Prepared by Graham Hagger Consulting for the Danish Patent Office

Introduction to Internet Piracy & Investigation

What is Internet Piracy?

The term ‘Piracy’ as a means of labelling the infringement of exclusive rights in creative works has a lengthy history and predates statutory copyright legislation

Copyright holders also describe online copyright infringement, particularly in relation to peer-to-peer file sharing networks, as piracy.

The advertising, sale and distribution via the internet of any counterfeit products.

Evolution of online piracy

FTP sites (File Transfer Protocol)

IRC (Internet Relay Chat)

DCC (Direct Client to Client)

Bulletin boards / Message boards

P2P

BitTorrent

Cyberlockers

Streaming

What is a Topsite?

The ‘Online’ marketplace

What is available?

Where?

Who is selling?

Where are the profits going?

What offences are being committed?

In what jurisdiction?

How do I investigate?

Help!!

Auction sites

Classified adverts

Websites

Spam

Online marketplace

Case Study

Rugby player jailed for internet scam

A Great Britain rugby league player who admitted being behind a fake ink cartridge and computer game scam has been jailed for 15 months.

Former Hull FC player Gareth Raynor, 32, pleaded guilty to 14 counts of fraud and counterfeiting.

Hull Crown Court heard Raynor ran a web company called Genuine-Ink and sold low quality ink cartridges on Ebay passing it off as high-quality named brands.

In one year he sold £36,000 (4,200,000) of cartridges and games.

Global trade - Fake medicines

One third of all fake medicines seized in the EU come from the UAE.

Most purchased online and delivered by postal system.

What difficulties are there in gathering evidence in such cases?

http://www.nytimes.com/2007/12/17/world/middleeast/17freezone.html?_r=2&fta=y

Spam

Normally distributed via Botnets

Recent case saw three persons arrested who

were responsible for billions of messages

distributed worldwide

Typically advertise high value and illicit products

such as fake medicines

.

Evidence Gathering & Challenges

Method

Preservation of evidence

Continuity of evidence

From rights holder

Must identify property and rights pertaining to it

Defence challenges

Challenging evidence has become too difficult so

often it is process that is attacked.

‘Open Source’ searching

Could be called ‘publicly available information’

Three main categories

1. Publicly available and free

2. Publicly available by subscription

3. Available by subscription to a specific sector only

The first is usually used to sell the second.

Caution

Information, whether Online or Off line is only

as reliable and as complete as the source

providing it.

Everything should be logged. Even negative

results to provide a complete audit log of the

investigation.

Categories of Information

Voter and postal & telephone information

Credit reference facilities

Experian, Equifax,

Corporate information

Companies House reports & accounts.

People

Member directories, Contact sites, Personal networking

Places

Land Registry, Aerial photos, maps

Investigation techniques

Develop online persona, this should consist of a pseudonym, email address, and over a period of time the development of an online history.

Build a cover story

Build up commodity knowledge; it is pointless to build up a good cover story if you are unaware of the product you intend to investigate

Use accommodation addresses for delivery of articles, mail, etc

Where do I find information?

Europe –RIPE - http://www.ripe.net/

America – ARIN - https://www.arin.net/

Asia - APNIC - http://www.apnic.net/

Latin America and Caribbean – LACNIC-

http://lacnic.net/en/index.html

Africa – AFRINIC - http://www.afrinic.net/

Uniform Resource Locators

URL

http://www.dkpto.org/

Indicates the

Internet

process being

used

Indicates a

World Wide

Web Server

The

Domain

name

Indicates type

of domain

being used

Explanations

Email: graham.hagger@gmail.com

User name Separator Domain name Commercial Organisation

IP Address: 193.88.185.145

Class Network No. Sub-network No. Computer No.

Domain name: www.dkpto.org

Host Server Organisation Top level domain

Web pages

Examining Content

Most pages within a website are normally linked

together for easy navigation.

Some sites contain unlinked pages which can

only be accessed if the exact URL of that page is

known.

Web pages can be made up of several distinct

URL’s

Web sites

Examining evidence

Website copying software

download a complete site for examination and

offline viewing.

