La lucha contra la piratería de vídeo se ve reforzada por la colaboración
The video streaming sector, in its different modalities, whether OTT, DTC, SVOD, AVOD, vMVPD or PSB, sees the criminal threat growing. José Luis Muñoz, Media Specialist Akamai, sees collaboration as the key to fighting piracy.
My personal email has probably been “hacked” or stolen at some point. What I don't know is if any of the times I haven't been able to log in to one of my servicios OTT (Over The Top) subscription was due to children sharing our credentials or an account takeover, the type of intrusion that begins with the theft of username/password combinations and then ends in a hack attack. Credential Stuffing.
For my children's sake, I hope it was the latter. For my sake, I hope it was the former. Modern life is complicated.
The video streaming industry is experiencing the greatest criminal threat since it was born in 2007, the year Netflix began streaming. The reason is clear. Over the past four years, video streaming has continued to grow, becoming the standard way to “watch TV” and reaching 1.1 billion subscriptions worldwide last year. The video piracy, which has been stealing revenue from the film industry for decades, has grown at the same rate as subscriptions and can now be as profitable for attackers as stealing online banking systems. (And thanks to rampant credential sharing, it's a lot easier.)
We have investigated how profitable it is and we have discovered that, only in The US exceeds one billion dollars a year, and they pocket another billion euros in Europe. Reliable estimates for Asia are not easy to come by, but data indicates that the percentage of people involved in such piracy is as high as 45% in some countries.
Yousef Al-Obaidly, CEO of Media Group in beIN, the world's largest sports rights licensee, summed up the situation in the following warning as early as October 2019:
“The famous media rights bubble is about to burst [because] piracy has spread to every corner of the planet and to every sphere of society. We now live in a world where exclusive broadcasting rights are, in fact, not exclusive at all [and] the truth is that it has caught the sector completely unprepared. The industry and rights holders, in particular, are unequivocally heading towards a financial cliff. The economic model of our sector itself will have to change completely.”
Impact on entertainment and the economy in general
Last year, Global Innovation Policy Center (GIPC) estimated that online piracy around the world represents a threat to the US economy loss of income of between 26,500 million and 63,000. 000 million eurosapproximately every year. These estimates, especially when dealing with such wide ranges, should be treated with appropriate skepticism. Details matter. But there is no doubt that there are real costs, and not just to the bottom line of media and entertainment providers.
David Hirschman, president and CEO of GIPC, commented in 2019: “Digital video piracy causes significant losses to the US economy, harming companies ranging from content producers to innovative technology companies that are driving the digital distribution revolution.” . The GIPC report also assessed the impact of digital video piracy on employment in the United States and found that it caused a loss of between 230,000 and 560,000 jobs in the sector each year.
The size of the threat is partly because piracy takes many forms. Let's consider this overview of the range of attack vectors, depending on whether the content is broadcast live or on-demand:
Attack vectors in the simulcasting of television channels and live events:
- Tampering with video player software or Android operating system
- Record screens during playback or capture during a screen sharing session
- Interception of decrypted video using HDCP splitters connected to decoders
- Using Credential Stuffing Attacks to Access and Use Information from Legitimate Viewers
- Video manipulation to avoid watermarks, such as requantization
- Transporting video outside of a given market using a virtual private network (VPN)
Attack vectors (on demand):
- Data center leaks, resulting in the theft of user credentials, cryptographic keys, or video content
- Stealing user IDs of freelance or full-time staff to access video from multiple systems
- Recording physical assets (less prevalent at this time) for sharing and distribution
- Attacks on various production systems to gain direct access to video assets
- Copying content from legitimate sources
- Cinema filming systems
- Direct theft through spoofing attacks
The way to follow
Almost 8 years ago, when I started working at the intersection of streaming and security, the industry wasn't talking enough about the threats it faced. Security was a private matter. Now, the impact of piracy is forcing us to follow a different path.
In October 2020, the US Academy of Motion Picture Arts and Sciences told the story of how it protects itself from piracy. The international members of the Academy use its streaming platform, Academy Screening Room, to see the possible films candidates for next season's awards. But what is online is also vulnerable. With the help of four different companies (Brightcove, Nagra, BuyDRM y Akamai), were able to provide their members with easy access while protecting their intellectual property from theft.
A year later, another collaboration was announced, this time between three security and cloud companies working together to help regulated defense contractors and software providers streamline ATO (authorization to operate) compliance in AWS. This initiative, announced on October 1, 2021 and called FASTTR (short for FAST ATO with Splunk, Telos and ThreatAlert for Regulated Markets), aims to reduce the time and cost of achieving ATO compliance certifications that, for example, can paralyze the migration of systems to the cloud. FASTTR also aims to help organizations more easily comply with changing government security regulations, ultimately strengthening protection.
Prevention is a front. The fight is another. One of our clients wanted to share his story, this type of communication is vital for the fight. As one of the largest distributors of television, film and sports rights in multiple countries, the client faced piracy rates of up to 40% across its live event programming.
Among the attacks were the following:
- link exchange and token collection from sites like Thop TV and Oreo TV.
- Modified Android application package (APK) files, capable of bypassing the services' subscription requirements.
- VPN proxy abuse, which allows viewers to bypass geo-restrictions.
The distributor launched an initiative to stop piracy with a combat plan that serves as a model for the sector.
The plan is guided by three principles:
- The solution must work at scale and be able to handle increasingly insecure logins.
- Real-time situational awareness across a range of possible attack vectors must operate on a linear scale.
- The solution should identify and eliminate pirate activity in minutes, not weeks.
Given the variety of tactics employed by attackers and their ability to change in response to defensive measures, we developed a 360 degree focus with the client, applying Zero Trust frameworks to a streaming architecture. The battle concluded successfully. At the end of a major multi-day event, the company was able to reduce piracy by 75%.
This is the good news: video streaming services can win the game. The collaboration between the vendors that secured the Academy Screening Room demonstrates what can happen when no vendor claims to have the magic solution. When this spirit of collaboration extends to streaming services and rights buyers, when they compete for content but cooperate on security, we begin to win the war against piracy.
Jose Luis Muñoz
Media Specialist Akamai
Did you like this article?
Subscribe to our RSS feed and you won't miss anything.