sign in sign up
<<
Home , Agora (web browser), Ahmia

FEATURE SHINING A LIGHT ON THE DARKNET

Shining a light on the Darknet

The Darknet is growing at a phenomenal pace. World Trademark Review dives into the murky depths to investigate the risks for brand owners

It has been variously described as “the lurid underbelly of AUTHOR: also helped citizens in countries with draconian the Internet” and “a dangerous underground marketplace TIM LINCE regulations to circumvent web censorship. for cybercriminals”. Former National Security Agency DeepDotWeb.com is one of the leading websites (NSA) contractor Edward Snowden used it to leak for Darknet-related information and developments. A thousands of pages of classified documents, and the spokesperson distils the concept in simple terms: “The Russian government has offered a sizeable reward Darknet is simply a technology that provides anonymity for anyone who can trace its users. Despite all this, and, like any technology, it can be used for better or the ominous-sounding yet somewhat misunderstood worse, since when you create anonymity there is no ‘Darknet’ is growing in popularity at a startling rate, and middle ground – either everyone is anonymous or no one trademark counsel should thus seriously consider adding is anonymous.” it to their enforcement radar. Perhaps ironically, the Darknet’s very existence is the The Darknet has existed for over a decade, but it was direct result of US government sponsorship. In 2002 the last year’s Federal Bureau of Investigation shutdown of US Naval Research Laboratory released an alpha version the notorious marketplace that really thrust it of , the software used to access the Darknet, which was into the global spotlight. It was quickly condemned as a originally designed to hide the locations and IP addresses shady space where criminals could buy drugs, weapons of US military operatives. However, the open source and even hire assassins. But although these less savoury release meant that anyone could download and use Tor, elements are undeniably present, the Darknet also has and over the years the software has become easier for its positives. For example, the anonymity it affords to the average internet user to install (eg, the Tor Browser, users enables political activists in oppressed countries to which is continually being refined, is a modified version organise protests with some degree of safety, as happened of the browser). during the Arab Spring in 2012; while the Darknet has “Nowadays, the usage of the Darknet technology

12 | OCTOBER/NOVEMBER 2014 www.worldtrademarkreview.com SHINING A LIGHT ON THE DARKNET FEATURE

is very easy: just install a browser and you are ready marketplaces alone (with the remaining smaller to go,” explains the DeepDotWeb spokesperson. “So marketplaces omitted from the figures). It is a certainty it’s obviously not hard to access. But as to whether the that this number is even higher today. Darknet is a scary part of the Internet… Well, as with “The Darknet is growing very, very fast and the closure anywhere that provides complete anonymity, people feel of Silk Road seems to have had no impact on illicit activity more comfortable doing things that they wouldn’t dare there,” confirms Bharat Dube, chief executive of online do otherwise, so it’s a good idea to do your research in brand protection firm Strategic IP Information, who advance to make sure you don’t come across anything on spends much of his time investigating brand infringement the Darknet that you wouldn’t want to.” on the Darknet. “The Darknet today looks like the Internet Indeed, preparation appears to be the key to the of the 1990s; but the minute it becomes equivalent to a Darknet. The user experience has been described as “a second or even third-generation internet experience, it major pain in the ass”, with slow load times (as data is will become a real problem for brand owners.” routed and redirected around the globe) and the lack of a properly indexed proving frustrating for many of those accustomed to the speed and convenience of the ‘surface net’. Furthermore, the ‘.onion’ domains If it becomes a ‘cool’ thing for people used on the Darknet are hashes of information rather than easy-to-remember ; and there is also the – especially teenagers – to access the need to get to grips with Bitcoin, the anonymous digital currency used for most trade on the Darknet (and with Darknet, the problem will increase little-to-no regulation, transactions are near-impossible exponentially to track).

