M+E Connections

Sophisticated organized criminal pirates are stealing billions of dollars of content right from the legal owners’ content delivery networks (CDNs) and over-the-top (OTT) services, in part because digital right management (DRM) has notorious weaknesses and just does not protect OTT services from hacking, according to Synamedia.

It is, therefore, imperative that media and entertainment organizations be clear on exactly who they are competing against and “where your vulnerabilities are and then start tackling them one by one,” prioritizing those vulnerabilities based on the significance of each one, Nitsan Baider, director of product management at Synamedia, said Oct. 19 during the “The OTT Vulnerabilities” session on day two of the first Video Security Summit.

During the session, he and Janice Pearson, director of business development at Synamedia, explained and demonstrated how pirates hack OTT services, where DRM and token systems fail, and how to secure content and thwart hackers.

They shared details on what Pearson said was a “very sophisticated attack that pirates are using to circumvent the security controls implemented on OTT platforms.”

Their goal was to provide viewers with a much better understanding of how to protect their companies’ infrastructures, she said.

The “Shift” in Piracy Operations

Through its intelligence division’s insights, Synamedia has been able to see that “there has been a change – a shift – in piracy operations in the past, I would say, a little over two years,” according to Baider.

That shift “basically includes a set of methodologies that pirates use to completely circumvent OTT protections and mechanisms,” he said. “What we’ve seen is that they’re able to basically get directly to the CDN [and] get any content they want. And the solutions that exist today, including the solutions that we ourselves were [using] in the past, were not sufficient to thwart these attacks.”

That is why Synamedia developed OTT ServiceGuard, he said, explaining its “genesis” was a realization that “we need something else,” another solution that included a “whole other layer of protection on top of the existing ones,” he said.

Piracy evolved with the shift we’ve seen to increasingly popular OTT services, he told viewers. “Certainly, the pandemic had something to do with that. While we were all kind of locked down at home trying to figure out what to watch on television, the pirates were apparently locked down as well and trying to figure out ‘how do we get that content.’ And, with all that great premium content available on digital, it was just ripe for the picking and what they’ve done basically is identify these vulnerabilities and wrote these pirate scripts that exploit these vulnerabilities,” he explained.

A “Double Whammy”

Those scripts enabled hackers to “bypass the protections, get to the CDN and, at the same time, they don’t only get that content, but they also piggyback on the network – on the infrastructure,” Baider pointed out. “With that, they’re able to also bypass any concurrency limitations [and] are accessing the content on the CDN, entirely going under the radar unseen and [are] able to get any content and any service that they want. This is a double whammy.”

Digital video piracy today is “not just a bunch of pirates stealing content and posting it online,” he pointed out. “There’s a whole supply chain of piracy and the pirates we usually encounter are the tip of the iceberg. They’re the ones offering the end user a service. But, behind them, there are pirate aggregators and pirate wholesalers and they, in turn, buy their service from pirate hackers. [At] the very far end, I would say, of that supply chain are the hackers who figure out ‘how do we break the system?’”

Synamedia performed research to see what methodologies the hackers were using, he pointed out and showed examples of what the scripts used by hackers look like, noting hackers even steal scripts from each other. And “getting credentials is really the easy part” for hackers, he said.

With the scripts, there are typically one of two results when pirates run them. The first is “they get access to the content and they strip the DRM right off of it and they get access to the original content in the clear and post it on their own CDNs,” Baider said.

“That’s bad enough because that means they have content at original quality, very quickly and very easily accessible,” he noted.

But the other option is “really the worse one… and that is when they use the script as kind of a proxy to get licenses to get DRM licenses for their clients,” he said, explaining: “They don’t even have to break the DRM. They just need a pirate client to access the proxy, request access to the content [and] the proxy would trick the system into providing it. The DRM license would then be conveyed to the client and then the DRM license would be used by the client to access the CDN directly. And… since they’re doing it in a clever way, they’re not counted for concurrency.”

The Main Vulnerabilities

When it comes to OTT service vulnerabilities, “there are basically four different types of vulnerabilities that are typically used,” Baider went on to say. They are: hacked/jailbroken devices; “much worse,” authorization tokens that are “very easy to duplicate;” concurrency mechanisms; and CDN access tokens.

“We see that these pirate scripts are being used to create these very inexpensive platforms at scale and they’re competing directly with legitimate OTT service providers,” Pearson said. And the interfaces created by the pirates are so good it’s often hard to tell if it’s a legitimate service provider or a knockoff, she noted.

The pirate services are “living off of the legitimate infrastructure,” she told viewers.

The results for legitimate service providers can be a loss in subscribers and they end up providing service to illegitimate services, she said, adding they are also losing out on ad revenue. To add insult to injury, some pirates are also charging for ads, she noted.