Blog dedicated to reporting on Mexican drug cartels
on the border line between the US and Mexico

Thursday, September 28, 2023

Hackers Exploited Google Search Loophole to Advertise Narcotics on DEA, Interpol, FDA & IRS Websites

"Socalj" for Borderland Beat

This article is based on an investigation by Insider.

"Cocaine for sale here," the page hosted on the FDA's website said alongside a telephone number and a handle for the encrypted messaging app Wickr. "Buy crystal meth online."

The culprit is a recent change by Google that makes defacing websites with advertisements for where to buy cocaine, heroin, meth, ketamine, Xanax, black-market Ozempic, ecstasy, and other drugs suddenly a viable way to find customers.

Many websites set up their internal search functionality in a way that creates a new, permanent webpage for every unique search string that users enter, effectively giving users the power to create a webpage on the site. When you enter "see Jane run" into the search box on the FDA's webpage, for instance, the site creates a search-result page with its own unique address to show you the results, whether there are any hits or not. (The FDA since has blocked pages with drug ads after Insider alerted the agency they existed.)

Drugs advertised on the Food and Drug Administration's website.

Last year, Google rolled out an internal change that moved many of those user-generated result pages into the vast library of content that shows up when people use Google Search.

The company said its automated web crawler had grown so sophisticated that it knew "automatically" which pages were important to index. Before the change, many website owners manually restricted Google from crawling the results of internal searches. Google's announcement of the change made it sound like the upgraded web crawler would do the same.

It doesn't. Nor does it always appear to pay attention to other signals webmasters code in asking Google not to index their search results. Now it's relatively simple to create advertisements on websites' internal search pages for how to buy drugs and have those pages show up in Google's search results — massively expanding drug dealers' reach.

In practice, this means that bad actors are identifying websites that have an internal search function and are seen as trustworthy by Google — such as government, educational, and media websites — and putting in searches for things like "buy cocaine," along with Telegram handles or a website address.

Slipping these messages into highly trusted websites increases the likelihood that prospective drug buyers will see the ads. Websites for government agencies, nonprofits, and media organizations are more likely to show up higher in search rankings.

A Google search for "buy heroin" from September 27, 2023, returns a result with a defaced page from the government website of Ontario, Canada, as well as other vandalized websites.

At the time of publication, the government-maintained website for Ontario was one of the top results when searching "buy heroin," with detailed information on whom to contact. The UN Office on Drugs and Crime, which recently published a report on online drug sales, hosted ads for cocaine.

The website for Interpol, the international police agency that is charged, in part, with fighting drug traffickers, was in the top five results for "buy cocaine." (After Insider alerted the agency that its page had been hijacked, the company temporarily turned off its website's internal search functionality and purged the pages of drug ads. An Interpol spokesperson said that it had "taken steps to ensure this content is no longer visible in Google searches.")

Insider identified more than four dozen websites for government agencies, universities, news organizations, nonprofits, and businesses that had been hijacked and indexed on Google. 

Insider's own website was among those hit.

In a statement, a Google spokesperson said the company's "advanced spam-fighting systems enable us to keep Search 99% spam-free, and we're continuously improving these systems to fight the increasing volume of spammy content online."

When it came to getting rid of the drug-market ads, the spokesperson suggested that website owners take "the appropriate action to prevent these pages from appearing in Google Search," sharing a link to what website owners should do.

Ads on the hijacked websites led to Telegram channels where drugs and guns were advertised for sale. 

Quick Access to Online Black Markets

Some of the illicit advertisements direct searchers to Telegram channels with thousands of members where cocaine, ecstasy, opiates, marijuana products, and guns are advertised.

We viewed five such channels where people post photos of the goods they say they're selling, tout their rapid shipping through the US Postal Service, and instruct purchasers to send money through Cash App.

The channels are active, sometimes with numerous posts a day. They're crowded with hundreds of photos of oxycodone pills, Xanax tablets, MDMA crystals, blocks of cocaine, marijuana buds, and brightly packaged edibles. Some share screenshots of supposed testimonials from happy customers. One channel that had advertised on the website of the Scottish police also appeared to sell guns, including AR-15-style rifles. Other advertisements were for websites where users could apparently order heroin and cocaine in bulk and pay in cryptocurrency.

