As we’ve noted before, rogue Internet pharmacies put a premium on finding a registrar who will provide them safe haven. Failing that, they’ll attempt to trick their registrar into believing that the Internet pharmacies aren’t doing anything wrong — or, perhaps, aren’t even online at all.
BizCN, a China-based registrar that previously ranked in our “Top 10” list of rogue-friendly registrars, has been doing a great job removing illegal online pharmacies from its platform and seeing through the obfuscation techniques. A recap of how one group of rogue Internet pharmacy websites tried to trick its registrar is a helpful reminder to registrars and abuse notifiers of the importance of communication, and also illustrates why ICANN Compliance’s policy of keeping the informal compliance process secret should be changed.
Recently, LegitScript reached out to BizCN with a list of domain names that were used to host rogue Internet pharmacies. As BizCN was processing our abuse notification, it became apparent that among a specific group of websites there was a discrepancy in the websites’ displayed content — what our analysts and the rest of the world could see, BizCN could not.
For example, on BizCN’s end, the websites in this specific group appeared to merely provide a “404 Not Found” error, like this:
But on LegitScript’s end — and, for that matter, most other locations around the world — the same websites appeared online and fully operational, for example:
Email exchanges with BizCN quickly brought to light what was going on. This registrant ran a group of 62 rogue Internet pharmacy websites, which were all affiliated with Store Pills Network, an Internet pharmacy network that markets prescription medication, falsified or unregistered medicines, and controlled substances, and ships these products worldwide without a prescription, in violation of every country’s laws. This registrant knew the websites were engaged in illegal activity and that if BizCN looked at these websites, they would proceed with the suspension of the domain names per LegitScript’s abuse notification. Accordingly, the registrant needed to make it look like the websites were already offline, and that LegitScript submitted the complaint in error. So it decided to “geo-target” — block certain users from accessing the websites’ rogue pharmacy content, based on the users’ location. For example, we determined that individuals using IP addresses in China (where BizCN’s main offices are located), Japan, and France were blocked from accessing the rogue pharmacy content of the websites, and a fake “404 Not Found” message was all that these visitors were able to see, as shown in the example above. However, others using US, Spanish, Israeli, and Turkish IP addresses, among most others worldwide where the unsafe medicines were actively marketed, would receive the rogue pharmacy content of the websites.
To its credit, BizCN quickly followed up on this. They were able to access the rogue pharmacy content of the websites by switching to a different IP address, and the domain names were properly suspended and locked within 48 hours. As a consequence, Store Pills Network lost a third of its operations. Score: Criminals, 0; Public Health, 1. LegitScript will be working with the other relevant registrars to suspend the rest of the network’s websites.
But this also illustrates why ICANN’s policy of secrecy in the informal complaint process is a bad approach. When a registrar fails to do anything in response to a complaint about rogue Internet pharmacies, LegitScript will sometimes submit a complaint about the registrar to ICANN. (We do this only after repeated attempts to work with the registrar.) There has been a troubling pattern of ICANN Compliance closing complaints against the registrar without the registrar having done anything at all — leaving the unsafe online pharmacies operational — and finding that the registrar “responded appropriately” despite taking no action. When LegitScript inquires what the registrar could possibly have done that would constitute an “appropriate response” in light of the registrar’s inaction, ICANN Compliance’s response has been: It’s a secret. In essence, “Trust us, the registrar responded appropriately — but we won’t tell you how.”
The relevance of this to our BizCN experience is that there may be instances where a registrar genuinely believes that the websites are not actually online — and that the complaint was therefore submitted in error — when, in fact, the registrar is being geo-targeted or otherwise tricked by the complainant and the public health continues to be threatened. If ICANN Compliance would simply be willing to convey to the complainant the basis for their determination (e.g., “The registrar sent screenshots showing that the websites were offline”), the complainant can then have an opportunity to provide relevant, correct information to the registrar (e.g., a screenshot showing that the websites are, in fact, online). The current policy of secrecy makes no effect to facilitate any improvement of the process, leading to continued frustration on the part of registrars and complainants alike. It also raises the question as to whether ICANN itself ever gets geo-targeted, thus influencing its decisions.
In any case, it is a pleasure to work with a registrar that shares the same values regarding communication and Internet safety, and we’re glad to recognize BizCN for the good work it’s been doing lately, particularly in light of criticism and concerns we’ve had in the past. We look forward to future collaborations with BizCN, as well as other registrars that help protect public health by keeping illegal and potentially unsafe online pharmacies off their platforms. At the same time, we encourage ICANN Compliance to discontinue its culture of secrecy and incorporate more transparency and public accountability into its compliance decisions.