Stealing the stream

Streaming has changed the nature and extent of the revenue threat to video service providers posed by pirates. Stuart Thomson looks at the state of play.

Piracy has always been a central hazard for the pay TV business, and finding reliable ways to secure the service has been a necessary investment for operators since the industry’s foundation.

The threat posed by piracy was already significant when content was delivered exclusively via closed broadcast platforms. Then the arrival of IP-based delivery raised additional worries. However, the advent of internet streaming as a mainstream method of delivering and consuming all kinds of video, up to and including premium 4K UHD series and live premium sports, has over the last few years transformed both the nature and extent of the threat and the methods used by pay TV providers and content rightsholders to fight it.

There is a broad consensus that streaming piracy has now overtaken all other forms of threat to the revenue of legitimate service providers that have paid for content rights. Content security provider Irdeto identified 5,100 illegal streams during last year’s Champions League knockout stages, including 2,093 distributed via social media channels such as Periscope, Facebook and Twitch.

Irdeto’s Piracy Trends Report also cited data from the company’s web analytics partner that estimated there was an average of 74 million total global visits per month, and an average of 21 million unique visits per month, to the top 10 live streaming linking sites in Q1 last year. The US, UK and Germany were the top countries in terms of users of illegal site links.

“The shift is huge,” says Petr Peterka, chief technology officer of content security specialist Verimatrix. “All of the technologies that we take advantage of to enable streaming and direct-to-consumer OTT services with a wide coverage of devices, and all the techniques to enable these creative new business models are being used to attack services.”

Peterka points out that the economics of building pirate infrastructure for streaming have changed radically. Whereas formerly the cost of professional compression equipment and the lack of available means to deliver content to large numbers of concurrent users presented an insurmountable barrier to entry, “all of that has changed”, he says. “Pirates now have access to the same technology that owners are using to distribute their content, and that means a much larger attack vector.”

Simon Trudelle, senior director of product marketing at content security provider and TV technology outfit Nagra, agrees that the switch to streaming is “the core thing that is changing the industry”, although he also notes that control word piracy and the sale of devices on the black market is “still an issue in markets where broadband is not ubiquitous”.

Trudelle says that three in four pirate services now offer content in HD. He says that legitimate service providers are now experiencing significant levels of churn that can directly be attributed to the availability of pirate alternatives.

“It is not just about a parallel market of casual consumers of pirate services. It is a business, where consumers are shifting and leaving traditional service providers to go with these services. They either don’t care or don’t know the difference or see better value. That over time will have an impact on legitimate distributors because sooner or later the price of assets and everything else will be impacted, as happened with the music industry,” he says.

It is not only that the cost of delivering pirate services has fallen dramatically. Points of weakness in the delivery chain that are vulnerable to attack have proliferated. Whereas set-top boxes were relatively robust devices in terms of security, requiring those seeking to attack to hack the smartcards or the communications protocol of the box, pirates now have multiple ways to capture a stream: from badly secured low-end Android smartphones through to devices that capture streams from HDMI outputs that can purchased for under E1,000; and from stripping out encryption to camcording the screen of a UHD TV.

Distribution meanwhile has been made easier by the availability of Kodi boxes and illicit apps or hosting content on the web via portals with professional-looking user interfaces that may be indistinguishable from that of a legitimate service.

A further dimension of streaming piracy is that, unlike traditional forms of content theft, it is not limited to a specific geography.

“Pirates are leveraging the web to distribute content illegally and they have a greater opportunity to monetise those illegitimate services. In the past they were limited to the satellite footprint of the operator but now they can steal content from one place and re-distribute it globally,” says Rinat Burdo, product manager, video security, Synamedia.

Not only is there now the possibility to redistribute content globally, but premium rights to national sports competitions such as the English Premier League are sold internationally, including in countries where conditional access and DRM security may not be up to scratch, meaning that points of weakness in the distribution chain are multiplying.

Ease of access

If the supply of illicit streams and the global reach of pirates has added a new and threatening dimension to the scale of content theft, the ease by which consumers can now access illicit sources of content – and their evident willingness to do so – has also increased exponentially.

“The main difference now is that the step you need to take to get access to illegal content is as small as a Google search,” says Chem Assayag, executive vice-president of sales and marketing at content security provider Viaccess-Orca. “Getting to a pirate offering and accessing a full range of services, maybe for a fee so that you might think it is a legal offering, is something that someone with no knowledge at all of piracy or the cloning of set-tops can do. The amount of people in a position to cheat has grown tremendously.”

Nagra’s Trudelle makes the point that confusion between what is illegal and what is not is particularly problematic in markets where pay TV is still in its infancy.

“In emerging markets, consumers are confused by the sleek marketing campaigns made by pirate operators,” he says. “The pirates’ level of sophistication has gone up and this creates a lot of confusion with consumers.”

The threat in emerging markets is exacerbated to some extent by the rapidly growing use of mobile phones to consume content, enabling potential viewers to skip pay TV and opening up new opportunities for pirates.  While those who use such services may or may not be aware they are doing something illegal, the crucial point is that it does not ‘feel’ particularly illegal, unlike, say, acquiring an illicit smartcard on the black market.

