https://www.qurium.org/forensics/dark-ops-undercovered-episode-ii-eliminalia-analysis-of-fake-dmca-complaints/ Back home * About + Team + Governance board + Our Values + Our pillars - PMA + Code of Conduct + Contact + Memberships + History + Job offerings o Pentester and code auditor o Senior Network Engineer o Software developer * Services + Secure Hosting + Bifrost + Secure hosting and communication services (GDPR) + Other Services * FAQ + FAQ + How to migrate to VirtualRoad.org? + How can I get a quote? + In which countries are you working? + What makes VirtualRoad.org unique? + Comparison with similar initiatives + Support o How to support VirtualRoad.org? o Donors o Supporters * Bifrost + What is Bifrost? + Apply + FAQ + Banners * Digital forensics + Afghanistan + Azerbaijan + Belarus + Colombia + Congo (DRC) + Cuba + El Salvador + Egypt + France + Iran + Jordan + Kazakhstan + Kyrgyzstan + Myanmar + Nigeria + South Sudan + Spain + Sri Lanka + Philippines + Turkmenistan + Togo + Uganda + Uzbekistan + Vietnam + Zimbabwe * Fighters + #1: Khalid Abdel-Hadi, Jordan + #2: Rafael Marques de Morais, Angola + #3: Ganimat Zahid, Azerbaijan + #4: Ronalyn Olea, Philippines + #5: Khalid Ibrahim, Lebanon + #6 Uvindu Kurukulasuriya, Sri Lanka + #7 Albertine Watchdog, Uganda + #8 Vi Tran, Vietnam + #9 Diana Salinas, Colombia + #11 Tor Madira, South Sudan + #10 Rinat Tuhvatshin, Kyrgyzstan + #12 Orus Villacorta, El Salvador + #13 Cristina Palabay, Pilippines + #14 Arzu Geybulla, Azerbaijan + #15 John Githongo, Kenya * Press Releases * Rapid Response * IGLOO * Dark Ops Undercovered + Episode I - Eliminalia + Episode II - Eliminalia [banner_padlock1-1920x300] Home >> Forensics >> Dark Ops Undercovered: Episode II - Eliminalia Dark Ops Undercovered: Episode II - Eliminalia in Forensics --------------------------------------------------------------------- April 20, 2021 WHAT'S HIDING BEHIND THE FAKE DMCA COMPLAINTS? In the last months, one of Qurium's research questions has been to understand how the domains registered by Eliminalia have been used to remove content from Google search results. Our first quick finding was to see that hundreds of their domains were copying articles from legitimate news media in an automatic fashion, skipping the content that their clients found uncomfortable. Two of Qurium's hosted websites were used by the clones, that pulled new stories from the media sites several times per hour. By February 2021, Qurium knew that Eliminalia was copying and back-dating articles to file DMCA complains since at least 2017 but it was unclear if the "clones" had been used for the same purpose. [image-7]Enadwords.com: one of the first domains used for fake DMCA Complaints in 2018 In order to find out, we took the list of domain names registered by Eliminalia as an input of the research API provided by Lumen. The Lumen Database is a project of the Berkman Klein Center for Internet & Society at Harvard University that studies cease and desist letters concerning online content. The first results were very revealing, some of the fake domain names used to clone websites were also present in the Lumen database! [image-6]Searching for the domain in "All Fields" in Lumen DB The Lumen API does not allow searches by URL (at least we have not figure out how to do it!) so we wrote a fancy Python script to find the cases using the "All Fields" search field. The result of our searches is that from the 300 domain names registered by Eliminalia to clone media websites, at least 16 of them have been used to file fake DMCA complains to Google. The following 16 URLs have been used to clone legit media sites, back-date articles and later file fake DMCA complains to Google: 1. diariobucaramanga.co 2. noticiasneiva.co 3. noticiaspasto.co 4. san-andres.co 5. chinatimestw.com 6. informaciondura.com 7. libertytimestw.com 8. noticiascandela.co 9. noticias-mundo.com 10. noticiasneiva.co 11. noticias-politica.com 12. notizieveneto.it 13. prensa-directa.com 14. taiwan24h.com 15. todaydailytw.com 16. ultima-hora.com Once we could confirm that some websites had been used to file fake DMCAs, we simply used the public access to the Lumen database to retrieve the description of each case. What topics do the DMCA complaints concern? According to Eliminalia, they offer to "rebuild your future by deleting unwanted and erroneus information and help guarantee your right to anonimity" (yes, their tagline includes two misspellings). Sounds fair as long as we speak about personal blunders, but is it OK to erase content dealing with corrupted politicians, financial fraud, environmental scandals? [eliminalia_tagline]Eliminalia's tagline. This is a summary of the DMCA cases we found in the Lumen database: * 92 legal complaints and requests for removal of online materials from May 2019 to March 2021. * The cases are associated to the following countries: + Taiwan (26) - started in late November 2020 + Spain (17) + Venezuela (16) + Italy (12) + Mexico (8) + Colombia (5) + Chile (3) + United Kingdom (2) + Argentina (1) + Angola (1) + India (1) * 72% of the complaints have their articles still online. * 37% of the total number of complaints are targeting content hosted in blogspot.com. * DMCA seems to mostly target articles hosted at blogspot.com. * 38% of the blogspot.com websites have the content removed or their website is no longer reachable. The main six thematic areas of the DMCA complaints are: 1. Business and financial fraud in the sectors of food, education and health. Critical articles talking about fraudulent job offers /interviews, Universities or academies not delivering their services, bad surgeries including patients deaths. 