Tag: digital citizens alliance

DCA Releases New Report on Piracy Sites and Malware

Apropos my recent response to the EFF’s standard policy of shrugging at online piracy, I want to highlight one paragraph from the post to which I replied. Katherine Trendacosta wrote:

From the fever-pitch moral panic of the early 2000s, discussions about “piracy” disappeared from pop culture for about a decade. It’s come back, both from the side explaining why and the side that wants everyone punished.

Aside from the statement being inaccurate—discussions about piracy have persisted (often quite heatedly) every year since the Napster days—I cite the quote here because its sarcasm derives from that common fallacy which asserts that Piracy is a victimless crime. No it is not.

If one wants to cling to the rationale that because certain artists are wealthy, piracy is therefore harmless to creators, fine. Whatever. But the fact that EFF and other “digital rights” groups so consistently echo the alleged “harmlessness” of piracy suggests that they’re not terribly concerned about the broader security threats posed by this $2billion/year, global, criminal enterprise.

In a new report published yesterday, Digital Citizens Alliance tells us that the 500 pirate sites studied in its latest research—there are thousands of pirate sites—earn at least $121 million per year just by hosting “malvertising” (i.e., ads designed to deliver malware). Entitled, Unholy Triangle, the report was produced in collaboration with brand safety organization White Bullet and cyber security firm Unit 221B. It describes a symbiotic relationship between malvertisers and pirate sites—two sides of the triangle—and the various ways these parties profit by endangering visitors to pirate platforms—the third side of the triangle.

Highlights from the Report

Researchers found that among the sites studied, 8 in 10 were littered with ads specifically created to entice clicks that will instantly download malware to a device or network. One out of every six visits to pirate sites, the report says, will encounter an attempted malware attack. The most popular type of bug is ransomware, but the researchers also found trojan horses and other malware used to obtain personal or financial information and/or to take control of devices. Of that $121 million annual revenue the pirate sites acquire from serving malvertising, the report states that more than half ($68.3 million) came from U.S. visits.

Among the most compelling, albeit ironic, details revealed by the report is that the majority of ads used to trigger responses are based on fear—specifically, fear of malware! It seems that because many pirate site visitors know they are exploring illegal and sketchy platforms, they are more susceptible to pop-up and pop-under ads warning them that their devices may be infected, or that they should make changes to their devices to ensure their security or anonymity.

A visitor clicks that ad offering to protect her device, immediately downloads malware, and within minutes,[1] her files are locked up, and she will soon receive a ransom demand promising to release those files for $800 to $1,000—in crypto, of course. Even people who pay these ransom demands report that, at best, they get about 65% of their data back, and there is no reason to assume that the hacker(s), who this report indicates are mostly located in Russia, will restore any data once they’re paid.

Ad Intermediaries Facilitate Sketchy Ads

DCA notes the success of initiatives like the Trustworthy Accountability Group (TAG), which launched in 2015 to extricate the legitimate advertising industry from the piracy business. But, the report describes certain advertising intermediaries that seem to straddle the legal and illegal trade. For instance, researchers focused on intermediary RichAds, which the report describes as follows:

RichAds is an advertising company that touts its ability to capture new quality leads from premium sources through its productive ads. The company is listed as being based in Cyprus, with many of its employees listing Belarusian universities as their alma maters on LinkedIn. It promises to deliver the best traffic and claims, on its LinkedIn page, that “We block any bot or other fraudulent traffic.”

Researchers sent the ad shown here for approval and received a “no problem” message from RichAds. This was hardly surprising because, looking a bit further, it appears that this intermediary is not just turning a blind eye to malware campaigns but is promoting its services to facilitate malvertising on pirate sites. “In the case study [used to promote itself], RichAds highlights how the customer relied upon the company to generate and place ads that ‘warned’ users that a virus was detected on their devices and they needed to update their antivirus software,” the report states.