Insider direct-messaged seven Telegram handles using this Google hack to ask what they were selling, and two responded. One offered a menu of illicit drugs, including cocaine, amphetamines, and heroin. The other said they were selling bank account information and cloned credit cards. The Insider did not respond to the messages.

Public Telegram channels selling drugs began proliferating around 2020, ​​Monica Barratt, a drug-policy expert and senior research fellow at the Royal Melbourne Institute of Technology, said in an email. Barratt's research estimates that roughly one-third of drug sales now take place online.

"Any further advertisement of these channels, especially if it is well placed and targeted, could increase sales," Barratt added.

When Insider messaged Telegram accounts advertising on the hijacked websites, two rapidly responded offering to sell illicit goods.

Hackers are savvy about how to game Google's search results so their advertisements rank highly. They create content on webpages that Google considers highly trustworthy, such as sites for government agencies, schools, nonprofits, and news organizations. "People are using that trust for nefarious purposes," Kubaitis said.

That's why instructions for buying mushrooms online in Fresno, California, appear on the website of the Centers for Disease Control and Prevention. It's why someone advertised how to buy cocaine and fentanyl in Pittsburgh on a National Institutes of Health website. And it's why a Cleveland Clinic page with contact information for a person claiming to sell crack is one of the first Google results for people who want to "buy cocaine online" in Clairton, Pennsylvania.

Hackers targeted a Drug Enforcement Administration website to advertise drugs. 

Other organizations related to the drug trade were also hacked. The first result for "buying cocaine online" in New York is a Drug Enforcement Administration website. It directs searchers to the Telegram user who offered to sell Insider cocaine, heroin, and methamphetamines. The Australian Alcohol and Drug Foundation, an anti-drug-abuse nonprofit, contains contact information for people saying they sell cocaine, Xanax, and fentanyl. One of the first results for "buy crack cocaine Chicago Telegram" is the website for the narcotics-addiction-treatment program Narconon, defaced with the contact information of an apparent drug dealer.

The IRS website was defaced with an advertisement for online drug sales. 

Insider identified so many websites exploited in this way that these examples only scratch the surface. A search for the Wickr and Telegram handle of one illicit drug advertiser in Google returned over 7,000 results across over 24 domains, with some websites being hit hundreds or thousands of times.

The language of the ads themselves is typical search-engine-optimization garble, designed to be read by Google's crawler but nearly unintelligible for humans. They're not complete sentences, just a list of keywords — usually drugs — cities, and contact information. The company's recent decision, for instance, to begin indexing artificial-intelligence-authored content has drawn outrage from some website owners who say traffic to their pages has shriveled while junk AI-written content wins Google's search rankings.

For now, a simple Google search leads prospective drug buyers to markets on Telegram.

In one channel, an apparent dealer shared a screenshot of a message he'd received from a purported client. "How's the morphine syrup?" the dealer asked. "Was a killer," the client responded.

Source Insider


  1. Good article..
    When did this shit get so complicated?
    Back in the day, the connect would front you something, you'd do your best to sell it without getting burned or busted, pay the guy what you owe and get some more..

    1. Still works that way. This is more aimed at the dark web type dealers that sell online. 9 times out of 10 their customers are the suburban kids too scared to deal with people in real life.

    2. nah not everyone knows people who sell certain drugs they want. You can buy any drug you want online.

  2. Yeahh well the problem is that a lot of people know think about robbing the connect. Think very short term. Most are doing the drugs they are selling and have no control.
    So things have changed. Once I was fronted 10,000 E’s where I was only making .25 cents. But it was cool. Still was 2500 since I was moving them in one shot.

    Now people don’t even want to front a Xanax.

    Rubio NYC

  3. 98% of us like "daaaaaaayummm so they hacked Google..."

  4. Funny thing is I tried a search for the heck of it. And it still works. Wtf??

    Rubio NYC

  5. I don't see anything actually being hacked here, just gaming search engines and taking advantage of a change in the way Google works.

  6. I wonder what Mexican cartel US authorities will tie this to. It seems like the US wants to link every drug crime on a Mexican cartel.

    1. That’s where all the drugs come from is the Mexican drug cartels Einstein. So naturally I’m sure the cartels links somewhere in the chain of custody.

  7. Those are all scammers. If it's not on a legitimate DarkWeb exchange with a trusted seller, it's a scam 99.9% of the time.


Comments are moderated, refer to policy for more information.
Envía fotos, vídeos, notas, enlaces o información
Todo 100% Anónimo;