Telecoms, Media & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 3099067.

Media + Networks

Where Content Meets IP

Securing the network: The evolution of detection techniques and pirate attacks

2017 saw a significant increase in both DDoS and web application attacks, with cyber criminals using attack vectors both old and new to wreak havoc and disrupt business, writes Adrian Pennington. With mobile devices and the Internet of Things serving as broad new attack surfaces, and with serious vulnerabilities like Spectre and Meltdown being continually discovered, what can media enterprises do to protect their customers and their businesses? 

“We stand on a precipice today as the world moves to 5G and the Internet of Things,” warned Christopher Young, CEO at cybersecurity firm McAfee. “We are no longer dealing with a handful of companies with closed ecosystems solely responsible for securing data on the device. With open systems, the network also connects devices like a fridge and lightbulbs.  We are talking hundreds of billions of devices. How will we secure this large scale connected device ecosystem without stifling growth and innovation?”

Speaking at Mobile World Congress, Young said McAfee was tracking 600,000 unique threats a day on 300 million devices. Cybercrime, he said, was already draining U$600 billion from businesses a year.

“What stands out is the complexity and scale of these attacks is increasing. No threat goes away – it morphs over time. Attackers are combining different forms of attack and even sharing codebases to circumvent the defences the cybersecurity industry puts in place. We saw ransomware in the late 1980s but what has changed to drive the meteoric rise in ransomware are crypto currencies like bitcoin which make it easier for attackers to cashout.”

There has been a perception that cybersecurity is focused on protection of the network and the threat from hackers to systems and data. However, the Game of Thrones hack last July showed that data breaches and content theft are not necessarily separate threats.

Attack surface spreads

“The same digital and connected TV platforms that cybercriminals target for illegal redistribution of content also act as attack surfaces for hackers looking to gain access to service providers’ networks and potentially steal customer information and other important data,” says Mark Mulready, Vice President – Cybersecurity Services, Irdeto. “As a result, it is crucial for approaches to security to evolve in line with the changing market dynamics.”

Today, content owners and distributors face not only the threat of content theft but also the threat of attack on their entire IT infrastructure and content distribution platform, which can contain customer data, payment information, confidential company information, as well as unreleased and high-quality videos.

Content protection specialist NAGRA says it is seeing growing demand for technology that addresses content value protection challenges “from the source to the consumer”, as well as “online ecosystem” challenges, mainly illicit streaming of content captured off legitimate sources (from STB to OTT apps to cinema screens).


“As media content at every step of the production cycle is now digital, more partners are involved in post-production, consumer distribution is done over multiple networks, all leading to higher risks of content leaks and illicit re-distribution,” says SVP marketing, Ivan Verbesselt. “Being able to quickly identify the source of a content leak matters more than ever. For distributors like OTT providers and pay-TV platforms, where CAS and DRM are used to protect the content, there is also a growing interest in using watermarking coupled with anti-piracy services to secure, mark, monitor, identify and act to stop content leaking and re-streaming at the source, from the device or app where it was leaked.”

Revenues lost to online piracy will nearly double between 2016 and 2022 to U$51.6 billion, according to the Online TV Piracy Forecasts report. Covering 138 countries, these forecasts include revenues lost to TV episodes and movies – but not other sectors such as sports or pay TV.

“Piracy will never be eradicated,” says Simon Murray, Principal Analyst at Digital TV Research.

"However, legitimate revenues from OTT TV episodes and movie overtook online piracy losses as far back as 2013. The gap between the two measures is widening.”

For the Mayweather vs McGregor boxing match in August 2017 alone, Irdeto identified 239 streams reaching approximately 2,930,598 viewers. The impact of these illegal streams cannot be underestimated, especially when it comes to premium live content such as sports.

“When you take these numbers into account, it’s clear that pay TV operators are facing potential subscriber churn to cheaper illegal services,” says Mulready. “Meanwhile, for content rights holders this is an emerging threat affecting loss of revenue as these alternative sources are diluting the value of their content.”

Detection techniques evolve

Pirates are getting more sophisticated but so is the technology available to counter their threats. An example of the evolution of detection is Artificial Intelligence (AI). Irdeto uses AI to detect illegal streams through semantic analysis of social media advertisements and/or web page indexes and by enabling inspection of visual elements in the re-distributed content, matching it to the original content. Machine Learning is then used to automatically process streams distributed by pirate aggregation sites or other distribution media, and recognise the original source of the video stream by identifying the broadcaster logo.

“However, once pirates realise the detection techniques that are being employed, they then start adjusting their methods – in this case blanking or switching out logos,” notes Mulready. “This then means the visual elements that are detected need to be adjusted or expanded to incorporate more variables for the system to learn and detect.”

