Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

8/13/2008
06:45 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Amid Controversy, Outed Steroid Sites Still Online

Anti-fraud groups, US Internet registrars at odds over takedown of 'roid sites

Remember those Websites sponsored by U.S. Internet domain registrars that were recently exposed for illegally selling steroids? These sites are still pushing the drugs online, according to the anti-fraud watchdog groups that first discovered them. (See Hundreds of Websites Outed for Illegally Selling Steroids.)

The domain registrars hosting these sites as well as the Internet Corporation for Assigned Names and Numbers (ICANN), say their hands are tied when it comes to shutting down the steroid-selling sites, which KnujOn and LegitScript.com outed and reported to the registrars and ICANN last month.

But KnujOn and LegitScript argue that shutting down these sites should be a no-brainer.

"In the vast majority of Websites we identified, it was plain that [they] were offering these drugs, and doing so in a way that violates U.S. federal law. Frankly, one doesn't have to be an expert to see what these Websites are doing," says John Horton, president of LegitScript.

“We also received -- and in some cases, presented to the registrars -- information from the Website operator with information about the drugs (including photos) and instructions for payment," Horton says. "We think that these sites are fairly straightforward to identify in many cases, and the remedy -- termination -- is equally clear.”

At least one of the registrars named in the report, GoDaddy/Wild West, sees it differently. “Each of the sites in the report have been investigated by our 24x7 abuse department and do not appear to be violating our terms of service. We hope in the future, through reform from Congress, we can easily identify rogue vendors selling drugs illegally,” says a GoDaddy spokesperson.

“This report confirms what we knew all along -- there needs to be reform when it comes to Internet pharmacies,” the spokesperson said. He added that Go Daddy suspended 1,300 Websites last year that were selling drugs without a prescription, and typically without verifying the age of the buyer.

ICANN, meanwhile, says regulating pharmaceutical sales over the Internet is outside its purview. “ICANN can only take action if there are any issues of registrar compliance with the Registrar Accreditation Agreement. If laws are being broken, that should be brought to the attention of law enforcement agencies,” an ICANN spokesman said in a statement.

Garth Bruen, creator of KnujOn, says that if ICANN won’t expand its role to help shutter these illicit sites -- which KnujOn and LegitScript now count at 156 selling Schedule III substances -- the security industry itself may instead take action of its own.

Some Internet security companies, which he wouldn’t name, are considering blocking the steroid sites themselves in their own Web and email content-filtering products. “They say ‘we’re tired of trying to get a single IP shut down,’ so they are [looking at] shutting off a whole IP range from certain providers -- that’s how bad it’s gotten.”

Bruen says that KnujOn has found that the over 500 U.S.-based registrars are really controlled by a smaller number of companies, somewhere around 150. And some of them are run by spammers or other bad guys who want control of their domains to keep their illicit sites up and running.

“We’re going into a phase in Internet crime where we’ve moved away from small spam operations... to a situation where [these groups] have enough money to be their own [domain] providers,” he says. It’s much more difficult to shutter a rogue domain registrar than a bad site, he says.

He says he was shocked at that all of the registrars named in KnujOn’s report -- Abacus America Inc., DSTR Acquisition VII LLC, Dynadot.com, Everyones Internet, Ltd., dba resellone.net, eNom, Inc., EstDomains, Inc, GoDaddy/Wild West, Parava Networks, Inc., and dba 10-Domains.com -- have left the steroid-selling sites intact.

“I thought at least some of them would be cooperative, but none of them are. It’s very troubling,” says Bruen, who says he’s even been pressured by some registrars to “back off” and drop the issue.

Meanwhile, Go Daddy maintains that Internet providers need legislation to help them distinguish between legitimate and illegitimate pharmacies online. The company’s General Counsel testified before Congress recently in support of Senate and House bills advocating consumer protection in online drug purchases.

While the steroid sites cited in the KnujOn/LegitScript report were mostly selling the real deal, including anabolic steroids, testosterone, and other controlled substances, fake drugs are a becoming an even bigger problem on the Net. “We’re going to do a much larger report on fake pharmacies – we’re going to go into detail on all the registrars hosting fake pharmacies, where the source drugs are coming from,” Breun says.

Why doesn’t the Federal Drug Administration take action against these phony online pharmacies? Bruen says the main obstacles to FDA intervention is that online pharmaceutical regulation takes place at the state level, and brand owners whose drugs are being counterfeited traditionally haven’t taken steps to protect their brand -- although that is gradually changing, he says.

A recent report from IronPort, Cisco’s email security unit, revealed a link between the Storm botnet and other malware creators and illegal pharma suppliers that recruit the botnets to spam users with Viagra and other drugs as a way to steer buyers to their sites. (See Researchers Link Storm Botnet to Illegal Pharmaceutical Sales.)

Pat Peterson, vice president of technology at IronPort, says he’s not surprised that ICANN or the registrars cited in the KnujOn report hadn’t taken action against the steroid sites. He says the legitimate registrars may be a bit gun-shy about taking down one of their hosted sites because they don’t have sufficient legal backing to do so. “Legislation with teeth is desperately needed in this case,” he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19642
PUBLISHED: 2019-12-08
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareNa...
CVE-2019-19637
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19638
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.
CVE-2019-19635
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19636
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.