IP infringement and data misuse: The dark side of the dark web
30 September 2022
Away from the surface of the online world – or what the public knows and calls as the internet – is another part of the digital frontier hidden from most of us.
Unlike the internet as most of us know it, this part of the online space cannot be accessed by regular browsers and cannot be indexed by search engines. Anonymity is also maintained here.
But as in the internet, various sites and activities are also available and taking place in this part. There are forums and chat rooms where people can freely discuss issues and current events. There are blogs about different topics and social media sites as well. Also found here are websites of several organizations including media outfits.
Seems harmless. Yet, unlawful activities are also happening here.
Along with those harmless sites are marketplaces illegally selling drugs, firearms and malware as well as sites peddling pornography.
Infringement of intellectual property rights, particularly trademark and copyright, is also rampant with the presence of marketplaces for counterfeit and pirated goods. These include clothing, textiles, accessories, electronic devices, pharmaceuticals, jewelry, software, e-books and luxury goods.
Also commonplace are peddlers of stolen bank account numbers, credit card account numbers, prepaid debit cards, IDs, social security numbers, fake passports, passwords, subscriptions to TV channels, music platforms, online game accounts, information tied to Zoom accounts and other personal data.
In April 2020, it was reported that credentials for over 500,000 Zoom accounts were being sold in this hidden part of the internet at a bulk price of US$0.002 per account. Among these Zoom account details were usernames, passwords and personal meeting URLs belonging to companies and universities. In some cases, they were even given away for free.
“Similarly, malware-as-a-service is commonly traded, to use in hacking personal data,” says Rebeccah Gan, a principal at Muncy, Geissler, Olds & Lowe in Washington.
This corner of the online world is called the Dark Web, established for those who prefer to hide their identities online.
To access the Dark Web, one must download The Onion Router (Tor) browser, or use Freenet or I2P which are self-contained networks and invest in a virtual private network for additional security. All these keep the user’s anonymity as he browses the Dark Web.
“These software layers bypass the encryption needed to get through to these websites and also make users anonymous.
Anonymity is the greatest weapon, and with the advent of cryptocurrency, payment will be untraceable, access to black marketplaces therefore will become frequented and this would also become a growing channel of communication enabling little tracing of the perpetrators unless the law enforcers move one step ahead or are able to breach the technology enabled in the Dark Web,” explained Savitha K. Jagadeesan, senior resident partner at Kochhar & Co. in Chennai.
Gan, however, stressed that the Dark Web itself is not illegal.
“It is important to remember that the Dark Web can be a safe space for political dissidents, whistleblowers, journalists, etc., who would otherwise be endangered by revealing their identities online,” said Gan. “However, this anonymity also provides a safe haven for IP infringement and privacy theft.”
Indeed, the anonymity offered by the Dark Web presents illegal sellers with less chances of being caught.
But outside the Dark Web, the ramifications are serious. Let’s take data theft as an example. In 2018, data including bank details purchased in the Dark Web resulted in almost US$11.5 million withdrawn from the Cosmos Bank in Pune, India, within just a short period of time.
The rise of Bitcoin, used by Dark Web drug dealers on a site called Silk Road, helped spur these criminal activities. Blockchain data platform Chainalysis reported that Dark Web bitcoin transactions climbed from around US$250 million in 2012 to US$872 million in 2018. Now, a host of other cryptocurrencies are also being used in Dark Web transactions.
“The traffic of the Dark Web is almost as much as the normal web,” said Panisa Suwanmatajarn, managing partner at The Legal Co. in Bangkok. “It is almost to impossible to trace who is actually doing what.”
However, there are ways to do the tracing without letting copyright and trademark infringers as well as data privacy violators know they are being hunted down in the Dark Web.
“IP and data privacy lawyers/attorneys and enforcement authorities need sophisticated technological tools and providers of specialized services to take down these wrongdoers,” said Suwanmatajarn.
“Both law enforcement and IT professionals rely in part on AI-based web intelligence solutions. In the IP space, companies frequently work with third-party vendors which offer dark web monitoring,” shared Gan.
According to Suwanmatajarn, sometimes, the lawyer, attorney or enforcement authority has to pose as a criminal himself to infiltrate the criminal network.
For Jagadeesan, the first step is to have dedicated trained personnel and the use of crackers and individuals who know the machinations of the Dark Web. She said this means deputizing digital civilians.
“Having said that, enforcement and legal personnel would be required to understand, be conducive to the digital world, enjoy the digital world in order for them to be able to arrest the growth of the Dark Web,” she said.
Jagadeesan added it is also imperative to train internet service providers (ISPs) to enable communication lines between them and legal personnel. If communication lines are strengthened between these two sides, ISPs will be able to disclose details of user activity.
Tracking and traceability should also be applied to Bitcoin transactions.
“Bitcoin transactions cannot be left without tracking and traceability as normal physical banking transactions that are tracked to trace a wrongdoer. The same is required to be done for bitcoin transactions in real world so that looking at the pattern of transaction, authorities can try to identify the parties in a transaction,” Jagadeesan explained.
In the United States, counterfeiting on the Dark Web involving American companies or individuals may be reported to the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center, provided evidence is available.
Meanwhile, incidents of data misuse involving companies with locations in the US including network intrusion, data breach and ransomware attacks may be reported to local FBI field offices.
The FBI took down Silk Road in 2013 and arrested its operator Ross Ulbricht.
In 2017, the FBI, together with the U.S. Drug Enforcement Agency, Dutch National Police and the Europol, took part in an operation that paved the way for the shutdown of AlphaBay and Hansa, two of the largest marketplaces in the Dark Web. The two sites were peddling over 350,000 illegal goods that included stolen and fake IDs, counterfeit products and malware, among others.
Other Dark Web sites busted by law enforcement include Dark Market, Hydra, Wall Street Market and Valhalla, among many others.
The bad news is that AlphaBay is back and running true to form in the Dark Web. Five years after its central server in Lithuania was seized, its reappearance now comes with extra layers of technical protection. It also uses the cryptocurrency Monero instead of Bitcoin, which makes it harder for authorities to hunt them down. Plus, AlphaBay’s security specialist and number two administrator who is now spearheading the reborn site, known merely as DeSnake, said he is now in a former Soviet country with which the U.S. has no extradition treaty. The site’s creator, Alexandre Cazes, was arrested in Bangkok and later was found dead while serving jail time in Thailand.
According to risk intelligence global leader Flashpoint, the first half of 2022 saw AlphaBay accumulating over 1,300 active sellers. As of late May 2022, the site was dangling more than 30,000 unique product listings including stolen data and malware.
So, despite the shutdowns and arrests, a nefarious site can come back and continue to rear its ugly head on the Dark Web. With the aid of upscale technology, it can come back even stronger than it ever was. This is the really dark side of the Dark Web.
As such, there is no denying that legal systems and enforcement authorities should always be one step ahead of these perpetrators, as Jagadeesan said, by putting regulations in place, expanding their knowledge of the digital space and using modern tools, lest they prefer to play catch up all the time.
“The risk of bringing a regulation is going against the fundamental right to access the internet. However, every right brings its set of duties, therefore no place can be left without regulation, lest anarchy prevails. It’s a misnomer to think law will curtail the growth of the web. If that was the case,” said Jagadeesan, “man would never have progressed.”
If authorities don’t take the Dark Web seriously and would rather play catch up with technology, expect things to spiral as far as unlawful activities are concerned. In the end, it isn’t just IP right owners and direct victims of such illicit trading that will be seriously affected, but the whole world.
- Espie Angelica A. de Leon