Pirates can use these sophisticated web portals to make money from their activities by profiting from advertising or even by selling ongoing subscriptions – in short, by deploying the full range of models adopted by legitimate providers with the added benefit of not paying for any content rights.

Piracy increasingly presents a serious source of competition to legitimate providers, with pirate service providers setting up official-looking online storefronts and offering discounts that undercut operators who have to pay for content rights.

“Many people can’t tell the difference between these and a legal distribution service. They can charge money for the service so people who sign up don’t think they are doing anything wrong,” says Verimatrix’s Peterka.

Synamedia’s Burdo agrees that pirate operators now have a greater opportunity than before to make money from their activities. “In the past they distributed set-tops to decrypt broadcast signals. Now they might distribute devices with pre-loaded software too, but they also have apps and can monetise what they are doing through ads on their websites,” she says.

Burdo points that people’s awareness of whether a site is legitimate or not may vary, but often they will give themselves the benefit of the doubt when the price is attractive. “Pirate websites look like legitimate services and people may not be aware that they are illegal. They have to dial a number and someone will ask for their subscriber ID. Because they pay, people assume it is legitimate. Some people will say everyone else does it, so why not me? It doesn’t feel like theft,” she says.

Taking on the pirates

In taking on the fight against streaming piracy, legitimate pay TV operators face a range of challenges that surpass anything they experienced previously. Inevitably, they have to set priorities, focusing on the most serious threats rather than those that are minor. They also have to use a much broader arsenal of weapons than was previously the case to combat the threat.

First, technologists are keen to make the point that old-style tools such as conditional access technology – now more likely without old-style smartcards – and DRM are far from redundant, even if traditional control word sharing is in decline. Pay TV providers are unable to secure content without protecting it to the satisfaction of those selling the rights, for one thing. Service providers have to show that they are taking all necessary measures to prevent theft, and that includes everything that has been put in place in the past.

“DRM remains a hugely useful part of the toolkit,” says Pete Cossack, vice-president of services at content security specialist Irdeto. “If it is easy to steal, people will pirate content, so the more you put in place to stop them, the better. You need a full set of tools.”

Cossack also reinforces the point that control-word sharing is not declining as streaming piracy grows. In emerging markets it is even increasing and is very much a credible threat, he says.

Nagra’s Trudelle agrees that “there is still a need to protect content distribution over any network to any device”, adding that technologists “have to make it difficult to capture content in high quality” through the use of established techniques such as conditional access and DRM.

Conditional access and DRM on their own are, however, no longer enough. Operators have to ensure that their own boxes are secure and personalised, and that all interfaces that could be used to steal content are blocked. Additional techniques such as ‘white box cryptography’ that involves obfuscating the keys through the introduction of random data can be used.

Operators also want to be able to trace the source of leaks through the use of forensic watermarking, deployed alongside data analytics and machine learning technology to track illicit use of content over two-way networks. Systems can be put in place to search for anomalies in the distribution chain, such as boxes that are tuned in to HBO 24 hours a day, to name but one random example.


Forensic watermarking is key to all of this. Watermarking provides a technique to detect and identify multiple sources of attack. While pirates know if they succeed in hacking a conditional access system, they may try to remove watermarks but can never be sure whether they have succeeded.

“Watermarking is truly important. It is not only a deterrent but gives you the ability to understand who is pirating what on what device. It gives you the leverage to take action,” says  Cossack. In the case of live content such as high-value sports matches whose value declines rapidly once the game is over, time is of the essence in taking down or disrupting the pirates’ game, with watermarking playing the key role.

“It’s all about how quickly you can get content taken down,” says Cossack. “We have a robust system that can react quickly, integrated with cloud providers to make the process simple. You have to figure out where the pirate services are on the internet and get the information back to the operator. You have to be able to reach within minutes.”

Nagra’s Trudelle agrees that watermarking is particularly useful and that robust watermarks can be used to close down points of leakage. “That is particularly important in the case of sports. If you can do it in the first few minutes of an event you can disrupt the whole pirate value chain and frustrate the consumers who use it and make them realise they are not accessing a reliable service,” he says.

Trudelle adds that getting all players in the distribution value chain in line is crucial to the process – and by no means simple. “The enforcement of all this is another dimension. Dependng on the country you are dealing with and its legislation it can be more or less complex to take pirate sites down through a cloud vendor or ISP, by telling them these guys are illegal and they should not host them. In some countries it is possible to automate this, but in others you still need to go to court,” he says.

No cure for piracy

No single measure will be sufficient on its own, and no set of measures constitutes a cure for piracy. “There is no such thing as unbreakable security. It is all about a cost-benefit analysis,” says Peterka. “You can set the bar high enough to eliminate casual piracy, adding cost and complexity to the pirate operation and narrowing it down to a few well-funded entities.”

Some tools to combat piracy can also be used to deliver straight commercial benefits to operators. For example, service providers can use data analytics to identify both exceptional customers who consume a lot of content as much as suspicious customers who are up to no good. Identifying the former using the same data tools can provide an avenue for operators to market additional services to high-value subscribers as well as taking down malefactors.