National Security Implications

With operators in countries like Russia and Belarus—and with more than half the malvertising revenue (measured in this report) being generated by American visits to pirate sites—questions about national security come to mind. No, I am not saying that some teenager in Indiana illegally streams Stranger Things, and the power grid shuts down—and neither is DCA. But with more telecommuting and connections between critical enterprise databases to personal networks, the vulnerabilities to the former have increased, and enterprises are big fish for ransomware hackers.

Whether there is any crossover between the private malvertising industry and state-directed hacking aimed at the U.S. is a matter of speculation, but as the DCA report puts it:

Russia, China, Iran, and North Korea make up half of [all ransomware attacks]. As their primary target is the United States, it’s a safe assumption that the motivations go beyond financial to geo-political with national security implications. Those concerns have some states reconsidering the protocols for dealing with an attack on government operations.

Hardly Victimless

Clearly, even if one does not give a RAT’s butt about creators’ works being illegally distributed, piracy is not a victimless crime. On the contrary, a substantial and growing revenue stream for the pirate site operators is, in fact, a trade in victims. Whether it’s slaving personal computers, identity theft, or delivering ransomware to a pharmaceutical company, malware is big business, and piracy sites continue to be an excellent super-spreader.

After about ten years of reading DCA’s reports, this recent one comes closest to at least implying that media piracy can be a vector for malware attacks on something larger than personal computers. Assuming that’s not an exaggeration, the “digital rights” groups may need to drop the false narrative that mitigating piracy comes at the cost of online “freedom.” Site blocking, technical measures, and other means to interdict the piracy trade become very different conversations, if we are indeed talking about critical supply chains and not just “Hollywood.”

[1] The report cites Paul Watters, who “found it typically takes just 42 seconds for an “advanced persistent threat” such as malware to infect a Windows device and 78 seconds to infect an Android device.”

Podcast – The Multi-Billion-Dollar Piracy Industry with Tom Galvin of Digital Citizens Alliance

In this episode, I speak with Tom Galvin, CEO of Digital Citizens Alliance, about piracy of creative works and DCA’s latest report, issued this month in collaboration with the research group White Bullet. The report, entitled Breaking Bad(s): How Advertiser-Supported Piracy Helps Fuel a Booming Multi-Billion Dollar Illegal Market, reveals that piracy is a highly profitable criminal enterprise and is intertwined with other forms of cyber-crime—from personal identity theft to national security

Piracy of creative works like motion pictures, TV shows, music, and live sports is a vast and growing criminal enterprise. In its latest report, Digital Citizens Alliance estimates the combined advertising and subscription revenue generated by piracy is at least $2.34 billion annually. Meanwhile, in addition to its ill-effects on the creators whose works are pirated and the online advertising ecosystem, piracy plays a key role in fostering other forms of cyber crime.

Episode Contents

  • 01:52 – Breaking Bad(s) Report Overview
  • 04:05 – Ad and subscription supported piracy
  • 06:49 – The online advertising ecosystem.
  • 08:49 – Some successful mitigation since 2014.
  • 11:14 – The downsides of piracy for brands.
  • 15:10 – Major brands found were Amazon, Facebook, & Google.
  • 18:01 – It is possible to do something.
  • 19:24 – Advertiser pressure to get ad tech to clean up its act.
  • 21:09 – Dangers to the consumer.
  • 27:13 – Why aren’t the hazards deterrents?
  • 30:30 – Drive-by malware.
  • 32:07 – Piracy is a vertical for broader criminal enterprise.
  • 33:26 – What about solutions.
  • 37:33 – Even if you don’t care about copyright owners…
  • 40:30 – Intersection with disinformation campaigns?

