Post by kas on Dec 11, 2010 7:37:28 GMT -5
What's Driving Spam and Domain Fraud?
By Garth Bruen
Nov 19, 2009 12:08 PM PDT
Spam is not about who sent it, it's about who benefits from it. For a moment forget everything you know about filters, zombie PCs, firewalls, spoofing, viruses, beisyan algorithms, header forgery, botnets, or blacklists. These are all methods for sending spam or preventing spam delivery. None of these explain why spam is sent and for far too long all the attention has been paid to the effects and not the driving force. Under the endless onslaught of junk mail it is easy to feel that the goal of the game is send spam and annoy us all. But this isn't the goal. The goal of spam is a transaction. Motivation not method.
A transaction in this sense could be many things. It can refer to the traditional meaning of the word: someone voluntarily exchanging some kind of money for a product or service, like buying illicit products from shady. In terms of cybercrime it can also refer to the involuntary exchange of information, like the reveal of a password, credit card, or bank account information. It could mean that a virus was installed on your pc that opens it up to abuse. An email recipient could follow a link charges and advertising account, click-fraud. Or, a transaction could simply be that the recipient of the spam comes to believe that something is true and then acts on it. Examples of this being stock spam and urban legends. A consumer believes that a stock price will increase so they buy some. An email user believes a chain-hoax to be true so they forward it to more people. Sending spam is not a transaction, it's just an advertisement. The transaction only occurs when the spam recipient takes action or provides money, information, or access.
There are two broad categories of spam emails: ones that advertise a URL and ones that do not. Stock spam, degree mills, and advance fee scams (so-called 419 or Nigerian scams). For the purposes of this discussion we're focusing on the URL-based spam.
Transactions for products and services occur at websites. There is certainly a diversity of products advertised in spam but far and away the number one item: Drugs. Not heroin, cocaine or marijuana but illicit pharmaceuticals. This should not come as a surprise to anyone as -Pill to get it up- has become synonymous with spam and vice-versa. But it's not just lifestyle drugs. Painkillers, psychotropics, anti-depressants, diabetics, and pretty much any drug that requires a prescription are being sold on domains sponsored by ICANN Accredited Registrars. The only problem here is that these drugs are being sold without a prescription. No, the drugs do not come from Canada. Even though "Canada" is a favorite term for these websites the pills come from Turkey, Serbia, Moldova, and India. The medicine may be real or it may not be, but anyone consuming them is risking their health as well as giving money to organized crime.
Spam offers everything from septic tanks to prostitution, but illicit prescriptions are most of the problem. Rogue pharmacy is now at least at $100 Billion illicit industry and the Internet is driving its growth with absolute impunity.
Criminals hire spammers to promote websites where drugs are sold illegally. Because spammed websites are quickly discovered and complained about they are often taken down soon after a spam campaign. To deal with this problem drug traffickers use multiple layers of linked and redirected domains that are not spammed, stay intact and endure. Spammers may in fact be the Registrars best customers. Whereas the ordinary business may buy one or two domain names, spammers buy thousands and then dump them. The Registrar can then resell the defunct domain names, so they get paid twice for the same item.
Some reading this may think that Registrars are the fall guy here as it is impossible to track the activity of the thousands of domain names they sponsor. Problem is, they have been specifically informed of which domains are conducting illegal activities multiple times. Some might wonder then who is KnujOn to tell a Registrar about fake pharmacy domains? Actually, our reports have been endorsed by the National Association of Boards of Pharmacy(NABP), The National Center on Addiction and Substance Abuse at Columbia University (CASA), The American Pharmacists Association (APhA), and the Partnership for Safe Medicines.
Regardless of our endorsements, if a Registrar receives information of an illicit pharmacy site sponsored by them from any consumer and does not investigate and terminate, that Registrar is now aiding criminals. If a Registrar continues to accept payment from the domain owner after being notified, they are then receiving money from organized crime.
Bottom line is that the Registrars have the authority and technical ability to terminate a domain, even though many claim they do not. Registrars have the power to stop rogue pharmacy domains. The illicit networks rely on stable domains just like any other business. However, until the Registrars are told to stop sponsoring illicit drug traffic they will continue to do so. It is a ridiculous dance that cannot go on much longer. This farce is going to come to an end. No more pointing fingers at the ISPs only, terminating a domain breaks the spam link and closes the transaction platform.
