August 26, 2010

The Obama administration is inviting leaders of the top Internet domain name registrars and registries to attend a three-hour meeting at the White House next month about voluntary ways to crack down on Web sites that are selling counterfeit prescription medications.

The invitation, sent via e-mail on Aug 13 by White House Senior Adviser for Intellectual Property Enforcement Andrew J. Klein, urges select recipients to attend a meeting on Sept. 29 with senior White House and cabinet officials, including Victoria Espinel, the Obama administration’s intellectual property enforcement coordinator.

“The purpose of this meeting is to discuss illegal activity taking place over the internet generally, and more specifically, voluntary protocols to address the illegal sale of counterfeit non-controlled prescription medications on-line,” the invitation states.

Klein did not return calls seeking more information. A spokeswoman for the White House Office of Management and Budget confirmed the event, but declined to offer further details. The meeting appears to be a continuation of the administration’s Joint Strategic Plan on Intellectual Property Enforcement, an initiative unveiled in June that promised to “address unlawful activity on the internet, such as illegal downloading and illegal internet pharmacies.”

According to the World Health Organization, approximately 8 percent of the bulk drugs imported into the United States are counterfeit, unapproved, or substandard, and 10 percent of global pharmaceutical commerce — or $21 billion — involves counterfeit drugs. LegitScript.com, a verification service for online pharmacies, is currently tracking more than 45,000 rogue Internet pharmacies.

A report (PDF) released in June by anti-spam and domain policy compliance group Knujon (“nojunk” spelled backwards) found that some 162 domain name registrars may be in breach of their contracts with the Internet Corporation for Assigned Names and Numbers (ICANN), the entity which oversees the registrar system. Many of the registrar violations named in that report were linked to rogue online pharmacies that are being advertised through spam and/or pharmacy affiliate programs like Glavmed and RX-Promotion — both affiliate networks that have been tied to botnet and cybercrime activity.


45 thoughts on “White House Calls Meeting on Rogue Online Pharmacies

  1. Bart

    This is interesting. I always thought my cheap drugs spam were phishing scams to get me click and receive malware.

    Thanks, Brian.

    1. EdT.

      I get this type of spam all the time, and it goes straight to /dev/bitbucket. I simply do NOT do business with this type of scum. Now, there are many who may be tempted due to financial considerations, however with places like Wal-Mart offering very inexpensive generics, even that rationale is looking less defensible.

      Honestly, the admonition against doing business with spammers has been around a lot longer than pharma spam has.

      ~EdT.

    2. Jeff

      Why does there need to be an “Intellectual Property Enforcement” official at a meeting that is being promoted as a “safety” or “health” issue?

      What a load of spin-doctored garbage.

      1. BrianKrebs Post author

        Like it or not, Jeff, if anything gets done on the pharmacy spam problem, the IP interests (pharmacy companies) and/or those that uphold their interests (read: trademarks) as it relates to the law are likely to be leading the charge.

  2. Big Geek Daddy

    Counterfeit prescription drugs are a problem that most people don’t even consider. It’s a huge problem if the particular Rx you have is for a life threatening condition such as high blood pressure.

    If this meeting has any success I hope it reduces my Viagra Spam…particularly the ones telling me I can be more of a man by just using their bogus product…LOL.

  3. Dan

    I’ve always wondered why agencies always went after the spammer and not the guy who was paying him. Talk about an exercise in futility. Instead of chasing spammers down left and right, spend those resources chasing down the cartels that are funding spammers.

    1. TheGeezer

      Prosecutors have more cases to prosecute than they can handle. Which cases they handle is partly determined by the likelihood of success. That is why Al Capone was taken down on tax evasion rather than the number of murders he was responsible for.

      The probability of success in going after registrars which continually register domains for pharmacy spam is probably much greater than finding and going after whoever is paying the spammer. Many of these same registrars are likely registering many domains uses solely for criminal purposes.

      I’m very glad to see the problem is being addressed and at the registrar level. And I’m sure the financial interest and power of the pharmaceutical industry had a lot to do with this effort. Who knows, maybe both political parties can at least agree on this endeavor!

