Skip to main content
SpringerLink
Log in

Counterfighting Counterfeit: Detecting and Taking down Fraudulent Webshops at a ccTLD

  • Conference paper
  • First Online:
Passive and Active Measurement (PAM 2020)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 12048))

Included in the following conference series:

Abstract

Luxury goods such as sneakers and bags are in high demand. Many websites offer them at high discounts, which, in many cases, are simply cheap counterfeit versions of the original product. Online shoppers, however, may be unaware they are buying a counterfeit product and end up being scammed and having to deal with financial losses, as has been widely reported by various news outlets. This work presents a multiyear effort of The Netherlands’ .nl country-code top-level domain (ccTLD) in detecting and removing counterfeit online shops from the .nl DNS zone. We have developed two detection systems and partnered with registrars and a large credit card issuer, which ultimately led to more than 4,400 counterfeit online shops being taken down.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ahi, K., Asadizanjani, N., Shahbazmohamadi, S., Tehranipoor, M., Anwar, M.: Terahertz characterization of electronic components and comparison of terahertz imaging with x-ray imaging techniques, vol. 9483, April 2015. https://doi.org/10.1117/12.2183128

  2. Bergstra, J., Bengio, Y.: Random search for hyper-parameter optimization. J. Mach. Learn. Res. 13(Feb), 281–305 (2012)

    MathSciNet  MATH  Google Scholar 

  3. Hesselman, C., Jansen, J., Wullink, M., Vink, K., Simon, M.: A privacy framework for DNS big data applications. Technical report (2014). https://www.sidnlabs.nl/downloads/yBW6hBoaSZe4m6GJc_0b7w/2211058ab6330c7f3788141ea19d3db7/SIDN_Labs_Privacyraamwerk_Position_Paper_V1.4_ENG.pdf

  4. Drucker, H., Wu, D., Vapnik, V.: Support vector machines for spam categorization. IEEE Trans. Neural Netw. 10(5), 1048–1054 (1999). https://doi.org/10.1109/72.788645

    Article  Google Scholar 

  5. Moura, G.C.M., Muller, M., Wullink, M., Hesselman, C.: nDEWS: a new domains early warning system for TLDs. In: IEEE/IFIP International Workshop on Analytics for Network and Service Management (AnNet 2016), Co-Located with IEEE/IFIP Network Operations and Management Symposium (NOMS 2016), April 2016

    Google Scholar 

  6. Hao, S., Kantchelian, A., Miller, B., Paxson, V., Feamster, N.: PREDATOR: proactive recognition and elimination of domain abuse at time-of-registration. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1568–1579. ACM, New York (2016). https://doi.org/10.1145/2976749.2978317

  7. Hao, S., et al.: Understanding the domain registration behavior of spammers. In: Proceedings of the 2013 Conference on Internet Measurement Conference, IMC 2013, pp. 63–76. ACM, New York (2013). https://doi.org/10.1145/2504730.2504753

  8. Hastie, T., Tibshirani, R., Friedman, J.: The Elements of Statistical Learning. Springer, New York (2009). https://doi.org/10.1007/978-0-387-84858-7

    Book  MATH  Google Scholar 

  9. Hesselman, C., Moura, G.C.M., Schmidt, R.O., Toet, C.: Increasing DNS security and stability through a control plane for top-level domain operators. IEEE Commun. Mag. 55(1), 197–203 (2017). https://doi.org/10.1109/MCOM.2017.1600521CM

    Article  Google Scholar 

  10. Hoffman, P., Sullivan, A., Fujiwara, K.: DNS terminology. RFC 8499, IETF, November 2018. http://tools.ietf.org/rfc/rfc8499.txt

  11. ICS: International Credit Card Services (2020). https://icscards.nl

  12. Kazemian, H., Ahmed, S.: Comparisons of machine learning techniques for detecting malicious webpages. Expert Syst. Appl. 42(3), 1166–1177 (2015). https://doi.org/10.1016/j.eswa.2014.08.046

    Article  Google Scholar 

  13. Kruczkowski, M., Szynkiewicz, E.N.: Support vector machine for malware analysis and classification. In: 2014 IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT). IEEE, August 2014. https://doi.org/10.1109/wi-iat.2014.127

  14. Lever, C., Walls, R., Nadji, Y., Dagon, D., McDaniel, P., Antonakakis, M.: Domain-Z: 28 registrations later measuring the exploitation of residual trust in domains. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 691–706, May 2016. https://doi.org/10.1109/SP.2016.47

