Big Pharma’s Darknet Drug Deal

An ex-detective is tracking down knock-offs to counter a dangerous trade.
By
capsules2a_02

Drugs for sale on the dark web can be dangerous to health

Illustrations: Luis Ruibal

In his second-floor office at an industrial park 30 miles southwest of London, Tim Ramsey sits down at his laptop and heads to a website called Agora, where he pages through lists of prescription drugs for ailments like cancer, heart disease, and diabetes. Choosing an injectable human growth hormone, he clicks over to an anonymous bitcoin account and dispatches 0.527 bitcoin — $124 — to pay for the stuff.

Ramsey isn’t a desperate patient in search of treatment. He’s a 59-year-old ex-policeman, hired by drug companies to troll a seedy corner of the Web that some call the darknet, accessible through software known as TOR that renders users virtually anonymous. Ramsey spends his days looking for knockoff pharmaceuticals on illicit eBay-like marketplaces where buyers can rate products and leave reviews of sellers with names like The Peoples Drug Store, Got Milk, and Amish Mafia.

“People are being driven by desperation to buy drugs on the darknet,’’ said Ramsey, operations manager at a company called Centient, where he oversees a team of 15 computer whizzes who protect brands online by buying knock-off goods on the darknet.

For the $300 billion pharmaceutical industry, the rapid growth of such marketplaces is a serious threat to profits and reputations. For regular folks who turn to the darknet because they’re uninsured or their coverage won’t pay for expensive medications, the choice can be lethal. Counterfeit drugs bought online have been shown to include everything from gypsum and rat poison to heavy metals and household cleaners.

“We’ve found products with no active ingredients, too much, and in some cases a totally different active ingredient,’’ said Bill Reid, director of global anti-counterfeiting at Eli Lilly & Co.

In April, a 21-year-old British student named Eloise Parry died after taking diet pills she ordered online. The pills contained 2,4 Dinitrophenol, or DNP, an industrial chemical used as an antiseptic and pesticide. Though DNP was used in diet pills in the 1930s after scientists at Stanford University discovered it increases metabolism, it was soon banned because it could be lethal as some patients developed fevers topping 110 degrees Fahrenheit (43 degrees Celsius).

At Centient, Ramsey and his team avoid detection by sellers by using computers that have been scrubbed of any identifying information, such as Gmail or Facebook accounts, or even a registered operating system. They buy in bitcoin, communicate through encrypted emails, employ a host of made-up user names, and receive shipments at covert addresses. Once Ramsey’s team hands the loot off to drug companies, they carry out tests to determine whether the knock-offs bear any relation to what’s on the label. The companies aim to use the information to identify counterfeiters and alert police to shut them down, though the drugmakers Ramsey works for asked not to be identified, citing the sensitivity of the matter.

About half of Centient’s purchases are either counterfeit or sold as part of a scam. In one case, Ramsey bought a treatment for seizures from a seller in Cameroon. A week later, he got an e-mail from the vendor claiming the shipment had been held up by French customs at Orly airport in Paris, and that he needed to pay a further 150 euros to get it released. He never got the pills.

Happy Shopper cart image

Medicines billed as 'date-rape drug' rohypnol - known as 'roofies' - are available through dark net shopping sites

The online drug trade is growing fast. On Agora alone, the number of prescription medication listings rose 50 percent from March to August, to almost 25,000, according to cybersecurity consultancy Fortinet. Though Agora has gone offline to repair what it says are security flaws, Ramsey knows of more than a dozen other major marketplaces. And on the open Internet, thousands of online pharmacies sell illegal and fake drugs.

“More people are confident in buying from the Internet while at the same time it’s a fantastic platform for criminals,’’ said Alastair Jeffrey, head of enforcement at the British government agency that regulates sales of medicine, which in June seized from online sellers fake and unlicensed drugs and devices worth 16 million pounds.

On Agora, a Sanofi insomnia drug called Stilnox costs .234 bitcoin for 20 pills. Its seller, Trusted Fox, has a rating of 5 out of 5 from users: “Top notch,’’ reads one review. “Stealth is adequate,’’ says another. “HappyShopper” offers roofies — the tranquilizer Rohypnol — touting its reputation as a “date rape” drug. “Never get busted again,” says an ad for a $79 “smell neutralizer” designed to help buyers who travel with their booty evade detection at customs.

Illegal drug makers often use a relay system, says Michael Sorge, security chief at Germany’s Bayer AG, which says it has found thousands of websites illegally offering its medications. Counterfeits made in Asia are shipped to distributors in Europe to make it appear they’re produced there.

The Tor Browser in use

The Tor Browser allows people to get online anonymously and browse sites for legal and illicit purposes

Photographer: Daniel Acker/Bloomberg

One Bayer case, involving what the German press has dubbed "The Pill Gang," has seen seven people convicted. The group netted 21.5 million euros over a period of several years processing about 17,000 orders a month for erectile dysfunction and diet pills, according to court documents. The drugs were made in India or China, stored Spain and the Czech Republic, and shipped to customers from addresses in other European countries, with the proceeds deposited in Cyprus.

“At the end of the day, the person who ordered the pills receives a letter from the U.K. or Germany and it doesn’t come from a questionable country,’’ said Sorge. “These are not shirts or handbags, but medicine, and people taking medicine expect it will help, not hurt them.’’

At Centient, Ramsey opens a padded white envelope with no return address. Though the shipment says it contains “Thai Balm,” inside is a glass vile of human growth hormone packaged in a branded box from a major manufacturer.

Centient relies on software it has created that trolls both the open Internet and darknet day and night, looking for clients’ brands and other keywords to ferret out suspicious activity. Ramsey says his 32 years as a detective and later work tracking music piracy gave him the research and tech skills necessary for finding bad guys online while maintaining a stealthy profile.

A 2009 investigation opened Ramsey’s eyes to the trade in knock-off medications and offered evidence that many crooks who pirated music have moved into drugs. On a police raid near Amsterdam looking for counterfeit CDs, Ramsey recalls also finding about 100 bags of blue tablets marked as Viagra — which turned out to contain mostly cement dust.

What worries Ramsey is the ease with which even tech neophytes can get onto the darknet — until a few years ago a forbidding place. Lots of regular folks now mingle with the bad guys, lured by sites selling drugs they need and can’t afford, and which often aren’t what sellers claim.

“Narcotics, guns and hitmen lifted the lid on the darknet, and closely behind came pharmaceuticals,’’ said Ramsey. “It’s morphing, quickly, and now you have an older generation going there to buy medicines.’

MEDIUM_CROP_FOR-LEDE_final-darknet