Investigator Interview: Clearing the Path to Enforcement

MarkMonitor’s own investigative research specialist, Joshua Hopping, dives into a new generation of brand protection that equips firms with intelligence powerful enough to rip entire networks of cybercrime out by their roots.

Leveraging what’s known as “High-Value Targeting (HVT)”, Joshua Hopping zeroes in on the most egregious online infringers in bulk. The method he uses is newer to the brand protection industry, but it’s the “bread and butter” of this 13-year MarkMonitor veteran’s work.

Arriving at insights

HVT has proven a critical component to fighting a host of cyber-criminals, from those peddling impostor baby formula and fraudsters selling pirated entertainment and software to shady dark web actors behind rising incidents of phishing and trademark infringement.

“We go deeper than just identifying that the abuse is happening,” Hopping said. “We find out who’s behind it.”

To arrive there, he analyses captured data points that include phone numbers, emails, servers, images, fragments of text and even shipment details. Analysis in-hand, he then verifies key links between marketplace listings and websites that might reveal operations masterminded by a common actor – indicating an HVT is involved behind the scenes.

Clients are then provided with a complete report, including visuals, analytics and charts, to aid them in taking next steps. This actionable intelligence can be used to dismantle and/or disrupt the infringing actions of a network.

“It’s not just the data,” he said. “There’s analysis and commentary behind it. You get that visual story of how things are connected.”

Operation “In Our Sites” and beyond

This kind of comprehensive strategy proved successful in 2016 during a coordinated operation for Europol known as “In Our Sites” (IOS), which shut down more than 230 malicious websites. MarkMonitor also assisted luxury brand Belstaff in targeting 3,000 sites selling fakes, some 800 of which were managed by one individual in China. Belstaff was later awarded $42 million in damages.

This level of detail, he said, is more the industry exception than the norm. A typical enforcement strategy stops mitigation efforts at sending out a cease-and-desist letter or delisting counterfeit goods.

“What fascinates me is being able to make those connections finding out who these people are,” he said.

No place to hide

It’s a well-known fact that criminals often hide behind an intermediary proxy service. Today, however, many fraudsters have amped up their strategies by using stolen identities to populate the Whois records of fraudulent domains, even using fictitious computer-generated names and addresses created by specialized software.

But for Hopping, one slip-up can be all it takes to blow their cover.

“He made one mistake on one address and we connected it back,” he said of one offender. “You see it and you think, ‘I got ’em’. This is where it’s at.”

Hopping, a member of ASIS International, said he sees potential for a focus on the bigger fish in the near future. Patent-pending technology, for example, would use big data analytics and machine learning to further improve simultaneous detection of High-Value Targets across marketplaces, websites, social and other digital channels. In fact he’s helping lead the initiative at MarkMonitor.

Learn more about MarkMonitor Investigative Services today by calling 800-745-9229 (U.S.) or +1-415-278-8479 (global).