How Spain’s IP police busted cyber criminals ring
Managing IP is part of the Delinian Group, Delinian Limited, 4 Bouverie Street, London, EC4Y 8AX, Registered in England & Wales, Company number 00954730
Copyright © Delinian Limited and its affiliated companies 2024

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

How Spain’s IP police busted cyber criminals ring

cyber police 2k-comp.jpg

Spain’s anti-piracy police tell Managing IP how the unit completed one of the first investigations of its kind into sellers using ‘hidden links’ to push fakes

It was a routine day in early 2020 at the anti-piracy unit of the Spanish National Police.

For regular officers, this may have meant patrolling the streets. But in this department, officers were on ‘cyber patrol’.

The head of the investigation, speaking to Managing IP on the condition of anonymity, says officers’ focus had been on browsing different social networks to locate criminal behaviour and identify new illicit methods.

“For some time, we had noticed an increase in the use of social networks as a means of disseminating criminal behaviour by cyber criminals,” she explains.

What officers then discovered on this routine patrol were sellers using so-called ‘hidden links’.

This phenomenon occurs when adverts for counterfeit products are displayed on social media. A link then takes consumers to listings of entirely different unbranded and non-counterfeit infringing products on e-commerce websites.

After the buyers make their purchases, they receive the originally advertised counterfeits they saw on social media.

The consumers are part of the scheme all along.

The anti-piracy unit’s subsequent investigation into this practice concluded this summer. Police uncovered three social media groups, each with more than 40,000 members, 30 different links to e-commerce websites selling thousands of counterfeit luxury brands, and sellers who had been working to order.

Six people, from different regions across Spain, were arrested.

Murky world

In this instance, sellers were using Telegram.

The cloud-based instant messaging service provides optional end-to-end encrypted chats that can also self-destruct. It has attracted controversy in the past for allegedly being a preferred communication method for extremists.

“The Telegram channels are the ideal means to publicise the sale of this type of product,” says the unit’s head.

The channels were controlled by administrators, or intermediaries, who used open and closed groups to publish different images of counterfeit products every day alongside a link to an e-commerce platform.

Although the buyer is directed to the innocuous e-commerce listing, they will still ‘buy’ the original counterfeit item.

During the purchasing process, buyers were asked to include a code, which acted as a nickname for the Telegram intermediary that published the original hidden link. The ultimate manufacturer of the counterfeit product, which sent the item to consumers directly, then paid a per-sale commission to the Telegram administrator.

Team effort

Once officers had established the mechanics of the system, a team of investigators, including eight tasked with working on the investigation full time, begun conducting test purchases.

When received, the products were sent to the forensics unit to be analysed, says the anti-piracy unit’s head.

That unit then provided an expert report, which determined whether a product was counterfeit or not.

The forensic team’s findings were also accepted and relied on by judges tasked with deciding whether to grant orders sought by the anti-piracy unit, such as requests to track sellers’ data, permission to conduct surveillance, and to issue search warrants.

Police time was largely split between analysing the social media channels and the sellers’ profiles, and seeking court orders, the head of the unit explains.

“It is a job that combines police investigation on networks and the internet with a traditional police investigation, such as requests for warrants and surveillance.”

In fact, the unit’s head says, cooperation from the courts was crucial in securing a successful outcome.

“The collaboration and involvement on the part of the Spanish justice system has been exemplary, especially considering the difficulty of the investigation.”

Crossed wires

As with any investigation, though, there were some severe stumbling blocks. Most notably, and perhaps predictably, many of the problems occurred when trying to secure buy-in and support from Telegram.

The head of the unit describes a “total lack of collaboration” from the platform.

“At no time did it offer any type of help to the judicial or police authorities in order to unmask the people who commit all types of crimes – in the case at hand, crimes against IP.”

She adds: “Due to this lack of collaboration, criminal organisations roam freely on Telegram because of the feeling of impunity that it offers them.”

Managing IP attempted to contact Telegram’s press team but discovered you must be a member of the service to send a message.

However, the unit head adds that this type of operation, and the publicity it receives in the media, goes some way to counteracting the lack of punishment bad actors face online.

“If a person when looking for counterfeit products discovers channels that have been closed, police operations that culminate successfully and criminals that end up being convicted of this type of activity, in the end they will think twice about continuing to consume this type of product.

“Giving publicity to this type of operation is the best way to optimise the work of investigators.”

She adds that when a website is blocked, it is important that a message confirming this is displayed to users who try to access it.

Breaking down borders

The websites in question have been blocked in Spain, but the structure of the domain name system makes it difficult to stop them worldwide. Spanish legislation cannot oblige internet service providers in other countries to block sites, the unit head notes.

She says there is a need for stronger transnational legislation to take account of this and other problems with enforcement.

“Investigations will continue to locate and close new virtual businesses, but the collaboration of all the entities involved, as well as the existence of legislation, is essential. We are fighting against transnational crime, we cannot address it with national legislation.”

The EU’s Digital Services Act (DSA), approved in July this year, is one piece of legislation that could help achieve cross-border harmonisation.

One of its provisions is a rule compelling e-commerce platforms to collect information on their users. However, some critics say the DSA did not go far enough in this regard: they have criticised the act for not extending those requirements to other platforms, such as social media channels.

On the issue of monitoring, the head of unit adds: “The internet and the different social networks must be monitored to protect the citizens, and this feeling must reach the public.

“It is not about censorship or control, but surveillance against criminal activities. Just as a citizen is protected on the street, in the cyber sphere he or she should also be protected against violations of rights.”

We can expect plenty more cyber patrols, then, one would assume. As far as the police are concerned, the next challenge is to make sure those patrols and any subsequent action span international borders.

more from across site and ros bottom lb

More from across our site

Rob Stien, chief communications and public policy officer at InterDigital, says the EU has forgotten innovators while trying to solve an issue that doesn’t exist
As Australia’s Qantm IP leans towards being acquired by a private equity company, sources discuss what it could mean for IP firms
Law firms that are conscious of their role in society are more likely to win work, according to a survey of over 23,000 in-house professionals
Nghiem Xuan Bac Pham, managing partner of Vision & Associates, discusses opportunities created by the US-China rift as well as profitability issues facing IP practices
Douglas Leite and two of his colleagues were intrigued by Bhering Advogados’s mission to grow its patent litigation practice
Each week Managing IP speaks to a different IP practitioner about their life and career
Counsel explain how pricing flexibility, patent agents and being business partners can help them maintain profitable patent prosecution practices
We provide a rundown of Managing IP’s news and analysis from the week, and review what’s been happening elsewhere in IP
Speakers at an INTA event weighed in on why firms should create AI use policies and how they stay on top of the latest developments
The England and Wales Court of Appeal backed Lidl in its trademark dispute with Tesco, but we should pay more attention to how we rule on first-instance decisions
Gift this article