Takedown notices are a particularly useful tool for copyright holders who want to make sure that infringing copies of their work are not widely distributed.
Every single day, rightsholders and their representatives scour the web for references to pirated content, which aren’t hard to find.
These links are then reported to various online services, such as Google, requesting their operators to remove the allegedly infringing content. This system works well in theory but it’s being abused by scam-artists as well.
One of the most recent scams we’ve seen targets various popular game piracy sites, including gamestorrents.tv, fitgirl-repacks.site, freegogpcgames.com, crotorrents.com, nosteam.ro, pcgames-download.com and skidrowreloaded.com.
The notices in question are seemingly sent by prominent names in the gaming industry, such as Steam and Ubisoft. However, the sudden flurry of takedown requests appears to be initiated by scammers instead.
TorrentFreak spoke to the operator of one of the affected sites who prefers to remain anonymous. He has been following the activity for a while and asked Google for information about a sender claiming to be Ubisoft.
Google revealed that this “Ubisoft” sent notices from suspicious Gmail addresses, using a Russian user interface, from an unidentified Ukrainian IP-address. In addition, the handle used in one of the email addresses can be linked to game-related spam, which doesn’t build any confidence either.
The site owner shared his findings with Google but the company repeatedly said that there is no option to file a counter notification.
This is because the notices are not regular DMCA takedowns. Instead, they are notifications that the URLs circumvent technological protection measures such as DRM, which is separately covered in the DMCA.
“Google has been notified that the following URLs distribute copyright circumvention devices in violation of 17 U.S.C. § 1201,” Google informed the site owner.
“Please find attached the notice we received. There is no formal counter notification process available under US law for circumvention, so we have not reinstated these URLs. If you dispute that you are distributing circumvention devices, please reply with a further explanation.”
Google is correct. The DMCA doesn’t prescribe a takedown and counter-notification scheme for DRM circumvention. While Google has voluntarily chosen to take the URLs offline, it is not required to offer a counter-notice option. This puts targeted sites at a severe disadvantage.
That said, many of the reported links are infringing, circumventing DMS, or both. So, restoring them after human review could bring up liability issues.
The site owner informs TorrentFreak that he’s been following a spamming operation for a few months. Interestingly, one of the email addresses from the takedown notices could also be matched to a scammer he had contact with in the past.
In addition to the Ubisoft notices, there are also similar requests from other popular brands such as Valve’s Steam. These notices also use the DRM circumvention argument and target popular game piracy sites.
“We are the owners of these copyrighted games listed below. These games were only created by our devlopers [sic] and sell exclusively on steampowered.com,” a Steam notice reads
Apart from the broken English and typo, this claim doesn’t really hold up. Steam or Valve are not the creators of many of the mentioned games, nor are they all exclusively sold on Steam.
The end result of these fraudulent notices is that thousands of URLs have been wiped from Google’s search results by what appear to be scammers. In some cases, Google has rejected the requests, but many have been honored.
What certainly doesn’t help is that the allegations are not incorrect per se. Pirated games often circumvent DRM. However, the scammy notices are sent out for a different purpose.
One may wonder what the goal of these scammers is. While it’s hard to prove without a doubt, it looks like they are trying to get malicious sites ranked higher in search results.
According to our source, the scammers can be linked to a couple of pirate gaming sites which trick people into downloading cryptocurrency miners. These sites are, of course, not targeted by the fraudulent DMCA requests.
“I have been investigating those persons for a long time, and I can tell with proof that they are behind a massive spam attack spreading their miners. They are taking advantage of the lack of games cracks lately, creating websites claiming they provide cracked games, but all the links on these sites lead to cryptocurrencies miners,” he says.
TorrentFreak visited one of the sites which indeed featured a link that looks rather suspicious. According to Virustotal, it’s flagged as ‘Filetour’ by several anti-virus vendors. This is malware that launches in-browser mining sites.
As scammers remove Google search results for regular pirate gaming sites, these scammy alternatives get a better ranking and more traffic.
To add to the mess, the situation also caused some upheaval between pirate sites. One of the targeted sites suspects that competitor GoodOldDownloads is behind the notices. So, in a retaliatory move, they targeted the site in question with a series of counter-takedowns.
We have seen no sign that this is a matter of competition for a regular pirate site though, and neither has the site owner we have spoken to. Instead, it seems more likely that scammers are behind this scheme.
TorrentFreak contacted Ubisoft, Valve, and Google for a comment on the situation but none of the companies responded.
When we started working on this article none of the takedown requests were flagged as suspicious by Google, but that’s now starting to change. Google actively flagged several of the Steam and Ubisoft notices we referred to in our article.
“We believe that an impostor or someone else abusing the process submitted this request. We report it here for the sake of completeness and to provide a view into one kind of abuse of the DMCA process,” a notice in Google’s transparency report reads.
Interestingly, however, Google still lists the reported links as “removed” and it’s unclear if that will change.
Update: We received a report stating the Google has reinstated some of the links that were removed by these impostors. Also, in addition to what we reported here, it is possible that there are more people or groups sending these fraudulent takedowns with varying motives.