Shining a light on the Darknet
The Darknet is growing at a phenomenal pace. World Trademark Review dives into the murky depths to investigate the risks for brand owners.
It has been variously described as “the lurid underbelly of the Internet” and “a dangerous underground marketplace for cybercriminals”. Former National Security Agency (NSA) contractor Edward Snowden used it to leak thousands of pages of classified documents, and the Russian government has offered a sizeable reward for anyone who can trace its users. Despite all this, the ominous-sounding yet somewhat misunderstood ‘Darknet’ is growing in popularity at a startling rate, and trademark counsel should thus seriously consider adding it to their enforcement radar.
The Darknet has existed for over a decade, but it was last year’s Federal Bureau of Investigation shutdown of the notorious Silk Road marketplace that really thrust it into the global spotlight. It was quickly condemned as a shady space where criminals could buy drugs, weapons and even hire assassins. But although these less savoury elements are undeniably present, the Darknet also has its positives. For example, the anonymity it affords to users enables political activists in oppressed countries to organise protests with some degree of safety, as happened during the Arab Spring in 2012; while the Darknet has also helped citizens in countries with draconian internet regulations to circumvent web censorship.
DeepDotWeb.com is one of the leading websites for Darknet-related information and developments. A spokesperson distils the concept in simple terms: “The Darknet is simply a technology that provides anonymity and, like any technology, it can be used for better or worse, since when you create anonymity there is no middle ground – either everyone is anonymous or no one is anonymous.”
Perhaps ironically, the Darknet’s very existence is the direct result of US government sponsorship. In 2002 the US Naval Research Laboratory released an alpha version of Tor, the software used to access the Darknet, which was originally designed to hide the locations and IP addresses of US military operatives. However, the open source release meant that anyone could download and use Tor, and over the years the software has become easier for the average internet user to install (eg, the Tor Browser, which is continually being refined, is a modified version of the Firefox browser).
“Nowadays, the usage of the Darknet technology is very easy: just install a browser and you are ready to go,” explains the DeepDotWeb spokesperson. “So it’s obviously not hard to access. But as to whether the Darknet is a scary part of the Internet… Well, as with anywhere that provides complete anonymity, people feel more comfortable doing things that they wouldn’t dare do otherwise, so it’s a good idea to do your research in advance to make sure you don’t come across anything on the Darknet that you wouldn’t want to.”
Indeed, preparation appears to be the key to the Darknet. The user experience has been described as “a major pain in the ass”, with slow load times (as data is routed and redirected around the globe) and the lack of a properly indexed search engine proving frustrating for many of those accustomed to the speed and convenience of the ‘surface net’. Furthermore, the ‘.onion’ domains used on the Darknet are hashes of information rather than easy-to-remember URLs; and there is also the need to get to grips with Bitcoin, the anonymous digital currency used for most trade on the Darknet (and with little-to-no regulation, transactions are near-impossible to track).
Vocabulary
The following are some of the commonly used words and acronyms that brand owners should know before venturing onto the Darknet.
Altcoin: Any crypto-currency other than Bitcoin (eg, Dogecoin, Litecoin and Namecoin).
Bergie web: The level of the Internet that lies between the surface web and the Darknet.
Peer-to-peer file-sharing networks and surface websites that provide information about the Darknet and pornography are part of this level.
Bitcoin: The currency most commonly used on the Darknet. Also referred to as BTC. At the time of publication, one Bitcoin was worth $527.
Clearnet/surface web: The regular Internet.
Crypto-currency: A digital or virtual currency that uses cryptography for security and is notoriously difficult to track because of the absence of regulation.
Deep web: Synonymous with Darknet.
Honeypot: A website on the Darknet or surface net set-up by law enforcement to attract and trap people participating in illegal activities.
