IP crime In this feature l PiPCu l pirate sites l digital investigation CONFERENCE 2015 Cyber sleuthing A mini-theatre session on intellectual property informed delegates of the latest tactics employed by online pirates and the best ways to catch them out. rob Coston reports F aced with increasingly tough regulation and betterfunded adversaries such as the Police Intellectual Property Crime Unit pirates are finding creative new ways to share material illegally. At a packed mini-theatre session, representatives fromthe Alliance for Intellectual Property and the Federation AgainstCopyright Theft (FACT) talked about file-sharing methods that go beyond the now-familiar activities of torrent* sites, such as ThePirate Bay. Paths to market Tim Luckhurst, an internet investigator from FACT, began by identifying a particularly modern method: a canny online pirate can set up a shopfront app similar to the eBay app, for example to sell illegal material. Another common method of sharing files is through social media sites. Some thieves use Facebook groups to sell products and distribute links, because it is possible to make them private so that material is only distributed to certain people. Without a subpoena from the United States, Facebook will never give law-enforcement officers access to private conversation logs a situation that offers protection to pirates. There are other areas in which more traditional counterfeiting methods and modern technology come together. Online auction sites, such as Alibaba and eBay, are replacing the markets where people usedto sell counterfeit DVDs and Blu-rays. Exploiting the popularity of on-demand streaming sites such as Netflix, television boxes that unlock channels while circumventing the monthly fee can sometimes be found on such sites. Although they are illegal, the appearance of such boxes on popular auction sites can lead members of the public to assume they are legitimate. The other area of criminality we see involves the payment providers, says Luckhurst. As any investigator knows, following the money is a good way to find out who is behind criminality. With cryptocurrencies like Bitcoin that can be difficult. A pirate can have a different Bitcoin wallet for every transaction; if you want to track what hes doing, youll have to track thousands of wallets which will take up all your time. Even then, you wont necessarily know who was behind those wallets inthe first place. Its very attractive for pirates. Online investigation To counter increasingly sophisticated pirates, delegates were given a few tips on how to conduct investigations in the digital world: l When doing covert work on a website, use a computer similar to one that you would have at home. Pirates checking their site logs are likely to block anyone using enterprise-level software l Record what you find, because it could be removed at any time free screenshot and video tools are available to help with this l There are tools available that record every page and link of a website in one go, but they access those pages at faster-than-human speeds. Careful pirates will pick up on this and block the user. It may be appropriate to use such tools as the final step in an investigation l Identify who is operating the website. Finding out who the owner of the domain name is can be a valuable first step, but the personal information provided when registering the website is sometimes false l If tracking someone on an auction site, a test purchase through PayPal can give you the sellers email address, or you can approach PayPal directly and ask who is behind the sale l It isnt possible to prosecute everyone a warning letter is the easiest way to get most people to remove offending material. If you do take them to court at a later date, this can be good evidence that the offender is aware that their actions are illegal l Internet service providers (ISPs) can block access to offending sites l Restricting revenue is another option. Many pirate sites are supported by advertising, so removing this income stream can cause them to fold l Once pirates are identified and evidence gathered, the primary tactic employed to stop their activity is arrest and detention. After this point, forensic investigation of the computers they have in their possession generally allows law-enforcement officers to build a successful case against them. It is key that everybody involved in this phase follows the guidelines issued by the chief police officers association l Some individuals are making a phenomenal amount of money through online piracy, so there are significant Proceeds of Crime Act opportunities in this area References: * A torrent file is a computing file that controls the transfer of data in a BitTorrent system. It is one method of sharing digital content, such as films, over the internet. Credits Published You might also like Rob Coston is a reporter for TS Today. Monday 3 August, 2015 Special features October 2014 Images: retrorocket / Shutterstock Mr Rights, spotlight interview, page 36 of To share this page, click on in the toolbar TSReview, February2015.