• English

March 2021 | by Lili & Felix

 

Online brand protection on the darknet

 

Table of contents

 

Think of the internet as an apple. The skin of the fruit, nice and shiny, is the world wide web, or the thing people commonly refer to as “internet.” It’s about 0.03% of the entire net, and for the sakes of this article, we’ll call this part “the light web.”

 

Hiding below this is a much larger segment, the flesh of the apple. This part, called the deep web, is not directly accessible via common search engines like Google or Firefox.

 

It’s not as sinister as it may sound at first: these are simply pages not indexed by search engines. These may be scientific databases, government records, paywalled and subscription content, or anything else not intended for a wider audience.

 

Then there’s the third part, the tiny dark seeds you find at the core of the apple: the darknet.

 
What is the darknet

People often confuse the deep web with the darknet. No wonder: after all, the darknet is part of the deep web. The deepest, darkest part of it. Although it’s only 0.01% of the entire internet, the most dangerous content on the web can be found here.

 

The darknet, or dark web, “is a portion of the deep web that has been intentionally hidden and is inaccessible through standard browsers and methods.” Instead, it can be accessed via the TOR browser, short for The Onion Router. This browser and the underlying protocol ensure the anonymity of its sites (recognizable from the extension .onion) as well as its users.

 

Some content on the darknet may be harmless. The majority of it, however, tends to be connected to some kind of criminal activity. Drugs, weapons, compromised personal data, hacking services, counterfeits, you name it. It’s all there in some dark, inaccessible corner.

 
The structure of the darknet

Thanks to search engines, the light web is mostly structured like a well-organized file cabinet. A system based on an easy-to-understand logic (with a few notable exceptions) that helps users get to the information they need as fast as possible.

 

In that analogy, the darknet would be an upended file cabinet, its contents thrown together in a huge pile in the middle of the room. No logic, no structure, no easy way to navigate. But obviously that’s exactly how they want it.

 

You can’t just come across a site on the darknet. You have to be specifically looking for it. That said, a few sites do exist that aim to point users towards what they’re looking for.

 

The Hidden Wiki, for example, is a link directory that can be anonymously edited by users.

 

 

Screenshot: The hidden wiki

Screenshot: The hidden wiki
 

There are also marketplaces that aggregate sellers of various (usually highly illegal) products. Don’t visualize user-friendly, bright places like Amazon or eBay though. Beautiful graphics and excellent customer service were clearly not on the minds of creators.

 

 

Screenshot of marketplace that aggregates sellers of various products (categories: Political, Hacking and Warez)

Screenshot of marketplace that aggregates sellers of various products (categories: Political, Hacking and Warez)

 

Besides, sites on the darknet change often. Domains are regularly seized by the authorities, deleted or moved to another address for fear of being compromised.

 

This makes the job of online brand protection experts significantly harder. Harder, but not impossible.

 
Brand protection on the darknet

Counterfeiters don’t limit their activities to the light web. Although it’s much easier to find clients on the light web, it’s also easier for criminals to get caught. And besides, some products can be more openly advertised on the darknet. Like cracked software, 0day exploits (a cyber attack that happens on the day a software vulnerability is discovered), counterfeit products, and much more.

 

 
"There is a market for 0days and exploits as well that concern financial institutions, software providers or any other brand that operates at least partly digital."

 

Screenshot of listing for offers of Lifetime complete access to Netflix

Screenshot of listing for offers of Lifetime complete access to Netflix

 
Why do we need to go there

When counterfeiters and trademark infringers cross over to the darknet, online brand protection experts have to follow. It’s not the favourite part of our job, because believe it or not, browsing the darknet is not like a scene out of the next James Bond movie.

 

 

It’s dangerous all right, but thanks to the unstructured information dump that is essentially the darknet, looking out for our clients’ copyright is considerably less exciting than other parts of our job.

 

 
"Many companies may think that their business is far away from being vulnerable in darkweb and this is still a place for whistleblowers, drugs and firearms. But the modern darkweb has evolved and we have seen counterfeits of watches, software and a vast number of hacked or fraudulent accounts."

 

Warning! Danger!