‘.onion’: The Darknet uses ‘onion routing’, a technique for allowing anonymous communication over a computer network. This means that website addresses on the Darknet end in ‘.onion’ (instead of the usual top-level domains). In turn, ‘.onion’ web addresses tend to be randomly generated letters and numbers because they are a hash of information, not just a brand name like most URLs on the surface web.
Silk Road: Once known as ‘the eBay of illegal goods’, the popular Darknet marketplace was taken down by the Federal Bureau of Investigation in October 2013.
Tor: An acronym for ‘The Onion Router’, it is the software needed to access the Darknet and uses a technique called ‘onion routing’ to allow anonymous access to the Internet.
Tor Browser: A modified version of the Firefox browser. It is available for all major operating systems and allows access to surface net and Darknet websites.
The evolution of the Darknet
Yet despite these inconveniences, the Darknet continues to grow. The exact number of active users is difficult, if not impossible, to quantify. However, recent research offers a clue to its scale: the Tor browser was downloaded a staggering 120 million times in the last 12 months, with 2 million users from 110 countries accessing the Darknet “every day”. Meanwhile, the first major effort to curb illicit activities – the closure of the Silk Road marketplace in October 2013 – actually appears to have had the opposite effect. DeepDotWeb conducted research in the aftermath of the closure which revealed that the number of Darknet marketplaces has grown from just three to four before the Silk Road shutdown to between 35 and 40 today. The number of products on these marketplaces has also increased exponentially. In February 2013 around 18,000 products were listed; just over a year later, in April 2014, this had skyrocketed to 40,000 in the top 11 marketplaces alone (with the remaining smaller marketplaces omitted from the figures). It is a certainty that this number is even higher today.
If it becomes a ‘cool’ thing for people – especially teenagers – to access the Darknet, the problem will increase exponentially
“The Darknet is growing very, very fast and the closure of Silk Road seems to have had no impact on illicit activity there,” confirms Bharat Dube, chief executive of online brand protection firm Strategic IP Information, who spends much of his time investigating brand infringement on the Darknet. “The Darknet today looks like the Internet of the 1990s; but the minute it becomes equivalent to a second or even third-generation internet experience, it will become a real problem for brand owners.”
Recent news stories, including Snowden’s NSA revelations and increasing concerns around privacy on social media websites, have encouraged a growing audience to seek refuge in a more anonymous environment. “If it becomes a ‘cool’ thing for people – especially teenagers – to access the Darknet, the problem will increase exponentially,” continues Dube. “It’s not absurd to think that it could become trendy for young people to use Tor instead of the surface web to communicate or access websites.”
“History suggests there’s a high probability that Tor will become trendy, much as downloading songs was a social trend that became acceptable criminal behaviour,” agrees Harley Lewin, a partner at McCarter & English with more than 40 years of experience in the trademark protection industry. He predicts that Darknet growth will be fuelled by continued incursions from both governments and web titans such as Google and Facebook into online privacy and major security hacks at online retailers, such as the recent data breach at Target.
“Celebrities could also drive a move to the anonymous internet,” he suggests. “It sounds daft, but if Angelina Jolie publicly comes out as going on the Darknet and it appears in gossip magazines and websites, then people will quickly migrate, because that kind of thing affects behaviour.”
Indeed, this trend may already have begun: on August 18 2014 cult musician Aphex Twin exclusively announced details of his eagerly anticipated new album via Tor, with the official tweet to a ‘.onion’ link and the subsequent news coverage (including information on how to access the link) generating instant hype around the imminent release – and the Darknet.
How to access the Darknet
The Darknet is often portrayed as difficult to access, but it is actually very easy to set up and get started.
1. Download Tor: The easiest way to download Tor is to put “Tor Browser Bundle” into a search engine and download it from TorProject.org. The internet browser, based on the popular Firefox browser, allows you to use the Internet anonymously and allows access to Darknet domains that do not work on the surface net.
2. Take security precautions: Just as when accessing more dubious parts of the surface web, you should take precautions before using the Darknet:
• Make sure that all system software is up to date.
