The forms of video piracy: there’s a taxonomy for that

Posted On

By Team ExpressPlay


Piracy has become a mainstream conversation in the media and entertainment world and among creative professionals. But actually, media piracy issues go back to the days when studios and distributors began sending pre-release copies of movies on VHS tape to members of the Motion Picture Academy and mysteriously millions of illegal copies would begin to appear. One Academy member was even expelled for providing a seed copy.

First some context

As online commerce and distribution technologies advance, the ways to protect content and data continue to become more sophisticated as both distribution and protection evolve. When rights-holders demanded better protection in pay-TV environments, it gave rise to conditional access systems (CAS) to protect against service theft. As streaming gained traction, digital rights management (DRM) became a mandate to ensure that content assets were viewed only by legitimate users who had entitlements and could be authenticated as such. 

But with timely, or time-sensitive high-quality premium content– such as a live sports broadcast – protecting access alone is not sufficient. Once accessed and decrypted, a user could re-distribute it. No matter whether redistribution is purposeful or unintentional, if redistribution is unlicensed, it violates copyright. 

Classifying piracy

To better understand how to fight piracy – and what the most effective anti-piracy techniques may be for a given situation – it’s useful to classify those techniques into categories.

The first kind of piracy – the one with the greatest impact on video service providers such as pay-TV operators and OTT streaming services – is the theft of service. One way to achieve this is to obtain ‘broken’ conditional access cards. Another is to capture and redistribute programming in the clear after it has been decrypted and presented to the output of a set-top box. Yet another is to intercept a service from within an operator’s distribution network.

Next is the one that has the biggest impact on content creators and rights holders: the theft of content, which can be stolen from almost anywhere. Both on-demand and live streaming services are vulnerable, and DRM is designed to protect them. However, post-decryption, content played through smartphones, streaming set-top boxes, computers, or from physical media, is all vulnerable. Other threat vectors include ripping from physical media, camcording in theatres, and redistribution of already-stolen content from linking and hosting sites operated by other pirates. Pirates then use illicit download sites, private social groups, and streaming services to re-distribute the stolen content. 

A third category is the theft of infrastructure: video providers must engineer their delivery to meet high consumer expectations for video quality. Depending on region, piracy operations may take as much as 25% of a network provider’s capacity. With that in mind, consider that the network provider must, in effect, over-provision the network capacity to accommodate both, thus increasing either CAPEX or OPEX or both. Reducing piracy returns this stolen network capacity to the operator, allowing the operator to improve service quality for legitimate subscribers.

The other three are the theft of advertising, theft of devices and software, and the “theft of you” – personal information such as media account or financial account details.

Advertisers want to ensure that they aren’t wasting budget by paying fraudulent websites or apps for carrying legitimate advertising – and to ensure that their brands are never associated with fraud. Advertising automation can miss pirate requests that look the same as legitimate requests when they utilize the standard advertising APIs. 

Pirates can create fraudulent software that runs on legitimate consumer devices by hiring a software developer to create apps that appear to originate from trusted sources, and then use that software to implant malware or ransomware. Alternatively, they can build illicit streaming devices and pre-configure them with fraudulent software. 

The ‘Theft of You’ might begin when a pirate buys a (stolen) consumer database and then unlocks media accounts with credentials from that purchased database using an automated attack method called credential stuffing. Once an account is unlocked, pirates can resell individual working credentials for virtually 100% profit or use the credentials themselves. For example, a pirate can send phishing emails directly to those users, asking them to download the latest update, change their password, or to otherwise trick the user into entering personal information.

Fighting piracy

With all of these attack surfaces, it’s difficult to determine where to start fighting piracy. Video providers find it helpful to separate the areas that they can address, from areas that they can’t. Those which distribute either over their own managed networks, online, or both, are in a strong position to manage the theft of services, network capacity, and content.

The best way to start is to identify where the greatest financial impact might be, and then to thoroughly review how the current security framework minimizes or removes that impact. Are the content and service protection elements in place to secure delivery within the framework of a legitimate service? Are the operating system, middleware, and security software running in set-top boxes up to date? If not, are they field-upgradeable – preferably through download? Does the cost of doing so exceed practical limits? 

Service usage and content access should be tested thoroughly: are all streaming sessions closed when the consumer leaves the session? Are the content sources and streaming destinations verifiable? Are there ways to detect and limit anomalous use, such as excessive license requests or too many devices on a single household account? Given the potential for content theft and redistribution, can content that has been stolen be detected and traced back to the source of a breach? 

The reward justifies the investment

An effective anti-piracy initiative can bring several positive outcomes. One of them is to preserve service revenue that otherwise would have been lost to theft. If services or content are detected in places where they should not be found – for example, streaming to unauthorized destinations or devices or found within private social groups or paywall-protected infringing services – the access to them can be terminated or compromised. This would drive at least some of the otherwise-infringing use back to the legitimate service.

Another positive outcome is cost reduction. Consider the “stolen” network capacity referenced above. If a video provider no longer has to over-provision its network to allow for stolen capacity, the cost of delivery can be reduced, quality of service (SLAs) can be improved – or both.

In conclusion, while the combination of revenue recovery and cost reduction gained through anti-piracy will help reduce the overall cost of delivery and thereby improve the business case, doing so also places premium video distributors in a better position to meet content protection requirements for live events and ultra HD programming that are imposed by the rights-holders.

The views expressed in this article are those of the author and not necessarily of Intertrust. 


intertrust-expressplay-drm CTA Banner

Related blog posts



Posted on 27 Mar 2024

Mastering the tide: Protecting live streaming from the surge of piracy

Read more



Posted on 06 Jul 2023

Curbing account sharing: how service providers can preserve revenue

Read more



Posted on 30 Jun 2022

Six advantages of direct-to-TV broadcast content protection technology

Read more