The of the Darknet Recent news stories, including Snowden’s NSA Yet despite these inconveniences, the Darknet continues revelations and increasing concerns around privacy to grow. The exact number of active users is difficult, if on social media websites, have encouraged a growing not impossible, to quantify. However, recent research audience to seek refuge in a more anonymous offers a clue to its scale: the Tor browser was downloaded environment. “If it becomes a ‘cool’ thing for people a staggering 120 million times in the last 12 months, with – especially teenagers – to access the Darknet, the 2 million users from 110 countries accessing the Darknet problem will increase exponentially,” continues Dube. “every day”. Meanwhile, the first major effort to curb “It’s not absurd to think that it could become trendy for illicit activities – the closure of the Silk Road marketplace young people to use Tor instead of the surface web to in October 2013 – actually appears to have had the communicate or access websites.” opposite effect. DeepDotWeb conducted research in the “History suggests there’s a high probability that aftermath of the closure which revealed that the number Tor will become trendy, much as downloading songs of Darknet marketplaces has grown from just three to four was a social trend that became acceptable criminal before the Silk Road shutdown to between 35 and 40 behaviour,” agrees Harley Lewin, a partner at McCarter today. The number of products on these marketplaces has & English with more than 40 years of experience in the also increased exponentially. In February 2013 around trademark protection industry. He predicts that Darknet 18,000 products were listed; just over a year later, in April growth will be fuelled by continued incursions from 2014, this had skyrocketed to 40,000 in the top 11 both governments and web titans such as and

VOCABULARY

The following are some of the commonly used Crypto-currency: A digital or virtual currency because they are a hash of information, not words and acronyms that brand owners should that uses cryptography for security and is just a brand name like most URLs on the know before venturing onto the Darknet. notoriously difficult to track because of the surface web. absence of regulation. Altcoin: Any crypto-currency other than Silk Road: Once known as ‘the eBay of illegal Bitcoin (eg, Dogecoin, Litecoin and Namecoin). : Synonymous with Darknet. goods’, the popular Darknet marketplace was taken down by the Federal Bureau of Bergie web: The level of the Internet that lies Honeypot: A website on the Darknet or surface Investigation in October 2013. between the surface web and the Darknet. net set-up by law enforcement to attract and Peer-to-peer file-sharing networks and surface trap people participating in illegal activities. Tor: An acronym for ‘The Onion Router’, it is websites that provide information about the the software needed to access the Darknet and Darknet and pornography are part of this level. ‘.onion’: The Darknet uses ‘onion routing’, uses a technique called ‘onion routing’ to allow a technique for allowing anonymous anonymous access to the Internet. Bitcoin: The currency most commonly used communication over a computer network. This on the Darknet. Also referred to as BTC. At the means that website addresses on the Darknet Tor Browser: A modified version of the time of publication, one Bitcoin was worth $527. end in ‘.onion’ (instead of the usual top-level Firefox browser. It is available for all major domains). In turn, ‘.onion’ web addresses tend operating systems and allows access to surface Clearnet/surface web: The regular Internet. to be randomly generated letters and numbers net and Darknet websites.

www.worldtrademarkreview.com OCTOBER/NOVEMBER 2014 | 13 FEATURE SHINING A LIGHT ON THE DARKNET

