Amid Controversy, Outed Steroid Sites Still Online

Anti-fraud groups, US Internet registrars at odds over takedown of 'roid sites

Remember those Websites sponsored by U.S. Internet domain registrars that were recently exposed for illegally selling steroids? These sites are still pushing the drugs online, according to the anti-fraud watchdog groups that first discovered them. (See Hundreds of Websites Outed for Illegally Selling Steroids.)

The domain registrars hosting these sites as well as the Internet Corporation for Assigned Names and Numbers (ICANN), say their hands are tied when it comes to shutting down the steroid-selling sites, which KnujOn and outed and reported to the registrars and ICANN last month.

But KnujOn and LegitScript argue that shutting down these sites should be a no-brainer.

"In the vast majority of Websites we identified, it was plain that [they] were offering these drugs, and doing so in a way that violates U.S. federal law. Frankly, one doesn't have to be an expert to see what these Websites are doing," says John Horton, president of LegitScript.

“We also received -- and in some cases, presented to the registrars -- information from the Website operator with information about the drugs (including photos) and instructions for payment," Horton says. "We think that these sites are fairly straightforward to identify in many cases, and the remedy -- termination -- is equally clear.”

At least one of the registrars named in the report, GoDaddy/Wild West, sees it differently. “Each of the sites in the report have been investigated by our 24x7 abuse department and do not appear to be violating our terms of service. We hope in the future, through reform from Congress, we can easily identify rogue vendors selling drugs illegally,” says a GoDaddy spokesperson.

“This report confirms what we knew all along -- there needs to be reform when it comes to Internet pharmacies,” the spokesperson said. He added that Go Daddy suspended 1,300 Websites last year that were selling drugs without a prescription, and typically without verifying the age of the buyer.

ICANN, meanwhile, says regulating pharmaceutical sales over the Internet is outside its purview. “ICANN can only take action if there are any issues of registrar compliance with the Registrar Accreditation Agreement. If laws are being broken, that should be brought to the attention of law enforcement agencies,” an ICANN spokesman said in a statement.

Garth Bruen, creator of KnujOn, says that if ICANN won’t expand its role to help shutter these illicit sites -- which KnujOn and LegitScript now count at 156 selling Schedule III substances -- the security industry itself may instead take action of its own.

Some Internet security companies, which he wouldn’t name, are considering blocking the steroid sites themselves in their own Web and email content-filtering products. “They say ‘we’re tired of trying to get a single IP shut down,’ so they are [looking at] shutting off a whole IP range from certain providers -- that’s how bad it’s gotten.”

Bruen says that KnujOn has found that the over 500 U.S.-based registrars are really controlled by a smaller number of companies, somewhere around 150. And some of them are run by spammers or other bad guys who want control of their domains to keep their illicit sites up and running.

“We’re going into a phase in Internet crime where we’ve moved away from small spam operations... to a situation where [these groups] have enough money to be their own [domain] providers,” he says. It’s much more difficult to shutter a rogue domain registrar than a bad site, he says.

He says he was shocked at that all of the registrars named in KnujOn’s report -- Abacus America Inc., DSTR Acquisition VII LLC,, Everyones Internet, Ltd., dba, eNom, Inc., EstDomains, Inc, GoDaddy/Wild West, Parava Networks, Inc., and dba -- have left the steroid-selling sites intact.

“I thought at least some of them would be cooperative, but none of them are. It’s very troubling,” says Bruen, who says he’s even been pressured by some registrars to “back off” and drop the issue.

Meanwhile, Go Daddy maintains that Internet providers need legislation to help them distinguish between legitimate and illegitimate pharmacies online. The company’s General Counsel testified before Congress recently in support of Senate and House bills advocating consumer protection in online drug purchases.

While the steroid sites cited in the KnujOn/LegitScript report were mostly selling the real deal, including anabolic steroids, testosterone, and other controlled substances, fake drugs are a becoming an even bigger problem on the Net. “We’re going to do a much larger report on fake pharmacies – we’re going to go into detail on all the registrars hosting fake pharmacies, where the source drugs are coming from,” Breun says.

Why doesn’t the Federal Drug Administration take action against these phony online pharmacies? Bruen says the main obstacles to FDA intervention is that online pharmaceutical regulation takes place at the state level, and brand owners whose drugs are being counterfeited traditionally haven’t taken steps to protect their brand -- although that is gradually changing, he says.

A recent report from IronPort, Cisco’s email security unit, revealed a link between the Storm botnet and other malware creators and illegal pharma suppliers that recruit the botnets to spam users with Viagra and other drugs as a way to steer buyers to their sites. (See Researchers Link Storm Botnet to Illegal Pharmaceutical Sales.)

Pat Peterson, vice president of technology at IronPort, says he’s not surprised that ICANN or the registrars cited in the KnujOn report hadn’t taken action against the steroid sites. He says the legitimate registrars may be a bit gun-shy about taking down one of their hosted sites because they don’t have sufficient legal backing to do so. “Legislation with teeth is desperately needed in this case,” he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights