21
Feb 11

Russian Cops Crash Pill Pusher Party

facebooktwittergoogle_plusredditpinterestlinkedinmail

I recently returned from a trip to Russia, where I traveled partly to interview a few characters involved in running the world’s biggest illicit online pharmacies. I arrived just days after the real fireworks, when several truckloads of masked officers from Russian drug enforcement bureaus raided a party thrown exclusively for the top moneymakers of Rx-Promotion, a major e-pharmacy program co-owned by one of the men I went to meet.

Chronopay founder Pavel Vrublevsky, at his office in Moscow

Within a few hours of my arrival in Moscow, I called Pavel Vrublevsky, the founder of ChronoPay, Russia’s largest processor of online payments. For years, I had heard that Vrublevsky was known online as “RedEye,” and that Rx-Promotion was using ChronoPay as the core credit card processor. Unlike other rogue Internet pharmacies, Rx-Promotion’s claim to fame is that it is one of the few that sells controlled substances, such as addictive painkillers like Oxycontin, Oxycodone and Codeine over the Internet without requiring a prescription.

Late last summer I came into possession of a mountain of evidence showing that not only is ChronoPay the core credit card processor for Rx-Promotion, but that Vrublevsky also is co-owner of the pharmacy program and  that ChronoPay executives have steered the pharmacy’s activities for some time.

In mid-2010, ChronoPay was hacked, and many of the company’s internal documents were posted on random LiveJournal blogs and other places that were mostly shut down shortly thereafter. But a much larger cache of tens of thousands of ChronoPay e-mails, and thousands of recorded phone calls and documents were siphoned from the company and distributed to a handful of people, including me.

Among the few others who have these documents is Igor Gusev, an early co-founder of ChronoPay and the man now charged by Russian officials as the owner of a competing online pharmacy affiliate program called Glavmed. Gusev is currently trickling out the leaked ChronoPay documents in a Russian language blog about Vrublevsky called Redeye-blog.com, mainly because he believes Vrublevsky was responsible for helping to bring the charges against him.

I told Vrublevsky that I’d also received the cache of stolen data, and as a result he has been calling me almost daily for the past eight months. His goals: To keep tabs on my activities and to learn tidbits about others in his industry. But most of all, Vrublevsky has acknowledged he’s been hoping to feed me tips that would lead to other stories that aren’t about him or what’s in those documents.

Some of what he’s told me has checked out and has indeed been useful. Yet, now that I’ve had time to pore over these documents and emails in detail (almost all of them are in Russian), a much clearer picture of Vrublevsky and his businesses is beginning to emerge.

My analysis indicates that in 2010 alone, Rx-Promotion sold tens of millions of dollars worth of generic prescription drugs (mostly to Americans), including millions of controlled pills that have high resale value on the street, such as Valium, Percocet, Tramadol, and Oxycodone. And yes, buyers are getting more or less what they’re seeking from this program, contrary to popular perception (more soon on how I know that).

I hadn’t told Vrublevsky that I was coming to Russia before I arrived on Feb. 8. But I wasted no time in phoning him via Skype, using the line he normally calls me on several times a week.

“Duuuuuuuudddde!,” he answers. “It’s 7 a.m. where you are, who died?”

I reply that I am in fact in his time zone and that we should meet. After another long “Duuuuuuuuddde!” Vrublevsky promises to send a car if I will wait in the hotel lobby. He tells me he’ll be sending along with the driver his receptionist, named Vera. He proceeds to describe Vera as  this grossly overweight, unattractive older lady but, hey, she speaks English and knows how to deal with Westerners, so she’s coming, he says.

Fifteen minutes later, I am seated in the lobby waiting for Vera, watching incoming guests as they stomp off snow and trudge through the hotel’s revolving door. I find it difficult to avoid staring at this unusually attractive, slender, dark-haired young woman standing nervously just beside the door. I notice she also keeps glancing at me. Finally, she comes over and asks if my name is Brian. I am momentarily alarmed (I know next to no one in Moscow yet) until she says her name is Vera and I suddenly remember with a smile why I can trust almost nothing of what comes out of Vrublevsky’s mouth.

