Half of all “rogue” online pharmacies — sites that sell prescription drugs without requiring a prescription — got their Web site names from just two domain name registrars, a study released today found. The findings illustrate the challenges facing Internet policymakers in an industry that is largely self-regulated and rewards companies who market their services as safe havens for shadowy businesses.
There are about 450 accredited domain name registrars worldwide, but at least one-third of all active rogue pharmacy sites are registered at Internet.bs, a relatively small registrar that purports to operate out of the Bahamas and aggressively markets itself as an “offshore” registrar. That’s according to LegitScript, a verification and monitoring service for online pharmacies.
LegitScript President John Horton said the company began to suspect that Internet.bs was courting the rogue pharmacy business when it became clear that the registrar has only two-tenths of one percent of the market share for new Web site name registrations. In a report (PDF) being released today, LegitScript said that a separate analysis of more than 9,000 “not recommended” pharmacies compiled by the National Association of Boards of Pharmacy suggested that Internet.bs is sponsoring nearly 44 percent of the Internet’s dodgy pill shops.
Asked whether he was concerned about allegations that his firm was targeting an industry that seeks out registrars who turn a blind eye to questionable businesses, Internet.bs President Marco Rinaudo replied that, on the contrary, LegitScript’s report was bound to be “excellent advertising for our company.”
Reached via phone at his home in Panama, Rinaudo said he was under no obligation to police whether his customers’ business may be in violation of some other nation’s laws, absent clear and convincing evidence that his registrants were operating illegally from their own country.
“Even though I understand they could bother some pharmacy lobby, if an industry likes us, what’s the problem with an online pharmacy, as long as they are operating legally from their own country?” Rinaudo asked. “We cannot accept pressure to shut down a legitimate business just because it is not pleasing to some political lobbying group. We and I personally make sure that all the domains that are in breach of an applicable law and for which we receive a complete report, will be acted on the same day.”
LegitScript’s Horton said his organization conducted a series of undercover operations in which they posed as pharmacy affiliate programs that were seeking registration for domains representing pharmacies that had previously been shut down by U.S. regulators for marketing addictive and controlled substances, such as Oxycodone, Phentermine and Vicodin.
According to LegitScript, Internet.bs replied that it had “never ever shut down a pharmacy domain based on a request coming from outside our jurisdiction and we have never ever received a request coming from insider our jurisdiction to do so.”
Responding to an email from LegitScript’s investigators, Internet.bs’s Helen Templeton wrote that the company routinely ignores such requests. “As a matter of fact we have ignored LegitScript requests because we consider that something that is illegal under the laws of the USA, is not necessarily illegal outside the USA and unless it is demonstrated that your website are illegal from where you are conducting business, we do not interfere with your business. We are the registrar of many thousand of pharmacy domains and we fight for you all to protect you interest as if you are happy, we are happy!”
Horton said that if ICANN — the entity that oversees the domain registration industry – does not step up to firmly deal with cybercrime-friendly registrars in their midst, it is inevitable that government authorities will seek to do so.
“If jurisdictional constraints make that difficult, governments will inexorably seek expanded authority and new tools,” he said. “If the Internet community hopes to prevent that, it must insist that ICANN enforce its existing code of conduct against registrars, like Internet.bs, who willingly serve as platforms for cybercrime.”
For his part, Rinaudo said that if someone presents him with evidence that his registrants are violating the laws in their own countries, he will gladly confront the customers and suspend the domains if necessary. But he said the terms of his registrar agreement preclude him from canceling customer domains without a court order.
“I have no grounds to stop some pharmacy site from operating without breaching the ICANN registrar agreement,” Rinaudo said. “ICANN is telling me, ‘Marco, you can suspend a domain only if you receive an order from a competent court or if you have a UDRP decision.’ We don’t care about FDA regulators, pharmacy regulators, food regulators or whoever. We have to organize our business to support our clients, including pharmacies and those subject to unjustified pressure. We’re not going to close these businesses or change our policy.”
The other registrar named in the LegitScript report as rogue was ABSystems (doing business as yournamemonkey.com). According to the report, ABSystems “appears to exist for the sole purpose of providing domain name registrations for a rogue Internet pharmacy network.” The company’s domain registration system is not open to the public, and several antivirus companies current block users from visiting the site.
Anti-spam and registrar watchdog Knujon (“nojunk” spelled backwards) also released a report (PDF) on rogue Internet pharmacies today, calling attention to Internet.bs, AB Systems and a host of other registrars with large volumes of pharma sites.
The reports are being released as ICANN is set to kick off a public meeting in Costa Rica this week. ICANN did not respond to requests for comment.
Garth Bruen, Knujon’s co-founder, said ICANN has fairly limited options for dealing with registrars that cater to rogue pharmacies. Bruen said that in most cases in which ICANN has suspended or terminated a registrar’s contract, it is because the registrar failed to provide open access to WHOIS registration data, or failed to take steps to verify the legitimacy of that data.
Such enforcement actions sometimes do impact registrars that specialize in catering to rogue online pharmacies. On Feb. 16, 2012, ICANN announced (PDF) it was suspending the charter for Alantron, a registrar that has a history of association with pill and spam gangs.
In 2010, KrebsOnSecurity.com was viciously attacked by an organized cyber crime gang known for aggressively pushing male enhancement drugs and other knockoff pharmaceuticals. In that attack, Internet addresses belonging to Microsoft had been used to route traffic to more than 1,000 fraudulent pharmacy Web sites maintained by a notorious group of Russian criminals responsible for promoting Canadian Health&Care Mall pill sites. A follow-up investigation found that all of those pharma domains were being controlled using DNS services from Alantron.
ICANN suspended Alantron’s charter not because it was friendly with pharmacy spammers, but because it had repeatedly failed to provide public access to its WHOIS registration records.