EU Intellectual Property Office research describes 25 illegal business models, only 8 mention Bitcoin

The European Union’s Intellectual Property Office, better known as EUIPO, just published a 78-page report, “Research on Online Business Models Infringing Intellectual Property Rights,” with the help of professional services firm Deloitte.

As the EU's authority on intellectual property, EUIPO is on the front line against piracy, trademark abuse, patent theft, and related crimes across Europe.

The report's primary author, EUIPO Director António Campinos, describes areas one wouldn't normally associate with crimes involving Intellectual Property Rights (IPR). “We noticed IPRs are systematically being misused as a way to disseminate malware, carry out illegal phishing and simple fraud to the detriment of consumers, businesses and the ordinary user of the internet.”

“This shadow landscape thrives on the misuse of IPR belonging to others and is often built on the use of domain names and other digital identifiers,” states the report. "It more and more relies on new encrypted technologies like the TOR browser and the Bitcoin virtual currency, which are employed by infringers of IPR to generate income and hide the proceeds of crime from the authorities."

The new study aims to provide an overview of the different online business models infringing IPRs, assessing how they function, how they are financed, and how they generate profits for their operators. It will provide policymakers, civil society and private businesses with a better understanding of the landscape, and starts with a dozen explanations of terms used within the document.

BitTorrent, Bitcoin, Darknet, Phishing and The Onion Router (TOR) are explained in detail, alongside Escrow Service, Intellectual Property Rights and Online, “which cannot be expected to be known by all readers.”


The report splits the “shadow landscape” up into five broad categories, each represented by five business models. Each business model “has been determined to be infringing IPR or is considered susceptible of IPR infringement.”

The business models were constructed using publicly reported case law, decisions taken by national courts, dispute resolution bodies, and cases that have been referred to in publically available reports and studies.

Examples of ‘notice and takedown’ actions that are not immediately available to the public at large were also collected, while independent research was made on Darknet markets and new business models.

“Due to lack of available case law an assessment of the susceptibility of IPR infringement on the websites was made on the basis of information gathered from the websites themselves.”


Based on the collected material, an analytical method was developed that makes it possible to identify, dissect, analyse, describe and present any IPR-infringing business model in the online environment.

The method is comprised of two main tools, a taxonomic matrix that identifies and presents the main characteristics of possible IPR-infringing business models, and a business model canvas that describes the specific features of each individual model.


Of the 25 different business models the report explores, eight mention bitcoin as a primary revenue source, although most of them already use bitcoin to some extent.

The underlying, existential threat that Bitcoin represents, according to the report, is one of anonymity in payment networks. “There are no public records connecting Bitcoin wallet IDs with personal information of individuals,” the report explained. “Because of these Bitcoin transactions are considered semi-anonymous.”

The first broad category outlined in the report, and the five business models in the category, “Open Internet Marketing Misusing IPR in Domain Name or Digital Identifier,” doesn't mention bitcoin at all, despite bitcoin becoming a common payment choice for domains on platforms like Namecheap.

The second category, “Open Internet Marketing Without Misusing IPR in Domain Name or Digital Identifier,” is mostly composed of phishing and other misleading cases of product or service fraud. It includes one business model using bitcoin: Websites offering an “Online Pharmacy Marketing Prescription Medication,” a case study performed by the project team based on the Unicri Report: ‘Counterfeit medicines sold through the Internet.'

EUIPO Banner

The third section of the shadow landscape is where bitcoin is already the dominant revenue channel in every case. “Darknet Hidden Services” goes so far as to add two sub categories to the five business models. Business models include TOR-accessible marketplaces of many different kinds, and all are based on case studies performed by the project team, without a legal decision.

“Darknet TOR Hidden Service Marketplace with a User Account Shop” is the business of selling any type of user account or identification for bitcoin. Dedicated storefronts are the usual salespoint, and the products in them include bank accounts and other highly illegal spoils from identity theft. “Accounts for international video and music streaming services, international online marketplaces and airlines are examples of the offers for sale in the shop,” the report explains.

Conversely, “Darknet TOR Hidden Service User Account Shop Vendor,” is running the business of selling stolen, or hacked accounts for bitcoin, typically as a vendor at a marketplace, such as the silk road. According to the report, the difference is in how the vendor acquired the account, and how long they are good for.

“Darknet TOR Hidden Service E-book Library” is a donation-driven business that allows anyone to download pirated e-books, and the report notes that there are already 85,000 such e-books listed. “A donation option is possible as the website has an instruction for this along with a Bitcoin wallet key.”

The “Darknet TOR Hidden Service Marketing Weapons and Firearms” is the most direct example of a true black market, and along with bitcoin, it adds litecoin and anoncoin as payment options to purchase these illegal items in Europe. “It cannot be determined without a testbuy whether the website sells nongenuine products or only engages in illegal parallel trade.”

“Darknet TOR Hidden Service Marketplace for Goods and Services” is named as “the largest Darknet Market in terms of number of listings and number of users.” It’s the classic Silk Road-style marketplace, which is the business of running a general store that works like Amazon or Alibaba, but runs through TOR hidden services and requires bitcoin with escrow to function.

The verbosely-named “Vendor on Darknet TOR Hidden Service Marketplaces Marketing Storage Media Preloaded with Digital Content” is simply the business of selling hard drives or other physical media full of pirated content in dark web marketplaces.

The example provided is a “Hard drive 4 TB (preloaded with 2000+ music albums, 1600+ films, 100+ TV series)” for the price of €273. Online, this business requires bitcoin payments because of the marketplaces it uses, however offline this is a far larger business which primarily deals in cash.

The last business model in the section is entitled “Darknet TOR Hidden Service Marketplace For Protected or Sensitive Information.” Info markets were originally a type of whistleblower or international reporting channel that has spread out to any and all kind of information, including copyrighted information like trade secrets, blueprints, cheat codes, and competitors' client databases. Both escrows and user profiles are used to protect buyers from commonplace fraud in these markets, and bitcoin is the predominant payment option.

The last two sections of the shadow landscape, “Phishing, Malware Dissemination and Fraud” and “Digital Content Sharing on Open Internet,” both fail to mention bitcoin, despite both having many examples in the real world of bitcoin-centric businesses that would fit their description.

For instance, the report overlooks bitcoin under the model that highlights ransomware, “File Sharing Cyberlocker.” Their research points to Paypal and Webmoney as the primary monetization channels for ransomware despite the most popular such malware, including CryptXXX, using bitcoin exclusively for its' ransomware component.

The report makes no attempt at a solution to fight any of the business models listed, but with the report came an announcement that EUIPO is working with Europol on a new anti-piracy effort launched earlier this month, the Intellectual Property Crime Coordinated Coalition (IP3C) in order to address the threats in this report more effectively.

- Campinos