The fight against video piracy is reinforced by collaboration

The video streaming sector, in its different modalities, either OTT, DTC, SVOD, AVOD, VMVPD or PSB, see the criminal threat grow. José Luis Muñoz, Media Specialist Akamai, see in collaboration the key to fighting piracy.

My personal email has probably "pirate" or stolen. What I don't know is if any of the times I have not been able to log in to one of my OTT Services (Over The Top) Subscription was due to the fact that children shared our credentials or a robbery, that type of intrusion that begins with the theft of user/password name combinations and then ends in an attack of Credential Stuffing.

For the sake of my children, I hope it was the latter. For my good, I hope it was the first. Modern life is complicated.

The video streaming sector is experiencing the greatest criminal threat since it was born in 2007, the year in which Netflix began transmitting. The reason is clear. In the last four years, video streaming has not stopped growing until it becomes the usual way of "watching television" and reaching 1100 million subscriptions worldwide the year passed. The Video piracy, which has been stealing the income of the film industry, has grown at the same rate as subscriptions and can now be as profitable for attackers as the theft of online banking systems. (And thanks to an unbridled exchange of credentials, it is much easier).

We have investigated how profitable it is and we have discovered that, only in The US exceeds one billion dollars a year, and that they pocket Another one billion euros in Europe. It is not easy to obtain reliable estimates for Asia, but the data indicates that the percentage of people participating in that piracy reaches 45 % in some countries.

Yousef Al-Obaidly, Media Group CEO in beIN, the world's largest standard in the world, summarized the situation in the following warning already in October 2019:

“The famous bubble of media rights is about to explode [because] piracy has extended to every corner of the planet and all the spheres of society. We now live in a world in which exclusive emission rights are, in fact, not exclusive at all [and] the truth is that it has caught the sector totally without preparing. The industry and the owners of the rights, in particular, are unequivocally directed Financial cliff. The economic model of our sector must change completely. ”

Impact on entertainment and economy in general

Last year, Global Innovation Policy Center (GIPC) He estimated that online piracy worldwide supposes for the US economy a loss of income between 26,500 million and 63,000. 000 million euros, approximately, every year. These estimates, especially as they are such wide ranks, should be treated with the corresponding skepticism. The details matter. But there is no doubt that there are real costs, and not only for the economic results of the suppliers of the media sector and entertainment.

David Hirschmann, President and CEO of GIPC, commented on the following in 2019: "Digital video piracy causes important losses to the US economy, harming companies that range from content producers to innovative technology companies that are promoting the revolution of digital distribution." The GIPC report also evaluated the impact of digital video piracy on the occupation in the United States and discovered that it caused a loss of between 230,000 and 560,000 jobs in the sector each year.

The size of the threat is partly due to the fact that piracy adopts very varied forms. Consider this general view of the range of attack vectors, depending on whether the content is broadcast live or to the letter:

Attack vectors in the simultaneous transmission of television channels and live events:

Handling of video playback software or Android operating system
Recording screens during playback or capture during a shared screen session
Video interception deciphered by HDCP separators connected to decoders
Use of stuffing credential attacks to access and use legitimate viewers information
Video handling to avoid water marks, such as the recruitment
Video transport out of a given market using a virtual private network (VPN)

Attack vectors (to the letter):

Filtrations of the Data Center, which give rise to user credentials, cryptographic keys or video content
Theft of independent or full -time user identifications to access video from several systems
Recording of physical assets (with less prevalence at this time) to share and distribute
Attacks on various production systems to have direct access to video assets
Copy of legitimate sources content
Cinema Filming Systems
Direct theft through supplant attacks

The way to follow

Almost 8 years ago, when I started working at the intersection between streaming and security, the sector did not talk enough about the threats he faced. Security was a private matter. Now, the impact of piracy is forcing to follow a different path.

In October 2020, the US Academy of Arts and Cinematographic Sciences told the story of how it is protected from piracy. International members of the Academy use their streaming platform, Academy Screening Room, to see the possible candidate films for the following season awards. But what is online is also vulnerable. With the help of four different companies (Brightcove, Nogra, Buzzard and Akamai), They were able to provide their members with easy access while protected their intellectual property against theft.

A year later, another collaboration was announced, this time between three security and cloud companies that work together to help regulated defense contractors and software suppliers to expedite compliance with ATO (authorization to operate) in AWS. This initiative, announced on October 1, 2021 and called FASTTR (abbreviation of Fast Ato with Splunk, Telos and Threatalert for Regulated Markets), aims to reduce the time and cost of achieving certifications in accordance with ATO that, for example, can paralyze the migration of systems to the cloud. Fasttr also aims to help organizations more easily comply with the changing regulatory government safety, which ultimately reinforces protection.

Prevention is a front. The fight is another. One of our clients wanted to share their history, this type of communication is vital for the fight. As one of the largest distributors of television rights, cinema and sports in various countries, the client faced piracy rates of up to 40 % in their live events program.

Among the attacks, the following were:

Link exchange and tokens collection of sites such as Thop TV and Oreo TV.
Modified Android Application Packages Archives, capable of avoiding services subscription requirements.
VPN proxy abuse, which allows viewers to avoid geographical restrictions.

The distributor launched an initiative to stop piracy with a combat plan that serves as a model for the sector.

The plan is guided by three principles:

The solution must work on scale and be able to manage increasingly insecure session.
Real -time recognition of the situation with respect to a whole series of possible attack vectors must work on a linear scale.
The solution must identify and eliminate the pirate activity in a matter of minutes, not weeks.

Given the variety of tactics used by the attackers and their ability to change in response to defensive measures, we develop a 360 degree approach With the client, applying Marcos Zero Trust to a streaming architecture. The battle ended successfully. At the end of an important event of several days, the company was able to reduce piracy by 75 %.

This is the good news: Video streaming services can win the game. The collaboration between the suppliers that protected Academy Screening Room demonstrates what can happen when no supplier intends to have the magical solution. When this spirit of collaboration extends to streaming services and rights buyers, when they compete for the content, but cooperate in security, we begin to win the war against piracy.