways that can seriously jeopardize your health and financial well being. Always stop, think, connect.

Cyber Criminals Don’t Limit Themselves to Just One Area of Fraud

Cyveillance has monitored the activity of rogue online pharmacies for several years. Websites which internet users may come across which sell viagra, levitra, and soma online without a prescription are everywhere. These websites come and go as the affiliate webmasters who run them come in and out of the business. However the big players that run the affiliate programs in this dangerous online pharmacy market don’t change very often and while some new ones continue to appear on the radar, in general the old ones are unfortunately doing well.

Back in July we wrote about one such group and their expansion into new but equally illegal territory. This crew of Russian cyber criminals who traditionally specialized in illegally sending unapproved and sometimes counterfeit drugs to patients in the United States now announced their plans to offer counterfeit luxury goods. Since writing that piece we have observed another Russian online pharmacy network announce a similar move into counterfeit luxury goods. They don’t want to miss out on the action.

So it was no surprise when we recently discovered yet another Russian online pharmacy network (who also primarily targets American citizens) moving into new territory. In the screenshot below, you can see a website that their web designer was working on but had not yet finished.

An illegal online pharmacy in the process of becoming a distributor of illegal copies of Microsoft Windows. Click to enlarge.

You will notice that parts of the page are identical to one of the online pharmacy templates they offer to their affiliate webmasters. Down the left hand side, it still lists drugs they wish to sell illegally, and in the search box at the top of the page it reads, “search medicine by name”. But the title of the page reads “Discount Software” and the items named in the center of the page all read “Windows 7 Ultimate”.

Note the phone number, which is the same as found on hundreds of illegal online pharmacies currently online. Click to enlarge.

The stolen logos of Microsoft, Adobe, Verisign, CNet, and Autodesk are likely included to suggest the legitimacy of their software sales.

In the screenshot below of rogue online pharmacy hqdrugs.com, we can see the same phone number (800-998-7978) and the same exact listing of categories going down the left hand side of the page.

This illegal online pharmacy has the same phone number and product categories as the site shown in previous screenshots above. Click to enlarge.

So there’s a pretty good chance that the first two screenshots reveal this rogue online pharmacy network directing its attention to illegal software sales. This will not only give them entry into a new market, exposing them to new (and unlucky) customers, but provide them new income should increasing scrutiny be given to the dangerous world of online illegal pharmacies.

As always, Cyveillance warns against doing business with such operations. If you’re curious whether the site you stumbled across is legitimate, see if it passes all of the criteria offered by the FDA regarding online pharmacies. Software downloads should only come directly from the original software company.

The National Institute of Standards and Technology recently released a request for comment from the public regarding ways to enhance cybersecurity while sustaining innovation:

The Department of Commerce’s Internet Policy Task Force is conducting a comprehensive review of the nexus between cybersecurity challenges in the commercial sector and innovation in the Internet economy. The Department seeks comments from all stakeholders, including the commercial, academic and civil society sectors, on measures to improve cybersecurity while sustaining innovation.

The full details of the NIST request can be downloaded here (PDF). (Responses are due by September 13th, 2010 so there is still time to contribute.)

Cyveillance has submitted the following response.

---

Threats to national cyber infrastructure do not always come in the form of malware, viruses, or unpatched software. Domestic and international organized crime depends on the internet as a significant revenue source, enabling their further growth in cyberspace and “real world” influence.

One particularly active arena of illicit activity online is illegal sale of pharmaceutical drugs. Illegal online pharmacies do not require the mandated face-to-face meeting between patient and caregiver before sending prescription medication to the buyer. The risks to consumers who use online pharmacies are many:

• without appropriate professional medical oversight of the access to powerful presciption drugs, there is a higher risk of prescription drug abuse or death
• the prescription medications may be produced in unregulated factories overseas by manufacturers that are not FDA approved, increasing the chances of substandard or ineffective medications being received
• the “medications” received by the consumer may be counterfeit, causing harm not only because they do not treat the medical condition they were purchased to improve, but because they may be composed of harmful chemicals

The examples above are more than possibilities; documented cases exist of American consumers who were customers of illegal online pharmacies and died as a result. Many more undocumented cases are sure to exist.

