Keeping the web safe – It's more difficult than you think

Image Credit: Pixabay (Image credit: Image Credit: The Digital Artist / Pixabay)

Psst. Looking for some “white plastic?” If you are, then you're trucking in ivory, the sale of which is illegal in many countries and U.S. states. “White plastic,” “jelly,” “yellow materials” are all code words used by online “marketers” of ivory, as they attempt to hide the illegal nature of what they are doing.

The use of code words is just one method crooks and scammers use to sell their products and hide in plain sight from authorities, using the resources of the internet, from search engines to payment systems.

The “hiding” part is what should worry us; by burying themselves in the hundreds of thousands of e-commerce sites out there, bad actors are able to peddle drugs, guns, child pornography, and many other illicit, illegal, and dangerous things that they can find markets for. And their potential customer base on the surface web is much greater than on the dark web, with customers on the former using common payment methods to pay for their goods, as opposed to the cryptocurrencies usually required to do business on the latter.

Stopping this is important; what if it was one of our kids who got hooked on opioids, for example, because a friend who introduced them to drugs was able to easily obtain them online, using their parents' credit card?

How crooks hijacked the web

In the ivory sale scam, sellers take out banner ads and text ads featuring their code words, enabling those seeking these illicit goods to find them using standard search engines, according to an organization called Traffic, which seeks to curb illegal trade in wildlife. According to the group, dozens of sites are selling illegal wildlife products including ivory, rhino horn, tiger bone, hawksbill shells, and pangolin scales, all using code words for those products. The code words appeared in tens of thousands of ads over a two year period.

The payment process for these products was also similarly masked. Traffic says, “a typical selling process can involve both websites and social media. So, e-commerce and social media can be interlinked. Sellers and buyers might switch communication channels during a transaction – which can further complicate the work of researchers and enforcement agencies.” Both the masking of the search terms and the fluid nature of payments makes it difficult for authorities to track malefactors, the Traffic briefing said.

Image Credit: Alamy

Image Credit: Alamy

Pushers prefer the post office

Drugs, of course, are a perennial favorite in illegal trade, and a recent Congressional report portrays just how easy it is for drug pushers to sell their goods online. According to the report, code words aren't even necessary; it's enough to Google “fentanyl for sale,” and a long list of ads appear. Payment is generally made in Bitcoin, but they'll accept prepaid credit cards, and cash transfers. The packages are shipped via the United States Post Office, because, according to the report, the Post Office doesn't always record electronic data on packages – as private carriers like Fedex or UPS are required to do. The report noted that sellers would even accept PayPal. 

Another tactic used by merchants of illicit goods to upend the legitimate web for their illegitimate purposes is the “safety in numbers” tactic – getting lost in a mass of merchants in an online marketplace. By getting lost in the shuffle, scammers hope to be able to sell their goods and services unnoticed by authorities.

It takes a village – and maybe a federal government – to solve this

So what can we do about this? Clearly there are a lot of holes out there that bad actors can hide in, and shining a light on these holes needs to be a top priority. Doing that is going to take organized action on the part of government, as well as tech firms and concerned citizens, who will make it their mission to clean up the surface internet, even if the dark web remains beyond our reach for now.

A good example of that in action is a recent operation by the FDA and Interpol, the eleventh edition of what has become an annual exercise to root out illicit drug sales on the web, both dark and surface. Called Operation Pangea XI, this year's operation netted law enforcement 465 sites that sell potentially dangerous, unapproved versions of opioid, oncology and antiviral prescription drugs to U.S. consumers. 

Of special interest, the agency said, was the way merchants made their sales – with investigators “focused on credit card processors involved in an arrangement known as 'transaction laundering' or 'factoring,'” the agency said. They added that, “under this scheme, the business operations process payments for illegal online drug networks through shell companies such as clothing stores or florists that are seemingly not related to online pharmacies. The FDA’s investigation of these payment schemes led to a federal indictment charging a complex conspiracy related to transaction laundering for online pharmacies.” 

online payment from a laptop

Image Credit: Pexels

Transaction laundering – the foundation of illicit surface web e-commerce

Transaction laundering is indeed a huge part of this, because it enables bad actors to use  conventional business tools – credit cards, bank transfers – to conduct their illicit activity. Besides allowing bad actors access to so many more customers (or victims), using merchant platforms to spread their poison pollutes e-commerce, giving online merchants a black eye, and increasing their risk for unwittingly getting caught up in illegal activity. 

For example, an online marketplace with thousands of merchants could easily be exploited by bad actors, who would host their store on the site, and use the marketplace's payment and shipping tools to connect with customers. In just the one-week period Operation Pangea was active, authorities shut down over 3,500 links, ads, social media pages and marketplace affiliate pages leading to merchants of illegal drugs. Worldwide, almost one million packages were inspected, with 500 tons of illicit pharmaceuticals seized.

With the internet now permeating every aspect of our lives, and online sales set to keep growing, the problem of illegal goods being sold via legitimate sites and upending legitimate payment systems will keep growing. Law enforcement, marketplace sites, banks, and other concerned parties need better tactics to prevent the misuse of the web by these criminals. Tech companies need to be front and center in this struggle; only with advanced tech to detect illicit activities, transaction laundering, and other undesirable behaviors can we hope to keep the web safe – for us and for our kids. 

Ron Teicher, CEO and Founder of EverCompliant

  • Keep your systems protected from the latest cyber threats with the best antivirus
Ron Teicher

Ron Teicher is the CEO and founder of EverCompliant. Prior to founding EverCompliant, Ron led the compliance product initiatives at Watchfire (acquired by IBM). He has more than 10 years of working experience in that field.