Abstract
Luxury goods such as sneakers and bags are in high demand. Many websites offer them at high discounts, which, in many cases, are simply cheap counterfeit versions of the original product. Online shoppers, however, may be unaware they are buying a counterfeit product and end up being scammed and having to deal with financial losses, as has been widely reported by various news outlets. This work presents a multiyear effort of The Netherlands’ .nl country-code top-level domain (ccTLD) in detecting and removing counterfeit online shops from the .nl DNS zone. We have developed two detection systems and partnered with registrars and a large credit card issuer, which ultimately led to more than 4,400 counterfeit online shops being taken down.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ahi, K., Asadizanjani, N., Shahbazmohamadi, S., Tehranipoor, M., Anwar, M.: Terahertz characterization of electronic components and comparison of terahertz imaging with x-ray imaging techniques, vol. 9483, April 2015. https://doi.org/10.1117/12.2183128
Bergstra, J., Bengio, Y.: Random search for hyper-parameter optimization. J. Mach. Learn. Res. 13(Feb), 281–305 (2012)
Hesselman, C., Jansen, J., Wullink, M., Vink, K., Simon, M.: A privacy framework for DNS big data applications. Technical report (2014). https://www.sidnlabs.nl/downloads/yBW6hBoaSZe4m6GJc_0b7w/2211058ab6330c7f3788141ea19d3db7/SIDN_Labs_Privacyraamwerk_Position_Paper_V1.4_ENG.pdf
Drucker, H., Wu, D., Vapnik, V.: Support vector machines for spam categorization. IEEE Trans. Neural Netw. 10(5), 1048–1054 (1999). https://doi.org/10.1109/72.788645
Moura, G.C.M., Muller, M., Wullink, M., Hesselman, C.: nDEWS: a new domains early warning system for TLDs. In: IEEE/IFIP International Workshop on Analytics for Network and Service Management (AnNet 2016), Co-Located with IEEE/IFIP Network Operations and Management Symposium (NOMS 2016), April 2016
Hao, S., Kantchelian, A., Miller, B., Paxson, V., Feamster, N.: PREDATOR: proactive recognition and elimination of domain abuse at time-of-registration. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1568–1579. ACM, New York (2016). https://doi.org/10.1145/2976749.2978317
Hao, S., et al.: Understanding the domain registration behavior of spammers. In: Proceedings of the 2013 Conference on Internet Measurement Conference, IMC 2013, pp. 63–76. ACM, New York (2013). https://doi.org/10.1145/2504730.2504753
Hastie, T., Tibshirani, R., Friedman, J.: The Elements of Statistical Learning. Springer, New York (2009). https://doi.org/10.1007/978-0-387-84858-7
Hesselman, C., Moura, G.C.M., Schmidt, R.O., Toet, C.: Increasing DNS security and stability through a control plane for top-level domain operators. IEEE Commun. Mag. 55(1), 197–203 (2017). https://doi.org/10.1109/MCOM.2017.1600521CM
Hoffman, P., Sullivan, A., Fujiwara, K.: DNS terminology. RFC 8499, IETF, November 2018. http://tools.ietf.org/rfc/rfc8499.txt
ICS: International Credit Card Services (2020). https://icscards.nl
Kazemian, H., Ahmed, S.: Comparisons of machine learning techniques for detecting malicious webpages. Expert Syst. Appl. 42(3), 1166–1177 (2015). https://doi.org/10.1016/j.eswa.2014.08.046
Kruczkowski, M., Szynkiewicz, E.N.: Support vector machine for malware analysis and classification. In: 2014 IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT). IEEE, August 2014. https://doi.org/10.1109/wi-iat.2014.127
Lever, C., Walls, R., Nadji, Y., Dagon, D., McDaniel, P., Antonakakis, M.: Domain-Z: 28 registrations later measuring the exploitation of residual trust in domains. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 691–706, May 2016. https://doi.org/10.1109/SP.2016.47
Netcraft Ltd.: Netcraft, 10 October 2019. https://www.netcraft.com/
McCoy, D., Dharmdasani, H., Kreibich, C., Voelker, G.M., Savage, S.: Priceless: the role of payments in abuse-advertised goods. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 845–856. ACM, New York (2012). https://doi.org/10.1145/2382196.2382285
McCoy, D., et al.: PharmaLeaks: understanding the business of online pharmaceutical affiliate programs. In: Proceedings of the 21st USENIX Security Symposium. USENIX Association, Bellevue, August 2012
Mockapetris, P.: Domain names - concepts and facilities. RFC 1034, IETF, November1987. http://tools.ietf.org/rfc/rfc1034.txt
Moura, G.C.M., Heidemann, J., Schmidt, R.O., Hardaker, W.: Cache me if you can: effects of DNS time-to-live. In: Proceedings of the 2019 ACM Internet Measurement Conference, October 2019. https://doi.org/10.1145/3355369.3355568
Moura, G.C.M., Heidemann, J., MĂĽller, M., Schmidt, R.O., Davids, M.: When the dike breaks: dissecting DNS defenses during DDoS. In: Proceedings of the ACM Internet Measurement Conference, October 2018. https://doi.org/10.1145/3278532.3278534
Nieuws, R.: Dit jaar al 307 nep-webwinkels offline gehaald door politie (in Dutch), 12 December 2018. https://www.rtlnieuws.nl/geld-en-werk/artikel/4520646/dit-jaar-al-307-nep-webwinkels-offline-gehaald-door-politie