      They should also go after web hosting sites which are notorious for hosting fake bank, paypal, facebook and other sites. Unfortunately there is no one with the interest and power of the pharmaceutical industry to back it.

  4. Wiz Feinberg

    I have been writing about counterfeit drugs being spamvertised, and the danger they pose, for several years. I welcome any help from the Administration that may force Registrars to stop their blind-eye policies to obvious RX oriented domain names. There are software solutions that use regular expressions to flag words that might be used in domain registrations for illicit pharmacies. I use these expressions to write spam filters.

    However, as Brian’s report mentioned, the affiliate programs, like the Russian GlavMed system, are the people paying the spammers to do the dirty work for them. Actual Spammers are usually low-hanging fruit. The people behind the Botnets and rogue spam affiliate programs are the real source of the problem. They are also hard to capture (with one big, recent exception!).

    I eagerly wait the results of that meeting at the White House. I also want to see the result of an upcoming trial in Moscow, for Leo Kuvayev, the World’s number two rated spammer (by SpamHaus).

    Nice post Brian!

  5. Jon

    I just spent the summer in Taiwan, which has the highest rate of people on dialysis in the world. The reason? Blown out kidneys due to counterfeit medicines.

    1 in 10, man. Do not want.

    Bravo, hope this meeting leads to action.

    1. Nogero

      I am all for taking out bogus pharmacies, but big pharma will use this campaign to eliminate legitimate competition for tighter control of their market share. Jon you mention Taiwan has high incidence of kidney failure due to counterfeit drugs. Do you have any links to support that? This article, http://www.taiwan-panorama.com/en/show_issue.php?id=200569406088e.txt&cur_page=1&distype=text&table=2&h1=Health&h2=Medicine&search=&height=&type=&scope=&order=&keyword=&lstPage=&num=&year=2005&month=06 , shows other causes for Taiwan kidney disease. Though rate of increase is alarming, Kidney disease in Taiwan is still HALF (9%) that it is in the United States (15%). Drug monopolies in USA don’t seem to have a benefit of lowering kidney disease.

      1. drzaiusapelord

        There’s nothing legitimate with illegal knock-offs that have not been tested or approved for sale. Helping criminals won’t help you with healthcare reform. I suggest Americans start using their government for collective action and spend less time at “Tea Parties” and other conservative rallies that only empower corporate abuse.

        The road to socialization has nothing to do with these scammers.

        1. AlphaCentauri

          It’s very true.
          Big Pharma has NOT been very aggressive at fighting these scammers.

          There are registrars who are refusing to shut down these domains unless they get some official complaint from ANY of the pharmaceutical companies whose trademarks are being infringed. I’ve contacted several companies and inquired through some drug reps I know. All some company has to do is say, “That’s our trademark, and we didn’t authorize its use on a website selling our generic competitors.” They don’t even have to determine whether the site is selling real generic copies or sugar pills. But they simply won’t comment. They’re too afraid it will look like they’re hassling uninsured people.

          I had not heard about the renal failure issue in Taiwan, but I had heard the statistic that when Bangladesh stopped the sale of some medications in liquid form (which have a risk of contamination with diethylene glycol), the incidence of unexplained kidney failure dropped about 85%:
          http://www.ncbi.nlm.nih.gov/pmc/articles/PMC2550149/?tool=pmcentrez

  6. Gary

    Now domain registrars should be forced to deny service to known spammers. Why stop at counterfeit drug dealers?

    They won’t refuse a paying customer unless forced to.

    1. AlphaCentauri

      Actually, they don’t refuse NON-paying customers all that regularly, either.

      If you check the whois information for some spammed domains, particularly the ones for “My Canadian Pharmacy,” “Canadian Health&Care Mall,” “CVS Pharmacy” (a spoof of the real CVS), “Canadian Neighbor Pharmacy,” and several others, you will find that instead of registering them with fake information, they have used the stolen identities of real US residents. And they’ve used their credit/debit cards to pay for the registrations.

      While the amount charged for a domain registration is small and often overlooked by a victim, many victims do complain to their credit card companies and get the charges reversed. That means the registrar not only didn’t get paid, they got hit with a chargeback fee that is probably two or three times the price of the original domain registration.

      You would think the registrar that has been cheated in that way would be ticked off enough to terminate the domain. But a number of registrars seem to have the policy that they will allow the domains to remain active, even though they know they were registered fraudulently, and even though they got stiffed for the registration fee. They don’t feel it’s worth their trouble to give those domains any more staff time than they have already received. And those registrars continue to accept registrations for the same pharma brands from the same questionable resellers, without even investigating to see if the new domain registrations are any more legitimate than the old ones. And they have no problem accepting money stolen from victims who don’t catch the fraudulent charges in time to get a refund.

      Is there any way the Secret Service (the federal agency that is in charge of investigation of credit card fraud) could attend the meeting and put registrars’ feet to the fire on that issue? While individual banks don’t normally investigate such small charges, the aggregate amount of fraud for the thousands of domains registered for spamming is a very significant amount of money.

  7. ted

    The devil is in the details.

    How would this be implemented? The feds send notice to an ISP or registrar about a bad drug site. Next it’s suspected copyrighted material. After that it’s child porn and then it’s anything that’s not politically correct.

    What kind of proof is needed or is this going to be like civil forfeiture where your site is gone unless you want to spend thousands of dollars proving you are innocent.

    1. AlphaCentauri

      The vast majority of the pharma sites in question aren’t going to be confused with legitimate pharmacies. There are so many blatant lies on their pages that it would be hilarious — if people’s lives weren’t at stake. As people here have mentioned, it’s a big leap of faith to assume they are going to ship any product at all, let alone real drugs at correct doses.

      One devilish detail is easy to determine: If a website claims to be a pharmacy, the contact information should be public and it should be accurate. If investigators are able to contact the domain owner and verify his identity, they should have to wait to take action until they obtain a court order. But really, it’s not going to happen that often. They’re going to find imaginary people at addresses that don’t exist. Or they’re going to find innocent identity theft victims who are as anxious as anyone else to have the domains shut down to get their personal information off the public whois.

      A business that offers to sell you a product has to have an address to ship it from and an address to receive returns/complaints. Legitimate pharmacies don’t need to hide their registration information through a proxy registration service.

  8. Mark Giles

    There is plankton, there are shrimps, there are little fish, there are big fish.
    Getting ISPs to shut down access to bad IP addresses is going after the plankton.
    Locating and arresting the spammers is going after shrimps.
    Getting registrars to suspend domain names and name servers is like catching little fish.
    The big fish are fewer, but the most effective targets. These are the shadowy lurkers in the deep, the likes of Igor Gusev, Leo Kuvayev (behind bars for child molestation), “Alex Polyakov” (his pseudonym), Andrey Smirnov to name a few.
    Take out those big fish and you will see some real depletion of the species.

    And I haven’t even mentioned those blind-eyed whales called credit card companies.

    1. TheGeezer

      it appears we have not had much success going after the “big fish”, perhaps because they can hide in areas of the internet ocean protected by governments who are more tolerant of these species. Going after the smaller fish may give the “big fish” less to feed on.

      1. Bill

        I’m leaning towards the fact I can block domains, IP addresses, and IP ranges coming into my personal (my space) area.

        But it seems the internet backbone providers don’t normally wish to block (takedown) what I block and readily spread maliciousness that I have more success blocking locally, yet it traveled through their pipe. All of the backbone providers aren’t in non-cooperating jurisdictions, yet they still aren’t normally cutting off access to the malicious domains, IP addresses, and IP ranges.

        I partially fault the supposedly cooperating jurisdictions that aren’t more readily sharing the information about the malicious areas of the internet and the providing- a- pipe-only-backbone-providers within supposedly cooperating jurisdictions which even with information available still leave the pipe spewing maliciousness to the rest of the world.

        I’m also leaning towards a comment made by B. Krebs, in one of his other articles, that it is not just antivirus, firewalling, and other end-user implementations of protection–but taking the fight back up the pipe. Take the fight to the border where the supposedly cooperating jurisdictions exist, where the pipe just does exit the non-cooperating jurisdiction.

  9. george

    The wording of the invitation makes me believe this is going to be tackled with a very light hand, at least for the time being: “voluntary protocols to address the illegal sale of counterfeit non-controlled prescription medications on-line” it will take years of discussions and there will be obviously ISP or registrars who would not volunteer to implement the protocol. Something suggesting we will see rather small results out of this initiative.