Examples

Black Widow

HTTrack

Teleport Pro

SBWCC Website capture

Email Research

Delivered-To: graham.hagger@gmail.com

Received: by 10.223.110.195 with SMTP id o3cs161933fap; Fri, 1 Jul 2011

00:59:51 -0700 (PDT)

Received: by 10.223.4.209 with SMTP id 17mr4424304fas.35.1309507190729; Fri,

01 Jul 2011 00:59:50 -0700 (PDT)

Return-Path: <prvs=016345fab0=mip@dkpto.dk>

Received: from mx01.oem.dk ([193.88.185.145]) by mx.google.com with ESMTPS id

4si4170282fau.132.2011.07.01.00.59.49 (version=TLSv1/SSLv3 cipher=OTHER);

Fri, 01 Jul 2011 00:59:49 -0700 (PDT)

Received-SPF: pass (google.com: domain of prvs=016345fab0=mip@dkpto.dk

designates 193.88.185.145 as permitted sender) client-ip=193.88.185.145;

Authentication-Results: mx.google.com; spf=pass (google.com: domain of

prvs=016345fab0=mip@dkpto.dk designates 193.88.185.145 as permitted sender)

smtp.mail=prvs=016345fab0=mip@dkpto.dk

Authentication-Results: mx01.oem.dk header.from=mip@dkpto.dk;

domainkeys=neutral (no sig)

X-MimeOLE: Produced By Microsoft Exchange V6.5

Content-class: urn:content-classes:message

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----_=_NextPart_001_01CC37C4.D967667F"

Subject: SV: Serbia in September

Date: Fri, 1 Jul 2011 09:57:45 +0200

Message-ID: <115A37C6E963AC48BA58BE54AE3FA8AE1B9DE0@pvs-mail.intellect.dkpto.dk>

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

Thread-Topic: Serbia in September

Thread-Index: Acw3TgfcXPnhFgDJQaaVGdrnY+kFRAAdb4QwAAAyjBk=

References: <115A37C6E963AC48BA58BE54AE3FA8AE1B9DD1@pvs-mail.intellect.dkpto.dk>

<6E6F46B41C2A4FEC8FFB09F744549188@theve65qh4qex1>

From: "Michael Poulsen (PVS)" <mip@dkpto.dk>

To: "Graham Hagger" <graham.hagger@gmail.com>

Received-SPF: none

Email header

Delivered-To: graham.hagger@gmail.com

Received: by 10.223.110.195 with SMTP id o3cs161933fap; Fri, 1 Jul 2011

00:59:51 -0700 (PDT)

Received: by 10.223.4.209 with SMTP id 17mr4424304fas.35.1309507190729; Fri,

01 Jul 2011 00:59:50 -0700 (PDT)

Return-Path: <prvs=016345fab0=mip@dkpto.dk>

Received: from mx01.oem.dk ([193.88.185.145]) by mx.google.com with ESMTPS id

4si4170282fau.132.2011.07.01.00.59.49 (version=TLSv1/SSLv3 cipher=OTHER);

Fri, 01 Jul 2011 00:59:49 -0700 (PDT)

Received-SPF: pass (google.com: domain of prvs=016345fab0=mip@dkpto.dk

designates 193.88.185.145 as permitted sender) client-ip=193.88.185.145;

Authentication-Results: mx.google.com; spf=pass (google.com: domain of

prvs=016345fab0=mip@dkpto.dk designates 193.88.185.145 as permitted sender)

smtp.mail=prvs=016345fab0=mip@dkpto.dk

Authentication-Results: mx01.oem.dk header.from=mip@dkpto.dk;

domainkeys=neutral (no sig)

Email header

X-MimeOLE: Produced By Microsoft Exchange V6.5

Content-class: urn:content-classes:message

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----_=_NextPart_001_01CC37C4.D967667F"

Subject: SV: Serbia in September

Date: Fri, 1 Jul 2011 09:57:45 +0200

Message-ID: <115A37C6E963AC48BA58BE54AE3FA8AE1B9DE0@pvs-mail.intellect.dkpto.dk>

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

Thread-Topic: Serbia in September

Thread-Index: Acw3TgfcXPnhFgDJQaaVGdrnY+kFRAAdb4QwAAAyjBk=

References: <115A37C6E963AC48BA58BE54AE3FA8AE1B9DD1@pvs-mail.intellect.dkpto.dk>

<6E6F46B41C2A4FEC8FFB09F744549188@theve65qh4qex1>

From: "Michael Poulsen (PVS)" <mip@dkpto.dk>

To: "Graham Hagger" <graham.hagger@gmail.com>

Received-SPF: none

Discussion

and

Questions?