The joke continues when, after enduring about 20 minutes of creeping Moscow rush hour traffic to travel a couple of miles, we arrive at ChronoPay’s offices and I run into the same girl clad in different clothes: It turns out that Vera has a twin sister who also works at the company.

Vrublevsky is feeling especially punchy. Apparently, someone arranged a police raid on the Rx-Promotion Gold Party, a gathering held four nights earlier at Moscow’s Golden Palace. The normally boozy and bawdy event is thrown for all Rx-Promotion affiliates — those several hundred individuals who pimp Rx-Promotion pharmacy sites by whatever means necessary (usually by hacking sites and through search engine manipulation). The top affiliate was to win an actual 1-kilogram bar of gold, while other leading pill pushers would win iPads and iPhones.

Unfortunately for the Rx-Promotion affiliates, the party was broken up when several busloads of men in ski masks and machine guns stormed the party and began interrogating the revelers. Vrublevsky claims the men were sent on behalf of the drug enforcement authorities, but according to several of those in attendance who posted on various Russian forums about the experience, the police appear to have used the raid as a pretense to match Rx-Promotion affiliates’ online identities to real faces and names.

Vrublevsky never showed at his own party. As he explains it, the day before his wife inexplicably pleaded with him to go on an emergency vacation to the Maldives. What’s more, someone had the presence of mind to take down all Rx-Promotion logos from the rented party space hours before the police arrived.

“The whole Russian Internet knew there was supposed to be an RX-Promotion party in Moscow, and obviously everyone would expect logotypes of Rx-Promotion,” Vrublevsky tells me, chain smoking Marlboros in his company’s cramped boardroom, which features an enormous, outdated map of the world that is flanked by swords and a giant red Soviet-era flag. “And for some reason,” he continues, speaking about himself in the third person, “everyone expected Mr. Vrublevsky would show up there. Obviously, Mr. Vrublevsky would probably not be able to control every [person] with a cell phone camera around. And for that reason, Mr. Vrublevksy decided not to be there. At the same time, someone else decided to remove all of the Rx-Promotion logos around. Mr. Vrublevsky flies to Maldives to have a one-week vacation. He then gets a phone call that there are five buses of special forces from Russian DEA going to that party, closing down Golden Palace and two nearby cafes, just for the reason that there are too many special forces and dogs and cameras. Getting in there just to find out some very stupid shit: There is no Mr. Vrublevsky, no logotype, absolutely nothing to shoot on their video.”

Vrublevsky said he believes Gusev or one of his enemies paid a lot of money to bribe police into ruining his fun.

For his part, Gusev doesn’t want to disabuse anyone of the notion that he might have been responsible for causing his old enemy pain: Gusev is currently in exile from Russia on account of the criminal charges against him, and so he’s happy to see Vrublevsky apparently fleeing the country — if only temporarily — in response to law enforcement action.

“This raid at the party was very funny, because from one point of view everyone was sure it was my [doing], and it’s good for me if everyone thinks this,” Gusev said in a phone interview. He dodges the direct question, but concedes that the videos he has on his own blog post about the raid are not from the raid itself but from an unrelated incident. It is difficult to believe he would not have videos from the busted party if he was somehow responsible.

Gusev says if anyone had advance knowledge of the police raid, it was Vrublevsky.

“I find it strange that he went to Maldives the day before, when he never misses any of his parties,” Gusev told me. “All of the parties are very expensive and it’s the best time for him to meet people and show everyone that he’s powerful and cool. For me, knowing Pavel much better than anyone else from these people, it’s very strange. If he didn’t know, he was somehow expecting something [might] happen.”