  10. KFritz

    The fake pharmacists deserve everything they get….and worse.

    On the other hand, they’d get almost zero traction if Big Pharma didn’t run its business like racketeers. The government cracked down on traffic to & w/ Canadian pharmacies before they did this. I’d go so far as to say that online pharma quacks would get less traction if the Canadian option were open.

    I’m buying my prescription eyeglasses online to beat the Designer Eyewear industry. The online eyewear market is cleaner & a great way to save $.

  11. Nogero

    We are all being spoofed by big pharma. They are not cracking down on bogus drugs. They are preventing the American consumer from buying drugs cheap from the same suppliers the American drug companies use.

    I checked my online drug source at the link you provide above for “Rogue sites”. The company I use is fully certified in India, but it shows up on the “rogue” list. The “rogue” list is nothing more than drug suppliers who won’t cooperate with US pharma to run the American cartel. What a racket!

    Millions of Americans cannot afford the OUTRAGEOUS prices US companies are charging, along with the 40% increase in prices. The drug companies here at home are the ones who belong in jail!

    The anti-depressant widely prescribed in US, called Effexor, costs $400-500 PER MONTH in USA. In other countries it costs $30/month. When are Americans going to wise up? Ask why our health care system is going broke, our Medicare system? The US drug companies are the new cartels.

    1. AlphaCentauri

      It’s not a bargain if the pills are fake.

      canadianmedsworld.org, rated “rogue” by LegitScript, does offer Nitroglycerin CR a little cheaper than real online pharmacies, $62 for 90 count instead of $102. What’s more, they will give you two free tablets of “generic Viagra” with every order!

      Too bad the combination of Viagra and nitroglycerin causes an extremely severe drug interaction which is potentially lethal.

      So are they charging $62 for fake pills, or do they have a lot of dead customers?

      1. Nogero

        No one is against stopping fake drugs. Everyone supports stopping all forms of spam. But look who is behind the effort, it is those concerned about intellectual property–patents. This won’t be an effort to stop fake drugs, it will be big pharma protecting their markets. The reality is people die from not being able to afford their medicines at the racketeering prices big pharma is charging. Big pharma has become too powerful.

        1. AlphaCentauri

          Everyone is assuming Big Pharma is pushing for that meeting. There are a lot of groups working on the problem of spamvertised pharmacies, and frankly, Big Pharma doesn’t seem to be pulling its weight. They’re more concerned with re-importation from legitimate Canadian pharmacies, which is not what this is about.

          Knujon, the National Boards of Pharmacy, and the big ISPs/email providers who have to deal with all the spam have all been much more active at trying to deal with the problem.

  12. Jim

    I smell a show-and-tell coming on stage such as the Can Spam Act. A Federal guy that goes to press hoping to impress the November poles.

    Our current Government and Representatives have zero credibility.

    1. TheGeezer

      It appears you are less concerned about whatever merit the “Can Spam Act” would have than you are about who would get credit for it in the upcoming elections.

      Maybe this is why it is hard to get anything of substance through congress.

  13. Bob

    Wow, he is going to devote three (count ’em, three) whole hours to a meeting that will be a big photo-op. He will then declare the problem to be solved. On to the next ‘big’ problem.

    You can rest assured that absolutely nothing will come of this meeting. The domain registrars don’t care who they sign up so long as ‘most’ of them pay the registration fees.

  14. Guillaume

    Link to KnujOn report seems broken or not-well HTML coded.

  15. marc

    It´s all about DNS-Censoring, nothing more, all this talks about spammers -BLABLABLA…
    they are just looking for a way to control the net,…

  16. xAdmin

    Two points:

    1. Don’t use online pharmacies!!! Or if you do, stick with known reputable ones like Walgreens, CVS, etc. and verify, verify, verify it’s actually their site you’re visiting. All you have to do is set a bookmark/favorite once and only use that to access the site. NEVER click on links in e-mail even if it looks like it’s from a legit pharmacy! Sure, you may be paying more for your critical meds, but you get what you pay for in most cases. Is your health worth the risk of buying from some unknown pharmacy who knows where just to save some money?

