213 245 1125 info@cgk.ink
0 Items
Thievery Corporation

Thievery Corporation

Theft has gotten blurry. It usually is clear cut. I possess something that another covets and takes it. Shitty, but done deal.

Now, not so much. The following story (clipped and edited – the whole thing is here). This is an important post and has made me focus on what and how I sell online. To be clear and transparent in my writing, I use three different print on demand services for my products on cgk.ink. I have a few rules:

  1. I’ve made the design
  2. It is found on a royalty-free site like Unsplash. When I do this, I keep the file name which always includes the artist’s name and I have no problem disclosing that information. I always use that work to inspire me and again — alter the design with attribution.
  3. I will not download and use any work that is representational and/or figurative of another person’s style without their permission. Fine art that is legally in the public domain is fair game (if you want or can). I have far too many artist friends to piss off people.

The edited article:

Amy Crabtree is a UK graphic artist and owner of Cakes with Faces, a brand of colourful T-shirts, clothing and gifts. Recently, she found out that her artworks had been copied and sold across a host of different websites. Here she tells us about her experiences, how she fought back and how you can too.

I then discovered it was not only the Alpacalypse but my other T-shirts too. In total I found 25 cases of my designs being sold without my permission. With the exception of that first case on AliExpress, they were all print-on-demand shops. On one site alone, my design was being sold on 158 different products.

I then discovered it was not only the Alpacalypse but my other T-shirts too. In total I found 25 cases of my designs being sold without my permission. With the exception of that first case on AliExpress, they were all print-on-demand shops. On one site alone, my design was being sold on 158 different products.

Copyright for designers

In the UK, copyright protection is granted automatically when you create something. This is stated clearly on the UK government website. There’s no need to pay to register it (although that is something you can do); the copyright of your designs and artwork is yours by right.
Through various agreements, this copyright extends to other countries, including China.

Proving copyright

As a designer you’ll likely have a trail of evidence to prove the work is yours if you need to. Rough sketches aren’t dated, but they are evidence to show the design is your creation. Anything digital has a time-stamp – that includes working files on your PC, as well as any emails, tweets and Instagram posts.

In my case I also had orders from customers, documented and dated, from both my own online shop and Etsy, where there are also reviews from customers, with dates. There are articles about the Alpacalypse on third party blogs and magazines. Thanks to YouTube, I even have videos showing the T-shirts and hoodies on my booth at comic con, with publication dates. You can clearly see me wearing an Alpacalypse hoodie in a vlog from an alpaca show.

If you’re public about your work and active with self promotion – which you have to be, if you’re selling online or touting for work – you’ll likely have a whole digital trail behind you.

What to do if this happens to you

If you spot your work on a print-on-demand merchandise site, you can report it through the store. All the print-on-demand sites I dealt with had links or forms to report copyright infringement. Some even have “Report this” links on each product as standard, which is an indication of how common this issue is.

Reporting involves involves filling in forms and providing links as evidence to show that the design belongs to you. In most cases, a link to the product in my shop was sufficient. For AliExpress, the process was lengthy: I had to register with their online IP portal, which involved uploading a photo of my passport, then registering the design as my property, with proof and dates of when it was first created, published and sold. Once that’s approved, you can finally register a complaint against the counterfeit product.

To their credit, all the print-on-demand sites dealt with my complaints very quickly and efficiently. Most of the products were removed within a day, and after 48 hours there were none remaining.

However, the fact remains that filling in forms and getting proof together is a lengthy process. As a small business owner or freelancer, that’s time you don’t necessarily have. Larger brands and companies have whole legal departments to deal with these problems.

So now, do I have to search the internet periodically to check if any of my designs have been stolen? Is that something I have to add into my weekly to do list?


Amy’s Your Cake or Your Life design has also been ripped off.

Print-on-demand sites and copyright

Print-on-demand sites are ideal platforms for anyone who wants to profit from stolen artwork. Users can upload as many designs as they wish, and wait for the orders to roll in. Unlike when you produce your own merchandise, there’s no upfront investment and no financial risk. Many of the sellers that had stolen my designs had shops filled with T-shirts in so many different styles that they must have been stolen from other people. Many of the designs were clearly clipart or cringe-worthy, cheap slogans, with very little care taken over them.

Obviously it’s not the fault of the print-on-demand portals, who sent me copy and paste apologies and disclaimers saying they’re not liable for the actions of their users. Anyone can register and upload any designs they like. They simply have to tick a box saying they hold the copyright – but if you’re the kind of person who steals art you’re probably not going to have scruples about lying on an online form.

Copyright infringement of indie designers is clearly an issue. Your work has to be online in order to promote yourself – we wouldn’t be able to get work or sell products if it wasn’t. Even if you watermark art you post online, Photoshop can do anything. It’s so easy to be a victim of design theft without even knowing.

All imagery in this story is courtesy of Amy Crabtree

Scam Shops & Poisoned Wells. FUN!

Scam Shops & Poisoned Wells. FUN!

Your Ranking Just Became a Target

In an article on ZDNet by for Zero Day learn of a kinda creepy new type of extortion:

A new cybercrime gang has been seen taking over vulnerable WordPress sites to install hidden e-commerce stores with the purpose of hijacking the original site’s search engine ranking and reputation and promote online scams.

Like many of you, I’m a small business and invest a lot in my online presence. I use all the proper and tested security features available to me. But this is something ingenious. It’s not ransomware per se, it’s ransomeware+.

And it goes like this:

The attackers leveraged brute-force attacks to gain access to the site’s admin account, after which they overwrote the WordPress site’s main index file and appended malicious code.

While the code was heavily obfuscated, Cashdollar said the malware’s primary role was to act as a proxy and redirect all incoming traffic to a remote command-and-control (C&C) server managed by the hackers.

It was on this server where the entire “business logic” of the attacks took place. According to Cashdollar, a typical attack would go as follows:

  1. User visits hacked WordPress site.
  2. The hacked WordPress site redirects the user’s request to view the site to the malware’s C&C server.
  3. If a user meets certain criteria, the C&C server tells the site to reply with an HTML file containing an online store peddling a wide variety of mundane objects.
  4. The hacked site responds to the user’s request with a scammy online store instead of the original site the user wanted to view.

Wait, It Gets Worse

In addition, the Akamai researchers said the hackers also generated XML sitemaps for the hacked WordPress sites that contained entries for the fake online stores together with the site’s authentic pages.

The attackers generated the sitemaps, submitted them to Google’s search engine, and then deleted the sitemap to avoid detection.

And Worserer

[Cashdollar] now believes that this kind of malware could be used for SEO extortion schemes — where criminal groups intentionally poison a site’s SERP ranking and then ask for a ransom to revert the effects.

“This makes them a low-barrier attack for criminals to pull off, as they only need a few compromised hosts to get started,” Cashdollar said. “Given that there are hundreds of thousands of abandoned WordPress installations online, and millions more with outdated plug-ins or weak credentials, the potential victim pool is massive.”

Cashdollar now believes that this kind of malware could be used for SEO extortion schemes — where criminal groups intentionally poison a site’s SERP ranking and then ask for a ransom to revert the effects.

(Source: ZDNet)