Skip to content

Illicit underground pharma sales are on the decline

Authorities have shut down dedicated underground pharmaceutical drug markets in big numbers over the last three years. But many are still active.

Photo by Nastya Dulhiier / Unsplash

Getting a specific medicine isn’t always so easy. Most pharmaceuticals can only be purchased with a doctor's prescription, and some may not have the means to find or pay for medication.

Therefore, the dark web is the best option for many to acquire prescription drugs. Various underground marketplaces and forums sell them, and buyers can purchase without prescriptions or revealing too much personal information.

Cybersixgill For Threat Hunters
Access Cybersixgill’s fully automated underground intelligence solution for threat hunters to eliminate future threats.

However, the quantity of pharmaceuticals for sale on the underground has significantly declined over the last few years due to actions from law enforcement, which has shut down several markets, seized assets, and sentenced market operators to lengthy prison terms. Notably, in a major operation last year, authorities from Europol impounded more than $31 million in cash and cryptocurrencies as well as 234 kg of drugs. This included 152 kilograms of amphetamine, 27 kg of opioids, and over 25,000 ecstasy pills.

These events, in our understanding, drastically changed the underground pharmaceutical market: a search for popular prescription drugs (such as opioids) resulted in a dramatic decrease in the number of pharmaceutical medications offered for sale from 2020 to 2021 and then relative stability from 2021 through the end of October 2022. (Figure 1).

Figure 1: Pharmaceutical drugs offered for sale over the last three years, including projections through the end of 2022. The number of posts dropped 79% from 2020 to 2021 and is expected to remain relatively stable from 2021 to the end of 2022.

Furthermore, we must consider the effect of Covid on the underground pharmaceutical market. Cybersixgill research in 2020 found that the global lockdowns had wide-ranging ramifications for the supply chains and business protocols of the illicit drug trade, which experienced a growth spurt of 495% between December 2019 and April 2020. We can partially attribute the dropoff from 2020 as a reversion to the mean.

Cybersixgill for Analysts
Eliminate alert fatigue and preemptively protect your organization by cutting through the noise from the deep and dark web.

Even so, the underground marketplace for pharmaceuticals persists. Accordingly, we can find listings selling a variety of medications, such as opioids, stimulants, and steroids.

Pharmaceuticals differ from most items sold on the dark web for two reasons: they are physical products. While digital items, such as credit card numbers, credentials, or malware, can be delivered instantly across the globe, it is more complicated to ship physical contraband. Second, considering that they are ingested, there are life-threatening risks involved for the buyer. Quality, therefore, must be guaranteed.

For these reasons, pharmaceutical market listings generally contain considerable information that attests to the item’s legitimacy. Posts can include the item description, acceptable payment methods & prices, shipping countries, and returns & delivery terms. So let’s take a closer look.

Item Description

The actor provides broader information on the related product in this post section. This intel can help us understand the seller's background and level of operations.


Posts contain a visual description, such as the pill’s imprint (figure 2), which is an essential piece of information that can validate the product. In addition, posts may detail the shape and color of the tablet.


Besides that, the actor provides instructions on the usage of the item. For example, in figure 3, the threat actor explains that the drug can be sniffed, injected, and used in other ways, depending on the customer's preference.


Moreover, we can also find the supplier (the factory/vendor) of the mentioned pharmaceutical.

Figure 2: Amphetamine and Dextroamphetamine 30mg pills offered for sale with an average price of $13 per pill.
Figure 3: M30 Oxycodone manufactured by Mallinckrodt pharmaceuticals offered for sale.

Prices & Payment Methods

Prices are one of the most essential parts of product validation. If the price is too high or too low, it can indicate the wrong message about the actor, the product's origin, and its safety. In addition, prices of a single drug can fluctuate depending on the market and the desired purchase quantity.

For example, in figure 3, a threat actor offers to buy 13 tablets of M30 Oxycodone hydrochloride at $68 per pill, where the prices in local pharmacies, according to drugs.com, stand around $8 per 30mg pill. Thus, the underground product costs 7.5 times more than the legal market. According to CNN, the street price for brand-name OxyContin is $50 to $80 per pill (Figure 3&5), while generic oxycodone sells for $12 to $40 per pill. In a local pharmacy, both pills sell for around $6 (average size of 20mg).

Sometimes, like in any legal/illegal shop, special offers exist. For example, the more you buy, the less you pay per item (figure 5). Usually, the acceptable payment methods for purchasing pharmaceuticals on the dark web are with cryptocurrency to preserve anonymity.

Figure 4: 500 pills of Cialis 20mg offered for $99 with the worldwide shipment.
Figure 5: 30 pills of Oxycontin offered for $1,965, shipment only in the United States.

Shipping & Refund Policy

For full anonymous delivery, threat actors use different delivery services, such as UPS, FedEx, etc. (figure 5). In this way, they don’t deliver the products physically and don’t risk themselves by exposing their identity. In some cases, the shipping rate is included with the mentioned price. It also depends on the country’s location. The further the shipment is, the higher the delivery price.

An interesting point to notice is the cheapest delivery country. This could indicate the location of the seller or their associates.

There are different approaches to returns and delivery terms by the sellers. Some do not allow any option for refund except for unusual occurrences, such as customs takeover (figure 6). Other actors offer a refund if the delivery takes longer than promised.

Figure 6: Refund policy for amphetamine sale in one of the underground markets.
Figure 7: Refund policy for Oxycontin sale in one of the underground markets.
Cybersixgill for CISOs
Automated, real-time threat intelligence for CISO’s provides investigation capabilities to reduce cyber risk. Break cybersecurity silos.

Conclusion

While there is no shortage of items sold on the underground that can inflict massive financial damage, narcotics, and pharmaceuticals (along with weapons) are in a category of their own in their capacity to cause physical harm. Even as law enforcement authorities have shut down multiple markets and arrested suppliers, underground pharmacies threaten public health.

However, because these items must be shipped, there is more opportunity for law enforcement to fight this market than the trade of, for example, malware or compromised credentials. We are hopeful that authorities can degrade and disrupt this dangerous trade by monitoring underground listings and tracking suppliers and shipments.

Comments

Latest