    2. This issue speaks more to our society and “there’s a pill for that ailment” mentality! I see and hate all the stupid ads by Big Pharma for this med or that med to fix whatever ailment. Yah, talk to your doctor about such and such! B.S.! That’s exactly what they want you to do. Many doctors are in on it too where the Big Pharma reps that visit their office, give the docs incentives to use their product. Other than say critical blood pressure medicine, I say screw Big Pharma and the medical industry that likes to push this mentality! By buying into that mentality, we as consumers are a big part of the problem!

    Oh, one last point, all we need is more government to protect us from ourselves! Wake up people!

    1. TheGeezer

      “Oh, one last point, all we need is more government to protect us from ourselves! Wake up people!”

      My interpretation of the white house meeting is to find a way to protect us from others, not ourselves, making the internet experience less dangerous for all of us.

  17. Michael

    I’m all for shutting off counterfeit drugs but big pharma should also not be trying to extend patent life on their drugs either which is so unfair. Am on Diovan (for potentially life-threatening hypertension) which is scheduled to come off patent in 2012 and several generic manufacturers have indicated an interest in producing generic versions but I’ve no doubt Novartis will fight to extend Diovan’s patent to block any generic entry into the marketplace.
    Not that I agree with Nogero’s comments but people ought to understand when your health is at risk from a life-threatening condition and you just cannot afford to pay for patent meds and keep a roof over your family’s heads at the same time, some will turn to dubious sources of supply, and it’s not stupidity but a poor decision because stressed-out people simply make bad decisions. Big pharma’s fight to block re-importation of meds from legit foreign pharmacies by threatening to limit supplies to those countries doesn’t help either (same meds cost less in foreign countries). There is some grain of truth in big pharma’s death grip on the supply chain from production through retail.
    Why doesn’t the Gov use this meeting to stop *all* rogues — meds, AV, clothing, etc.? Whacking rogue registrars should work for everything counterfeit, shouldn’t it?

    1. AlphaCentauri

      When you’re talking about having a domain name shut down by a registrar, you’re not talking about the websites of pharmacies operating legitimately in other countries. The U.S. may wish to stop them shipping drugs here in violation of our laws, but that’s a matter for the diplomats of the countries involved to address. Citizens of other countries don’t become subject to U.S. law just because they use the internet.

      This is about the worst of the worst, scam websites that lie about where they are, who they are, and what they’re selling. You can’t determine if they’re operating legally in their own countries because they won’t admit what country they’re really in. (In fact, many are in Russia, and those pharma spam programs specifically forbid their affiliates from selling to Russians, because it isn’t legal there, either.)

      If there is a concern about the practices of these scam pharmacies, there’s no way to contact anyone, because all their info is fake. But they do have to have real domain names for the links in their spam to bring customers to their websites — which means they can only continue to scam people if the registrars for those domains allow them to remain active.

      1. Michael

        You’re reading way too much into what I’d said on whacking rogue registrars — we whack those we can, we won’t those we can’t. Besides, the WH is looking for voluntary compliance from registrars, it’s not like they’re setting the dogs on them but at some point, something’s got to be done about uncooperative rogue registrars.
        I don’t want legit foreign pharmacies shut down. I prefer they continue to break big pharma’s blockade to the extent they can. It’s the rogues supplying fake meds that’s the problem and the topic of the WH meeting, not legit foreign pharmacies supplying real meds.

        1. AlphaCentauri

          Sorry, just frustrated as hell that my compatriots and I are expending so much effort in a fight that is in “Big Pharma’s” best interest, but they won’t give us the most minimal backup. And frustrated about submitting data about serious criminal activity to U.S. law enforcement agencies and getting zero response. Yet as soon as the WH starts taking our complaints seriously, people start acting like they are in the pocket of “Big Pharma” and not acting in the best interests of the American people. Please, everyone, let this play out without spoiling it before it has even started!

