Prepared by Graham Hagger Consulting for the Danish Patent Office
Introduction to Internet Piracy & Investigation
What is Internet Piracy?
The term ‘Piracy’ as a means of labelling the infringement of exclusive rights in creative works has a lengthy history and predates statutory copyright legislation
Copyright holders also describe online copyright infringement, particularly in relation to peer-to-peer file sharing networks, as piracy.
The advertising, sale and distribution via the internet of any counterfeit products.
Evolution of online piracy
FTP sites (File Transfer Protocol)
IRC (Internet Relay Chat)
DCC (Direct Client to Client)
Bulletin boards / Message boards
P2P
BitTorrent
Cyberlockers
Streaming
What is a Topsite?
The ‘Online’ marketplace
What is available?
Where?
Who is selling?
Where are the profits going?
What offences are being committed?
In what jurisdiction?
How do I investigate?
Help!!
Auction sites
Classified adverts
Websites
Spam
Online marketplace
Case Study
Rugby player jailed for internet scam
A Great Britain rugby league player who admitted being behind a fake ink cartridge and computer game scam has been jailed for 15 months.
Former Hull FC player Gareth Raynor, 32, pleaded guilty to 14 counts of fraud and counterfeiting.
Hull Crown Court heard Raynor ran a web company called Genuine-Ink and sold low quality ink cartridges on Ebay passing it off as high-quality named brands.
In one year he sold £36,000 (4,200,000) of cartridges and games.
Global trade - Fake medicines
One third of all fake medicines seized in the EU come from the UAE.
Most purchased online and delivered by postal system.
What difficulties are there in gathering evidence in such cases?
http://www.nytimes.com/2007/12/17/world/middleeast/17freezone.html?_r=2&fta=y
Spam
Normally distributed via Botnets
Recent case saw three persons arrested who
were responsible for billions of messages
distributed worldwide
Typically advertise high value and illicit products
such as fake medicines
.
Evidence Gathering & Challenges
Method
Preservation of evidence
Continuity of evidence
From rights holder
Must identify property and rights pertaining to it
Defence challenges
Challenging evidence has become too difficult so
often it is process that is attacked.
‘Open Source’ searching
Could be called ‘publicly available information’
Three main categories
1. Publicly available and free
2. Publicly available by subscription
3. Available by subscription to a specific sector only
The first is usually used to sell the second.
Caution
Information, whether Online or Off line is only
as reliable and as complete as the source
providing it.
Everything should be logged. Even negative
results to provide a complete audit log of the
investigation.
Categories of Information
Voter and postal & telephone information
Credit reference facilities
Experian, Equifax,
Corporate information
Companies House reports & accounts.
People
Member directories, Contact sites, Personal networking
Places
Land Registry, Aerial photos, maps
Investigation techniques
Develop online persona, this should consist of a pseudonym, email address, and over a period of time the development of an online history.
Build a cover story
Build up commodity knowledge; it is pointless to build up a good cover story if you are unaware of the product you intend to investigate
Use accommodation addresses for delivery of articles, mail, etc
Where do I find information?
Europe –RIPE - http://www.ripe.net/
America – ARIN - https://www.arin.net/
Asia - APNIC - http://www.apnic.net/
Latin America and Caribbean – LACNIC-
http://lacnic.net/en/index.html
Africa – AFRINIC - http://www.afrinic.net/
Uniform Resource Locators
URL
http://www.dkpto.org/
Indicates the
Internet
process being
used
Indicates a
World Wide
Web Server
The
Domain
name
Indicates type
of domain
being used
Explanations
Email: [email protected]
User name Separator Domain name Commercial Organisation
IP Address: 193.88.185.145
Class Network No. Sub-network No. Computer No.
Domain name: www.dkpto.org
Host Server Organisation Top level domain
Web pages
Examining Content
Most pages within a website are normally linked
together for easy navigation.
Some sites contain unlinked pages which can
only be accessed if the exact URL of that page is
known.
Web pages can be made up of several distinct
URL’s
Web sites
Examining evidence
Website copying software
download a complete site for examination and
offline viewing.
Examples
Black Widow
HTTrack
Teleport Pro
SBWCC Website capture
Email Research
Delivered-To: [email protected]
Received: by 10.223.110.195 with SMTP id o3cs161933fap; Fri, 1 Jul 2011
00:59:51 -0700 (PDT)
Received: by 10.223.4.209 with SMTP id 17mr4424304fas.35.1309507190729; Fri,
01 Jul 2011 00:59:50 -0700 (PDT)
Return-Path: <[email protected]>
Received: from mx01.oem.dk ([193.88.185.145]) by mx.google.com with ESMTPS id
4si4170282fau.132.2011.07.01.00.59.49 (version=TLSv1/SSLv3 cipher=OTHER);
Fri, 01 Jul 2011 00:59:49 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected]
designates 193.88.185.145 as permitted sender) client-ip=193.88.185.145;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
[email protected] designates 193.88.185.145 as permitted sender)
Authentication-Results: mx01.oem.dk [email protected];
domainkeys=neutral (no sig)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01CC37C4.D967667F"
Subject: SV: Serbia in September
Date: Fri, 1 Jul 2011 09:57:45 +0200
Message-ID: <115A37C6E963AC48BA58BE54AE3FA8AE1B9DE0@pvs-mail.intellect.dkpto.dk>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Serbia in September
Thread-Index: Acw3TgfcXPnhFgDJQaaVGdrnY+kFRAAdb4QwAAAyjBk=
References: <115A37C6E963AC48BA58BE54AE3FA8AE1B9DD1@pvs-mail.intellect.dkpto.dk>
<6E6F46B41C2A4FEC8FFB09F744549188@theve65qh4qex1>
From: "Michael Poulsen (PVS)" <[email protected]>
To: "Graham Hagger" <[email protected]>
Received-SPF: none
Email header
Delivered-To: [email protected]
Received: by 10.223.110.195 with SMTP id o3cs161933fap; Fri, 1 Jul 2011
00:59:51 -0700 (PDT)
Received: by 10.223.4.209 with SMTP id 17mr4424304fas.35.1309507190729; Fri,
01 Jul 2011 00:59:50 -0700 (PDT)
Return-Path: <[email protected]>
Received: from mx01.oem.dk ([193.88.185.145]) by mx.google.com with ESMTPS id
4si4170282fau.132.2011.07.01.00.59.49 (version=TLSv1/SSLv3 cipher=OTHER);
Fri, 01 Jul 2011 00:59:49 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected]
designates 193.88.185.145 as permitted sender) client-ip=193.88.185.145;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
[email protected] designates 193.88.185.145 as permitted sender)
Authentication-Results: mx01.oem.dk [email protected];
domainkeys=neutral (no sig)
Email header
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01CC37C4.D967667F"
Subject: SV: Serbia in September
Date: Fri, 1 Jul 2011 09:57:45 +0200
Message-ID: <115A37C6E963AC48BA58BE54AE3FA8AE1B9DE0@pvs-mail.intellect.dkpto.dk>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Serbia in September
Thread-Index: Acw3TgfcXPnhFgDJQaaVGdrnY+kFRAAdb4QwAAAyjBk=
References: <115A37C6E963AC48BA58BE54AE3FA8AE1B9DD1@pvs-mail.intellect.dkpto.dk>
<6E6F46B41C2A4FEC8FFB09F744549188@theve65qh4qex1>
From: "Michael Poulsen (PVS)" <[email protected]>
To: "Graham Hagger" <[email protected]>
Received-SPF: none
Discussion
and
Questions?