Battling the OTT pirates: CDN leeching now part of increasingly complex piracy landscape

It will soon be half-a-century since the first consumer VCRs (video cassette recorders) hit the market, and during that time the problem of content piracy has only become larger and more complex. The potential for counterfeit content activities ramped up decisively with the arrival of the internet, while the rise of streaming services has inevitably provided another huge sphere of opportunity for criminal operations. To put it in perspective, Digital TV Research recently predicted that video piracy would cause $11.6bn in lost revenues for 2022 – and that’s only for the US.

With awareness of the potential impact of large-scale attacks against specific media organisations also growing (indeed, a suspected ransomware attack against The Guardian had just been reported at this article was nearing completion), the pressure on security technology providers to help their customers stay one step ahead of the criminal organisations is intense. DDoS attacks and stream jacking are among the established methods that continue to be deployed, while CDN leeching is an emerging threat that may generate plenty of troubling headlines in 2023.

“Over the past few years we have certainly witnessed a steady growth in OTT piracy,” confirmed Markus Hejdenberg, Head of Product Sales & Marketing at video software specialist Accedo. “This is, however, to be expected given the growth of the OTT market, leading to more content on more platforms. This will always be the case, and as the market continues to grow we will at least see more [forms of attempted piracy]. Whether or not they are successful depends on the tech and mechanisms in place to stop them.”

Fragmentation & vulnerability

There is a widely shared view that the problem has become more acute as the OTT market itself has passed into a period of renewed fracture, with more individual services competing for eyeballs.

Read more The power of piracy data

Derek Powell is a Director at Altman Solon, a global strategy consulting firm focused on telecoms, media and technology. “The challenges with combatting piracy have expanded as fragmentation has accelerated across the industry,” he said. “The growing number of content streaming platforms and connected TVs and devices present more points of vulnerability for pirates to intercept content and redistribute it on other platforms.”

Several long-term threats have continued to demand attention throughout the past 12 months. Whille it’s possible that more action ultimately be taken about cognisant password sharing following a December ruling by the UK Intellectual Property Office that the practice breaks copyright law, for now it is credential stealing that is most preoccupying many media services and their tech partners.

“Stealing consumer credentials seems to be the most prevalent form of piracy right now,” said Powell. “This allows access to content – not just entertainment content, but also personal (documents, messages, photos) and confidential information (financial). This type of attack uses bots for automation and scale, and is based on the assumption that many users reuse usernames and passwords across multiple services. While this impacts consumers most directly, there could be some liability and brand trust issues for streaming services as well.”

From the Accedo perspective, Hejdenberg noteed that “we are seeing two main types of piracy: bots doing credentials testing, which uses illegal online databases to verify working credentials, and stream highjacking.”

Fast emerging as the next major form of piracy, meanwhile, is what is being described as CDN (content distribution network) leeching. According to Viaccess-Orca’s own primer on the subject, “one major streamer talks about CDN leeching as enabling ‘vampire services’ and it’s an appropriate description. Essentially, the pirate uses a variety of different attacks to allow an unauthenticated user to get content from a CDN.”

Once the limitations of a CDN in question have been identified and analysed, it can be revealed that “a percentage of the destination servers in its structure are no longer legitimate; instead, they are routing content directly to the pirates. All they have to do then is create a front-end to their ‘service’ and they can start selling access to the illegally obtained content.”

Expanding on the problem to IBC 365, Viaccess-Orca VP Partnerships and Security Products Management Pierre-Alexandre Bidard said that the pirates are “always looking to find new ways to [exploit the content infrastructure] and optimise their revenues. So with some existing [forms of streaming piracy] it might be that the pirates have to part with one dollar to get 10 back; with CDN leeching it is even better for them because they don’t have to pay for that part of the passage at all. The appeal to them [of this approach] is not hard to see.”

Holistic approach

While it remains to be seen what kind of impact CDN leeching has in 2023, it is clear that a multi-faceted approach that combines multiple technologies and mechanisms will remain essential for most content services. As Bidard noteed: “With new forms of video piracy emerging all the time, a holistic approach to piracy is essential.”

In the case of Viaccess-Orca, this has resulted in an evolving set of solutions under the banner of the Anti-Piracy Center, which includes 24/7 real-time monitoring and detection of illegally distributed content; automated real-time monitoring of apps and STBs; dynamic watermarking-as-a-service that “identifies and removes the source of re-streaming within seconds”; and the use of AI and ML to detect credential sharing and hacking attempts throughout the video delivery chain by “analysing user behaviours and flagging anomalies”.

Bidard agreed with the suggestion that the use of automation is destined to increase as anti-piracy solutions evolve. “One of the major goals is to be able to monitor locally, quickly and widely, and AI is great for that,” he said, adding that VO’s overall strategy is informed by a desire to “be proactive and move fast [in developing new anti-piracy technologies], because whenever the [illegal operations] find a new way they tend to share it within the community of pirates.”

Hejdenberg highlighted the utilisation in the Accedo One cloud-based SaaS Video platform of “several detection and prevention mechanisms, aimed at combatting bots trying to use online databases to verify working credentials”. He also drew attention to the Accedo One Marketplace of specialist streaming vendors that can be integrated as a service evolves: “This includes support for multiple Digital Rights Management (DRM) solutions, offering DRM serving and secure token services, [while] we have already integrated multi-DRM solutions from Brightcove, Verimatrix and Vualto. It was important for us to integrate vendors with a long history of working with content security and video deliveries from different aspects of the value chain so that we can cater for a wide range of unique customer requirements.”

Powell also indicated that a multi-faceted approach is valuable, encompassing measures such as “advanced DRM solutions with embedded forensic watermarking, and dynamic DRM solutions that continue to work in the background and protect the content without the hacker knowing it’s there.” But he also stressed the importance of “continued consumer education around the sharing of passwords and other types of confidential information”.

Looking ahead, he pointed to evolving threats as “content production increasingly becomes digital, so protecting content upstream is critical, especially [in terms of] providing security solutions for virtual production assets.” And given the escalating complexity of the challenge, it’s arguable that there needs to be a heightened emphasis on collaborative development and testing, as well as more action on a global level.

Powell concluded: “Industry collaboration is critical to designing and implementing business and technical solutions to deter hackers from obtaining access to content. The more information and prevention techniques are shared and tested across multiple platforms, the better the industry will fare at stopping piracy. [It should also be noted that] OTT piracy is a global problem, so aligning local laws (criminal versus civil infractions), legal procedures, and enforcement requirements is needed to ensure the best deterrents proliferate.”

Read more Disney & Lumen: Partnering on CDN configuration standards