Facebook into online privacy and major security hacks at game has moved to the next logical step after the good online retailers, such as the recent data breach at Target. guys worked out how to track the bad guys on the surface “Celebrities could also drive a move to the internet. Their reaction was to move to an environment anonymous internet,” he suggests. “It sounds daft, that is even more anonymous – the Darknet.” but if Angelina Jolie publicly comes out as going on To gauge the full extent of this problem, World the Darknet and it appears in gossip magazines and Trademark Review ventured onto the Darknet to websites, then people will quickly migrate, because that determine what exactly is being sold and what brand kind of thing affects behaviour.” owners should bear in mind when factoring this new Indeed, this trend may already have begun: on August threat into their anti-counterfeiting strategies. 18 2014 cult musician Aphex Twin exclusively announced Of the 40 or so marketplaces that are operating details of his eagerly anticipated new album via Tor, with on the Darknet, around six are invite-only (including the official tweet to a ‘.onion’ link and the subsequent Agora, regarded as the most popular). Many function news coverage (including information on how to access in the same way as Amazon and other familiar online the link) generating instant hype around the imminent environments, with features including a search bar, user release – and the Darknet. reviews for each listing, a list of delivery options and even ‘add to basket’ and ‘buy it now’ buttons. A counterfeiting epidemic More detailed scrutiny of three Darknet marketplaces This ongoing trend means that brand owners may – Evolution, the fourth largest at the time of publication, soon find themselves engaged in the war against Andromeda and The Pirate Market – reveals that drugs counterfeiting on an entirely new front. But the growing dominate the Darknet economy. As outlined in Table use of Tor and the Darknet is just the “latest in a 1, three-quarters of the 11,000-plus listings analysed series of ever-changing paradigms in the fight against were for drugs, from illegal narcotics to ‘legal’ highs and counterfeiting”, as Lewin explains. The traditional prescription drugs, which account for 14% of the total. model, in which large quantities of fake goods were This latter figure comes as no surprise to Lewin, who says warehoused in various countries, has more recently been that counterfeit pharmaceutical sellers have flocked to replaced by direct online sales to the consumer. “This Tor due to the hypersensitive nature of their products. was a huge shift, because vendors openly advertised “Even relatively rogue governments in terms of their products on the Internet and used methods to policies regarding trademarks and counterfeiting, such obfuscate their identity online by creating an alias or as China or India, look very seriously at those selling making it difficult to track where money was coming something that threatens the health of the population,” from and going to. Trademark counsel and brand owners he explains. “So as law enforcement and other have been playing catch-up, so the counterfeit goods administrative agencies take a harder line, the counterfeit pharmaceutical sector has moved to the more clandestine HOW TO ACCESS THE DARKNET environment of the Darknet.” Nearly 600 of the listings were for counterfeit goods, The Darknet is often portrayed as difficult to access, but it is actually very easy to from fake watches (29%) and electronics (25%) to bags set up and get started. (9%) and clothing (8%), with most offering multiple pieces per listing. Dube, who has purchased a range of 1. Download Tor: The easiest way to download Tor is to put “Tor Browser Bundle” products as part of his firm’s investigations, said those into a search engine and download it from TorProject.org. The internet browser, available on the Darknet are “the very best high-end, based on the popular Firefox browser, allows you to use the Internet anonymously state-of-the-art counterfeits”. and allows access to Darknet domains that do not work on the surface net. “There is a mismatch here with how slow and cumbersome things are to access,” he adds. “Once you get 2. Take security precautions: Just as when accessing more dubious parts of the to a marketplace, you don’t find cheap copies that are easy surface web, you should take precautions before using the Darknet: to spot as fake, but rather things that could fool even the • Make sure that all system software is up to date. most sophisticated distributor.” He mentions one specific • Make sure that firewall software is running. Darknet vendor who is selling counterfeit products on the • Turn off Javascript and cookies in the Tor Browser settings. Silk Road 2.0 marketplace: “I have ordered a few samples of • Turn off all other internet applications (eg;,other browsers and software). fake Cartier love bracelets from them and I would challenge • Never download anything from the Darknet, even innocent-looking images or anyone at quality control to tell them apart from the real PDF files. thing.” Our own research into the same vendor revealed at least 150 different high-end luxury listings, with brands It is also highly recommend not to use a company network internet connection to affected including Alexander McQueen, Burberry, Canada connect to the Darknet, as it can open up the network to breaches from certain Goose, Chanel, Dior, Dolce & Gabbana, Gucci, Lacoste, types of virus. Louis Vuitton, Nike, Oakley, Prada, Ray Ban and Versace. “Of course, as on the surface web, sometimes you 3. Find ‘.onion’ website addresses: You will need to know the domain names you order something and don’t get it,” acknowledges Dube. want to visit before you start, because there is no well-indexed search engine on the “But generally, in my experience, high-end fakes on the Darknet. However, many sites on the surface net contain to marketplaces on Darknet are virtually impossible to distinguish from the Darknet. We can recommend the continually updated lists on DeepDotWeb.com, the real thing, so are priced higher than many of the which contains domains and reviews of over 40 active marketplaces, and the Ahmia counterfeit websites on the surface web.” search engine (www.ahmia.fi/address) for a long, up-to-date list of ‘.onion’ URLs. While there were no weapons on sale in the marketplaces we investigated, Marcello Tallarigo,

