Case Studies & Research

Online business anonymity is putting EU citizens’ health at risk – the COVID-19 pandemic makes it impossible to tolerate the status quo, it’s costing us lives


It is an undisputed fact that EU citizens are put in harm’s way as the sale of falsified and substandard medicines is rampant and growing on the Internet[1]. This is clearly recognised by the European Commission in its Impact Assessment for the Falsified Medicines Directive[2], which clearly states that the Internet is a major source of falsified and substandard medicines. According to the WHO, in over 50% of cases, medicines purchased over the Internet from illegal sites that conceal their physical address have been found to be counterfeit. Similarly, a study conducted under a strict protocol by the European Alliance for Access to Safe Medicines, found that 62% of medicines purchased from sites found by way of common search engines were substandard or counterfeit.[3]

Similarly, according to the non-profit independent National Association of Boards of Pharmacy of the 35,000 of websites selling medicines, more than 96% are operating illegally.[4] [5]

Unscrupulous operators prey on citizens’ fears, especially during the COVID-19 pandemic which have created opportunities for cyber criminals to capitalize on increased demand for COVID-19 cures and preventatives[6]. In fact during March 2020, at least 100,000 new domain names were registered containing terms like “covid,” “corona,” and “virus”, plus more domains registered to sell items such as medical masks.[7] Other domains have been registered and used to spam out advertisements for COVID-themed scams.

The catalogue of patient harm and deaths due to falsified and substandard medicines bought online is well documented[8].

Falsified medicines are not only a threat to patients’ safety, and sometimes life, but also lead to a significant increase of public expenditure on preventable hospitalisation. The Digital Services Act has to upgrade internet accountability across all intermediaries, not just platforms, as the vast majority of rogue pharmacy websites transact their illegal business via their own network of websites not platforms.

To prevent this illegal business and to protect the EU citizen from harm, KYBC obligations should be required by all infrastructure service providers and not be limited to marketplaces.

It is our right to have a safe and secure internet environment that protects EU citizens from dangerous and substandard medicines. The global pandemic makes it ever more urgent to act.

For more information, watch here.

Find out more on fake medicine facts here.


[1] OECD/EUIPO report Illicit trade – Trade in Pharmaceutical products
[2] 2.10.2015 SWD(2015) 189 final COMMISSION STAFF WORKING DOCUMENT IMPACT ASSESSMENT Accompanying the document COMMISSION DELEGATED REGULATION (EU) – supplementing Directive 2001/83/EC of the European Parliament and of the Council by laying down detailed rules for the safety features appearing on the packaging of medicinal products for human use.
[3] The Counterfeiting Super Highway EAASM report
[4]  Internet Drug Outlet Identification Program, National Association of Boards of Pharmacy, 2016
[5] The Internet Pharmacy Market in 2016, LegitScript and the Center for Safe Internet Pharmacies, January 2016
[6] How Covid-19-related crime   infected Europe in 2020 11 November 2020
[7] Don’t Panic: COVID-19 Cyber Threats.” Palo Alto Networks Unit 42 blog, 24 March 2020, at:
[8] Examples of patients harmed by medications purchased online

Taking the Profit Out of Intellectual Property Crime


Piracy content distribution models have become more sophisticated and professionalised over time, with piracy operations now perpetrated by a mixture of technically skilled and well-coordinated crime groups or individual offenders. That’s what independent security and defence think tank, the Royal United Services Institute (RUSI), stated in its recent report “Taking the profit out of intellectual property crime”, which looks at how and why transnational organised crime networks perpetrate online audio-visual piracy.

The report emphasises how this type of IP crime, which threatens the creative industries by profiting to the tune of hundreds of millions of pounds every year off the backs of those who create intellectual property, can also cause direct harm to consumers, delivering age inappropriate advertising, malware, fraud, and surreptitious cryptomining.

Currently law enforcement and civil actions seeking to tackle this type of criminal activity are often undermined because these services do not verify their business customers. One of the solutions recommended by the RUSI report is the implementation of “Know Your Business Customer” (KYBC) requirements for online service providers to record and verify customer identity. RUSI also calls for a more coordinated policy approach, bringing together law enforcement, regulators, financial institutions, and the private sector with the aim of contributing to the ‘demonetisation of piracy’.

Despite the report’s focus on the film and TV sector in the UK, almost all the recommendations are applicable internationally.

The complete report is available here.




Openload is a notorious pirate service – listed on the European Commission’s piracy and counterfeiting watch list. An investigation revealed that Openload operated within the European Union using infrastructure and hosting services provided by EU companies.

A court ordered the European hosting company to identify customer details for Openload, but it turned out that the listed customer was a defunct shell entity. The hosting provider admitted the customer data they hold is “purely declarative” and that it had no way of tracing or authenticating the identity of Openload. This is despite the hosting company having received more than €19 Million in fees paid through a PayPal account linked to a Costa Rican advertising agency and various untraceable credit cards.

Learn more on this video

Domains of Danger: How Website Speculators and Registrars Trade Internet Safety for Profit


Following reports of increasing fraud related to the COVID-19 pandemic, the Digital Citizens Alliance conducted a three-month investigation that found that “little to no effort” is made to police domains whose sole purpose would be to scam, endanger those most vulnerable, or entice those seeking dangerous drugs. During this investigation, the DCA found it easy to register domains such as “” and was even encouraged to bid on domains such as “”.

The report outlines how the domain name industry frequently puts profits over consumer safety and describes an industry that bases its dealings on what it can, rather than what it should do to foster a healthy internet. Furthermore, the report shines a light on the lack of due diligence conducted by a number of these companies with respect to their commercial customers – and how that indifference could have real world consequences for consumers.

Read more here.



Moonwalk was considered one of the largest content sources for a significant number of infringing streaming sites. The Moonwalk network particularly focused on serving the majority of the largest Russian piracy sites, attracting millions of end-users. ACE, together with BREIN, conducted an investigation that revealed the technical infrastructure, based in the Netherlands. BREIN and ACE obtained an injunction against the Dutch hosts which resulted in taking down the Moonwalk service. In order to effectively take action against the operators, BREIN also obtained a court order allowing BREIN to seize the necessary information to identify the responsible people behind Moonwalk in the administration of the three Dutch hosting providers. Subsequently, the hosts voluntarily provided identifying information which proved either false or not traceable. For example, the data led to people in Russia and Ukraine who clearly lacked the technical skills for such an operation.

The court case regarding the received information continues in the Netherlands: effective piracy operations are undermined by the fact that some hosting providers currently do not verify their customer data and/or do not require that their (mostly foreign-based) resellers keep verified data. It is important that hosting providers adapt their business practices, general terms and conditions and administration in such a way, to ensure that customer information is verified, authenticated and available at all times.

For more information read here.