Last week, we identified a major criminal enterprise operating a website that has been stealing articles from reputable news sites around the world, including this one, for at least three and a half years.

Each day, they post dozens of articles, stolen from media outlets including The Guardian, Associated Press, CBC, CTV, CityNews, The Globe and Mail and a number of small outlets including Canada’s National Observer, Nunatsiaq News and Ricochet. Every single piece of content on the site is attributed to an AI-generated journalist named ‘Jesse Cox,’ and every single piece of content on this site is stolen.

They’re far from the only such scam site, but they are doing it more efficiently and at a larger scale than we have seen in the past. They appear to be using automated processes not only to identify trending stories, automatically copy them to their site and share that link on their social channels, but also to automatically make minute changes to headlines and body text to evade automated detection. Their links are all over Reddit, crowding out the original journalism in subreddits with a special interest in a particular story. A prior version of the site viewed on the internet archive shows they started by stealing lists of quotes from IMDB, and top ten lists from gossip sites, before graduating to stealing journalism.

This site, (eds. This site is unsafe. If you visit it, don’t click on any ads or links), is hosted by multinational Hostinger International and secured by Fortune 500 U.S. tech company Cloudflare. Neither responded to requests for comment for this story.

Both companies refuse to stop servicing the thieves, despite being presented with documented evidence of dozens of cases of theft.

An audit of the site conducted by Ricochet found that 45 out of 45 articles checked, both all the site’s most recent publications and randomly selected articles from as far back as January, 2020, were stolen.

With an assist from Luke LeBrun, the editor of PressProgress and a seasoned investigator, we were able to trace the identity of a man we suspect is involved in running the site. We have a name, and a location.

We are withholding this name, for now, while we work to confirm this man’s identity and reach out to offer him an opportunity to comment.

Anatomy of a scam

This site makes money two ways. It front-runs the real news articles, putting them in front of readers before they ever see a link to the original, and stealing desperately needed ad revenue, eyeballs who could end up subscribing to a news site or making a donation, and even first position in search results from the news outlets that spent money producing that journalism. The second way, as is often the case on the internet, is you.

Because this site is fully illegal, not operating in a grey area, it most likely also serves malware, adware, viruses and whatever else someone will pay them to host.

This type of theft, seeking to front-run media outlets’ ad revenue while making additional money from malware, particularly when it targets small and non-profit outlets, threatens to weaken one of journalism’s last revenue streams, bury high-quality sites in search results and erode the very existence of public interest journalism.

It also directly threatens the online security of every reader who is tricked into clicking on their links, and is reassured about their trustworthiness by the quality of the stolen journalism.

They’re using our good work to trick readers into visiting unsafe sites, while diverting millions of readers away from news outlets that desperately need their support.

The futility of playing whack-a-mole

The fundamental issue is this: the reporting system for stolen content is designed to frustrate and wear down its victims until we stop bothering the tech companies responsible.

We discovered this site last Thursday, and sent our first complaint to Hostinger and Cloudflare that day.

Cloudflare, who provide the security services that prevent us from tracing the thieves, have never responded to us in any format. Even worse, a senior engineer at the company, Grant Bourzikas, saw our tweets about this issue and reached out to us. He told us that he had forwarded screenshots of our complaints to his company’s head of trust and safety, and promised that the site would be dealt with promptly.

Instead, he stopped responding and blocked the Ricochet editor he had been communicating with on Twitter. We therefore know that Cloudflare senior vice-president of trust and safety, Justin Paine, was made aware of our complaint no later than Friday morning. We further suspect he instructed Bourzikas to stop responding and block us.

Our ask to Cloudflare is simple: Stop doing business with this client who we have proven to you is using your services to operate a criminal enterprise.

Hostinger buys bandwidth in bulk from a company called IPXO, another large multinational, and IPXO are their designated point of contact for abuse claims.

We reached out to the abuse contacts for both companies, we sent tweets to all their corporate accounts, and we called every number we could find.

For five days, we received no response to our abuse reports. On Sunday morning, Hostinger’s Twitter account did inform us that they had taken down one single article, out of dozens we documented for them.

We asked IPXO, who market themselves as specialists in responding to urgent and time-sensitive complaints, if they had any comment on why it took five days to respond to us.

All they could offer was that they had forwarded all the many complaints they received about this site to Hostinger, and they didn’t understand why Hostinger was not removing the site. IPXO claims that they can’t withdraw service to just this client without shutting down an entire block of other Hostinger clients.

On Tuesday, six days after our initial complaints, Hostinger finally started responding by email.

They refuse to take the site offline, or sever their business relationship with the owner. It’s too profitable, apparently. Contacts at other tech companies, as well as industry experts we consulted, all said they expected the host to remove the site immediately because it wouldn’t be worth the cost of defending against complaints.

A client would have to be large, and worth a lot of money, we were told, for a hosting site to protect them after being notified of widespread and documented criminal activity.

‘The system is designed to wear us down’

What Hostinger will do is remove individual articles in response to DMCA complaints from affected outlets. So rather than remove the site, they’ve asked us to go through each of tens of thousands of posts stretching back almost four years, identify the news site it was stolen from, alert them to the infringement and then, if each outlet reports it themselves and after a delay of three days, they will remove the infringing content.

The problem is the lifecycle of a news story is usually under 48 hours.

Even if we had a team of a dozens of lawyers who could sift through every post, and even if every affected outlet filed a complaint, and even if every single old article was taken down, each and every single day these thieves post dozens of new articles. And those are the articles they’re making money on, the ones people are reading, not the back catalogue.

Let’s say we did all those things, and we monitored the site and reported each new article as soon as it’s published. Hostinger will take three to five business days to force its removal. At that point the thieves have already made their money, and don’t care if the old article is removed.

As Linda Solomon Wood, the publisher and CEO of Canada’s National Observer, remarked: “the system is designed to wear us down.”

Wood has already tangled with online thieves, and spent thousands on an independent researcher who worked with CNO’s developer Bruno DeBondt and documented months of widespread infringement across multiple scam sites.

She reported it all to Google last fall, but they refused to take any action. They told her to go through a time-consuming process each time she identified a stolen URL, which had become many times each day.

“After two months of carefully documenting the theft, the process wore me and my team down. We hoped to go to Heritage Canada with the problem of the intellectual property of Canadian journalism being ripped off at such a shocking rate. But we were sidelined by producing the excellent, expensive journalism that we hoped would lead to thousands of new subscribers, only to see it stolen again.”

Now, the next step may be for a media delegation to meet with the Canadian government to ask them to compel tech giants to enforce their own rules, and the law, and crack down on thieves who steal from public interest media outlets.

“This type of scam, in this case being operated with new levels of efficiency, is a real threat to small and non-profit media outlets, and to our readers,” said Ricochet Media managing editor Andrea Houston. “We’ve spoken to contacts at a half dozen other outlets this week, and we are united in our resolve to pursue this matter to its conclusion.

The site must be wiped from the internet, its database of stolen content deleted, and Hostinger and Cloudflare must end their business relationship with this client, and stop servicing any other websites they may also operate.”

This site may only be one of many, and removing it will not solve the problem. But it’s a start.

Have Ricochet Media delivered weekly to your inbox! Subscribe here.