  15. Netcraft Ltd.: Netcraft, 10 October 2019. https://www.netcraft.com/

  16. McCoy, D., Dharmdasani, H., Kreibich, C., Voelker, G.M., Savage, S.: Priceless: the role of payments in abuse-advertised goods. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 845–856. ACM, New York (2012). https://doi.org/10.1145/2382196.2382285

  17. McCoy, D., et al.: PharmaLeaks: understanding the business of online pharmaceutical affiliate programs. In: Proceedings of the 21st USENIX Security Symposium. USENIX Association, Bellevue, August 2012

    Google Scholar 

  18. Mockapetris, P.: Domain names - concepts and facilities. RFC 1034, IETF, November1987. http://tools.ietf.org/rfc/rfc1034.txt

  19. Moura, G.C.M., Heidemann, J., Schmidt, R.O., Hardaker, W.: Cache me if you can: effects of DNS time-to-live. In: Proceedings of the 2019 ACM Internet Measurement Conference, October 2019. https://doi.org/10.1145/3355369.3355568

  20. Moura, G.C.M., Heidemann, J., MĂĽller, M., Schmidt, R.O., Davids, M.: When the dike breaks: dissecting DNS defenses during DDoS. In: Proceedings of the ACM Internet Measurement Conference, October 2018. https://doi.org/10.1145/3278532.3278534

  21. Nieuws, R.: Dit jaar al 307 nep-webwinkels offline gehaald door politie (in Dutch), 12 December 2018. https://www.rtlnieuws.nl/geld-en-werk/artikel/4520646/dit-jaar-al-307-nep-webwinkels-offline-gehaald-door-politie

  22. NOS: Consumenten voor 5 miljoen euro opgelicht via nepwinkels op sociale media (in Dutch), 12 December 2018. https://nos.nl/artikel/2258095-consumenten-voor-5-miljoen-euro-opgelicht-via-nepwinkels-op-sociale-media.html

  23. NOS: Waar komen al die nep-webshops toch vandaan? (in Dutch), 5 May 2018. https://nos.nl/artikel/2230087-waar-komen-al-die-nep-webshops-toch-vandaan.html

  24. Peter, H.: Gefälschte Sneaker von der FDP? (In German) (2019). https://www.tagesschau.de/wirtschaft/fakeshops-plagiate-sneaker-china-101.html

  25. Quan, L., Heidemann, J., Pradkin, Y.: When the internet sleeps: correlating diurnal networks with external factors. In: Proceedings of the 2014 Conference on Internet Measurement Conference, IMC 2014, pp. 87–100. ACM, New York (2014). https://doi.org/10.1145/2663716.2663721

  26. van Rijswijk-Deij, R., Jonker, M., Sperotto, A., Pras, A.: A high-performance, scalable infrastructure for large-scale active DNS measurements. IEEE J. Sel. Areas Commun. 34(6), 1877–1888 (2016)

    Article  Google Scholar 

  27. Roberts, R., Goldschlag, Y., Walter, R., Chung, T., Mislove, A., Levin, D.: You are who you appear to be: a longitudinal study of domain impersonation in TLS certificates. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, pp. 2489–2504 (2019). https://doi.org/10.1145/3319535.3363188

  28. Schmidle, N.: Inside the Knockoff-Tennis-Shoe factory. The New York Times (2010). http://www.nytimes.com/2010/08/22/magazine/22fake-t.html

  29. SIDN: General terms and conditions for .nl registrants, 19 May 2019. https://www.sidn.nl/downloads/d_7zdiiDQvOGbSo1FGCcqw/6d8b113b06e293bd9af55fb11a66c499/General_Terms_and_Conditions_for_nl_Registrants.pdf

  30. SIDN: Stichting internet domein nederland, 30 Ago 2019. https://sidn.nl/en

  31. Streitfeld, D.: What happens after Amazon’s domination is complete? Its bookstore offers clues. New York Times, 23 June 2019. https://www.nytimes.com/2019/06/23/technology/amazon-domination-bookstore-books.html

  32. Suykens, J.A., Vandewalle, J.: Least squares support vector machine classifiers. Neural Process. Lett. 9(3), 293–300 (1999). https://doi.org/10.1023/A:1018628609742

    Article  Google Scholar 

  33. Taxation and Customs Union: Customs Union: EU customs seized over 41 million fake goods at EU borders last year (2016). https://ec.europa.eu/taxation_customs/node/976_en

