How to Stop Pirates Gatecrashing Your OTT Party
"On the waves of the air, if it's something we can share, we can steal it," sang the Bee Gees in Saturday Night Fever, the biggest selling soundtrack of all time. OTT party fever is all around. But as streaming providers compete to throw the most entertaining, fabulous parties, uninvited guests are helping themselves to the fancy cocktails and walking off with the family silver.
With billions of dollars at stake, it's no surprise that gatecrashing pirates want a piece of the action. And pirates are increasingly tempting both guests and new party goers away by throwing rival illicit parties of their own. Parks Associates' latest report on video piracy calculates that the value of pirate video services accessed by pay TV and non-pay TV consumers will exceed $67 billion worldwide by 2023. By taking action, the industry can stop these gatecrashers siphoning off billions in revenue that rightfully belongs to content owners and services providers.
As the most successful party planners know, paying close attention to every detail in the run up, during, and after the main event is critical; likewise, the most secure OTT service needs to take a multilayered approach to security. Having beefy bouncers on the door to throw out undesirables is essential, but it's vital to keep a very close eye on both your possessions and your boundaries at all times to ensure gatecrashers don't find other ways in.
Which tactics do gatecrashers use to spoil the party and what should be on your checklist to keep your guests infinitely entertained while ensuring it's strictly by invitation only?
Party Spoiler 1: Stealing Content
There are two main ways for pirates to create their own copies of content from legitimate sources:
DRM bypass—Pirates distribute new content on file sharing sites soon after release because they have already outsmarted many established DRM systems. They can distribute exact replicas of original content either as files for download or streamed from pirate sites.
Analogue/HDMI hole—This involves capturing the video from the output of a STB, PC, or other device as it plays and re-encoding it to a file for onwards distribution. HDCP is often used to encrypt the output from STBs or PC but is easily bypassed. Less sophisticated methods include using a screen capture application on a PC or a video camera to capture content directly from a movie theatre or TV screen.
Party Spoiler 2: Stealing the Service
Strong content protection is critical, but pirates have their sights on a much bigger prize than piecemeal content—gaining access to a streaming provider's full service. By impersonating a legitimate user or device, or using fake apps that mimic the real app but cleverly circumvent the authentication and authorization mechanisms, OTT pirates can trick the DRM system into decrypting and displaying content. The threats are manifold:
Credentials abuse—This takes several forms:
- Casual account sharing - password sharing between with friends or family members
- Swapping/pooling - Users (often strangers) with different service subscriptions swap their credentials online so they each benefit from other services while only paying for one. Credentials theft - Phishing and Credential Stuffing involves pirates obtaining the credentials of legitimate users without their knowledge and selling them on either on the open or dark web. In 2019, there were over 5 billion credentials and passwords for sale on the dark web for as little as $4.
- Endless trials – Hackers take advantage of the practice of allowing subscribers to sign up for a free trial by generating a new identity at the end of each trial.
Bypass of concurrency controls—Systems that limit the number of concurrent devices or viewing sessions a particular user can access can often be bypassed, enabling many consumers to use a single account.
Token theft—Once a user has logged on to a system, tokens are often used by the application or web browser on the device to identify the user to the CDN. These tokens can easily be copied to other devices and used to access content.
Key distribution attack —By working out the key used to encrypt content, a hacker can easily redistribute it, allowing content to be accessed directly from the CDN and decrypted.
Party Spoiler 3: Hosting a Rival Service
Just as there's a limit to how many parties you can attend, there are only so many streaming services consumers are willing and able to pay for. Recognizing this, pirates create competing services, complete with smooth web interfaces, apps, STBs, and even customer service departments to aggregate the legitimate content they have stolen. In some cases, the experience is so good, consumers don't know it's illegal; in other cases, consumers knowingly choose the pirated service because they can find a range of content from multiple content providers in a single place. Particularly for sports events, millions of people are using competing pirate services to access live streaming services - sometimes even getting the content for free.
OTT Party Checklist: How to Keep Out Pirate Gatecrashers
Content owners and service providers are missing out on billions in revenue which is being siphoned off by pirates. Fighting service piracy requires solutions that go beyond content protection to demotivate pirates at every point along the video distribution chain:
- Combining strong end-to-end encryption and security controls at the headend.
- Hardening of the client devices against tampering and manipulation and the use of watermarking and other technologies to detect and disrupt leaks.
- Using intelligence-based operational security services that combine a smart command and control center which leverages AI technologies alongside human intelligence (including undercover investigators and cyber security,psychology, criminology, and sociology experts) to monitor and map the piracy supply chain and orchestrate anti-piracy activities and legal and technical takedowns.
- Working together to fight back. Everyone, including CDN and cloud service providers, ISPs, payment providers, chip manufacturers, anti-piracy tool vendors, integrators, rights owners, streaming providers and legislators has to cooperate to combat and outwit pirate gatecrashers. As most content is not exclusive to a particular provider, cooperation is needed to ensure that solutions address all sources of pirated content.
Like bees to a honey pot, the best parties will always attract gatecrashers. And with billions at stake, OTT pirates will not leave without a fight. But by paying close attention to every move they make, we can contain and minimize the pirates' antics and keep the party swinging with our invited guests.
[Editor's note: This is a contributed article from Synamedia. Streaming Media accepts vendor bylines based solely on their value to our readers.]
Streaming services aren't just competing against each other; they're competing against pirates. DRM, encryption, watermarking, and geofencing are crucial components of any successful OTT anti-piracy strategy.
Streaming Video Alliance Executive Director Jason Thibeault and NCTA VP of Broadband Technology Matt Tooley discuss current industry-wide efforts to address privacy concerns in this clip from their panel at Streaming Media East 2019.