Video services providers need to use all of the available technology to stay ahead of the game – what worked 2-5 years may not work today. Through secure chipsets, Trusted Execution Environments (TEEs) and monitoring of usage patterns can help prevent and/or protect something bad happening, at the same time there appears resistance to invest in content protection due to a disconnect between operators and studios.

“Operators don’t want to pay for content protection because of the hefty price tag they are paying studios for the content,” reports Petr Peterka, CTO, Verimatrix. “Additionally, they may hesitant to invest in technology like watermarking if not all other distributors of that content are doing the same. This mindset causes eventual damage to both the service provider and the studio.”

With online streaming becoming the dominating form of online piracy, pirates now leverage device, cloud and CDN technology to capture HD content or channels in one country and distribute it everywhere through a network of servers hosted across multiple locations worldwide. Going one step further, pirates are also moving into the subscription business, setting up online payment servers tied to offshore accounts to charge for access to illicitly streamed content.

“On the device side, the take-up of Android STBs running the Kodi media app, that can be easily configured to install ‘add-ons’ that provide access to illicit streaming servers, also brings massive scale pirate services to the big screen TV set, blurring the line between illicit and legitimate TV channels for too many consumers, and posing a new major risk for the media industry,” says Verbesselt.

Making “free” unattractive

Industry estimates suggests that at least a quarter of pirate users can be converted into paid subscribers if they can get access to the content they want to watch. The 2017 Pay-TV Innovation Forum reckons service providers could stand to gain U$7 billion in unrealised pay-TV revenue annually, if at least one in four consumers of pirated pay-TV services would switch to a legitimate option.  This share can be much higher if the content illegally accessed was hard to find or simply not available in any given market.

“The argument against pirated content used to be that the quality wasn’t as good, but that is going away,” says Peterka. “Now, there’s a bigger focus on the high cost of content and how to price services as low as possible while still being profitable. Today’s content distribution needs to be dramatically optimised to get the benefit of modern technologies to drive the cost down. One way to get down to the cheapest possible cost is by eliminating duplicate processes in the production chain.

“For example, each time a studio sells a single piece of content, that piece of content is formatted individually for distribution, sometimes a thousand times over. By moving content distribution into the cloud, studios could save costs by transcoding the content only once and hosting it where studios could stream it directly. This federated rights management approach would help distributors save costs and meet customer pricing demands.”

In fact, illicit online streaming has made the case for international online distribution of about any content available in a given country. Providing the right pricing, packaging, user experience and delivery model (linear and on-demand), while evolving licensing terms with existing distributors and retail partners, will be the key challenge for content owners and pay-TV distributors going forward.

“While ‘free’ always feels attractive for consumers, illicit content is never ‘free’ for viewers who either need to subscribe to an online pirate service, or cope with malware and stolen private data to get access to content,” argues Verbesselt. “So as more consumers get informed of the risks and costs of using illicit services, the attraction of legitimate services – assuming they meet market expectations - goes up. Consumer information and awareness campaigns are also an important part of the anti-piracy effort.

“If we look at the music industry, streaming platforms have finally managed to help the industry grow its revenues again in 2016, for the first time in 15 years, through a new subscription-based business model that makes traditional file-download piracy much less attractive for consumers. The ‘I might as well pay’ logic is finally winning.”

Education and law enforcement

Education around piracy could make a difference. The Irdeto Global Consumer Piracy Survey, conducted 2017, found that despite the high number of consumers watching pirated video content (52%), nearly half (48%) would stop or watch less illegal content after learning the damage that piracy causes the media industry. This willingness by most consumers to change their viewing habits speaks to the huge impact that education could have on reducing the number of people who pirate video content.

In addition, the importance of skilled investigators and relationships with law enforcement cannot be underestimated.

For example, in January this year Irdeto supported European Police Authorities, Europol, and other Audiovisual Anti-Piracy Alliance (AAPA) members to shut down a crime group suspected of hosting a large-scale illegal IPTV streaming business. In the second half of 2017 it also supported Australian police and Foxtel on investigations which led to the sentencing of a Sydney man for his role in the selling of unauthorised access to Foxtel services. A collaboration between Irdeto, MultiChoice Africa Limited and Egyptian Enforcement Authorities led to three content pirates being sentenced in Cairo, Egypt in July 2017.

Tackling piracy is a battle that needs to be fought on two main fronts: with innovative user experience design, flexible content packaging and pricing solutions (including skinny bundles, event tickets or VOD boxsets) on one side, and with smart content value protection and cybersecurity technology and services on the other side.

In other words, operators need to provide consumers with access to the content they love, delivering a better value service, while also keeping pirates at bay by disrupting and stopping their operations.