  34. Tian, H., Gaffigan, S.M., West, D.S., McCoy, D.: Bullet-proof payment processors. In: 2018 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–11, May 2018. https://doi.org/10.1109/ECRIME.2018.8376208

  35. Turner, K.: That Chanel bag on your Instagram feed may not be a Chanel bag (2016). https://www.washingtonpost.com/news/the-switch/wp/2016/05/26/that-chanel-bag-on-your-instagram-feed-may-not-be-a-chanel-bag

  36. U.S. Customs and Border Protection Office of Trade: Intellectual Property Rights - Fiscal Year 2017 Seizure Statistics (2017). https://www.cbp.gov/document/stats/fy-2017-ipr-seizure-statistics

  37. Wall, D.S., Large, J.: Jailhouse frocks: locating the public interest in policing counterfeit luxury fashion goods. Br. J. Criminol. 50(6), 1094–1116 (2010). http://ssrn.com/abstract=1649773

    Article  Google Scholar 

  38. Wang, D.Y., et al.: Search + Seizure: the effectiveness of interventions on SEO campaigns. In: Proceedings of the 2014 Conference on Internet Measurement Conference, IMC 2014, pp. 359–372. ACM, New York (2014). https://doi.org/10.1145/2663716.2663738

  39. Wappalyzer: Identify technology on websites, 19 October 2019. https://www.wappalyzer.com/

  40. Wullink, M., Moura, G.C., Hesselman, C.: Dmap: automating domain name ecosystem measurements and applications. In: 2018 Network Traffic Measurement and Analysis Conference (TMA), pp. 1–8. IEEE, June 2018

    Google Scholar 

  41. Wullink, M., Moura, G.C., Müller, M., Hesselman, C.: ENTRADA: a high-performance network traffic data streaming warehouse. In: 2016 IEEE/IFIP Network Operations and Management Symposium (NOMS), pp. 913–918. IEEE, April 2016

    Google Scholar 

Download references

Acknowledgments

We thank very much the collaboration involved in this study: the (anonymized) registrars that collaborated in removing counterfeit webshops, as well as ICS and their analysts for manually validating our results.

We also would like to thank Geoff Voelker, Moritz MĂĽller, Damon McCoy, Elmer Lastdrager for reviewing on various paper drafts, as well as the anonymous reviewers of PAM2020, and our shepherd, Dave Levin.

SIDN and the University of Twente received funding from the European Union’s Horizon 2020 Research and Innovation program under Grant Agreement No 830927. Project website: https://www.concordia-h2020.eu/.

Author information

Authors and Affiliations

  1. SIDN Labs, Arnhem, The Netherlands

    Thymen Wabeke, Giovane C. M. Moura & Cristian Hesselman

  2. SIDN, Arnhem, The Netherlands

    Nanneke Franken

  3. TU Delft, Delft, The Netherlands

    Giovane C. M. Moura

  4. University of Twente, Enschede, The Netherlands

    Cristian Hesselman

Authors
  1. Thymen Wabeke
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Giovane C. M. Moura
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nanneke Franken
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Cristian Hesselman
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thymen Wabeke .

Editor information

Editors and Affiliations

  1. University of Twente, Enschede, The Netherlands

    Anna Sperotto

  2. University of California, San Diego, CA, USA

    Alberto Dainotti

  3. University of ZĂĽrich, ZĂĽrich, Switzerland

    Burkhard Stiller

A Appendix: Screenshots of Counterfeit Webshops

A Appendix: Screenshots of Counterfeit Webshops

Figure 11 shows the screenshot of a counterfeit webshop captured in 2016 on the .nl zone, also shown in [5]. Figure 12 shows the screenshot of a counterfeit webshop captured in 2019.

Fig. 11.
figure 11

Example of counterfeit webshop detected in 2016.

Full size image
Fig. 12.
figure 12

Example of counterfeit webshop detected in 2019.

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wabeke, T., Moura, G.C.M., Franken, N., Hesselman, C. (2020). Counterfighting Counterfeit: Detecting and Taking down Fraudulent Webshops at a ccTLD. In: Sperotto, A., Dainotti, A., Stiller, B. (eds) Passive and Active Measurement. PAM 2020. Lecture Notes in Computer Science(), vol 12048. Springer, Cham. https://doi.org/10.1007/978-3-030-44081-7_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-44081-7_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-44080-0

  • Online ISBN: 978-3-030-44081-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation