Category: Resources

Maccabim Supports Yahoo! to Consolidate and Transfer 38 Domain Names Registered to 13 Respondents Across 3 Registrars

Maccabim supported Yahoo! in a WIPO proceeding consolidating 38 domain names used in a  technical support scam/phishing operation registered to thirteen (13) nominal Respondents across 3 registrars.

In ordering the domains to be transferred to Yahoo, the Panel found that Yahoo made a “substantial case against the Respondents,” and that “[Yahoo] has, no doubt painstakingly, dissected the evidence and records relating to the disputed domain names to identify connections between them…” Evidence in support of consolidation included unusual common spelling errors and phone numbers. Third-party coverage of the decision can be found here. Yahoo was represented by Matkowsky Law.

Disclaimer: The opinions and characterization of the Yahoo decision represents solely the views of Ltd., and should not be construed to reflect the views or opinions of Yahoo in any way.

Maccabim Supports Roche to Successfully Consolidate and Transfer 74 Domain Names Across 5 Different Registrars and Registered by 20 Respondents in Armenia, China, Kazakhstan and Russian Federation

Case No. D2015-0984

The Panel found that 20 Respondents whose addresses are located in Armenia, China, Kazakhstan, and the Russian Federation are likely to be one and the same as the Respondents in the Bannikov I proceeding that Maccabim supported, allowing 74 domains across 5 different registrars to be consolidated in a single proceeding and ordering them to be transferred to F. Hoffmann-La Roche AG (Roche).

Disclaimer: The opinions and characterization of the Roche decision represents solely the views of Ltd., and should not be construed to reflect the views or opinions of Roche in any way.

Maccabim Welcomes Mark Seiden as Tech Advisor

MarkSeiden-PortraitMaccabim is pleased to announce that Mark Seiden has joined the team as Technical Advisor.

Mark has been a programmer since the ‘60s and a consultant for more than 20 years. His earliest jobs were as a computer scientist at companies like IBM and Bell Labs, and his most recent jobs in security include Principal Incident Responder for Yahoo!, and implementing security measures at Dropbox. He is currently the Security Advisor to the Internet Archive, the library of the Internet available on the Wayback Machine. To give
you a sense of Mark, you can read The Sniffer vs. the Cybercrooks in The
New York Times
, 7/31/05.  As early as 1997, Time Digital featured Mark as one of the top 50 leaders in the digital world, and he is currently a member of the Security and Stability Advisory Committee (SSAC), the selected few worldwide experts advising the ICANN Board on matters related to the security and integrity of domain name matters and the allocation of IP addresses.

Eli Lilly Obtains Transfer Order of Hundreds of Revenue Domains Registered Using Compromised Identities

online protectionIn Eli Lilly and Company v Grace Beaumont et. al. (Claim Number FA1504001615093), represented by Stephanie A. Gumm of Faegre Baker Daniels, LLP, Eli Lilly succeeded in consolidating 392 domain names registered across several registrars, and using multiple aliases, in a single UDRP proceeding. The domains were all ordered to be transferred to Eli Lilly. In arguing for consolidation of Respondents, Complainant relied on testimony from’s CEO Jonathan Matkowsky that the disputed domain names are under the control of a criminal network that uses false contact information to register domains, including compromised identities of innocent third persons. Maccabim’s testimony was supported by email correspondence received by the NATIONAL ARBITRATION FORUM from various named registrants of the disputed domain names who denied having registered the domain names.


153 Roche Domains Registered with Stolen Identities Transferred in a Single Proceeding



Maccabim has been tracking down through OS-INT/CYBER-INT, the specific people on the ground that are responsible for operating the largest criminal network damaging  branded medicines and devices through the Internet. 

Without getting into the specifics  of our ongoing operation, we believe it is important to share developments in this area.

Maccabim recently supported F. Hoffmann-La Roche AG (Roche) in gathering the evidence used to demonstrate in a WIPO UDRP that 153 rogue online pharmacy sites exploiting Roche’s proprietary brands —all registered in the name of at least 90 nominally distinct different identities, including proxy and privacy services–are under common control or ownership. This allowed the domains to be consolidated into a single proceeding. To protect victims whose identities were stolen for trafficking in hazardous revenue domains, the Panel agreed to take the extraordinary step of redacting certain names from the published decision to protect innocent persons, notwithstanding that the domains were all ordered to be transferred.

Disclaimer: The opinions and characterization of the Roche decision represents solely the views of Ltd., and should not be construed to reflect the views or opinions of Roche in any way.


Rogue Online Pharmacies Operating Behind Spoofed HTTP Status Codes

By Jonathan Matkowsky, Founder & CEO

GettyImages_84474325Government agencies and brand owners may believe they have successfully taken down sites, but it is critical to remember that HTTP status codes can be spoofed.  Moreover, the criminal networks operate from behind spoofed HTTP status codes. So the site looks down, but it’s actually in full operation visible only to those the criminals target.

At Yahoo!, we developed a “paranoid” mentality that comes in handy for online brand enforcement.  If your brand enforcement strategy does not seriously take  into account the possibility of spoofing HTTP status codes , then the worst criminal networks attacking your brand assets may actually be evading your initiatives. Worse, you may be paying vendors for successfully taking down sites that are up and running.  The criminals resort to stealth innovation to avoid disruption to their criminal activities.

We are not talking about the Dark Net here! We are talking about the open Internet! And the worst part about it is that while the site looks down, it looks completely different to the targeted audience.

To make matters worse, whether there is commercial use of your brand assets is actually often a legal factor that can influence the merits of a proceeding. If brand owners are not aware of how to go about detecting spoofed HTTP status codes, there may be serious legal consequences that are not only undeserved, but letting the worst criminal actors get away.

Rogue online pharmacies are not the only criminal networks operating from behind spoofed HTTP status codes. First of all, rogue online pharmacies often are involved in other criminal activities, ranging from fraudulent payday loans to complicated international money laundering schemes.  Second, any online criminal network exploiting your brand assets in any industry can operate from behind spoofed HTTP status codes. I would expect this practice is pervasive in industries ranging from footwear to apparel, from luxury goods to electronic accessories, just to name a few.

Maccabim develops cybercrime solutions to protect your brand & IP assets in an expansive digital world. To audit whether criminal networks are operating to exploit your brand from behind spoofed HTTP status codes, contactMaccabim today.

Photo Credit:  Olivier Auriol/Video Creatas/Getty Images

New Research Links Terrorist Activities and Product Counterfeiting

Three team members from Center for Anti-Counterfeiting and Product Protection, Michigan State University (A-CAPP) recently concluded and co-authored research examining the link between terrorist activities and product counterfeiting.   A-CAPP reported they uncovered ten prosecuted cases involving product counterfeiting that were linked to Jihadi or far-right extremists between 1996-2013. Apparently the impact for five of the schemes was over US$95 million. The vast majority of the cases originated with Hezbollah.

A backgrounder on the article is available here.