Today we will examine illegal online pharmacies and the complicity of American companies which enable their crimes, discuss the risks they pose to American consumers and overall cybersecurity, and make recommendations to make it harder for such criminals to put Americans at risk.

Hosting Companies

Whenever an internet user wants to visit a website, a computer server answers the request and delivers that website to the internet user. These servers can be located anywhere in the world. If you run a website you normally pay a hosting company so that its servers will deliver your website to internet users.

The webmasters of illegal online pharmacies are like any other website owner and prefer hosting companies that are reliable and geographically close to their potential customers so that connections are generally quicker. Unfortunately, the highly competitive hosting market and lack of consequences for aiding and abetting these criminal operations result in many American hosting companies which are all too ready to offer them hosting services.

There are servers in the United States which host hundreds of illegal online pharmacies. While these companies will accurately respond that their terms of service prohibit such activity, it is the experience of Cyveillance and its peers in the fight for a safer internet that the verbiage in those terms of service are merely window dressing and are very rarely enforced. While there are companies like GoDaddy which will move quickly to cancel or suspend services to illegal online pharmacies, the majority of the hosting industry either does not respond to takedown requests for these unlawful websites or will move so slowly in their response that months can pass before action is taken, allowing the illegal online pharmacies to continue harming consumers. Their general attitude is that the hosting company is not responsible for the content housed on their systems, despite the fact that this position enables illegal activity that causes physical harm.

SSL Certificate Vendors

Secure Sockets Layer (SSL) is a technology which encrypts the communication between an internet user’s browser and a website. This makes it safer for internet users to go shopping online, because their credit card information is hidden when it is sent to the website for payment. Webmasters purchase SSL certificates to enable this functionality and this gives consumers the sense that the website is run by a sound merchant to do business with.

Illegal online pharmacy webmasters know that internet users prefer to do business with sites which have SSL enabled. They will pay SSL certificate vendors for certificates that result in the “little lock” icon appearing in the internet user’s browser when conducting a purchase. While the presence of the little lock icon may indeed mean that the consumer’s credit card information is protected on its way to an illegal online pharmacy, this does not change the alarming fact that the actual act of purchasing prescription medication from illegal online pharmacies is very dangerous, AND legitimate users’ credit card credentials find their way to these criminal companies.

Like hosting companies, SSL security vendors generally disclaim any responsibility for the illegal activity they are enabling. A typical phone call to an SSL certificate vendor which requests that the vendor cancel or suspend its service to the illegal pharmacy website will result in the response, “We are not in control of what’s on the website; if they meet the criteria for the SSL certificate, we provide it to them”. Cyveillance has anecdotal and documented evidence of this behavior, which is unfortunately the norm even among SSL certificate vendors based in the United States.

It should be noted that a hosting company or SSL certificate vendor may not be aware of the nature of their customers’ activity after the services are purchased. Often hosting services and SSL certificates are purchased through largely, if not completely, automated processes and no human may ever review the website where the unlawful activity would be visible. However, once a hosting company or SSL certificate vendor has been made aware of such activity, there is no excuse for the company to continue doing business with the illegal online pharmacy. The situation is even less pardonable because servers which house one form of illegal activity like online pharmacies may also host child pornography or online gambling operations.

Of course, the types of American companies which assist organized crime on the internet are not limited to hosting companies and SSL providers. For example, there are companies which offer online chat services for website visitors to converse with illegal online pharmacy personnel for customer service. Any regulatory and / or legal language to curb this sort of behavior should be written in such a manner to prevent any assistance organized crime may receive online from American companies.