Tags: , , ,

65 comments

  1. Wow Brian! What a cool story. So, did you ever finish learning Russian?

  2. Great Story !!!!!!
    Can’t wait for the follow-up

  3. Хорошая работа, и очень забавно!

  4. Interesting, Brian. Excellent journalism. I assume you did not publicize your trip to Russia well in advance? Don’t you feel at all uneasy for your safety, there, considering that your research has helped make business tougher for some criminals?

    • No, I didn’t not advertise my trip either in advance or while I was there. I didn’t feel any more unsafe than I have while in any other huge city I’ve never been before. The sheer size of Moscow can be intimidating, and if you don’t know the language, or at least how to read and pronounce words for cognates, I could see it being very overwhelming.

      • I kept expecting someone to push a hidden button and you fall through the floor.

        Especially with the attractive twin Russian secretaries. How bizarre.

        Uhmm as a matter of interest.. how much does a hitman cost in Russia?

        • Errr, don’t get me wrong. I think you’re doing a great job and this was an interesting story with almost comic like villains.

          But if there is one thing these guys aren’t, it is afraid. Did you consider this? You aren’t exactly singing ChronoPay’s praises.

  5. Very touching. ;)

    But has Vrublevsky actually confirmed that it was his own party? Has he admitted his relation with Rx-Promotion?

    • Not as such, although the e-mails leave no doubt. He speaks also about RedEye a lot in the same third-person voice he uses when talking about “Mr. Vrublevsky”.

      He admitted to me when I met with him that ChronoPay was in fact the processor for Rx-Promotion, but he claims that relationship ended in October 2010. That is simply not true, according to my data and sources.

  6. Spasibo Brian. Now we want more, but please take it easy out there and always check your six.

  7. Opulence. I has it.

    Great piece, Brian!

  8. Dimula
    27 Dec, 2010 at 8:20 PM
    Про Spyware Crusader надо Брайну Кребсу написать, он любит такие вещи, а тут такая цепочка вырисовывается хорошая, на роль главного финансиста русских хакеров Паша хорошо подойдет.

    IKnow
    28 Dec, 2010 at 1:44 AM
    После того, как Кребса вытурили из вашингтон пост, он никто.

    is it?

    • Well, I’m not sure what your question here is, but I’d take issue with the statement that I’m a nobody since I left The Post. But only time will tell, I suppose.

      Yes, Crusader is a program orchestrated and processed by ChronoPay, and the documents and emails prove it. More on this soon.

    • Не знаю, как другие, а я, когда прочитал в Security Fix прощальную запись Брайана, просто подписался на новый RSS. Подозреваю, что так сделали многие.

      • Нашёл нового героя? Не тянет, имхо.

        • Нового? А старым кто был?

          На всякий случай: я не мыслю такими пафосными категориями как “герой”. В данном конкретном случае у меня скорее профессиональный интерес.

    • Почему вытурили-то?

  9. Great story. Hope to hear more about these characters. Btw, people who talk about themselves in the third person are weird.

    • … pavel refers to a ‘Mr. Vrublevsky’.

      The reason why, is rooted in law, not fiction as you seem to ascribe (Scribe on the ass, ha ha. don’t take it poorly jason. A little word-play).

      A name is a title, for a thing, inferring _status_. What is the status of the thing, we must look at it’s title. Start with the mis-construed terms “Legal” and “Illegal”: these are _only_ public terms (fiction/dead/corporate realm), used to describe practices (as opposed to /doing/ in the living realm). ‘Within’ or ‘without’ published guidelines – the ‘Rules’ of the public corporation. Codes in comparison to clarity.

      RUSSIA, and other federal corporations (USA, EU, UK…) are IMF/Rothschild subsidiaries, imho. They exist wholly as public devices and are no more real to each man or woman, to each soul, then what that soul contributes of it’s own energy to them. A ‘Mr.’ is part of the corporate, fiction realm.

      What pavel is doing is continually acknowledging that the personality ‘Mr. Vrublevsky’ is not him. This is very powerful and smart.