Ever seen one of those videos where people show dangerous things, like explosive lab experiments? They usually come with a warning: don’t try this at home.

 

Well, consider this as your warning. The darknet is dangerous. It may not literally make your laptop explode, but you’ll certainly encounter some kind of fallout. A virus or Trojan on your laptop, passwords stolen, credit card data compromised, or something even worse.

 

And if criminals weren’t scary enough, imagine negotiating a deal with the seller of an illegal product only to discover that you’ve been in contact with an undercover agent of Europol or the FBI. You could be facing a prison sentence. So really, really don’t try this at home. It’s so not worth it.

 
How do we go there

When accessing the darknet, our first priority is safety. We follow the strictest safety protocols to make sure that no malevolent actor, whether human, bot or computer virus can compromise our data. For example, we use VPNs when possible and never have our browser in full-screen mode, because attackers can find out a lot about our computers based on the resolution.

 

Safety measures in place, we usually cross over to the darknet when we suspect that a seller on one of the marketplaces is infringing our clients’ copyright. However, due to the lack of structure on the darknet, finding the actual perpetrators is not as easy as on the light web. We can’t rely on our trusted software tools to crawl the marketplaces; instead, we have to manually check them, listing by listing. (Remember when we hinted that this wasn’t the most exciting part of our job?) However, should a client need a more scalable solution, we’d be happy to look into software tools with the ability to crawl the darknet as well.

 
What we do there

Let’s take a look at our online brand protection work on the darknet via a theoretical example. (Please note that the following screenshots are for illustration purposes only and not taken from an actual investigation.)

 

First of all, we visit the known darknet marketplaces, like the one pictured below. As you can see from the categories on the left, CanadaHQ is no ordinary marketplace.

 

 

Screenshot of CanadaHQ

Screenshot of CanadaHQ

 

Expanding the categories (or typing our keywords into the search bar if the marketplace has one - many of them don’t), we sift through the listings, looking for our clients’ products or brand name.

 

We click on listings that look to be of interest to us and try to discover more about the seller.

 

 

Screenshot of lifetime complete access to Netflix offer on Marketplace Agartha

Screenshot of lifetime complete access to Netflix offer on Marketplace Agartha
 

 

The amount of information a marketplace discloses about its sellers varies by a great degree.

 

 

Screenshot of seller account on marketplace Agartha

Screenshot of seller account on marketplace Agartha
 

 

Some just list usernames while others show sales figures, contact info, and even ratings by customers. In order to learn as much as possible, we access the seller’s store and see if they have any other listings. Depending on the actual product (we don’t buy illegal or controlled substances and prohibited items), we may even conduct a test purchase.

 

 

Screenshot: sellers store and contact data

Screenshot: sellers store and contact data
 

 

Some sellers operate shops on both the light web and the darknet, with the site on the light web obviously containing more information. This is why after we’ve identified a seller, we search the light web to find out if they have a shop there too. Like this seller below.

 

 

Screenshot: research on light web for gathered contact data

Screenshot: research on light web for gathered contact data

 

 

Screenshot: illegal store on the light web 

Screenshot: illegal store on the light web
 

We can enforce our clients’ rights and demand the takedown of infringing listings on the darknet as well, provided the marketplace lists their contact information. However, given the nature of the darknet, this task is understandably harder than on the light web.

 

 
"Though investigation here is more difficult than in the light web we have been able to identify not only targets and their sales figures but the real identities of the sellers and stores of them in the light web."

 


Periodically, many listings and webshops disappear and reappear of their own accord. Nevertheless, we don’t let that discourage us; we diligently sift through massive darknet marketplaces, forums and webshops to find infringing listings.

 
Conclusion

A comprehensive online brand protection program includes checking the darknet on behalf of our clients as well. While we can’t monitor darknet marketplaces the same way we do it on the light web, globaleyez is ready to look for copyright infringing listings on the dark side of the internet as well and enforce your brand’s rights.

 

If you suspect criminals are offering counterfeits or compromised versions of your products on the darknet (or any other part of the internet), contact us and let us help you resolve your concerns.

 

 

 

To the overview