For the suppliers of content security technology, the shift away from traditional forms of content theft such as control word sharing to illicit streaming essentially means that they have to provide more. In addition to conditional access and DRM technology, they offer digital watermarking as a key security tool. However, they also have to support operators by developing data analytics capability, with algorithms that hunt for anomalies in the distribution map. Intelligent monitoring of the web for suspicious activity is now also an integral part of the struggle.

Tracing the sources of piracy and shutting them down or providing ways for operators to take action completes the puzzle. “The threat is bigger and broader and you have to fight it on multiple fronts,” says Peterka. “Moreover, you have to deploy different techniques at different points in the chain. It is more complex and possibly more expensive.”

Synamedia provides secure end-to-end video delivery solutions

Synamedia’s Burdo agrees that “a variety of tools” is necessary. “Pirates will try to circumvent. It is important to have an end-to-end solution,” she says, including intelligence-gathering alongside technology.

For Viaccess-Orca’s Assayag, intelligence gathering is key. He points to his company’s Eye on Piracy anti-piracy service which monitors illegal servers on the web. This enables Viaccess-Orca to identify illegal streams and service providers. Service providers can issue take-down notices to hosting sites or get links removed from Google’s database. Finally, operators can also take the ultimate step of using the service to capture screenshots that can be used in evidence in legal cases.

Assayag says that Viaccess-Orca also offers the ability to identify “weird patterns on the net”, for example showing an increase in the number of licences issued that does not match viewing numbers.

For Assayag, data analytics is also a key tool in the battle against streaming piracy. “You can also transform the threat into an opportunity,” he says. “If you seal off the stream that someone is watching you can then offer them the opportunity to watch a value offering or even turn them into full-fledged subscribers with a monthly plan. You can bring people over to the right side of the fence.”

The wider point here is that marketing is just as important a tool for service providers as anti-piracy disruption technology. This is especially true against the background of the ease with which people can now access illicit streams. If this has widened the reach of pirate services, it can also be inferred that many people caught up in this are less committed to wrongdoing than was the case when piracy was ‘difficult’.

“Legal players need to think about what is happening and make the right offering for the right market segments,” says Assayag. “The music industry has gone through this and there has been a huge shift in terms of the way that industry works. I’m not saying TV needs to adopt a completely new business model but defining new price points and plans is one way to fight piracy.”

Nagra’s Trudelle agrees that providing a compelling service is the best defence. “Service providers have to pick up the ball and attract consumers back with attractive services. It is not just about using a stick to disrupt services. Operators have to provide the means to consumers to access services, sign up and watch when and where they want and watch on the device of their choice. It is about using the carrot as well as the stick.”

In focus: Ideal for sharing: the OTT TV dilemma

The sharing of user passwords between more than one household represents a real source of revenue loss for TV operators, but it is one that raises questions about how far it makes sense to go to enforce their own rules.

Just as consumers often view web piracy services they pay for as ‘legitimate’, many see nothing particularly wrong with the sharing of credentials between family and friends.  That is not to say that credential sharing takes only one form. Data theft is a source of piracy in its own right, and security providers point to organised criminals trading usernames and passwords on the dark web, as well as individual customers making money from their own user credentials by trading them on social media sites. Irdeto discovered 854 listings of OTT credentials across 42 different OTT services, available from 69 unique sellers in 15 dark web marketplaces in the month of April 2018 alone.

While this is clearly illegal, casual sharing of passwords between people who know each other is more of a grey area, and this posits a dilemma for service providers.

Those service providers have in many cases inadvertently enabled credential sharing by expanding the number of devices via which users can view their service, with limitations such as three devices being seen by some as a barrier that reduces consumer satisfaction. Some have subsequently sought to rein in abuse by limiting the number of concurrent streams that can be served at any one time.

Content security technology providers are now addressing the issue. Verimatrix recently acquired technology from Akamai that enables it to see what devices are being used to access content and track multiple devices associated with particular user accounts, including identifying the location of the user. More broadly, the application of analytics can also help operators decide if they have mistakenly targeted a legitimate user who may be accessing his content on a business trip, or if there is something more suspicious going on.

Orly Ansalem, product manager, video security at Synamedia, says that operators can apply machine learning and analytics to detect credential misuse, helping operators through the delicate task of eliminating ‘false positives’ and avoid confronting their subscribers with unwarranted allegations of bad behaviour.

Operators then have the option of trying to use the information as a marketing tool or as evidence against their customers. “We can enable service providers to monetise credential sharing. We believe most users are honest and by approaching them in the right way, operators can sell a higher level of service,” she says.

Ultimately, however, operators face hard choices in deciding how to tackle credential sharing. “Two-way networks give you the visibility to fight credential sharing if you want to. There is, however, a trade-off between user satisfaction and potential revenue loss from sharing across multiple households. Operators have to strike the right balance,” says Petr Peterka, chief technology officer at Verimatrix.

Read Next