      ‘Mr.’ and ‘Mrs.’, are titles bestowed by others, not inherent substantive rights of a soul, therefore they are benefits (called ‘rights’ when spoken of through public devices). The titles ‘Mr.’ are vehicles for commerce in the public: see juristic persons. It’s a little like ‘Knight’ or ‘Squire’, given by a Queen. She gave it, so it can be taken away.

      One might be smart enough to know that to continuously identify (make oneself the same as) the juristic person is to make a public record, demote oneself, a soul, out of the private, into being solely (soul-ly) a fiction created by another man.

      Does that make sense? (now?)

      I can only recommend gibson’s 1907 treatise on equity jurisprudence available from archive.org servers. This way you can see there is a consciousness side of the law (living), and the unconscious side (corporate/Statute).

      Today, the time of the the one-eyed dajall, most only see with one extrinsic eye, the public side.

  10. Brian, have you considered putting some of this into a novel? It’s good!

  11. Brian,

    I’ve been waiting for this post since you hinted about it at RSA, great work. and you clearly got their attention. Some nobody!

    – Chad

  12. You say that buyers get pretty much what they pay for from these sources. I always thought they either stole credit card numbers or dropped malware.

    It is surprising that folks trust them. Can you address this, please?

    • Bart – I can only speak to Rx-promotion buyers for now. But I reached out to many of them, and have a number of very interesting stories about these buyers. But all of them said they got what they ordered.

      I will address this very sensitive issue in a blog post coming up, but it’s an area where there has been a lot of speculation and assumption without (so far) a lot of hard evidence. I aim to bring a little bit of hard data to the equation. Stay tuned.

      • Given that drug-seeking patients who get prescription drugs in quantity often turn around and sell them by the pill on the street (tablets containing oxycodone were going for $1/mg last I heard, and that was a number of years ago), they may not be inclined to be honest about the quality of what they’ve received. That’s why pain management programs have to do random drug testing to make sure their patients *are* taking the narcotics that they’re prescribed.

        • I run a few such “illegal” pharmacy sites (not rx-promo though, and I don’t sell controlled drugs) and confirm what Brian said. People get what they paid for indeed. If a pharmacy site lives long enough there’s up to 40 percent of returning buyers who buy something again, that’s the best proof imo.

          The pills ingredients and manufacturing is dirty cheap, so giving people what they want and getting rebills is way more profitable than cheating them. It is R&D, advertisement and Big Pharma(tm) greed what makes drugs expensive.

      • Thanks, Brian
        Yes a story about the quality of medicines would be interesting. I have a colleague at work who buys since a long time hair loss pills from those web pharmacies. He told me in most cases (95%) he gets pills containing the real ingredients in correct amounts – he says he knows that because he’s experiencing exactly the same side effects when taking them as when taking pills originating from a brick and mortar pharmacy. For some reason, he keeps changing his suppliers (about a dozen in 3-4 years) – some simply disappear, others lose when cheaper offers are available from another site or because they don’t sell a specific newer medicine for baldness. Despite changing them so often and mostly picking the cheapest offers, he was seldom ripped of. It seems his secret is to check baldness forums where users are discussing where they get their medicine – though it takes a bit of nose to distinguish between genuine posts and posts that secretly try to promote a specific site.

  13. Wow! What a trip! You sure go the extra mile (or several thousand) for your research! It is no wonder you got that RSA award!

  14. Perhaps a bust like that can bring grief to competitors and promotional advertising for the rat fink’s business? Or perhaps it is just a big game of bait and switch to keep both the competition , and law enforcement guessing.

    I write in reference to the murky Russian side of this, not you Brian! Sounds like a great trip! Too bad we can’t get other “journalists” in the IT field to make personal journeys to check their facts! :)

    Actually – that is getting rare for any modern news journalism!