2. Cases of corruption: Articles about inflated contracts, money laundry, hidden bank accounts in Switzerland. 3. Cases of sexual abuse or harassment. 4. Reporting of connections with mafias or organized crime. 5. Environmental impact: Articles covering the environmental impact of construction companies or land ownership. 6. Human rights violations Upon review of 78 of the 92 cases that are still online, we found that half of the cases are related to different forms of business and financial corruption, that in many cases have resulted in a legal sentence. Another large group of articles relate to investigations of organized crime and the connections to different mafia groups. Use of Safe Creative to register fake copyright ownership During the research we discovered that Eliminalia used Safe Creative to falsely register Copyright ownership of articles in order to file DMCA complaints later on. [image-8] Examples of fake DMCA cases The following two cases are examples of the categories environmental impact and human right violations. Case 1: The land stolen by Banana producers Several DMCA cases are related to investigations into environmental issues such as the banana production in Colombia released by Ciper Chile and El Diario.ES. In 2020, the fake domain noticias-mundo.com was used to create a clone of an investigation published by CiperChile back in 2017. The clone website back-dated its publication and filed a fake DMCA complain in January 2020. The case is registered in Lumen with ID 19997993. [image-10-1024x606]Lumen case 19997993. Case 2: Doctors' involvement in torture programs In December 2019, the clone website ultima-hora.com was used to try to remove an article from the Radio Universidad de Chile that included the list of doctors involved in tortures during the Pinochet's dictatorship. Despite that the domain ultima-hora.com was registered by Eliminalia in April 2019, an article with date 2013-08-18 was created to file a DMCA complaint against the article from the Radio Universidad de Chile. The case is registered in Lumen with ID 19738319. [image-1]Lumen Case 19738319 [image-4]Original article from 2013. [image-3-1024x657]The clone website (Ultima-hora) used to file fake DMCA case. How to reproduce our findings? Any researcher using public available tools can reproduce our findings following these simple steps: STEP 1: FIND ELIMINALIA IP RANGE Obtain the IP ranges used by Eliminalia to host the fake domains from Censys. [image-12] STEP 2: FIND ELIMINALIA DOMAINS Obtain the domain names hosted in the range 62.244.51.52 - 62.244.51.57 from RiskIQ. [image-11-1024x854] STEP3: OBTAIN LIST OF FAKE DMCA CASES Use the Lumen search engine search with the fake domain names. [image-13-1024x332] STEP 4: OBTAIN DETAILED DMCA CASE FILES Obtain the full details for each DMCA case by providing your e-mail address. [image-10-1024x606] STEP 5: REVIEW AND ANALYZE Review the results, classify the articles by country, thematic area, date of submission, etc. Creative Commons License This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License. * (c) 2021 Qurium Media Foundation * Powered by * Designed with the Customizr Theme * We use cookies on our website. By clicking "Accept", you consent to the use of ALL the cookies. Cookie settingsACCEPT Manage consent Close Privacy Overview This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience. Necessary [*] Necessary Always Enabled Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously. Cookie Duration Description This cookie is set by GDPR Cookie Consent 11 plugin. The cookie is cookielawinfo-checbox-analytics months used to store the user consent for the cookies in the category "Analytics". The cookie is set by GDPR 11 cookie consent to record cookielawinfo-checbox-functional months the user consent for the cookies in the category "Functional". This cookie is set by GDPR Cookie Consent cookielawinfo-checbox-others 11 plugin. The cookie is months used to store the user consent for the cookies in the category "Other. This cookie is set by GDPR Cookie Consent 11 plugin. The cookies is cookielawinfo-checkbox-necessary months used to store the user consent for the cookies in the category "Necessary". This cookie is set by GDPR Cookie Consent 11 plugin. The cookie is cookielawinfo-checkbox-performance months used to store the user consent for the cookies in the category "Performance". The cookie is set by the GDPR Cookie Consent 11 plugin and is used to viewed_cookie_policy months store whether or not user has consented to the use of cookies. It does not store any personal data. Functional [ ] Functional Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features. Performance [ ] Performance Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors. Analytics [ ] Analytics Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc. Advertisement [ ] Advertisement Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads. Others [ ] Others Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet. SAVE & ACCEPT