Cybersecurity

Piracy Expert Sees Weaponization of Legit Video Providers on the Rise

remote control smart TV streaming video content on demand

Streaming video content from non-mainstream providers might make you an unwitting target of content piracy. If you get a bargain pricing offer, at first you might not care. But you stand a chance of becoming the victim of scammers and hackers, losing personal data, and having your financial assets stolen. That amounts to a hefty financial loss for consumers and legitimate creative content providers.

Paying low-balled sign-up fees is often the first sign that you are dealing with an illegitimate media operation. Most people do not realize bad actors can easily steal legitimate creative content to make heaps of money. The thefts occur by using content operators’ mobile apps or content delivery systems against them.

This process turns participating consumers into a weapon that can dramatically hurt businesses’ profits and lead to fewer legit subscribers, warns Asaf Ashkenazi, CEO at Verimatrix, a long-time security specialist for the media and entertainment industry.

This digital piracy operation is becoming widespread in the video content space. Its newfound weaponization is harmful to legitimate retailers and advertisers and a growing threat to Hollywood and other sectors, such as sports and entertainment.

“It is very difficult to quantify the extent of piracy today. But it is much wider than people think,” Ashkenazi told TechNewsWorld.

Video Piracy Mitigation

Verimatrix is a cybersecurity company based in California, with offices in Europe, that tracks application streams and website traffic. Its twofold mission is to protect enterprise applications in mobile phones and provide anti-piracy services to businesses.

The insight Ashkenazi shared about this new approach to video piracy comes from unexpected discoveries of digital traffic patterns while monitoring clients’ networks.

His company monitors what hackers do online with developed tools that can identify patterns that indicate an attack is imminent so it can be minimized or thwarted.

The specialized cyber defenses protect automotive firms, banks, and enterprises from data loss through their apps. The client base totals about 300 customers around the world, noted Ashkenazi.

Insider’s View

The cyber firm’s CEO verbalized a philosophy that is a bit unique for a digital sleuth. He openly professes a belief that you can never entirely prevent digital content from being leaked.

Instead, Verimatrix developed proprietary technology services that disrupt the pirates’ business model. The goal is to take down a rogue service fast. When possible, they work to extract the intrusion from the video delivery pipelines.

“If we can make it more difficult for the pirates to grab subscribers’ data and force them to spend more money to continue their operations, they will not make enough money. Then they do not go after our customers,” he explained.

For example, suppose the cyber defenses can cut out the illegal delivery network connections after 10 minutes. In that case, the illegitimate pirate users will not be able to watch the sporting event for which they paid, Ashkenazi explained.

“In addition, all of the ad revenue and continued subscription payments no longer get to the pirate streaming service. This will put them out of business,” he continued.

From File Sharing to Outright Theft

Ashkenazi finds the evolution of digital piracy an interesting progression. The perpetrators moved file-sharing exploits to advanced new technologies, and they learned to adjust techniques along the way to become modern-day content pirates.

“They are no different than any other thieves. How the digital criminals evolved with technology is really, really fascinating,” he offered.

In the past, it was more organized enterprises that were doing it. The activity focused on a lot of file sharing. Much of it centered on The Pirate Bay, which launched in 2003 but mostly involved people sharing content with their peers.

Ashkenazi submitted that when people used the file-sharing network, they knew they were doing something illegal. Duped subscribers to pirated video streaming networks today do not even know they are dealing with an illegal operation.

“When we moved to streaming, pirates moved and became a much more organized group that provided services. And what we see is that these services are more and more looking like legitimate services that provide better user experience than what the legitimate providers are providing,” he said.

The pirates are aggregating content coming from different suppliers. They present a one-stop video shop with a very good experience. It is becoming a very lucrative business, he added.

Monetizing Hacked Video Delivery

This begs the question: how do they make money? They make money in three ways, often maximizing two or all three approaches in the same video streaming event.

The first method is very straightforward. The rogue business looks like a well-cured legitimate service. The scam includes offering a much lower subscription price than what lawful content streaming services charge. Because the thieves do not have to pay a source for the content, everything is a profit for them.

Today video pirates gain access to content distribution with very sophisticated high-tech equipment. In the beginning, they were stealing the content and re-streaming it, according to Ashkenazi.

They now have ways to connect and inject their content through legitimate suppliers and stream it for free. The pirating operation lets their unaware subscribers connect to the same delivery system that the honest services use.

Creative content providers use a content delivery network (CDN) of interconnected servers to speed up webpage loading for data-heavy applications. The legitimate content distributor pays the full cost of preparing the content for streaming and cloud services. The content pirates do not have to do anything to reroute the video feeds into their own streaming outlets.

“We found by working with our customers that the legit service provider is paying about 20% of its costs for streaming the content to the pirates. It is difficult to know the exact amount,” said Ashkenazi.

“The service providers cannot determine a legitimate paying user from the customer connecting from a hijacked video stream. The users are often not even aware that they are using a pirate service,” he added.

Two More Schemes

The second monetizing method comes from subscribers having to install apps that connect them to the CDN. They unknowingly grant the app permissions that enable the pirate operators to grab their personal data.

The pirates then sell this data to third parties. Criminals then use the stolen user information to launch ID thefts and commit fraudulent credit card purchases and bank account withdrawals.

A third way that video content pirates make money is by injecting their own commercials and other ads sold to legitimate retailers and businesses who do not know the deceptive company’s background.

Hide and Flee Tactic

The cyber firm’s CEO noted that much of the growth in pirated video activity involves sports streaming. Some phony providers lure in users for a short term or a special event series and then disappear.

In the process, the operators make maximum cash flow. They can shut down suddenly and set up again with a new URL. Usually, their scams go undetected by victimized users, and businesses have little recourse via legal investigations.

“We have seen big upticks in two types of pirate services. These clandestine operations can easily hide because they do not have infrastructure that can be identified and tracked by law enforcement,” Ashkenazi explained.

From the users’ perspective, the websites look legitimate. The money collection processes are through channels that appear legitimate and are difficult to backtrack.

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Jack M. Germain
More in Cybersecurity

Technewsworld Channels