Current Weather
The Spy FM

Hackers Hijack Websites In Online Pharmacy Scam

Filed by KOSU News in Health.
August 12, 2011

People searching for prescription drug information online are being led astray by hackers and redirected to illicit online drug sellers in one out of every three searches.

“Legitimate health resources are completely crowded out,” says Nicolas Cristin, a computer scientist at Carnegie Mellon University who discovered that 32 percent of sites that turn up in search results for prescription drugs had been infected with malicious code. “It’s very hard to find legitimate pharmacies, or information like what the [Centers for Disease Control and Prevention] would give you. This is drowned out in a sea of rogue results.”

Hackers work the scam by sneaking their own code into a legitimate website. That way the site shows up on a Web search for a prescription drug. If someone clicks on the search listing, it forwards them to an online pharmacy, not to the legitimate site. The owners of the hacked site usually have no inkling their URL has been hijacked.

Shots tested the scam by Googling “Cialis no prescription,” in search of information on the drug for erectile disfunction — which Cristin predicted would yield interesting results. Sure enough, the first result showed the URL for University of Massachusetts website belonging to a computer science laboratory with the words “Cialis No Prescription OVERNIGHT SHIPPING” above it. And when we clicked on the UMass URL we were ferried off to a site hawking generic Cialis for $3.30 a pill.

This isn’t the only university site that’s being hijacked: Four of the top six results returned in this Cialis search had .edu addresses. Some didn’t connect to online pharmacies; Cristin speculates that the legitimate owners had fixed the site and removed the illicit redirect.

Hackers are more apt to choose .edu and .gov websites for these “search-redirection” attacks because they rank at the top of Google searches, and because they are generally trusted sources of information.

But increasingly, people seeking drug information through searches may not find what they’re looking for. “I really recommend that you don’t just blindly type a drug name in a search engine,” Cristin told Shots. “There’s a high possibility that the result will lead you to illegitimate websites.”

Cristin and his colleagues found out about the search-redirection attacks by accident, after a friend asked why his blog was popping up in queries about Viagra. The Carnegie Mellon researchers spent six months running searches on prescription drugs names, and found that one third of the search results pointed to websites that had been infected by hackers. Cristin presented his results this week at the Usenix Security Symposium in San Francisco.

And for people who might be considering buying prescription drugs online, Cristin has one word of advice: don’t. Go to your local brick-and-mortar pharmacy, he says, or if you must shop online, to the website of a pharmacy you know.

The Food and Drug Administration also counsels extreme caution when shopping for medication online because of all the bogus and potentially dangerous products floating around. It recommends using only online pharmacies that are accredited by the National Association of Boards of Pharmacy. [Copyright 2011 National Public Radio]

Leave a Reply

9PM to 5AM The Spy

The Spy

An eclectic mix of the Spy's library of more than 10,000 songs curated by Ferris O'Brien.

Listen Live Now!

5AM to 9AM Morning Edition

Morning Edition

For more than two decades, NPR's Morning Edition has prepared listeners for the day ahead with two hours of up-to-the-minute news, background analysis, commentary, and coverage of arts and sports.

View the program guide!

9AM to 10AM The Takeaway

The Takeaway

A fresh alternative in morning news, "The Takeaway" provides a breadth and depth of world, national and regional news coverage that is unprecedented in public media.

View the program guide!

Upcoming Events in your area (Submit your event today!)

Streaming audio and podcasts

Stream KOSU on your smartphone

Phone Streaming

SmartPhone listening options on this page are intended for many iPhones, Blackberries, etc. with low-cost software applications available to listen to our full-time web streams, both News on KOSU-1 and Classical on KOSU-2.

Learn more about our complete range of streaming services

We're perfecting the patient experience - Stillwater Medical Center