          Actually, the more I think about it, we went from a president who didn’t use email to one who owns two “Crackberries.” We have a president whose campaign computers were hacked and who has to deal with the risks to national security of botnets of hundreds of thousands of zombified computers whose existence is funded by the pharma spammers who rent them out for mailing. And Obama is also a father who is probably having arguments with a pre-teen daughter unhappy she can’t have the same internet use privileges her friends do. The impetus for the meeting could be personal.

          1. TheGeezer

            Alpha, I would like to explain what I think may have been misinterpreted in my statement regarding this effort and “Big Pharma”: “And I’m sure the financial interest and power of the pharmaceutical industry had a lot to do with this effort. Who knows, maybe both political parties can at least agree on this endeavor!”

            I’m not saying that “Big Pharma” was the impetus behind this meeting or suggesting that the WH is “in the pocket” of “Big Pharma” but rather that getting anything enacted in congress these days requires placating those who are constantly suspicious of government interference in the private sector.

            Since whatever comes of this meeting will actually protect “Big Pharma” it is less likely to be rejected as “big government” intrusion in the private sector.

            And I share your frustration.

      2. Nogero

        That is great theory but it is not supported in the article. The article points out links where one can look up a pharmacy in a database to learn if it is a bogus pharmacy. I typed in the domain of a legal, certified licensed pharmacy in India and it showed up as a bogus site. Your opinions will change real fast the first time you have a personal experience highway robbery by US drug companies. I have.

        As another poster stated, all this would be unnecessary if US drug companies didn’t behave like the Mob.

        1. TheGeezer

          I don’t think we would have any laws at all if we required zero errors in the law’s application.

          I think you should report the error to the legitimate pharmacy and tell them which database you searched. I’m sure they can have their pharmacy removed as a bogus pharmacy.

          This is something that legit pharmacies should continuously monitor if and when any law is enacted.

          I have seen many legitimate sites reported as phishing sites. This is probably just harassment. I and other volunteers have reported these false phishing reports as bogus and they were removed.

        2. AlphaCentauri

          The fact that LegitScript lumps legal Canadian pharmacies (that ship to Americans ordering illegally) with pharmacies that aren’t legal anywhere is a complaint I’ve had, too. But this meeting is with domain name registrars. No one expects registrars to take it upon themselves to shut down the domain name of any pharmacy whose Canadian operations are legal. Part of the reason these criminal pharmacies get away with so much is that people conflate the two issues and are afraid to look like they’re opposed to Americans from getting lower prices on drugs.

          The “pharmacies” being addressed in this case are not Robin Hoods helping uninsured Americans by thumbing their noses at unfair laws. They are vultures swooping in to grab some profit from people who are already vulnerable. They are selling them crap, knowing they won’t question the prices when compared to the overpriced brand name drugs in the U.S. (You can usually get real generic drugs cheapest if you shop around at non-chain storefront pharmacies in the U.S., by the way — it’s only brand name drugs that are cheaper overseas.)

          And yes, I have plenty of experience with the prices Americans have to pay for brand name drugs, and I’ve spent plenty of unpaid hours filling out applications to get free drugs for people without insurance. (It’s a total pain for the staff at the doctor’s office, which is why your doctor may not have suggested it to you.)

          1. Bob

            It’s not only Americans who pay high drug prices. I’m an American retired in the Philippines. The pharma lobby here is very strong. I pay over two dollars per dose for a long off patent medication that’s about twenty cents in the U.S. Mail order pharmacies are one answer. LegitScript seems to classify all foreign pharmacies which ship into the U.S. as not legitimate even if they are decent businesses. I use one of those blacklisted pharmacies and have had no problems. LegitScript itself would be more legitimate if it would really investigate foreign pharmacies rather than blacklisting them all. What good does that do the consumer?

  18. Dot One

    I don’t know how effective the US administration and Congress can be at eradicating spam coming from outside the US…

    This is somewhat off topic and I apologize, but has anyone else noticed the increasing use of gravatar.com for hosting and distribution of spam? If you search “gravatar.com” on Google you’ll even see that spammers used SEO to boost spam sites to two of the top three results. Gravatar doesn’t have an obvious “report abuse” button either; I had to search “report Gravatar abuse” on Google to find a place to let them know.

    (Gravatar is that service used by many WordPress blogs including this one to allow for remote hosting of avatars.)

Comments are closed.