14 | OCTOBER/NOVEMBER 2014 www.worldtrademarkreview.com SHINING A LIGHT ON THE DARKNET FEATURE

FIGURE 1: Categories of goods available on three exposed on the Darknet, observing that marketplaces are Darknet marketplaces inundated with credit cards from American Express, Visa, MasterCard and a variety of international banks: “You can Category % of total buy 10,000-plus valid credit cards for an average price of Cannabis 23.5% $2 to $10 each, and you can also get blank bank-specific Ecstasy 14.1% slug cards and magnetic strip printers.” There are also clues to surface net security Prescription drugs 13.6% vulnerabilities that are being exploited for profit. For Illegal stimulants 10.8% example, one of the most popular items on Darknet Accounts (bank accounts, website 7.2% marketplaces earlier this year was vouchers for UK subscriptions) supermarket Tesco (£100 vouchers were being sold for Illegal psychedelics 6.8% £43), suggesting some kind of security glitch, as few other Other illegal drugs 6.7% online retailer vouchers were offered around that time. Card fraud 6.3% Counterfeit items 5.1% An enforcement challenge for trademark Pirate software 2.9% counsel Trademark counsel facing these diverse challenges may Forged IDs/passports 1.7% feel that in many ways, the Darknet is a return to the Cigarettes 1.1% deregulated Wild West Internet of the past, suggests Legal highs 0.4% Lewin: “Working in the Darknet area is much harder than working on the surface net, where matters are more openly dealt with. The Darknet is a hyper-sophisticated FIGURE 2: Counterfeit items available on three Darknet , taking maximum advantage of digital secrecy. marketplaces When you look at how the Darknet is structured, anonymity means there is no source, which creates an Category % of total incredibly difficult tracing process.” Watches 29.3% And unlike on the surface web, counsel cannot get results simply by finding and reporting counterfeit Electronics (counterfeit/burner phones) 24.5% listings to website hosts. The DeepDotWeb spokesperson Money 19.6% points out that Darknet marketplaces have no takedown Bags/wallets 8.6% procedures, essentially because their owners have no Clothing/shoes 8.1% fear of being caught: “You can guess that on markets that Sunglasses 6.5% sell drugs openly, no one really cares about copyright or Jewellery 1.8% trademark infringement.” Accessories (eg, phone cases) 1.8% The situation is not helped by the fact that, in general, most major brand protection companies have not yet integrated the Darknet into their programmes. Felman director of online brand protection at Corsearch, says confirmed that MarkMonitor is “not currently monitoring that counterfeit weaponry is also readily available: the Darknet for goods companies”, because none have “Counterfeit Berettas and Colts are all actively sold, not to Musician Aphex Twin thus far come forward saying they believe it represents “a mention branded heavy artillery and grenades. Warzones exclusively released credible threat to their brand”. “Brands have mentioned in Eastern Europe and Africa have proliferated excess information about his concerns, of course; but they don’t think the risk is new album on the inventory that is bought by and sold on the Darknet and Darknet, with the official credible,” he continues. “They are generally spending shipped to the United States and beyond.” tweet featuring a their time looking for people who might be casual ‘.onion’ link criminals or consumers who might be confused into Searching for fraud, phishing and security breaches But counterfeiting is not the only issue that trademark counsel and brand owners should be aware of when it comes to the Darknet. For example, Frederick Felman, chief marketing officer at MarkMonitor, says that the company often monitors the space for fraud operations. “Sometimes we look for ‘fraud kits’ that are used for phishing and other related things, because we want to identify how a particular fraud operation might use the surface web to attract consumers who could be susceptible to phishing attacks or credential attacks,” he explains. “For financial fraud, it’s not as easy as finding something on a popular Darknet marketplace. You have to find different hidden forums and actually participate in their discussions; but they’re very bad people, so you need to use various layers of obfuscation.” Tallarigo confirms that financial firms are particularly

