Malware Suggests Search Plays a Major Role in Piracy

Image by stefanocar75

Copyright holders have long insisted that search results play a substantial role in driving users toward pirate sites.  Google and piracy advocates have generally countered that search does not drive much traffic to illegal sites because the people who consistently use infringing sites know what they’re doing and will go directly to the content they’re seeking.  This is a reasonable assumption to make about the population of committed infringers out there, but one fact that refutes this premise is the extraordinary volume of malware (a 1-in-3 chance) on infringing sites.  Because malware isn’t there to catch the experienced visitor—it’s there to catch the unsuspecting individuals who may not even realize they’re using illegal sites when they first visit.

For those who don’t know how it works, it goes like this:  A user is interested in watching Moonlight.  If he types “Moonlight” into Google Search, the second-tier results will be links that read “Watch Moonlight Online for Free,” all of which are directed to infringing sites.  If the user actually types “Watch Moonlight” into the search field, then the first-tier results will be infringing links. And quite often, Google will automatically suggest words that prompt the user toward an infringing site. For instance, if the user logically adds the word “movie” (because moonlight is a word and not just a title), then Google will complete the thought with “online,” which then yields top results with links to “watch moonlight movie online” via an infringing site.

Google and the piracy apologists are almost certainly correct that many avid visitors to infringing sites are fairly sophisticated users; they have VPNs, ad-blockers, security software, etc. to avoid detection and malware.  But if these were the only kind of visitors landing on these sites, then the underground market in malware-based trade would not be nearly so robust as it is.

As described in this 2015 post about a report called Digital Bait, commissioned by Digital Citizens Alliance and conducted by RiskIQ, a sophisticated “crimeware economy” exists on the Darknet, where criminals buy and sell goods and services used exclusively for preying on users. To use a blunt example, if a teenage girl visits an infringing site, she has up to a 30% chance of contracting malware. That malware may be a Remote Access Trojan (RAT), which gives fairly unsophisticated hackers control of her computer, including her webcam.  Then, her IP address may be sold in this black market to people who want to spy on teenage girls in their bedrooms. In many cases, a user doesn’t even have to consume the infringing content in order to infect a device. The promise of “free content” may be draw the user into a dead-end malware trap.

If all traffic to pirate sites truly comprised only the knowledgeable users, then the criminals would not have a financial incentive to deploy so much malware on sites that infringe, or promise to infringe, copyrighted content.  The very existence of prevalent malware is an indication that a substantial number of users who have no idea what they’re doing are visiting these sites, which logically leads to the conclusion that search must play a significant role in driving users toward these sites and into the hands of criminals.

Notice that, in this context, we don’t even need to address the subject of copyright infringement, let alone get bogged down in all the tedious rhetoric about free speech.  If Google’s top search results are indeed putting users in harm’s way, this is a consumer protection issue for the Fair Trade Administration and/or State Attorneys General.  And, in fact, Digital Citizens Alliance, after releasing its 2016 report Enabling Malware, began presenting its findings to the AGs.

Yes, it is likely true that once a user—even a fairly unsophisticated teenager—is aware of sites where free content is available, he will probably revisit those sites directly without going through a search engine. But even this kind of anecdotal assumption does not mean the role of search is insignificant, not least because the illegal nature of pirate sites means that they have a tendency to disappear and reappear as authorities in various regions shut them down.  A 2013 study indicated that 19% of the traffic to infringing sites could be directly attributable to search, and if that number were wrong by half, it would still represent billions of visits per year.

Consumers have a right to know the nature of their vulnerabilities when using any product or service, and they have a right to demand that U.S. companies take every reasonable step to mitigate exposure to risk.  To date, Google has refused to take even the obvious step of demoting known infringing sites in their search results, let alone to alter the way in which auto-complete may drive consumers toward these sites.

Google does now feature the legal channels for consuming media, including their own services like YouTube and Google Play, which is a good step but not likely sufficient to protect consumers as hackers become more sophisticated and more ambitious.  In fact, one likely consequence of advertisers becoming more effective at keeping their brands off pirate sites is that the criminals will depend more on the “crimeware economy” to make money through infringing content as a means to deliver malware.

Google is getting a lot of pushback lately—from the EU’s anti-trust decision, from the advertisers, and from the Canadian Supreme Court this week in the Equustek case. (More on that shortly.)  I would not be surprised if the State AGs and other consumer-protection agencies begin to take a more active interest in the relationship between search, piracy, and malware.

Enjoy this blog? Please spread the word :)