By Garth Bruen, Internet Fraud Analyst and Policy Developer. Visit the blog maintained by Garth Bruen here.
www.circleid.com/posts/20091119_whats_driving_spam_and_domain_fraud_illicit_drug_traffic/
By Garth Bruen
Nov 19, 2009 12:08 PM PDT
Spam is not about who sent it, it's about who benefits from it. For a moment forget everything you know about filters, zombie PCs, firewalls, spoofing, viruses, beisyan algorithms, header forgery, botnets, or blacklists. These are all methods for sending spam or preventing spam delivery. None of these explain why spam is sent and for far too long all the attention has been paid to the effects and not the driving force. Under the endless onslaught of junk mail it is easy to feel that the goal of the game is send spam and annoy us all. But this isn't the goal. The goal of spam is a transaction. Motivation not method.
A transaction in this sense could be many things. It can refer to the traditional meaning of the word: someone voluntarily exchanging some kind of money for a product or service, like buying illicit products from shady. In terms of cybercrime it can also refer to the involuntary exchange of information, like the reveal of a password, credit card, or bank account information. It could mean that a virus was installed on your pc that opens it up to abuse. An email recipient could follow a link charges and advertising account, click-fraud. Or, a transaction could simply be that the recipient of the spam comes to believe that something is true and then acts on it. Examples of this being stock spam and urban legends. A consumer believes that a stock price will increase so they buy some. An email user believes a chain-hoax to be true so they forward it to more people. Sending spam is not a transaction, it's just an advertisement. The transaction only occurs when the spam recipient takes action or provides money, information, or access.
There are two broad categories of spam emails: ones that advertise a URL and ones that do not. Stock spam, degree mills, and advance fee scams (so-called 419 or Nigerian scams). For the purposes of this discussion we're focusing on the URL-based spam.
Transactions for products and services occur at websites. There is certainly a diversity of products advertised in spam but far and away the number one item: Drugs. Not heroin, cocaine or marijuana but illicit pharmaceuticals. This should not come as a surprise to anyone as -Pill to get it up- has become synonymous with spam and vice-versa. But it's not just lifestyle drugs. Painkillers, psychotropics, anti-depressants, diabetics, and pretty much any drug that requires a prescription are being sold on domains sponsored by ICANN Accredited Registrars. The only problem here is that these drugs are being sold without a prescription. No, the drugs do not come from Canada. Even though "Canada" is a favorite term for these websites the pills come from Turkey, Serbia, Moldova, and India. The medicine may be real or it may not be, but anyone consuming them is risking their health as well as giving money to organized crime.
Spam offers everything from septic tanks to prostitution, but illicit prescriptions are most of the problem. Rogue pharmacy is now at least at $100 Billion illicit industry and the Internet is driving its growth with absolute impunity.
Criminals hire spammers to promote websites where drugs are sold illegally. Because spammed websites are quickly discovered and complained about they are often taken down soon after a spam campaign. To deal with this problem drug traffickers use multiple layers of linked and redirected domains that are not spammed, stay intact and endure. Spammers may in fact be the Registrars best customers. Whereas the ordinary business may buy one or two domain names, spammers buy thousands and then dump them. The Registrar can then resell the defunct domain names, so they get paid twice for the same item.
Some reading this may think that Registrars are the fall guy here as it is impossible to track the activity of the thousands of domain names they sponsor. Problem is, they have been specifically informed of which domains are conducting illegal activities multiple times. Some might wonder then who is KnujOn to tell a Registrar about fake pharmacy domains? Actually, our reports have been endorsed by the National Association of Boards of Pharmacy(NABP), The National Center on Addiction and Substance Abuse at Columbia University (CASA), The American Pharmacists Association (APhA), and the Partnership for Safe Medicines.
Regardless of our endorsements, if a Registrar receives information of an illicit pharmacy site sponsored by them from any consumer and does not investigate and terminate, that Registrar is now aiding criminals. If a Registrar continues to accept payment from the domain owner after being notified, they are then receiving money from organized crime.
Bottom line is that the Registrars have the authority and technical ability to terminate a domain, even though many claim they do not. Registrars have the power to stop rogue pharmacy domains. The illicit networks rely on stable domains just like any other business. However, until the Registrars are told to stop sponsoring illicit drug traffic they will continue to do so. It is a ridiculous dance that cannot go on much longer. This farce is going to come to an end. No more pointing fingers at the ISPs only, terminating a domain breaks the spam link and closes the transaction platform.
By Garth Bruen, Internet Fraud Analyst and Policy Developer. Visit the blog maintained by Garth Bruen here.
www.circleid.com/posts/20091119_whats_driving_spam_and_domain_fraud_illicit_drug_traffic/