NOS: Consumenten voor 5 miljoen euro opgelicht via nepwinkels op sociale media (in Dutch), 12 December 2018. https://nos.nl/artikel/2258095-consumenten-voor-5-miljoen-euro-opgelicht-via-nepwinkels-op-sociale-media.html
NOS: Waar komen al die nep-webshops toch vandaan? (in Dutch), 5 May 2018. https://nos.nl/artikel/2230087-waar-komen-al-die-nep-webshops-toch-vandaan.html
Peter, H.: Gefälschte Sneaker von der FDP? (In German) (2019). https://www.tagesschau.de/wirtschaft/fakeshops-plagiate-sneaker-china-101.html
Quan, L., Heidemann, J., Pradkin, Y.: When the internet sleeps: correlating diurnal networks with external factors. In: Proceedings of the 2014 Conference on Internet Measurement Conference, IMC 2014, pp. 87–100. ACM, New York (2014). https://doi.org/10.1145/2663716.2663721
van Rijswijk-Deij, R., Jonker, M., Sperotto, A., Pras, A.: A high-performance, scalable infrastructure for large-scale active DNS measurements. IEEE J. Sel. Areas Commun. 34(6), 1877–1888 (2016)
Roberts, R., Goldschlag, Y., Walter, R., Chung, T., Mislove, A., Levin, D.: You are who you appear to be: a longitudinal study of domain impersonation in TLS certificates. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, pp. 2489–2504 (2019). https://doi.org/10.1145/3319535.3363188
Schmidle, N.: Inside the Knockoff-Tennis-Shoe factory. The New York Times (2010). http://www.nytimes.com/2010/08/22/magazine/22fake-t.html
SIDN: General terms and conditions for .nl registrants, 19 May 2019. https://www.sidn.nl/downloads/d_7zdiiDQvOGbSo1FGCcqw/6d8b113b06e293bd9af55fb11a66c499/General_Terms_and_Conditions_for_nl_Registrants.pdf
SIDN: Stichting internet domein nederland, 30 Ago 2019. https://sidn.nl/en
Streitfeld, D.: What happens after Amazon’s domination is complete? Its bookstore offers clues. New York Times, 23 June 2019. https://www.nytimes.com/2019/06/23/technology/amazon-domination-bookstore-books.html
Suykens, J.A., Vandewalle, J.: Least squares support vector machine classifiers. Neural Process. Lett. 9(3), 293–300 (1999). https://doi.org/10.1023/A:1018628609742
Taxation and Customs Union: Customs Union: EU customs seized over 41 million fake goods at EU borders last year (2016). https://ec.europa.eu/taxation_customs/node/976_en
Tian, H., Gaffigan, S.M., West, D.S., McCoy, D.: Bullet-proof payment processors. In: 2018 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–11, May 2018. https://doi.org/10.1109/ECRIME.2018.8376208
Turner, K.: That Chanel bag on your Instagram feed may not be a Chanel bag (2016). https://www.washingtonpost.com/news/the-switch/wp/2016/05/26/that-chanel-bag-on-your-instagram-feed-may-not-be-a-chanel-bag
U.S. Customs and Border Protection Office of Trade: Intellectual Property Rights - Fiscal Year 2017 Seizure Statistics (2017). https://www.cbp.gov/document/stats/fy-2017-ipr-seizure-statistics
Wall, D.S., Large, J.: Jailhouse frocks: locating the public interest in policing counterfeit luxury fashion goods. Br. J. Criminol. 50(6), 1094–1116 (2010). http://ssrn.com/abstract=1649773
Wang, D.Y., et al.: Search + Seizure: the effectiveness of interventions on SEO campaigns. In: Proceedings of the 2014 Conference on Internet Measurement Conference, IMC 2014, pp. 359–372. ACM, New York (2014). https://doi.org/10.1145/2663716.2663738
Wappalyzer: Identify technology on websites, 19 October 2019. https://www.wappalyzer.com/
Wullink, M., Moura, G.C., Hesselman, C.: Dmap: automating domain name ecosystem measurements and applications. In: 2018 Network Traffic Measurement and Analysis Conference (TMA), pp. 1–8. IEEE, June 2018
Wullink, M., Moura, G.C., Müller, M., Hesselman, C.: ENTRADA: a high-performance network traffic data streaming warehouse. In: 2016 IEEE/IFIP Network Operations and Management Symposium (NOMS), pp. 913–918. IEEE, April 2016
Acknowledgments
We thank very much the collaboration involved in this study: the (anonymized) registrars that collaborated in removing counterfeit webshops, as well as ICS and their analysts for manually validating our results.
We also would like to thank Geoff Voelker, Moritz MĂĽller, Damon McCoy, Elmer Lastdrager for reviewing on various paper drafts, as well as the anonymous reviewers of PAM2020, and our shepherd, Dave Levin.
SIDN and the University of Twente received funding from the European Union’s Horizon 2020 Research and Innovation program under Grant Agreement No 830927. Project website: https://www.concordia-h2020.eu/.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Wabeke, T., Moura, G.C.M., Franken, N., Hesselman, C. (2020). Counterfighting Counterfeit: Detecting and Taking down Fraudulent Webshops at a ccTLD. In: Sperotto, A., Dainotti, A., Stiller, B. (eds) Passive and Active Measurement. PAM 2020. Lecture Notes in Computer Science(), vol 12048. Springer, Cham. https://doi.org/10.1007/978-3-030-44081-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-44081-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44080-0
Online ISBN: 978-3-030-44081-7
eBook Packages: Computer ScienceComputer Science (R0)