www.worldtrademarkreview.com OCTOBER/NOVEMBER 2014 | 15 FEATURE SHINING A LIGHT ON THE DARKNET

buying fake products – and most of this happens on the From replica products to ‘brightly lit’ portions of the Web, because that’s where online vouchers - consumers are and where confusion is likely to occur. examples of brand misuse on the Darknet This could change, though, and we’ll be ready to help as soon as it is needed and demanded.” The situation is similar at Corsearch – although Tallarigo predicts that the recent acquisition of Citizenhawk, which can monitor millions of web pages and auction site listings, will see its focus shift to include Darknet monitoring and enforcement “in the medium to longer term”.

Unlike on the surface web, counsel cannot get results simply by finding and reporting counterfeit listings to website hosts

“Brand owners are extremely weary of having to monitor the Darknet, because if they discover something, they could be liable,” he adds. “But proliferation will only continue and the Darknet will be an emerging market opportunity for online brand protection and security-type providers. Ultimately, the sellers on Darknet marketplaces are selling products and want to be found, so enforcement will be the same as what we do today at Corsearch as part of our online brand protection.” But Lewin, for one, is doubtful that enforcement on the Darknet will get any easier with time. “Anybody in law enforcement will tell you that once the bad guys figure out a way to do something, the good guys figure out how to catch them,” he says. “The bad guys then figure out how they got caught and then change things to try to avoid getting caught again. The good guys figure out what the changes were and catch them again. Does the Darknet make things harder for us? Yes. Does it make it virtually impossible within the framework of tools we have been using on the surface net? Probably – but not entirely.”

First steps to fighting back Notwithstanding the difficulties, Dube would urge trademark counsel to take heed of this growing threat. “If you prefer a ‘bury your head in the sand’ approach when it comes to IP enforcement, then ignoring the Darknet may be an appropriate strategy,” he says. “However, for effective IP enforcement on the Internet, the first step is to be well informed, and thus monitoring the Many brands, especially those in the growth phase, still Darknet is a very important step to take. Counterfeiting make the mistake of waiting until they trip over a problem and infringement activity in general are growing before doing anything. The key is to be proactive and not exponentially, especially in the context of the Darknet.” reactive – and that’s especially true of the Darknet.” And as ever in the counterfeiting realm, those who In practical terms, Feldman recommends that ignore the problem do so at their peril, as Lewin can counsel should initially concentrate their efforts on confirm from experience. “I was working with a assessing whether there is a real problem that is worth recently – a fairly large North American brand on the cusp the necessary investment of time and resources: “Before of going global,” he recalls. “They had this abstract idea spending a lot of money on passing it over to the that they could have a counterfeit problem in the future, professionals, you should evaluate the risk by getting but an investigation on the surface and Darknet revealed an investigator to see whether there is a credible and that they had a problem today and had absolutely no idea. consistent risk on the Darknet, which will determine

16 | OCTOBER/NOVEMBER 2014 www.worldtrademarkreview.com SHINING A LIGHT ON THE DARKNET FEATURE

