Streaming piracy poses arguably the greatest threat – in both economic and technological terms – confronting broadcasters today. David Davies finds out how vendors are helping their customers to stay one step ahead of the pirates.
When focusing on video security, it is important to define the two main kinds of risk – one is systematic, ‘for profit’ piracy’; the other the more casual, between-consumer sharing of content.
But both areas constitute significant threats to broadcaster revenue and are becoming ever more pressing in an era when content production and licensing costs are escalating rapidly.
Rinat Burdo, product manager of video security at Synamedia, neatly summarises these concerns. “Alongside the continued growth in for-profit piracy, casual account sharing is also increasing rapidly. Both types of piracy are burning a big hole in broadcasters’ budgets at a time they can ill-afford to lose revenue. Parks Associates predicts that in 2021 $9.9 billion of pay TV revenues and $1.2 billion of OTT revenues will be lost to credentials sharing alone.”
All this translates to acute pressures for broadcasters worldwide. “We’re in an intensely competitive global market and customers are facing spiralling costs licensing and creating premium content to retain and attract viewers,” says Burdo. “If they are to build a sustainable business model, operators need to claw back the revenue they lose to piracy and put security solutions in place that can help to monetise services and content, and build, new incremental revenue streams.”
‘Exponential rise’ in security risks
No one disputes that the number, and diversity, of threats is increasing year after year. In part this is due to the global nature of the online content ecosystem, which means pirates now have an increased opportunity to monetise illegal services.
“More third parties and contractors are part of the content lifecycle, meaning more attack surfaces for bad actors to target and infiltrate.” Alex Balford, Akamai
Burdo observes: “While pay TV piracy was limited to the footprint of the satellite in a specific region, today’s streaming pirates can steal content from one place and redistribute it globally over the internet at lightning speed. And because the move to streaming devices means the illegal video redistribution is now done by pipework and software, it’s much easier and faster for pirates to manipulate and exploit. Pirates can hide their operations more easily, and if legal action is taken they can quickly get their illegal services up and running again.”
- Read more: Piracy didn’t fade, it just got cleverer
Some of the instances of technological progression that have characterised the industry in recent years have – in turn – brought their own challenges. Alex Balford, senior media product marketing manager at Akamai, says: “The remarkable advancements that have helped make creating, sharing and distributing content incredibly easy have also exposed the industry to risks that weren’t as prevalent in a more proprietary, less digital world. More third parties and contractors are part of the content lifecycle, meaning more attack surfaces for bad actors to target and infiltrate. This can include corporate networks, websites, apps, valuable content and subscribers’ personally identifiable information to name just a few.”
The advent of IP-based workflows and viewing equate to spiralling security concerns. “As easy as it is to stream content anywhere, it’s also far simpler to rip content or steal signals than it’s ever been. A few dollars and access to an online account checker can easily give even the novice hacker the ability to test thousands of username and password combinations.”
Specific examples of non-casual piracy include mass-breaching of passwords; more illegitimate media organisations setting up to stream stolen channels (“and even selling set-top boxes on which to watch them,” notes Burdo); and the use of social media and online marketplaces to sell or trade credentials that yield access to other services.
In a manner comparable to the way in which the impact of sharing of musical content is frequently underestimated by consumers, the same may be said of video content in the streaming era. “In many people’s minds,” says Burdo, “casual account sharing is deemed to be permissible, but in reality prevents service providers from building a sustainable, profitable business. The additional streams used for credential sharing incur cost but don’t bring in revenue for the operators.”
Steps to improved security
Some of the most crucial steps to improving content security can actually be taken for free. For example, obliging multiple stakeholders – including subscribers, employees, contractors and others connected to the business – to use unique username and password combinations can help to mitigate cyber-attacks of all sorts. Beyond that broadcasters now have access to a growing variety of sophisticated solutions that can be applied throughout the production process.
Akamai, says Balford, offers a host of solutions “designed to combat bad actors and their tools of choice. These include a bot management solution that can discern between a real user and a ‘robot’ attempting to access an account, thereby offering a defence against credential stuffing and stream piracy attacks. We also provide products and managed services to protect against DDoS attacks that are designed to take down entire sites and services.”
“In many people’s minds, casual account sharing is deemed to be permissible, but in reality prevents service providers from building a sustainable, profitable business.” Rinat Burdo, Synamedia
The company has also recently introduced new products that can intelligently serve or block access to content with an integrated VPN and DNS proxy detection service. Also new are added capabilities to its token authentication solution that extends coverage for browsers and devices that do not support cookies, as well as making it more difficult to play back stolen content.
- Read more: Catching the pirates offside
Synamedia’s Video Security portfolio includes CA and DRM protection, as well as the recently launched Credential Sharing Insight solution, which has been devised to help streaming providers combat the rise in casual account sharing between friends and families. It can also be employed to detect and shut down large-scale, for-profit operations.
Burdo explains the principles of the Credentials Sharing Insight solution, noting that it utilises “AI, behavioural analytics, big data and machine learning to identify, monitor and analyse credentials sharing activity across streaming accounts. [This helps] providers to understand where they are experiencing revenue loss from casual account sharing and how they can generate more revenue from the sharing activity.
“Credentials Sharing Insight dashboards highlight unusual sharing activity, including alerts and trend analysis. By integrating the credentials sharing policy engine with their campaign management/CRM system, streaming providers can apply specific policies, such as segmenting viewers to upsell and encourage prolific casual sharers to upgrade to a premium service in return for more concurrent users. This approach makes it easier to keep honest people honest and also boosts revenues. It can also be used to identify and shut down illegal streams promptly.”
The benefits of ‘clever security’
Given the increasingly ambitious nature and capabilities of large-scale illegal operators, content security will continue to be the very definition of a moving target for both broadcasters and vendors. Consequently, it can be helpful to perceive the problem in a holistic way, with investments in security measures bringing benefits all the way along the production and distribution chain.
“It’s important to see that implementing strong security solutions also brings benefits,” says Burdo. “Clever security is not just about detecting and shutting down fraudulent, large-scale, for-profit piracy, but enabling real-time response during the event and giving service providers tools to drive marketing dollars and benefit their bottom line.”