A New Age of Data Rights Enforcement

By Douglas DePeppe, Esq., Co-Founder – Sports ISAO

Sports-ISAO has been engaged in cyber-attacker hunting (and social media abuser hunting) for many years. Over this time, a change in attack type has been observed. The scaling of cybercrime has led to increased sophistication concerning ‘the business of cybercrime’, and the recognition among cyberattackers that one-to-many models are more lucrative than one-to-one models.

Accordingly, Sports-ISAO has increasingly detected the mass deployment of infrastructure to target the massively rich online advertising spend of Big Business, as well as the targeting of Big Brand Athletes and sport enterprises. That is, criminals are engaged in the practice of misdirecting legitimate ad-spend to their own criminal coffers. This writing addresses legal strategies to counter this criminal enterprise, and will leave things to Sports-ISAO analysts to reveal the technical details of this criminal enterprise.

Changed Attack Modalities

One way that cybercriminals are siphoning legitimate ad-spend is through knockoff sites that resemble legitimate and established companies and athletes. In some instances, cybersquatting registrations are pursued for look-alike domains (aka homonym attacks). In the English Premier League, Sports-ISAO detected multiple knockoff sites involving top players and clubs. During Tokyo 2020, given the additional year to plan their criminal schemes, Sports-ISAO detected massive networks engaged in fraudulent practices. Many instances of knockoff domains and hijacking online trends were detected whereby cybercriminals exploit worldwide broadcast and advertising rights to misappropriate viewership onto their own sites. Botnets are also deployed to artificially misrepresent viewership and click rates to drive traffic toward their fraudulent enterprises.

Combating Cyberattack Practices under Property Law

I recently wrote an article, We Lawyers Were Mistaken: Online Privacy is a Property Matter, in which I proposed that the enforcement of data rights should be pursued under a property law construct. The ad-fraud attack trend affords an illustration, principally because knockoffs are an intellectual property issue for redress. Both copyright and trademark infringement actions could be pursued by rights holders, depending on the facts. Indeed, in the US, there is the Anti-cybersquatting Consumer Protection Act (ACPA), 15 U.S.C. § 1125(d), which enables a cause of action for registering, trafficking in, or using a domain name confusingly similar to, or dilutive of, a trademark or personal name. In other situations, the attackers’ sites intentionally resemble legitimate sites, or include copyright materials on the site. Another attraction of using intellectual property law is the opportunity, where applicable, of invoking statutory damages. This would streamline the enforcement and reduce investigation costs.


You must be logged in to post a comment Login