Making Online Criminal Activity More Punishable

Cyveillance employees are not legal experts, but providing services to criminals that enable the commission of a crime would seem to meet the legal definition of what makes an accomplice. This determination would seem even easier to make when these entities are paid for their assistance. However, while morally unjustifiable, today there are virtually no consequences for companies that work with the criminals who sell prescription medications online without a prescription and the behavior of these companies suggest that they feel no pressure to change. While we did focus on illegal online pharmacies here, it is just one example of the bigger problem of American companies turning a blind eye to the illegal activity of their business partners online. We propose that:

1. In addition to federal law enforcement, civic agencies should aggressively pursue punishment for repeated complicity in illegal online activity by American companies. A “three strike rule” may be an adequate model for enforcement.
2. In the same manner that federal and local law enforcement offer “crime solvers hotlines” where citizens can report illegal activity for investigations, there should be a single clearinghouse whereby concerned citizens can report American companies that offer services to illegal activities online to law enforcement for speedy investigation.

Cyveillance understands that the hosting and SSL companies will resist efforts to regulate their activity. However, in the same manner that the Department of Transportation requires safety measures of car manufacturers, in the same way that the Environmental Protection Agency requires safety measures in industrial settings, and in the same way numerous other businesses are regulated to promote social well-being overall, taking measures to protect Americans from danger is not only a noble goal and moral imperative that companies should embrace, but a “low hanging fruit” from a regulatory perspective that will also enhance American cybersecurity. We look forward to further dialogue around what steps may be taken to eliminate cooperation with organized crime online by American companies.

Cyveillance has fought for many years against the seemingly endless barrage of counterfeit goods online, especially focusing on illegal online pharmacies (example, example, example) and even the US companies who support them.

It was especially encouraging to see the dangers of counterfeit goods covered this morning on NBC’s Today Show. Serious video coverage can also be found at CNBC. Consumer education about the dangerous risks in ordering medications online without a prescription, as well as the inferior quality of other counterfeit products is always welcomed.

While such crooks are traditionally found in the notorious 3 P’s (porn, poker, and pills) sometimes these criminals will diversify into other areas. One major illegal online pharmacy marketing group from Russia recently announced their intention to enter the fashion market:

The project is aimed at selling clothes, shoes and accessories of the most well-known brands like Gucci, Armani, Galliano, Diesel, Burberry, Calvin Klein, Gianfranco Ferre, Cartier, DelMaro, Prada, Dolce & Gabbana, Guess, Dsquared, Hugo Boss, Moschino, etc. (There are more than 100 (!) different brands presented at the site).

Because we think it unlikely that a group of illegal online pharmacy operators from Russia has signed distribution and marketing agreements with 100 legitimate brands, we believe the merchandise from this site and others in its network are most likely counterfeit.

Indeed, here is one of their sites from this new effort:

A screenshot from a website that appears to sell all counterfeit goods.

The marketers for fake or “replica” clothing sites use the old fashioned spammy tactics often associated with online pharmacies to get the word out about their websites. In these next two screen shots, you can see the comment moderation panel for this very blog, where devious marketers of counterfeit goods have submitted comments to cyveillanceblog.com in the hopes that we will publish the comment and the accompanying link to their site. (Click the images to enlarge them).

As is clear, online criminals have no intention of slowing down their illegal tactics on the internet. We look forward to a public who is more informed about the serious risks involved in counterfeit products and will continue working hard to negate the threat posed to consumers by such cybercriminals.

Rogue online pharmacies offer prescription medications to consumers without requiring a prescription, and often sell medications that are not approved by the FDA. This leaves ample opportunity for dangerous, untested and even counterfeit products to be purchased and abused by consumers.

International Drug Mart is just such an rogue online pharmacy. They will sell a large number of prescription drugs to anyone with a credit card. LegitScript, an online pharmacy verification service used by Google, Yahoo!, and Bing, has confirmed that InternationalDrugMart.com is a rogue online pharmacy due to unlawful, unsafe, or deceptive practices.

