[anti-abuse-wg] Counterfeit shops pres follow-up

The data is out there and has been analyzed in multiple places.

However, in the interests of sanity - and so that this issue does not
get ignored by pointing out where all it is not relevant to RIPE NCC's
mandate or out of scope of any RIR .. [such as domain names for
example, you want ICANN for that, and the UDRP] ..

Can you please focus on

1. How many of these resolve to IPs in the RIPE coverage area
2. How many of them are actual RIPE allocations to malicious entities,
rather than compromised IPs for example?

#2 in particular.

thank you
--srs

On Mon, Oct 8, 2012 at 6:09 PM, Peter Forsman <peter.forsman at iis.se> wrote:
> Hi AntiAbuse WG,
>
> In my presentation at last weeks AntiAbuse-wg session [1][9], which was under time constraints, I would like add the following...
>
>
> I would like to suggest that the community analyze some risks that might follow the growth of the counterfeit shops on the Internet, that I showed in my presentation. I'll try to give you some more input, while I'll let you do your own conclusions...
>
> A brief history
> ---------------
>
> The growth by this extremely advanced network(s) of counterfeit websites have been seen since about 3 years back in time. There is nothing that indicates that it would stop grow or decrease, rather the opposite, especially with the upcoming new gTLDs and the expected price war that they will bring into the domain market.
>
> The current situation
> ---------------------
>
> According to my findings (from the 46 TM:s I have studied) there are at least 100 000 active counterfeit shops under "the big five" gTLDs, using the TM:s in the domain name.
> Most likely, we could add another 50 000 shops of this network under ccTLDs and websites using generic words in the domain name like "LAARZENNL.COM <http://LAARZENNL.COM/> " = "Laarzen" (Dutch for "Boots") + "NL" (Countrycode for "Netherlands").
> With 150 000 active shops there are another 150 000 ones, without active content (to be used "in case of" an ADR (Alternative Domain Resolutions), UDRP (ICANN:s Uniform Domain-name Dispute-Resolution Policy) or takedown(s) of the active domain name(s).
> According to SACG (Swedish Anti-Counterfeit Group) and "my other sources", this have become a (USD) billion industry.
>
> About law enforcement
> ---------------------
>
> To begin with, I only have experience from the Swedish law enforcement, and I'm not aware of if these numbers are applicable in other countries as well.
>
> At the Swedish police there is only 1% employees, that are classed as IT-forensics, and sadly, most of these 1% IT-forensics do not have any experience in "Internet forensics".
> OTOH, The fraud squad (in Stockholm City police area) claims that 90% of all fraud reports they receive today are related to the Internet.
> So this is already a serious problem, where many frauds are still unsolved, because lack of competence and resources.
>
> Domain names
> ------------
>
> Usually, the TM-holders and their IP-lawyers react upon infringing domain registrations, mostly through ADR/UDRP. Last year there has a new record of UDRP:s (dispute resolutions).
> If you visit the decisions at WIPO [2] you'll see that a majority of complaints over the last years concerning the domains for the counterfeit shops, like for example "Gucci" (89 domains) [3] and "Hermés" (75 domains) [4]
>
> And even if it's rare, we have also seen dangerous court decisions like the  Deckers/UGG case [5] some weeks ago (400+ domains) (Read 2, 3 and 5.) Further more, several of the shops does NOT even offer UGG-products, but uses a UGG-logo [6] The problem with American decisions like this restraining order, is that they also could be targetting European ISPs/hosting companies without any effect, while american companies may be forced to block or filter traffic.
>
> Domain names vs. Content vs. Source
> -----------------------------------
>
> Be aware of the differences of registering a free domain name (that includes someone elses registered rights, like a TM) aka "Cybersquatting" or other disputes, from actually hosting a infringing content like my example where the "chinashops" offering fake products or scraped content from other websites.
> To register a free domain name is in other words is NOT illegal by any law or other regulations.
> Cyberquatted domains or "unintended infringments" that leads to domain disputes are handled by an ADR or an UDRP. Trademark infringements are usually tried legally in a civil court, while counterfeit products are illegal in most parts of the world.
>
> More problems - the new gTLDs
> -----------------------------
>
> ICANN already have a problem with 5 gTLDs. ICANNs own study shows that 29% of WHOIS data is junk [7] Then imagine when 1000+ new gTLDs will reach the market, there will most likely be a aggressive price war, where consumers are offered very cheap to free domain names.
>
> The Future - Internet population and growth
> -------------------------------------------
>
> Population in short:
> China (513 m) alone have more Internet users then the whole of Europe (500 m), and Europe have more then twice as many as the US (245 m).
>
> Internet growth in short:
> Between Q2-Q4 2011, Internet had 626 283 new users each day.
> Asia stands for 54,8% (346 526 new users per day), Europe 14,2% (89 126 new users per day), North America 0,37% (3 642 new users per day) (USA 0,001% (739 new users per day)
>
> (For statistics 2004-2001, see [8] (In Swedish)):
>
> Final note
> ----------
>
> The question is if the lack of tools to stop illegal businesses, will bring more attempts to filter and regulate Internet, just like SOPA/PIPA/ACTA etc.
>
> In my studies, about 50 000 different IP address have been used to host these web shops worldwide.
>
>
>
> References:
> [1] https://ripe65.ripe.net/presentations/73-counterfeitwebsites.pdf <https://ripe65.ripe.net/presentations/73-counterfeitwebsites.pdf>
> [2] http://www.wipo.int/amc/en/domains/casesx/index.html <http://www.wipo.int/amc/en/domains/casesx/index.html>
> [3] http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2012-0342 <http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2012-0342>
> [4] http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2012-0264 <http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2012-0264>
> [5] http://gbclaw.net/files/caseNo-12-cv-7297/Temporary%20Restraining%20Order.PDF <http://gbclaw.net/files/caseNo-12-cv-7297/Temporary%20Restraining%20Order.PDF>
> [6] http://www.ilovetoshopping.com/upload/9.jpg <http://www.ilovetoshopping.com/upload/9.jpg>
> [7] http://www.icann.org/en/news/public-comment/whois-accuracy-study-15feb10-en.htm <http://www.icann.org/en/news/public-comment/whois-accuracy-study-15feb10-en.htm>
> [8] http://www.internetsweden.se/analys-av-internets-tillvaxt-infor-nya-gtlder/ <http://www.internetsweden.se/analys-av-internets-tillvaxt-infor-nya-gtlder/>
> [9] https://ripe65.ripe.net/archives/video/141
>
>
> Peter Forsman
> Abuse Manager .SE (The Internet Infrastructure Foundation)
> +46(0)8-452 35 80
> PO Box 7399, SE-103 91 Stockholm, Sweden http://www.iis.se



-- 
Suresh Ramasubramanian (ops.lists at gmail.com)