  15. It’s really fun when analysts look at things and talk about 10 million a year. This dust. Real money, new revenue elsewhere. Fortunately, you write about this five years later, so charming that you are blind.

    PS: Redeye – yesterday.

  16. Брайн, а какие впечатления в общем остались от России?

    • I can’t speak for Brian or myself; but my buddies travel to Russia a lot, and they are very impressed with the freedom over their. Despite what the western press reports, they see more of it, than in Ukraine.

      Their doesn’t seem to be the freedom of movement in Ukraine either.

  17. That sure was an interesting trip. I hope that it was worth it – other than some interesting impressions this blog post doesn’t make it sound like you got a whole lot of new information. For my part, I would very much like to hear what the Russian authorities have to say about that raid.

    I think that it is not a question that Vrublevsky got an advance notice. Corruption is very bad and for Vrublevsky finding someone (or multiple people) to sell him information shouldn’t be a big deal. However, if the authorities are serious about moving against him they will be able to put down his business regardless. Unfortunately, it doesn’t look like they are serious about it.

    • Hello Vladimir. I got lots of interesting information while I was there. But your intuition is correct. It won’t all be revealed in a single blog post :)

    • Speaking of Russian Authorities:

      Pavel Vrublevsky is:

      – Key Member of the Antispam Working Group at the Russian Ministry of Communication;
      – Chairman of the Russian Committee on Electronic Commerce (NAUET) – predominantly sponsoring the whole thing;
      – Member of the Russian Association of Electronic Communications (RAEK) – predominantly sponsoring and controlling.

      These are all pretty official posts. And pretty contradictory too: a person owning several heavy spam-generating activities elaborating anti-spam laws in his country of residence.

      Pavel Vrublevsky certainly thinks he’s bought’em all. Presently, there is not one substantially motivated Russian official figure (except for Deputy Ponomarev – yet his personal motivation is unclear), authority or LEA to interfere with Mr.Vrublevsky.
      So, to respond to your question, Wladimir, chances are, the Russian authorities simply won’t have anything to say about the raid or Mr.Vrublevsky himself. Unless stimulated by Gusev or other competitors/foes of course.
      And yet, their chances of saying anything at all are very likely to vanish completely when Mr.Vrublevsky becomes a deputy himself… T-s-s-s-s…

      • @Janitor;

        That sounds pretty par for the course, from the typical way of corrupt business I read about in Russia. However, I always take everything I read and hear about over there with a grain of salt.

  18. Brian: Well written and very insightful. We blogged about your blog at legitscriptblog.com. As we noted, for anyone interested in the rogue Internet pharmacy world, your blog about Rx-Promotion should be required reading.

    You make an excellent point about the genuine versus fake versus something-in-between question regarding especially the scheduled drugs sold on the Internet. The consensus in many circles has been that if it’s marketed as a Schedule II or Schedule III drug, it’s probably not the real thing. In some cases, of course, that’s true, and in test buys we’ve conducted in the past (not necessarily from Rx-Promotion), we’ve definitely seen fake scheduled drugs – but one test buy doesn’t mean the rest of the market is like that. The point you make, which I think is correct, is that there hasn’t been much hard data brought to this discussion — it’s mostly been a mix of anecdotes. The data you have will be helpful in better understanding the nature of this threat. (Of course, either case bears risks: if it’s the real controlled substance, it’s dangerous and potentially addictive without a valid prescription; if it’s not the real thing, it’s counterfeit, which can – depending upon the composition – lead to other health risks.)

    Thanks for the excellent blog post and research on this important topic.

    John Horton
    President, LegitScript

  19. Man, be careful over there. Rule Of Law isn’t exactly strong in Russia, and you seem to be pissing off some people with money. They buy off the right cops and you’re in Lefortovo (or its modern equivalent).

  20. As Snoop would say, BKrebs-rizzle, you are the shiznit! :-)

  21. Brian, it appears to me that you are fascinated by Russia, Russian people and their mentality, but won’t admit it. Didn’t you notice how many good people out there? Do you have Russian friends?

