Skip to main content

CyLab News

USENIX Security 2011: CyLab Researchers Release Study on Illicit Online Drug Trade and Attacks on Pharma Industry

posted by Richard Power
August 10, 2011

At the 20th USENIX Security Symposium, held in San Francisco, California (August 8-12, 2011), CyLab researchers will release the results of a study focusing on the illicit online trade in prescription drugs and the re-direction attacks on the Pharma industry that drive it.

The study, Measuring and Analyzing Search-Redirection Attacks in the Illicit Online Prescription Drug Trade, authored by CyLab Systems Scientist and Information Networking Institute Associate Director Nicolas Christin, Carnegie Mellon graduate student Nektarios Leontiadis and Harvard's Tyler Moore, "investigates the manipulation of web search results to promote the unauthorized sale of prescription drugs." The researchers "constructed a representative list of 218 drug-related queries and automatically gathered the search results on a daily basis over nine months in 2010-2011."

CyLab fielded a strong presence at USENIX Security 2011. Nektarios Leontiadis' presentation on the work of Christin's team was one of two CyLab studies among the refereed papers on the agenda, the other was Q: Exploit Hardening Made Easy, co-authored by Edward J. Schwartz, Thanassis Avgerinos and CyLab faculty member David Brumley. In addition, Alessandro Acquisti and Collin Jackson delivered Invited Talks.

In this brief excerpt from the latest CyLab Chronicles, Nicolas Christin articulates the major findings of his new study.

"First, illicit online pharmacies --- or agents advertising on their behalf --- are increasingly trying to manipulate search engine results to promote their businesses. This is because they can get pretty decent conversion rates: We find they net somewhere between three and thirty purchasing customers out of a thousand people searching for drugs online. This is much more effective than email or web forum spam. As a very negative consequence, legitimate pharmacies or online health resources have been pretty much driven out of these search results entirely. Second, this attack is made effective thanks to fairly high profile websites (e.g., .edu) getting compromised and participating in the search-engine manipulation. Unfortunately, operators of these sites are very slow at cleaning up their sites -- infections last seven weeks on average, and four months on .edu sites. Third, we find that most pharmacies are connected through advertisement chains; looking at the advertising network a bit more deeply, we find that surprisingly few hosts ("redirectors") play a very important role in sending traffic to illicit pharmacies. Taking down these redirectors would almost certainly disrupt this line of business, at least temporarily." 

Some Related Posts

See all CyLab News articles