Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/28/2013
09:39 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

FDA Shuts Down 9,600 Illegal Pharma Websites

Many of these sites appeared to be operating as a part of an organized criminal network

The U.S. Food and Drug Administration, in partnership with international regulatory and law enforcement agencies, took action this week against more than 9,600 websites that illegally sell potentially dangerous, unapproved prescription medicines to consumers. These actions include the issuance of regulatory warnings, and seizure of offending websites and $41,104,386 worth of illegal medicines worldwide.

The action occurred as part of the 6th annual International Internet Week of Action (IIWA), a global cooperative effort to combat the online sale and distribution of potentially counterfeit and illegal medical products. As part of this year's international effort – Operation Pangea VI – the FDA's Office of Criminal Investigations, in coordination with the United States Attorney's Office for the District of Colorado, seized and shut down 1,677 illegal pharmacy websites. The effort ran from June 18 to June 25, 2013.

Many of these websites appeared to be operating as a part of an organized criminal network that falsely purported its websites to be "Canadian Pharmacies." These websites displayed fake licenses and certifications to convince U.S. consumers to purchase drugs they advertised as "brand name" and "FDA approved." The drugs received as part of Operation Pangea were not from Canada, and were neither brand name nor FDA approved. These websites also used certain major U.S. pharmacy retailer names to trick U.S. consumers into believing an affiliation existed with these retailers.

The FDA's Office of Criminal Investigations Cybercrime Investigations Unit banner is now displayed on seized websites to help consumers identify them as illegal. Here are some examples:

· http://www.canadianhealthandcaremall.com/

· http://www.walgreens-store.com

· http://www.c-v-s-pharmacy.com

"Illegal online pharmacies put American consumers' health at risk by selling potentially dangerous products. This is an ongoing battle in the United States and abroad, and the FDA will continue its criminal law enforcement and regulatory efforts," said John Roth, director of the FDA's Office of Criminal Investigations. "The agency is pleased to participate in Operation Pangea to protect consumers and strengthen relationships with international partners who join in this fight."

During Operation Pangea VI, the largest Internet-based action of its kind, the FDA targeted websites selling unapproved and potentially dangerous prescription medicines that could pose significant public health risks. Products purchased from the websites targeted during Operation Pangea also bypassed existing safety controls required by the FDA, and the protections provided when used under a doctor's care. In general, prescription medicines, including those purchased online, should only be used with a valid prescription and under the supervision of a licensed health care provider.

The goal of Pangea VI, which involves law enforcement, customs, and regulatory authorities from 99 countries, was to identify the makers and distributors of illegal drug products and medical devices and remove these products from the supply chain.

Some of the medicines that were sold illegally by the websites targeted during Operation Pangea VI included:

· Avandaryl: FDA-approved Avandaryl (glimepiride and rosiglitazone) is used to treat type 2 diabetes and to minimize potential associated risks, including edema caused by fluid retention, worsening the condition of the heart, or heart failure. Avandaryl must be prescribed by a certified healthcare provider and dispensed by a certified pharmacy with a medication guide explaining the potential risks.

· "Generic Celebrex": "Generic Celebrex" sold online is not an FDA-approved product. FDA-approved Celebrex (celecoxib) is a non-steroidal anti-inflammatory product used to treat the signs and symptoms of osteoarthritis and rheumatoid arthritis and to manage acute pain in adults. To minimize the potential associated risks, including gastrointestinal bleeding, heart attack, or stroke, in some people with long term use, Celebrex must be dispensed with a medication guide explaining the potential risks.

· "Levitra Super Force" and "Viagra Super Force": While Levitra (vardenafil) and Viagra (sildenafil) are FDA-approved medicines used to treat erectile dysfunction (ED), Levitra Super Force and Viagra Super Force are not FDA-approved products and claim to contain dapoxetine. The FDA has not determined the safety or efficacy of dapoxetine. People with certain heart conditions should not take ED medicines containing vardenafil or sildenafil. There are also potentially dangerous drug interactions or serious adverse effects with these drugs, such as loss of hearing or vision.

· Clozapine: FDA-approved Clozaril (clozapine) is used to treat severe schizophrenia and is associated with potentially fatal agranulocytosis, a severely low (and dangerous) white blood cell count that can predispose patients to serious, life-threatening infections. To minimize potential risks, consumers who are prescribed FDA-approved Clozaril must be enrolled in a registry that ensures regular monitoring of their blood counts.

The FDA in collaboration with other federal agencies screened drug products received through selected International Mail Facilities during the IIWA. Preliminary findings show that certain drug products from abroad, such as antidepressants, hormone replacement therapies, sleep aids, and other drugs to treat erectile dysfunction, high cholesterol, and seizures were on the way to U.S. consumers.

In addition to health risks, these pharmacies pose non-health–related risks to consumers, including credit card fraud, identity theft, or computer viruses. The FDA encourages consumers to report suspected criminal activity at www.fda.gov/oci.

The FDA provides consumers with information to identify an illegal pharmacy website and advice on how to find a safe online pharmacy through BeSafeRx: Know Your Online Pharmacy.

The IIWA is a collaborative effort between the FDA, INTERPOL, the World Customs Organization, the Permanent Forum of International Pharmaceutical Crime, Heads of Medicines Agencies Working Group of Enforcement Officers, the pharmaceutical industry, and national health and law enforcement agencies from 99 participating countries.

The FDA, an agency within the U.S. Department of Health and Human Services, protects the public health by assuring the safety, effectiveness, and security of human and veterinary drugs, vaccines and other biological products for human use, and medical devices. The agency also is responsible for the safety and security of our nation's food supply, cosmetics, dietary supplements, products that give off electronic radiation, and for regulating tobacco products.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13864
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13865
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE-2020-11696
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVE-2020-11697
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVE-2020-13646
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.