Sport content pirates making the most of lockdown to raise their game

Synamedia’s vice president of intelligence and security operations, Avigail Gutman

By Avigail Gutman, vice president of intelligence and security operations, Synamedia

When Europe went into a COVID-19-induced lockdown in March and called time on live sport, many streaming pirates found themselves all at sea.

While both legal and illegal streaming hit new highs because so many people were stuck at home, the absence of lucrative live sport content intensified the competition for viewers and dented pirates’ coffers considerably.

This is hardly surprising when you consider the value of premium content pirates aim to plunder; according to ABI Research [Combating Illegal Content Streaming and Piracy, April 2020], live streaming and live sport piracy in Europe alone cost legitimate providers an estimated €$941 million over the last year.

Choppy streams

Confined to their virtual locker rooms, pirates were forced to change tack. As well as heavily discounting their services and promoting special offers in a bid to keep themselves afloat, they devised new money-making schemes to help replace some of their lost earnings.

Some engaged in consultancy and training, advising others on how to set up a pirate network and which peripheral tools to use (eg, virtual private networks (VPNs)). In some cases they even developed complete turnkey solutions.

Others stepped up their credentials sharing activities on the dark web. Our intrepid operational security team registered a huge spike in the volume of shared and stolen credentials on sale for major over the top (OTT) services as well as for video on demand (VoD) content in general. As an example, we saw the number of posts for stolen Disney+ credentials increase by 283% between the start of March and the end of April.

We also observed significant pirate-on-pirate battles. Demand for pirate versus pirate (PvP) tools to disrupt other illegal services was red hot, and pirates or hackers were doing brisk business offering scripts for attacking competing pirate networks as well as the usual legitimate targets.

Getting shipshape

Perhaps more worryingly, though, pirates also used the time to double down on their pre-season fitness in readiness for the return of top-flight live football and other sports. Fortunately, we have captured a bounty of insights into what exactly they have been up to.

With sports fixtures now roaring back into action cheered on by cardboard cut-out audiences and fake crowd noise, these insights are essential reading for sports rights holders and providers looking to see inside the minds of their illegal competitors and formulate a winning strategy. Here’s a snapshot of what our operational security treasure hunters discovered.

Rigging up new domains

As European countries dominoed into lockdown, the number of new domain registrations linked to IPTV terminology – or brazenly namechecking popular legitimate streaming services such as Netflix – rose significantly between 27 Feb 2020 to  26 Apr 2020, compared to the previous two month period. The top three countries hosting the most highly active domains (over 1,000 records), were the US, Russia and Singapore, together accounting for half of the total.

An interesting observation concerns the 47,800 new domains created during that period that are simply lying dormant; pirates have these domains in their back pocket as disaster recovery mechanisms to be fired up when their services are penetrated or taken down.

Upgrading for growth

Pirates have also been preparing for a big bounce-back by adding more servers to scale faster, as well as new features.

Despite facing a barrage of lawsuits from Hollywood content owners, pirates have been developing service enhancements such as extended catch up and more cloud DVR channels. One pirate network announced a new three day catch up TV service which will be extended to seven days once any initial bugs are ironed out. The same pirate network also doubled its Cloud DVR offer from 40 to 80 channels overnight.

Battening down the hatches

The lockdown has also given pirates breathing space to ramp up platform security. We have noticed a flurry of activity across the world as pirates work on security upgrades for their own software to make it harder for their systems to be penetrated.

This included recruiting coders to pen test and perform quality control on their applications, just as a legitimate software business would. The difference here, though, is that this work was typically not paid for.

Hoarding more content

Also having a moment in the spotlight is content hoarding. Our team has seen a marked rise in video extraction attacks with hackers selling scripts to pirates looking to grab video content from legitimate distributors’ CDNs. In some cases, when they discovered that the content was unencrypted, they happily publicised this; on other occasions, there were discussions around how best to remove specific encryption technologies.

Taking the wind out of pirates’ sails

It’s clear that pirates were not slumped in their armchairs watching TV and gorging on popcorn while live sport was on hold. With so much to lose, they have instead been using the time productively to get match fit and come back bigger and stronger.

Hopefully sports rights owners and legitimate service providers have also used this time to ratchet up their own security measures including CA, DRM, monitoring and real time disruption tools.

Now that the English Premier League (EPL), cricket and other live sport fixtures are quickly filling up broadcast and streaming schedules, legitimate providers need to ensure they are in peak condition to protect the value of TV sports rights with a renewed anti-piracy drive. This requires a deep understanding of the evolving piracy landscape and a more forensic and nuanced approach to tackling sports piracy that covers all bases.

We recently published the first of four reports we’ve commissioned into sports streaming piracy. The multi-country research conducted by Ampere Analysis segmented sports fans based on their attitudes towards, and viewing of, pirate sports streams. This opens up a new line of attack for legitimate providers.

As part of a coordinated pincer movement, providers can use the latest flexible video platforms to target specific clusters of fans with an appealing mix of access and payment models designed to reduce their reliance on pirate streams.

This approach complements pirate-targeted strategies including operational security services and multi-layered security software that not only protects content but also enables the rapid disruption and takedown of pirate networks.

Armed with these anti-piracy measures, and supported by a legal and regulatory framework with muscle power, legitimate providers will be well placed to prove their superiority on the pitch, relegating streaming pirates to the lower divisions and protecting the $50 billion value of sports rights.

Subscribe and Get SVG Europe Newsletters