    Mila Austin,
    the author

    • Well, naturally, I am fond of Russia. Why else would I be learning the language and traveling there to meet people? I have many Russian friends. I’m not sure I get the point of your question.

  22. Brain, you are doing a great job in investigating the Internet crime, and as tech professional, I was following your blog since you worked for The Washington Post.
    When you wrote about these ‘bad people’ you showed everything in a dark color, even the fact that your ‘enemy’ invited you to his office when you called him at 7.00 in the morning, he sent his car and a translator to meet you, spent his time with you and gave you ‘tons of documents’ which probably worth a lot in a terms of giving you enough working material. Did you pay him? Did you say ‘thank you’? I wonder if they gave you enough ‘desa’ to mislead you. These people are very intelligent, and you know it. My point was: when you write about ‘bad’, try to admit something good, too. Thank you.

    • Thanks, Mila. I guess I don’t see the dark tone that you do in this story. If anything, it was meant to be a somewhat humorous piece, an introduction, if you will, to this world that is no doubt very unfamiliar to many Western readers.

      Why do you put words like ‘bad people’ and ‘enemy’ in quotes, as if I used them in my story?

      What is ‘desa’?

      I’m not sure what or who you mean when you ask about paying someone.

  23. Brain, I’ll answer you via e-mail, if you don’t mind.

  24. Кребз, а ты получил аккредитацию в МИДе по 48/55 статьям о СМИ, перед тем как вывозить из страны какие либо документы, чтобы использовать их в каких-либо целях? Ай-ай-ай.. нехорошо нарушать закон

  25. I am always amazed when “informed” people like John Horton say there is NO formal good evidence, that generic drugs manufactured in places like India (and commonly sold in “dangerous” online phamacies) have the stated and correct active ingredient.

    There is a Gold Standard university study from 2007 showing seven out of seven “illegaly” manufcatured versions of Cialis bought off the web, made in India, were SPOT ON (in fact, one had more accurate dosing than the Eli Lilly brand drug, which they also tested). An 8th drug tested was from China … and was rubbish (big surprise?) [google scholar “counterfiet cialis”]

    So please, no more “there is no hard evidence the drugs contain what they state”. Here in Australia it is perfectly legal for us to import 90 pills of Viagra at a time as long as we have a script. Are all Americans children.

  26. JKnr

    You should keep in mind, that John Horton, has agenda on illegal pharma. His ‘non-profit’ legitscript is financed by Big Pharma. His job is to spread the idea that other pharmacies sell counterfeit drugs.

    If Brian (and others) continue to publish the truth, the readers will realize that you can buy complete equivalent of viagra, at a fraction of a cost, and without paying doctor for a prescription. Thats called advertising.

    John Horton’s job description doesn’t have ‘dispose the truth’ in it. He is not a journalist.

    Btw, Brian, if you ever get an update for your rx-promo/glavmed databases, check your blog in customers’ referring URLs field. There could be a few sales from here. You are entitled to 40%! :)

    Programs like GlavMed exist because people NEED cheaper medications. They search for them on the Internet. And as you know if there is demand, there will always be supply.

    You see everywhere that people like Gusev are labeled cyber criminals. Now who thought of a label like this?

    The Customers? They are happy to get what they order and they come back for more.

    The Governments? Government can’t care less when citizens are complaining about ever rising costs of medicine. Cheaper generics was even one of Obama’s six points in his election promise.

    Credit card companies process pharmacy transactions without any problems. Low chargebacks, no customer complaints.

    Who cares then? John Horton of course.

  27. Brian i don’t like what you do, but man i must admit that i did enjoy reading this, just like i enjoy reading many of your articles.


Read previous post:
KrebsOnSecurity.com Wins Award

KrebsOnSecurity.com was honored at the annual Social Security Blogger Awards at the RSA security conference in San Francisco this week....

Close