How not to buy drugs on the Internet

Disclaimer: This post is satirical in nature and meant to educate on the proliferation of scams, misinformation, and traps set up to trick those engaging in illicit or illegal activities online. Malwarebytes does not condone buying drugs on the Internet.

Perhaps you’re sitting at work one day when suddenly the thought crosses your mind: You’re going to shift careers to become a drug lord so powerful, it will put Scarface to shame. Given that you’re not currently connected to a network of cocaine suppliers, distributors, and money launderers, you naturally turn to the Internet.

But users beware: Those get-rich-quick schemes almost never work out, and that includes cashing in your good citizen chips to sell drugs. And, surprise, surprise, not all websites promising kilos of cocaine with quick shipping are being 100 percent honest with you. Let’s set out and see what we find.

Searching for suppliers

As aspiring drug lords, our first search is “buy cocaine online,” which yields hxxp://buycocaineonline.us.

Naturally, to take advantage of the free shipping, we’ll want to buy in bulk:

There are a few red flags though, mainly in that the site owners purport to take PayPal. Like most scams, you can spot the con by looking at what sort of payment they accept. PayPal leaves a digital trail that is trackable, and PayPal as a company frequently turns data over to all levels of law enforcement. So perhaps not the greatest method of getting our hands on an illicit product.

But there’s a WhatsApp number listed, so we can search on 1 (502) 509 5319. That yields the following:

This is more promising, as Chinese pharma manufacturers have been known to sell online to western consumers, both via clearnet and dark net markets. Also, there’s a Wickr ID. While use of an encrypted messenger service certainly doesn’t eliminate the possibility of a scam, drugs are brokered with the service, sometimes in person. Searching further on the Wickr ID:

No cocaine, but a significant amount of heavy pharmaceuticals with a shipping location listed as Shanghai, China. Dropping our drug lord aspirations for a moment, Chinese fentanyl and carfentanil are commonly seen as a huge contributing factor to a surge in opioid overdoses and deaths in the US. While this particular listing may or may not be a scam, acquiring real, deadly opiates via clearnet and mail is generally way too easy.

The Cnchemex handle appears on a site (now down) using an Indian name server, as well as a classified ad site targeting the overseas Indian community, suggesting the actor might be misrepresenting their location. That said, real sellers doing real harm use similar methods to push product overseas.

Why is this so easy?

Bargain hosting

hxxp://Buycocaineonline.us is hosted by Namecheap, a well-known, low cost host. Bargain hosts have a tendency to make their profits on volume, creating a business incentive toward taking all comers as fast as possible, with as little friction as possible. Great for reducing barriers of entry for low-resource users. Less great for keeping scams and malware out, as well as tracking bad actors.

Most low-cost hosts do not keep blacklists for prior bad acts, and some don’t even consider certain scams malicious if they don’t damage the user’s machine. As a result, scammers who take lots of money for “drugs” and never deliver can trivially move from one site to another without incurring significant infrastructure costs, or any significant fear of being permanently banned.

Lessons learned

The site above and those like it are pretty obvious scams 99 percent of the time. It’s easy to mock scams when they take advantage of users looking for illegal activities. But scammers like to diversify their income streams and will often use similar tactics and infrastructure for more harmful activities.

Ultimately, these scams are merely symptomatic of poorly-designed monitoring systems and underfunded security teams that allow both petty scams and destructive malware to slip through the net. Less fraud and a better Internet depend on addressing the systems failures that generate these vectors, as well as users who exercise a bit of critical thinking when presented with something too good to be true. And that includes becoming a drug lord via Internet search.

Stay vigilant and stay safe.