In mid-May Cyveillance wrote that International Drug Mart had employed the services of noted certificate authority Thawte, which is based in South Africa. International Drug Mart did so to give the impression that it is a reputable business and that it cares about its customers’ wellbeing. However this is a ruse and does not change the fact that dependence-forming painkillers, powerful anticancer medications and other drugs are available from International Drug Mart to anyone with a credit card.

Shortly after our publication of this information, Thawte canceled its services to International Drug Mart. Cyveillance commends Thawte for doing the right thing and withdrawing support to a business that clearly endangers the health of consumers.

Thawte’s responsible behavior was promptly mirrored by two other peers in the SSL certificate industry:

• After being denied by Thawte, International Drug Mart procured an SSL certificate from a certificate authority in the United Kingdom. Upon being informed of the nature of International Drug Mart’s business, the British certificate authority immediately canceled its service to International Drug Mart.
• After being denied by the British certificate authority, International Drug Mart procured an SSL certificate from a certificate authority in Romania. Upon being informed of the nature of International Drug Mart’s business, the Romanian certificate authority immediately canceled its service to International Drug Mart.

Now International Drug Mart has gone to Secure Trust, also known as Trustwave for its SSL certificate. (It should be noted that for quite some time, International Drug Mart has also used Trustwave’s Trusted Commerce program as well). Trustwave is based in the United States.

Cyveillance has reached out to Trustwave on multiple occasions in recent weeks. On June 22 Cyveillance received an email from a Trustwave vice president who wrote, “We have reviewed our validation of this site and it does meet all criteria to demonstrate organization control of the web domain and therefore we will not revoke the certificate at this time.”

By the logic offered in Trustwave’s response, anything on the internet, no matter what the content, is fair game for Trustwave’s services as long as the site meets certain technical requirements.

Just this week, Vice President Joe Biden offered (emphasis ours):

I applaud Google, Yahoo and Bing for the steps they’ve taken in recent weeks to stop selling advertising to illegal Internet pharmacies. But — but — we need to go further. It’s time for others to step up to, it’s time to stop supporting ads for drugs sold illegally over the Internet — and for a simple reason: for the public health of American — of our population.

The same goes for companies who support illegal Internet pharmacies in ways other than advertising. When we look at International Drug Mart, we see a site that is in clear violation of federal law and has serious potential for physical harm. We are disappointed that Trustwave, unlike its peers, does not have a problem doing business with such an organization.

When technology and policy move forward they have the opportunity to make healthcare more efficient. But we must be prepared for the hijacking of legitimate healthcare efforts online by cyber criminals.

Two recent news articles feature topics that will quickly be abused by marketers for illegal pharmacies trying to make a buck.

• This May post New DEA rule touted as boost for e-prescribing from HealthCareITNews covered “the electronic prescription, also known as ‘e-prescribing’ of controlled substances”.
• On Sunday the New York Times discussed telemedicine in their article The Doctor Will See You Now. Please Log On. The piece describes communication using “face-to-face telemedicine, connecting doctors and patients by two-way video”.

Knowing that consumers will be searching more for terms like e-prescription and telemedicine as they become more commonplace, criminals will increasingly attempt to attract searchers to their sites. Their expertise in diverting traffic will mean that unknowing consumers will find themselves on sites where they can buy prescription medications with no prescription, some of which are not even approved by the FDA.

Cyveillance is hopeful about the increased efficiencies that technology can bring to medicine, however consumer education will be necessary as criminals will be eager to hijack the messaging around terms like ‘e-prescribing’ and telemedicine to further their rogue online pharmacy efforts. Organizations like the Food and Drug Administration and American Medical Association should increase their education efforts aimed at informing consumers about safe ways to take advantage of the internet for healthcare.

