Piracy Attacks Both the Revenue and Security of Media Companies and their Viewers

Piracy is complicated. Protecting content and keeping events secure requires multi-layered intelligence.

Ipopba / Getty Images

Piracy in the media and entertainment industry has been around well before we saw it comically featured on Seinfeld in 1996. But with the introduction of streaming video, piracy is now a multi-layered problem. The latest wrinkle? Fragmentation of the video streaming industry. Fed up with subscribing to multiple streaming services and still not being able to view what they want, viewers are more willing to find another way. And that other way is often through piracy.

Avi Wachtfogel, Engineering Fellow and Senior Director of Security Strategy at Synamedia, described it this way in the podcast Cyber Security Inside: “One pirate will take a stream, a live stream, say of a sports event, and then they will sell that on to other pirates. So, you have a whole distribution chain, and then those pirates will sell it on directly to consumers. And there’ll be resellers who are taking that content and selling it further and further along. There’s a lot of confusion very often among customers actually, as to what they're actually getting – whether it's legal or not.”

This raises the growing concern that fragmented streaming is driving customers to use torrents or other pirate sites. Despite active campaigns by a number of organisations to curb piracy, the numbers of people accessing pirated content is massive. Between January and September 2021, in the television and film industries alone — both public and private torrent files, as well as web downloads, stream ripping, and direct streaming — piracy websites received 82 billion visits, according to MUSO, a company that tracks unlicensed demand for digital content. Add music, software, and publishing, and the total leaps to more than 132 billion.

Malware exposure from pirated content adds another threat layer

But it gets worse. Much worse. Pirates now leverage their stolen content — movies, games, books, or sporting events — as a passive delivery vehicle for several types of targeted cyberattacks, including credential and information phishing, malware, and botnet aggregation. Akamai engineers discovered that more than 90% of the illicit streaming sites monitored by our service were found to contain this type of content, posing a real threat to users and streaming providers alike.

A survey conducted by the Digital Citizens Alliance during the first year of the pandemic, when more of us were housebound, found that 13% of Americans (32.7 million people) had a piracy device and almost 50% of them said they had experienced malware in the past year. Roughly a quarter of those estimated that they had been exposed in the past three months (since lockdown). Considering those pirated devices might be connected to computers and other devices used for work-from-home, that vulnerability can easily spread.

“Content pirates are creating their own apps to stream that content, says Akamai security researcher Steve Ragan, “apps with ads that might also expose consumers to more threats.

Credential fraud, stream ripping, and content restreaming all need to be covered

Curbing piracy has long been a difficult process, because media companies lack visibility and context about who or what is accessing their digital assets. As discussed in Akamai’s latest State of the Internet / Security Report on piracy, the need to balance access for legitimate customers versus blocking access to pirates is challenging because different kinds of events or broadcasts have different forms of access, different kinds of threats.

Moreover, criminals layer their attacks across several surfaces (even at the same time) to confuse defenders and bypass restrictions. This means that media companies need to account for several attack types at once, such as credential fraud, stream ripping or restreaming of content, token sharing, and more.

Credential fraud, for example, allows pirates to access content without legally subscribing to a streaming service. But their work doesn’t stop there. Once inside, the pirate’s goal is to get a legitimate access token and use that in their own app or as part of a restreaming service. These apps then leverage a single user’s credentials to get multiple playback tokens. This activity can lead to token exploitation, if the assigned tokens have a Time to Live (TTL) longer than the single event, pirates can attack after the broadcast event. Since the tokens are not bound to IPs, this leads to token sharing, which multiplies the problem.

API-based issues introduce the major vulnerabilities in access controls and workflows, such as user-agent spoofing against API endpoints. In other words, pirates attempt to mimic devices, or operating systems, that might have delegated access. If the workflows for these devices (such as Apple TV, WebOS, Fire TV) are different, pirates can often exploit them.

How media companies can begin shutting down piracy threats

Akamai has created a Managed Content Protection service as a first line of defence for broadcast providers as part of our Broadcast Operations Command Centre (BOCC). This versatile service identifies and mitigates broadcast layer piracy in near-real time, with the flexibility of running automatically or with human oversight. Working across the media workflow, it gathers intelligence that enables media and broadcast and publishing companies to capture, learn about, and adapt to piracy threats so they can better understand where pirates are exploiting their services and proactively stop them in their tracks. Learn more.


Copyright © 2022 IDG Communications, Inc.