15 November 2015

The dark side of the web

Pharmacy Technology


The dark web is more than the stuff of myth and legend. It essentially refers to the criminal parts of the web that are inaccessible via conventional web servers and browsers, instead requiring special software and authorisations that ensure users’ identities are concealed.

The dark web is part of the so-called deep web, which accounts for all online activity separate from the ‘clear web’, and is not indexed by search engines.

The popular perception of the deep web is of an online ecosystem proportional in size to the submerged part of an iceberg, with the regular web comprising just the tip. However, the true size of the actual dark web, which sits within it is difficult to properly estimate.

The picture painted by some people is of a vast criminal ecosystem, several orders of magnitude larger than the regular – or ‘clear’ – web, trading in guns, drugs, people, killers for hire, tools for hacking and child porn.

It is true that all of those items, and plenty more of a more or less nefarious nature, are available on the dark web.

The best-known and most-cited iteration of the dark web is the Silk Road, formed in 2011 as a marketplace for illicit drugs, and much else besides.

“It was basically an eBay for illegal goods,” security analyst and consultant Wade Alcorn, director of Alcorn Consulting, tells The Medical Republic.

In 2013 the FBI shut Silk Road down and arrested its founder, Ross William Ulbricht. Silk Road 2.0 soon sprung up in its place led by members of the first, before being shut down as well.

In June this year Ulbricht was convicted of seven charges related to Silk Road 1.0, and is now serving a life sentence without the possibility of parole.

The variety of illicit drugs available on the dark web is staggering. Anything from marijuana to DMT, ketamine, LSD and ice and much more, is on display and ready for buyers to drop into their ‘shopping carts’ and wait for in the post.

Legal and approved drugs are also in abundance – at least according to the labels – targeting genuinely ill people seeking cheaper treatment options or to access medications not available in their countries.

Alcorn believes the iceberg analogy may have been propagated by the hacker community as a joke on naive popular media. He estimates that dark-web transactions currently account for around $US180 million a year, which doesn’t seem much for an international criminal enterprise.

However, its obvious benefits to both buyers and sellers suggest the dark web is here to stay and likely to grow bigger over time. “I would not expect these underground markets to go away anytime soon,” Alcorn says.

For the sellers, it’s much more than simply being anonymous online. No longer is there the risk of being caught carrying contraband in public as buyers accept most of the risks associated with physical delivery of the desired purchase.

HONOURABLE PROFESSIONS?

Meanwhile, dealers on the dark web seem imbued with a sense of pride and respectability. Many of the websites use similar tactics to legitimate businesses, for instance detailing quality control processes and claiming their heroin is purer than the competitors. And there are special offers and promotions. All of this amounts to a unique criminal marketplace where buyers are empowered with ‘choice’. Weapons are for sale too, with people familiar with using them purportedly for hire. In addition to the seven charges that resulted in his life sentence, Silk Road founder Ulbricht also has another charge pending against him in the US state of Maryland for trying to take a hit out against one of the people who had been trying to take his site down. And then there’s the tools for so-called cyber-crime. Hackers looking to buy and sell stolen credit cards, even hijacked PayPal accounts, will shop within the dark web. Packages to write and distribute computer viruses are available, as is access to so- called botnets, which are massive networks of hijacked computers (possibly including this journalist’s) to receive illegal malware or spam. You know those random emails you receive from time to time about breast enlargement or penis extension? Chances are the groups organising those illegal spam campaigns have used something bought from the dark web to get them to you.

CAT AND MOUSE

In common with most entities operating within the dark web, The Silk Road operated as a so-called Tor hidden service.

Tor stands for ‘The Onion Router’, and refers to a special project to design software allowing for anonymous online communications. Many of the sites operating within the dark web use this technology, which has proved extremely difficult to crack.

“The website you’re going to doesn’t know your address and you don’t know them,” explains technology and cybercrime expert, Kayne Naughton. “Neither party can see each other’s IP addresses.”

And while the FBI was widely lauded for bringing down Silk Road 1.0 and 2.0, they got lucky, stumbling across a vulnerability in the so-called ‘CAPTCHA’ window, which asks users to enter numbers and letters presented graphically, a standard tool to ensure humans, not robots are entering a site.

This particular vulnerability allowed authorities to capture the IP addresses and personal identities of several dark web users and then identify Silk Road operators. That hole has subsequently been fixed with authorities now on the lookout for the next opportunity.

In August this year, authorities succeeded in shutting down Agora, which was believed to be the largest drug market within the dark web. Yet most people expect it’s only a matter of time before it reappears with better security configurations.

“This really is an arms race,” says Alcorn consulting’s Alcorn. “It’s like a game of cat and mouse.”

So if given the power of the dark web lies with ensuring anonymity, how do buyers and sellers make transactions without being identified?