UPDATE: Thawte canceled its services to InternationalDrugMart.com in late May. Cyveillance commends Thawte for doing the right thing. More on the story here.

---

In our recent post covering the Canadian Health & Care Mall, we highlighted the great lengths to which illegal online pharmacies will go to present the illusion of legitimacy. Site like the Canadian Health & Care Mall will present false business locations, and falsified certificates of approval from the U.S. Food and Drug Administration to add credibility, and visitors will believe that they’ll be safe when they order medications from the site.

Another common tactic on sites like Canadian Health & Care Mall is to present fake Verisign Seals. While many consumers don’t know exactly what having a Verisign Seal means, they do know it increases the likelihood that transactions with that site are safe. So while some rogue pharmacies will go the extra step of creating fake Site Seals, unfortunately it appears that this is not always necessary, as some Site Seal issuers do not have a problem working with websites that illegally sell prescription drugs without a prescription.

This week International Drug Mart, a rogue online pharmacy that sells prescription drugs without a prescription from a medical professional, announced that it had “chosen Thawte, since it is a leading global certificate authority providing online security to millions all over the world”.

The Thawte Site Seal can be seen on the rogue online pharmacy site in this image:

…and the following image shows Thawte’s acknowledgement that International Drug Mart uses secure communications.

Unfortunately while the this rogue online pharmacy may appear to protect its customers’ payment information, the fact remains that it unlawfully and dangerously offers prescription medications to anyone with a credit card. It is surprising that a seemingly legitimate company would be knowingly associated with such a business, much less a company in the security industry. By doing so, it undermines their own credibility and diminishes consumer trust and confidence in their own site seal.

Cyveillance has reached out to Thawte for a response on the matter but has not yet received a reply. We welcome their comments.

Earlier this week the Partnership for Safe Medicines posted an interesting piece detailing how a sales affiliate of a known rogue pharmacy is using twitter to promote its offerings. That account is of course disturbing not only because it promotes a website which allows consumers to buy medicines like accutane without a prescription, but each posting on that twitter account appears to have been made in an automated fashion via twitter’s API. This suggests a level of sophistication above that of the average webmaster’s.

As troubling as these reports are, we should not be surprised. When there is money to be made, criminals will take the steps necessary to gain every advantage possible. A Russian online pharmacy network called RX Partners (also known as StimulCash) has been publishing content using social media formats for some time. Note the examples of the RX Partners blog, forum, wiki, and twitter account below.

As of this writing, there are 1,165 subscribers to their blog according to Feedburner.

The RX Partners blog offers professional advice on how to market an online pharmacy using black hat search engine optimization techniques, general advice for online pharmacy webmasters, and of course, announces their upcoming retreat for their affiliates in on the mediterranean: a four day vacation in a five star hotel in the Turkish port Antalya.

The RX Partners online forum offers English, Russian, and Spanish sections for its affiliates.

The busy, closed forum allows online pharmacy webmasters to share techniques and has over 1,300 registered users.

If you are an affiliate in the RX Partners network with technical expertise, you can contribute on their wiki.

Learn how to integrate illegal online pharmacy sales into one’s WordPress using this wiki example.

And of course, RX-Partners has its own twitter page as well. At the time of this writing they have 1,071 followers.

Don’t think their use of social media is meant only to spread information among their sales affiliates. The modern online pharmacy template from this crew encourages visitors to take advantage of social media sites to spread the word about the pharmacy itself, promoting the sale of products that have not been approved by the US Food and Drug Administration like chewable or “soft” Viagra.

Visitors to this online pharmacy are encouraged to share it with friends using Facebook, Twitter, StumbleUpon, Digg, and other popular sites.

Cyveillance endorses the Partnership for Safe Medicine’s call for internet companies to do a better job of removing unlawful content from their sites. Content like online pharmacy marketing on popular social media sites endangers a public that may be easily deceived by slick marketing but delivers a host of dangers, like counterfeit, stolen, and unapproved medicines.