Defeating the Pirates
In Akamai's paper, "Inside the World of Video Pirates," we discovered why digital intellectual property theft (aka "piracy") is possibly the most misunderstood form of cybercrime facing the TV, sports, and film industries. The paper explored how piracy strategically impacts the industry, how the various financially motivated criminals groups operate, and why many seemingly law-abiding people still continue to participate in what is often perceived as a victimless crime.
Despite the presence of video piracy since the days of silent movies, the lack of consistent global data points and insight (or definitions) can often confuse the problem, especially in what is now fast becoming an IP-first world. Did you know for example that video piracy only became a felony in the United States in 2021!. But as media operations transition from a predominantly linear "hardware"-based world toward being IP- and "software"-based, we've seen a concerted effort by rights owners and distributors to fight back.
Leading practitioners are helping the industry find their way through the challenges. MovieLabs have advised introducing the concept of "Zero Trust" into production cycles, and leading broadcasters are implementing advanced situational awareness technologies. In all cases, one thing drives the activity: and that's to view piracy as any other form of cybercrime - through a 360-degree lens. By understanding and acknowledging the methods of theft, as well as the means of distribution, companies can start to put appropriate measures in place across the workflow.
For one Akamai customer, Zero Trust formed the basis for a concerted effort to deal with piracy. As a leading distributor of TV, film, and sports rights across multiple countries, this customer was aware of pirate activity, with an estimated 40% of online views of certain of its rights being fraudulent. Its journey to curb unauthorized access shows a path forward for the industry. Let's take a closer look at how Akamai helped this distributor designed a security strategy to effectively combat piracy.
The battle plan
As for any successful battle, a comprehensive plan of defense was created. The distributor wanted to implement a robust anti-piracy strategy, so it worked with Akamai to examine prevalent attack vectors and possible solutions. The customer was very clear about its objectives, but also set some key requirements.
First, any technical or operational solution needed to operate at scale and be capable of managing surging logins for sports rights. The distributor prides itself on delivering some of the largest online audiences without fail, and service interruption due to anti-piracy systems crashing would not be tolerated.
Second, the Akamai team and our customer were aware that pirates were modifying attacks over time. A real-time situational awareness across a range of possible attack vectors operating at linear scale was critical.
Finally, the customer identified that time was of the essence with certain rights. Any technical solution would need to identify and remove pirate activity within minutes -- not weeks, which is often the case.
The joint team of content security experts gathered intelligence about the piracy threat landscape to proactively cater for certain threats, including:
- Link sharing and token harvesting from sites such as Thop TV and Oreo TV. These services commercialize stolen live feeds with their own ad inventory, often generating significant income.
- Broadcast stream ripping and re-streaming on user-generated content (UGC) sites, such as Twitch. UGC sites deploy their own anti-piracy capabilities and place an emphasis on defeating theft, but pirates change stream links to frequently negate these efforts.
- Pirates are known to release modded Android application package (APK) files which can bypass the subscription requirements of legitimate services. Media companies can use code obfuscation to defeat this tactic, but the technology often requires binary verification. This has specific challenges for media, specifically the size of the install base and the frequency of app refresh cycles.
- Virtual private network (VPN) and proxy abuse allow viewers to access streams illegally by bypassing geo restrictions using VPN technology. The distributor owns multi territorial rights, but these are limited to certain countries. If this abuse persisted, the distributor would be in breach of its own licenses.
Our customer knew that pirates had an excellent understanding of its workflows and would attempt to bypass content protection efforts by attacking areas that were the least secure. As such, the strategy deployed by Akamai assumes the customer's systems had been compromised, enabling playback only once a viewer had been validated -- a Zero Trust security model.
The execution phase
After analysing the prevalent attack vectors, the Akamai content security team proposed a structure that would not only provide effective protection against known piracy vectors but also include the ability to adapt to new threats. In effect - a Zero Trust approach. This consisted of technology designed to protect the customer from piracy theft across the workflow - and if piracy occurs, to detect it and subsequently enforce anti-piracy measures. Akamai's approach included:
To protect against any geo-infringement and not contravene rights obligations, stream delivery was geographically limited to five countries, with requests from other countries blocked. In order to combat VPN/Proxy and Tor exit node activity, Akamai implemented enhanced proxy detection, stopping viewers from hiding their location behind VPN technology. And to prevent account spoofing, inbound requests made by valid applications were allowed and all other requests were blocked.
Pirate attacks against APIs increase significantly during high-profile events. Akamai protected the customer's origin and APIs from denial-of-service (DoS) attacks using its managed web firewall capabilities.
Finally, to curb restreaming, Akamai implemented its token authentication capability. An additional fail-safe procedure analyzed playback requests to prevent token sharing.
Akamai's piracy monitoring team detected and mitigated infringing activity in real time. Situational awareness is of prime importance when combating unauthorized streaming because criminals evolve their attacks over time, sometimes within hours. The criminals often have clear sight of potential weaknesses in the workflow, but by using advanced heuristics and machine learning, the Akamai team can identify and verify pirate activity, mitigating threats within minutes.
Content rights enforcement
Akamai deployed its access revocation service to rescind all identified infringements. When piracy was identified and verified against the agreed-upon triggers, the Akamai team was authorized to revoke tokens automatically. During the earlier phases of deployment, more than 50,000 tokens were revoked in an hour. Access revocation coupled with monitoring is a significant weapon in the armory.
As with every anti-piracy initiative, measurement of the tactical and strategic impact is a critical component. Working with the Akamai team, the distributor set out a series of metrics that were critical during normal operations. In addition, a key success indicator was structured around a target of overall piracy reduction. The impact was significant -- just look at the operational measurement and success criteria:
Shared playback tokens revoked: 315,762
Playback sessions blocked: 8,451,026
Playback attempts blocked: 28,859,904,208
Overall piracy reduction target: 60%
Piracy reduction actual: 75%
Guarding digital rights
Our insight shows that criminals perpetrating IP theft attacks are agile, moving across different attack surfaces very quickly. Video distributors have recorded attack vectors as diverse as credential stuffing, API attacks, and edit system and associated nearline storage hacks, as well as more traditional re-streaming or re-broadcasting of live streams.
In this customer's case, the Akamai team identified that the pirates were highly coordinated and used a variety of tools and techniques, including:
Spoofing APIs to mimic devices or operating systems that have limitations - Pirates knew a lot of detail about the limitations and attempted to proactively exploit them
HTTP replay on API endpoints - Pirates attempted to use viewer credentials to obtain multiple valid playback tokens
Token sharing - Authenticated tokens are sometimes vulnerable to sharing across multiple users as IP binding can be problematic in certain situations
Modded APK - Modded APKs can bypass protection if pirates reverse engineer the apps and change the client behavior (e.g., bypass entitlement checks)
Re-broadcasting - Twitch, Youtube, Facebook, and Periscope were all used to re-broadcast the customers streams using TV feeds
Many pirates are technically proficient and will shift attack patterns to find and exploit weak links in the workflow. Like any form of cybercrime, the only way to prevent this is to adopt a Zero Trust, 360-degree security posture across the production and delivery workflow. Stalwart technologies, such as digital rights management, are important to defend against certain attack vectors but will not adequately protect assets as a standalone measure.
For many companies, defeating the pirates can be financially and technically daunting. Some would say that, without addressing the issue, the very existence of the entertainment industry is threatened. Strong situational awareness, coupled with an appropriate, robust defensive posture is a critical part of the solution. With this stance, customers can understand where attacks might occur - and, with access to the correct tools, help defeat them.
If you would like to learn more about intellectual property theft, Akamai has a range of resources that will show you how you can protect your business against piracy.