Threat Intelligence Blog

Posted January 5, 2015

With the new year upon us, it’s not just security professionals who are wondering where to focus their attention in 2015. Data uncovered using Cyveillance’s Cyber Threat Center suggests some types of illegal activity that cyber criminals would do well to avoid if they wish to evade scrutiny by international law enforcement. Without spending too much time digging, we were able to uncover approximately 2,400 sites seized during law enforcement efforts in recent years.

These sites are easy to spot because they feature a prominent message that the site was seized by United States or European law enforcement. Most have a message such as, “this domain name has been seized by ICE – Homeland Security Investigations” or “This domain name has been seized through Operation In Our Sites” in the page title. Many redirect the visitor to this video produced by Immigration and Customs Enforcement.

Digging Into the Data

More than 80 percent of the sites are from the .com top level domain (TLD). Other patterns that emerged based on the domain names on the list:

Number of Domain Names (approximate) Counterfeit Products Examples
650 sports jerseys
150 prescription drugs
140 Beats By Dre headphones
110 Louis Vuitton apparel
100 Nike apparel

You can download a list of the domain names related to the seized sites here.

An image from the Youtube video produced by US Immigration and Customs Enforcement

Data that Fuels Research

This is the type of data that ignites the curiosity of a good analyst. Questions that arise with review of such data include:

  • Is federal law enforcement very good at taking down many small websites selling counterfeit apparel, or able to make a bigger impact by taking down a common actor responsible for many websites selling counterfeit sports apparel?
  • Is there a particular emphasis on counterfeit sports apparel by ICE’s National Intellectual Property Rights Coordination Center (IPR) in Operation In Our Sites?
  • Is the IPR especially effective in taking down sites in the .com TLD versus other TLDs, as reported earlier?
  • Are online pharmacies becoming less of a concern, or are previous efforts to crack down on them paying off?

It’s worth noting that there may be many sites out there which do not advertise that they were seized by federal law enforcement, so the trends described above may only apply to a subset of their successes.

What Matters to Your Business in 2015?

As you plan your information or physical security programs for 2015, feel free to conduct similar research using our Cyber Threat Center. Free trials are available for your team. We’d love to help you understand the threats facing your organization so you can better mitigate the risks.

The Cyveillance Threat Center was designed for security, risk, and compliance professionals in mind, so it has the tools your analysts need to reclaim their primary role analyzing threat intelligence, not collecting data. Find out what OSINT can tell you about a threat actor, how to determine if your business should be using an OSINT platform, and how to get a free trial of the Cyveillance Cyber Threat Center

Additional Posts

Cyveillance Weekly Trends Report – January 6, 2015

Welcome to the Cyveillance Weekly Trends Report Since threat intelligence is constantly evolving, ...

Cyveillance Weekly Trends Report – December 30, 2014

Welcome to the Cyveillance Weekly Trends Report Since threat intelligence is constantly evolving, ...