• Make sure that firewall software is running.
• Turn off Javascript and cookies in the Tor Browser settings.
• Turn off all other internet applications (eg;,other browsers and email software).
• Never download anything from the Darknet, even innocent-looking images or PDF files.
It is also highly recommend not to use a company network internet connection to connect to the Darknet, as it can open up the network to breaches from certain types of virus.
3. Find ‘.onion’ website addresses: You will need to know the domain names you want to visit before you start, because there is no well-indexed search engine on the Darknet. However, many sites on the surface net contain links to marketplaces on the Darknet. We can recommend the continually updated lists on DeepDotWeb.com, which contains domains and reviews of over 40 active marketplaces, and the Ahmia search engine (www.ahmia.fi/address) for a long, up-to-date list of ‘.onion’ URLs.
A counterfeiting epidemic
This ongoing trend means that brand owners may soon find themselves engaged in the war against counterfeiting on an entirely new front. But the growing use of Tor and the Darknet is just the “latest in a series of ever-changing paradigms in the fight against counterfeiting”, as Lewin explains. The traditional model, in which large quantities of fake goods were warehoused in various countries, has more recently been replaced by direct online sales to the consumer. “This was a huge shift, because vendors openly advertised their products on the Internet and used methods to obfuscate their identity online by creating an alias or making it difficult to track where money was coming from and going to. Trademark counsel and brand owners have been playing catch-up, so the counterfeit goods game has moved to the next logical step after the good guys worked out how to track the bad guys on the surface internet. Their reaction was to move to an environment that is even more anonymous – the Darknet.”
To gauge the full extent of this problem, World Trademark Review ventured onto the Darknet to determine what exactly is being sold and what brand owners should bear in mind when factoring this new threat into their anti-counterfeiting strategies.
Of the 40 or so marketplaces that are operating on the Darknet, around six are invite-only (including Agora, regarded as the most popular). Many function in the same way as Amazon and other familiar online environments, with features including a search bar, user reviews for each listing, a list of delivery options and even ‘add to basket’ and ‘buy it now’ buttons.
More detailed scrutiny of three Darknet marketplaces – Evolution, the fourth largest at the time of publication, Andromeda and The Pirate Market – reveals that drugs dominate the Darknet economy. As outlined in Table 1, three-quarters of the 11,000-plus listings analysed were for drugs, from illegal narcotics to ‘legal’ highs and prescription drugs, which account for 14% of the total. This latter figure comes as no surprise to Lewin, who says that counterfeit pharmaceutical sellers have flocked to Tor due to the hypersensitive nature of their products.
“Even relatively rogue governments in terms of policies regarding trademarks and counterfeiting, such as China or India, look very seriously at those selling something that threatens the health of the population,” he explains. “So as law enforcement and other administrative agencies take a harder line, the counterfeit pharmaceutical sector has moved to the more clandestine environment of the Darknet.”
Nearly 600 of the listings were for counterfeit goods, from fake watches (29%) and electronics (25%) to bags (9%) and clothing (8%), with most offering multiple pieces per listing. Dube, who has purchased a range of products as part of his firm’s investigations, said those available on the Darknet are “the very best high-end, state-of-the-art counterfeits”.
“There is a mismatch here with how slow and cumbersome things are to access,” he adds. “Once you get to a marketplace, you don’t find cheap copies that are easy to spot as fake, but rather things that could fool even the most sophisticated distributor.” He mentions one specific Darknet vendor who is selling counterfeit products on the Silk Road 2.0 marketplace: “I have ordered a few samples of fake Cartier love bracelets from them and I would challenge anyone at quality control to tell them apart from the real thing.” Our own research into the same vendor revealed at least 150 different high-end luxury listings, with brands affected including Alexander McQueen, Burberry, Canada Goose, Chanel, Dior, Dolce & Gabbana, Gucci, Lacoste, Louis Vuitton, Nike, Oakley, Prada, Ray Ban and Versace.
“Of course, as on the surface web, sometimes you order something and don’t get it,” acknowledges Dube. “But generally, in my experience, high-end fakes on the Darknet are virtually impossible to distinguish from the real thing, so are priced higher than many of the counterfeit websites on the surface web.”
While there were no weapons on sale in the marketplaces we investigated, Marcello Tallarigo, director of online brand protection at Corsearch, says that counterfeit weaponry is also readily available: “Counterfeit Berettas and Colts are all actively sold, not to mention branded heavy artillery and grenades. Warzones in Eastern Europe and Africa have proliferated excess inventory that is bought by and sold on the Darknet and shipped to the United States and beyond.”
Figure 1: Categories of goods available on three Darknet marketplaces
Category |
% of total |
Cannabis |
23.5% |
Ecstasy |
14.1% |
Prescription drugs |
13.6% |
Illegal stimulants |
10.8% |
Accounts (bank accounts, website subscriptions) |
7.2% |
Illegal psychedelics |
6.8% |
Other illegal drugs |
6.7% |
Card fraud |
6.3% |
Counterfeit items |
5.1% |
Pirate software |
2.9% |
Forged IDs/passports |
1.7% |
Cigarettes |
1.1% |
Legal highs |
0.4% |
Figure 2: Counterfeit items available on three Darknet marketplaces
Category |
% of total |
Watches |
29.3% |
Electronics (counterfeit/burner phones) |
24.5% |
Money |
19.6% |
Bags/wallets |
8.6% |
Clothing/shoes |
8.1% |
Sunglasses |
6.5% |
Jewellery |
1.8% |
Accessories (eg, phone cases) |
1.8% |
Searching for fraud, phishing and security breaches
But counterfeiting is not the only issue that trademark counsel and brand owners should be aware of when it comes to the Darknet. For example, Frederick Felman, chief marketing officer at MarkMonitor, says that the company often monitors the space for fraud operations.
“Sometimes we look for ‘fraud kits’ that are used for phishing and other related things, because we want to identify how a particular fraud operation might use the surface web to attract consumers who could be susceptible to phishing attacks or credential attacks,” he explains. “For financial fraud, it’s not as easy as finding something on a popular Darknet marketplace. You have to find different hidden forums and actually participate in their discussions; but they’re very bad people, so you need to use various layers of obfuscation.”
Tallarigo confirms that financial firms are particularly exposed on the Darknet, observing that marketplaces are inundated with credit cards from American Express, Visa, MasterCard and a variety of international banks: “You can buy 10,000-plus valid credit cards for an average price of $2 to $10 each, and you can also get blank bank-specific slug cards and magnetic strip printers.”
There are also clues to surface net security vulnerabilities that are being exploited for profit. For example, one of the most popular items on Darknet marketplaces earlier this year was vouchers for UK supermarket Tesco (£100 vouchers were being sold for £43), suggesting some kind of security glitch, as few other online retailer vouchers were offered around that time.
Musician Aphex Twin exclusively released information about his new album on the Darknet, with the official tweet featuring a ‘.onion’ link
An enforcement challenge for trademark counsel
Trademark counsel facing these diverse challenges may feel that in many ways, the Darknet is a return to the deregulated Wild West Internet of the past, suggests Lewin: “Working in the Darknet area is much harder than working on the surface net, where matters are more openly dealt with. The Darknet is a hyper-sophisticated arena, taking maximum advantage of digital secrecy. When you look at how the Darknet is structured, anonymity means there is no source, which creates an incredibly difficult tracing process.”
And unlike on the surface web, counsel cannot get results simply by finding and reporting counterfeit listings to website hosts. The DeepDotWeb spokesperson points out that Darknet marketplaces have no takedown procedures, essentially because their owners have no fear of being caught: “You can guess that on markets that sell drugs openly, no one really cares about copyright or trademark infringement.”
The situation is not helped by the fact that, in general, most major brand protection companies have not yet integrated the Darknet into their programmes. Felman confirmed that MarkMonitor is “not currently monitoring the Darknet for goods companies”, because none have thus far come forward saying they believe it represents “a credible threat to their brand”. “Brands have mentioned concerns, of course; but they don’t think the risk is credible,” he continues. “They are generally spending their time looking for people who might be casual criminals or consumers who might be confused into buying fake products – and most of this happens on the ‘brightly lit’ portions of the Web, because that’s where consumers are and where confusion is likely to occur. This could change, though, and we’ll be ready to help as soon as it is needed and demanded.”
Unlike on the surface web, counsel cannot get results simply by finding and reporting counterfeit listings to website hosts
The situation is similar at Corsearch – although Tallarigo predicts that the recent acquisition of Citizenhawk, which can monitor millions of web pages and auction site listings, will see its focus shift to include Darknet monitoring and enforcement “in the medium to longer term”.
“Brand owners are extremely weary of having to monitor the Darknet, because if they discover something, they could be liable,” he adds. “But proliferation will only continue and the Darknet will be an emerging market opportunity for online brand protection and security-type providers. Ultimately, the sellers on Darknet marketplaces are selling products and want to be found, so enforcement will be the same as what we do today at Corsearch as part of our online brand protection.”
But Lewin, for one, is doubtful that enforcement on the Darknet will get any easier with time. “Anybody in law enforcement will tell you that once the bad guys figure out a way to do something, the good guys figure out how to catch them,” he says. “The bad guys then figure out how they got caught and then change things to try to avoid getting caught again. The good guys figure out what the changes were and catch them again. Does the Darknet make things harder for us? Yes. Does it make it virtually impossible within the framework of tools we have been using on the surface net? Probably – but not entirely.”
From replica products to online vouchers - examples of brand misuse on the Darknet
First steps to fighting back
Notwithstanding the difficulties, Dube would urge trademark counsel to take heed of this growing threat. “If you prefer a ‘bury your head in the sand’ approach when it comes to IP enforcement, then ignoring the Darknet may be an appropriate strategy,” he says. “However, for effective IP enforcement on the Internet, the first step is to be well informed, and thus monitoring the Darknet is a very important step to take. Counterfeiting and infringement activity in general are growing exponentially, especially in the context of the Darknet.”
And as ever in the counterfeiting realm, those who ignore the problem do so at their peril, as Lewin can confirm from experience. “I was working with a client recently – a fairly large North American brand on the cusp of going global,” he recalls. “They had this abstract idea that they could have a counterfeit problem in the future, but an investigation on the surface and Darknet revealed that they had a problem today and had absolutely no idea. Many brands, especially those in the growth phase, still make the mistake of waiting until they trip over a problem before doing anything. The key is to be proactive and not reactive – and that’s especially true of the Darknet.”
In practical terms, Felman recommends that counsel should initially concentrate their efforts on assessing whether there is a real problem that is worth the necessary investment of time and resources: “Before spending a lot of money on passing it over to the professionals, you should evaluate the risk by getting an investigator to see whether there is a credible and consistent risk on the Darknet, which will determine whether a programme is needed against it; because it may not be a credible issue for you. Yes, there may be a bunch of people selling fake purses; but you may say to yourself, ‘None of the consumers actually buying my product would be fooled that this is a real product, and none of them would actually trust to buy it.’”
He also has a stark warning for brand owners seeking to dip their toes into these murky waters. “I would also say to companies considering monitoring the Darknet: this is something that you should always leave to the professionals, because the Darknet is a very ugly place. You don’t walk at midnight down a dangerous street in a city alone – the same can be said of the Darknet.”
Indeed, the potential hazards of operating in this space mean that most enforcement initiatives on the Darknet are currently carried out in cooperation with law enforcement agencies and large private investigator firms, such as Kroll and Steele Foundation. Singapore-based Strategic IP Information also offers a Darknet monitoring service and Dube says that his company has created its own “ever-expanding” search database to help with investigations.
“One possible tactic here is to see if there is a way to link illicit activity on the Darknet to activity on the surface web,” he explains. “I have not been able to prove such a link so far, but it is inevitable that it will happen. I often use the analogy of an onion. Step one is to find out where the infringement is – which is difficult, but not impossible. Then you start peeling off the layers to get to the source. If people know that we’re coming after them, they start making mistakes – you must remember that. Put pressure on them and mistakes will start to happen.
“Ultimately, there is no magic-wand solution to resolve counterfeiting, piracy or other illicit activities that take place in the context of the Darknet,” concludes Dube. “But conversely, despite the difficulty, piercing the veil of anonymity behind which illicit activity takes place is not impossible.”
In fact, Tallarigo contends that the anonymity of the Darknet “has been somewhat cracked” already and suggests that “arrests will soon be on the rise”. According to recent reports, hackers have exposed potential vulnerabilities in the Tor Browser that would appear to confirm this – giving some hope to brand owners which may feel powerless in this lawless space.
11%
of internet users claim to use Tor
Source: GlobalWebIndex Survey
Overcoming the education gap
Right now, however, this may be cold comfort to many trademark counsel, for whom the Darknet is just the latest on a lengthy list of issues that must be tackled with limited resources. After all, as Lewin observes, “It’s not a case of, ‘We’ve got the open marketplace under control – let’s turn to the clandestine stuff.’ No company has an endless bucket of money; and from an in-house counsel point of view, you’re constantly allocating resources.”
Perhaps as a result of these pressures, engagement thus far has been scant. “I’ve been talking to clients about the Darknet for little over a year and very few seem interested in getting information about it,” says Dube. “Many brands already have their hands full with problems relating to the surface web, so they often say, ‘Thanks for informing us, but this isn’t a priority yet.’ I also imagine that brand owners are bombarded by service providers telling them about various monitoring services and probably feel like Darknet monitoring is just the usual sales pitch for a monitoring tool. But with media coverage and the rapid growth of the user base, there’s a feeling that some attention should be paid to it now before it’s too late.”
Attempts to raise awareness among brand owners and trademark counsel were made at the International IP Enforcement Summit in London earlier this year; but they backfired somewhat when Commissioner Adrian Leppard of the City of London Police claimed, on a panel about digital enforcement, that “the Tor is 90% of the Internet” – a statement that was promptly ridiculed as “silly scare-mongering” in the media and online. This widely cited myth has no basis in fact, and such misinformation will only serve to deter brand owners from seriously engaging with the problem.
Public education is another weapon that could help trademark counsel to mitigate the threat to the brands they protect. There is evidence, for example, that buying counterfeits on the Darknet directly funds organised crime; that knowledge may be enough to stop some potential buyers in their tracks, suggests Tallarigo.
Moreover, the Darknet’s very existence seems to contradict the concept of modern consumption. As Felman notes: “In this consumer-oriented world, where we’re used to using our iPhone or Android to buy something in a second while we’re on the train, the hurdles that are needed to access the Darknet – installing a new and slower browser, finding credible marketplaces, using Bitcoin – mean that it is unlikely to go completely mainstream, because most consumers value the convenient and safe over the cheap and dangerous.”
That may be true – but weren’t people saying something very similar about the Internet in the early 1990s? And look how that turned out.
Marketplaces
The most popular Darknet marketplace for a long time was Silk Road, which was taken down by US officials in October 2013. However, this led to many more marketplaces cropping up with the aim of attracting Silk Road’s large, trusted customer base. These marketplaces are constantly fluctuating, with many closing down with no warning and new ones popping up frequently as well.
Some of the most popular marketplaces on the Darknet at the time of publication are Silk Road 2.0, Agora, Pandora, Hydra, BlueSky, The Pirate Marketplace, Andromeda, Cloud 9, Evolution and 1776.