They obviously couldn’t transact using bank accounts or credit cards. Instead transactions are conducted using so-called crypto currencies, or digital money.

The most widely-used crypto currency online and within the dark web is bitcoin (See breakout ‘Crypto Cash), which is a digital currency and currency system gaining acceptance amongst regular consumers and legitimate merchants as well.

Aside from the need for shoppers on the dark web to use crypto currencies in order to maintain their anonymity, there’s not a great deal of difference between it and the regular internet.

As mentioned earlier, merchants on the dark web use marketing and other common business tactics to increase sales. And, many drug dealers now provide customer support – some even hiring actual doctors or pharmacists – which might include advice on doses and how to handle adverse reactions.

“There’s a really strong community helping people to find out what’s good and who to buy from,” says technology and cybercrime expert, Kayne Naughton.

“Vendors are very reputation-based; there’s a definite trust system.”

Spanish doctor Fernando Caudevilla, aka DrX, is the best known medical professional to be associated with the dark web. He came to prominence working as a leading advisor to drug users trawling The Silk Road, providing advice on everything from managing health risks associated with everything from marijuana to ice and heroin, as well as helping actual addicts better manage their problems.

Dr Caudevilla has been an outspoken critic of how Western Governments are approaching the drug problem, and is one of the growing chorus of qualified professionals demanding laws and regulations which recognise drug addiction as an illness.

“Global drug policy is based on a repressive legal system that has proven to be ineffective and has caused many more problems than the ones it’s supposed to solve,’’ he was quoted as saying last year.

ILL ADVISED

Aside from all the illegal trade happening on the dark web, there is growing demand for actual pharmaceutical products, which may be too expensive or unavailable depending on where people live.

One of the more popular dark web sites selling pharmaceutical drugs is BitPharma, which also sells a wide range of illegal drugs, including ice, cocaine and heroin.

Trawling around the dark web, TMR found an extensive catalogue (see chart ‘Dark Web Pharma Menu’) of popular pharmaceuticals, including Viagra, cialis, xanex, valium and oxycodone.

Counterfeit medicine is a growing problem globally, with patients running the risk of taking compounds that could contain anything and be made anywhere.

Regulators – including Australia’s TGA – have issued stern warnings about the risks of buying products online that may or may not be the real thing. There have many reported cases of people falling ill, with even some dying, after taking fake medicine products, with the problem especially pronounced in poorer countries.

Concerns are growing in the US too, where many medicines are prohibitively expensive.

Popular technology and society site Motherboard (run by investigative news service Vice) ran a story in July by US citizen Ross Whitaker, detailing his journey into the dark web in search of an asthma inhaler for his wife.

Even with the insurance cover the couple had, the inhaler was going to set them back $US300 they couldn’t afford and so he decided to break the law.

In his piece, now syndicated and republished throughout the world, Whitaker laments the high price of pharmaceutical drugs in the US and states the ability of people to get them more cheaply on the dark web makes it a force for good in many ways.

“While most of the drug commerce on the dark web is for recreational use, there is a healthy business in medicine for its intended purpose,” Whitaker says.

“You can buy a whole range of prescription medicine for things like depression, anxiety, high blood pressure, and even restless leg syndrome at a fraction of the usual cost.”

“I would argue that the dark net markets are a mostly positive force for making drug use safer, and providing an affordable way for people like me to obtain needed medicine.”

But how did Whitaker know what he was buying was the real thing, and indeed whether it was even safe for his wife to use?

While classified illegal drugs can only really be bought via the dark web, pharmaceutical drugs, or products at least purporting to be legitimate, are for sale on the clear web too, challenging authorities charged with policing it.

Popular news and forum site Reddit.com is one of a number of sources for non-prescribed pharmaceuticals. A recent post is from a member, calling themselves EuroRX, inviting messages from people interested in buying Xanax at rates below $US1 per pill, and in boxes of up to 250.

In 2008 Interpol established Operation Pangea, to target the online sale of counterfeit and illicit medicines online and claims to have shut down scores of ‘online pharmacies’.

Between May 24 and June 16 this year, Pangea worked with Australian Customs and the TGA as part of an international crackdown, seizing 80 illegal packages across Sydney, Melbourne, Perth, Brisbane and Adelaide.

Most of the substances detected were counterfeit erectile dysfunction products and unregistered domestic pet medications.

Hardly the sort of haul to warrant a victory dance.

The fact Australia’s leading border protection agencies, running and international ‘sting’ in partnership with Interpol, were only able to capture 80 parcels across five cites says one of two things.

Either that the drug trafficking activities of the dark web have been greatly exaggerated, well certainly as far as Australia is concerned. Or that the so-called arms race between authorities and criminals trading online is currently being won by the latter.

It would seem pretty clear which scenario is more likely.