whether a programme is needed against it; because it MARKETPLACES may not be a credible issue for you. Yes, there may be a bunch of people selling fake purses; but you may say The most popular Darknet marketplace for a long time was Silk Road, which was to yourself, ‘None of the consumers actually buying my taken down by US officials in October 2013. However, this led to many more product would be fooled that this is a real product, and marketplaces cropping up with the aim of attracting Silk Road’s large, trusted none of them would actually trust to buy it.’” customer base. These marketplaces are constantly fluctuating, with many closing He also has a stark warning for brand owners seeking down with no warning and new ones popping up frequently as well. to dip their toes into these murky waters. “I would also Some of the most popular marketplaces on the Darknet at the time of say to companies considering monitoring the Darknet: publication are Silk Road 2.0, Agora, Pandora, Hydra, BlueSky, The Pirate this is something that you should always leave to the Marketplace, Andromeda, Cloud 9, Evolution and 1776. professionals, because the Darknet is a very ugly place. You don’t walk at midnight down a dangerous street in a city alone – the same can be said of the Darknet.” with limited resources. After all, as Lewin observes, “It’s Indeed, the potential hazards of operating in this space not a case of, ‘We’ve got the open marketplace under mean that most enforcement initiatives on the Darknet are control – let’s turn to the clandestine stuff.’ No company currently carried out in cooperation with law enforcement has an endless bucket of money; and from an in-house agencies and large private investigator firms, such as counsel point of view, you’re constantly allocating Kroll and Steele Foundation. Singapore-based Strategic resources.” IP Information also offers a Darknet monitoring service Perhaps as a result of these pressures, engagement and Dube says that his company has created its own “ever- thus far has been scant. “I’ve been talking to clients expanding” search database to help with investigations. about the Darknet for little over a year and very few “One possible tactic here is to see if there is a way seem interested in getting information about it,” says to link illicit activity on the Darknet to activity on the Dube. “Many brands already have their hands full with surface web,” he explains. “I have not been able to prove problems relating to the surface web, so they often say, such a link so far, but it is inevitable that it will happen. I ‘Thanks for informing us, but this isn’t a priority yet.’ I often use the analogy of an onion. Step one is to find out also imagine that brand owners are bombarded by service where the infringement is – which is difficult, but not providers telling them about various monitoring services impossible. Then you start peeling off the layers to get to and probably feel like Darknet monitoring is just the the source. If people know that we’re coming after them, usual sales pitch for a monitoring tool. But with media they start making mistakes – you must remember that. coverage and the rapid growth of the user base, there’s Put pressure on them and mistakes will start to happen. a feeling that some attention should be paid to it now “Ultimately, there is no magic-wand solution to before it’s too late.” resolve counterfeiting, piracy or other illicit activities Attempts to raise awareness among brand owners that take place in the context of the Darknet,” concludes and trademark counsel were made at the International Dube. “But conversely, despite the difficulty, piercing the IP Enforcement Summit in London earlier this year; but veil of anonymity behind which illicit activity takes place they backfired somewhat when Commissioner Adrian is not impossible.” Leppard of the City of London Police claimed, on a panel about digital enforcement, that “the Tor is 90% of the Internet” – a statement that was promptly ridiculed as “silly scare-mongering” in the media and online. This widely cited myth has no basis in fact, and such misinformation will only serve to deter brand owners from seriously engaging with the problem. Public education is another weapon that could help trademark counsel to mitigate the threat to the brands they protect. There is evidence, for example, that buying counterfeits on the Darknet directly funds 11%of internet users claim to use Tor organised crime; that knowledge may be enough to SOURCE: GLOBALWEBINDEX SURVEY stop some potential buyers in their tracks, suggests Tallarigo. Moreover, the Darknet’s very existence seems to In fact, Tallarigo contends that the anonymity of contradict the concept of modern consumption. As the Darknet “has been somewhat cracked” already and Feldman notes: “In this consumer-oriented world, suggests that “arrests will soon be on the rise”. According where we’re used to using our iPhone or Android to to recent reports, hackers have exposed potential buy something in a second while we’re on the train, the vulnerabilities in the Tor Browser that would appear to hurdles that are needed to access the Darknet – installing confirm this – giving some hope to brand owners which a new and slower browser, finding credible marketplaces, may feel powerless in this lawless space. using Bitcoin – mean that it is unlikely to go completely mainstream, because most consumers value the Overcoming the education gap convenient and safe over the cheap and dangerous.” Right now, however, this may be cold comfort to many That may be true – but weren’t people saying trademark counsel, for whom the Darknet is just the something very similar about the Internet in the early latest on a lengthy list of issues that must be tackled 1990s? And look how that turned out.

www.worldtrademarkreview.com OCTOBER/NOVEMBER 2014 | 17