Online Piracy More Sophisticated and Insidious Than Ever

I haven’t written about enterprise scale piracy in a while. Not because it’s gone anywhere. Quite the contrary, it’s still growing. But it is easy to feel as though all the major points have been covered, that there is nothing much new to say on the matter. Somewhere on this blog, there is at least a post or two responding to just about every rationalization for piracy, and there seems to be little value in repeating most of that. But a new report released by Digital Citizens Alliance, in collaboration with NAGRA Kudelski, does reveal a couple of new topics that deserve the attention of consumers, law enforcement, and policymakers.

The report titled Money for Nothing focuses on the multi-billion-dollar trade in illegal Internet Protocol Television Services (PS IPTV) that DCA currently estimates to be worth at least one billion dollars annually from U. S. operations alone. In a nutshell, the consumer sees an ad, often on a social media site, that offers hundreds, or even thousands, of channels for an inexplicably low subscription fee. The customer buys a black box similar to a cable converter that is typically preloaded with firmware that will stream material (both live TV and recorded motion picture content) that is illegally obtained worldwide through a vast network of pirate server operators.

On the one hand, a consumer who takes an offer to access that much material for $10-$15 a month ought to know something ain’t right; but at the same time, I think about the number of senior citizens who so often fall prey to what would seem like obvious scams. And given the dramatic ways in which TV viewing has changed in last decade or so, it is plausible that many a Boomer might believe these services are legitimate. After all, these illegal services look very slick, with on-screen user interfaces that work just like legit services. And isn’t piracy about free access?

“Because subscribers are paying someone for the content, and because the storefront websites and apps are often well designed, and posing as legitimate, some consumers may believe they are using a legal service.

The DCA/NAGRA report estimates that there are about nine million American households currently subscribing to pirate IPTV services, and this is a significant number relative to subscription TV overall. In 2013, there were an about 100 million households subscribing to pay TV, today that number is about 86 million, and it is predicted that by 2023, this number will drop to around 73 million subscribers.[1] Those stats measure traditional paid “cable” services and do not reflect how many households have “cut the cord” but also switched to other paid services like Netflix, Hulu, Amazon Prime, etc.

For instance, Netflix enjoys 167 million U.S. subscribers, and most customers subscribe to more than one of these services, suggesting that willingness to pay for TV and film entertainment is still fairly healthy overall. At the same time, however, nine million pirate IPTV users in a dynamic market is a number to keep an eye on, and it would be useful to have some insight into both the motives and the general understanding among these subscribers. Are they belligerent and still rationalizing piracy? Are they naïve and don’t know that they’re subscribing to criminal organizations? Are they viewers who “cut the cord” but simply want cheap access to TV channels, etc. in addition to the major streaming services?

Whatever the motives or attitudes may be for subscribing to these services, both consumers and law enforcement should be aware that, in addition to harming legitimate production and distribution models, pirate IPTV providers are one part of a whole smorgasbord of online criminal activity. As DCA has reported in the past, piracy sites are honeypots where a visitor has a roughly 30% chance of contracting malware that can be used for identity theft, ransom schemes, spying on households by controlling devices, or directly obtaining money, credit card numbers, or passwords.

Moreover, the new reports states, “NAGRA also found a scheme where the residential Internet connections of pirate IPTV customers are turned over to others – who could potentially use them for illegal activities, such as accessing child pornography, committing fraud, or participating in cyber attacks.” What that means is that the IP addresses of the subscriber base can be tasked as a distributed VPN used by criminals to hide their tracks while engaging in various illegal activities.

So, not only does a pirate IPTV subscription help support cybercrime, but subscribers themselves can wind up implicated if their IP addresses are used in connection with certain activity. So, it is not farfetched to think that paying $10/month for that all-access pass can result in a knock on the door by authorities wanting to question the subscriber about accessing child pornography or some other crime far worse than media piracy. And it cannot be a fun conversation to alibi a major crime by admitting to a lesser one.

 The Money for Nothing title derives from the fact that even the smallest players in the IPTV “industry” can generate substantial profit margins from relatively little investment—because of course they don’t bear the cost of licensing the material they distribute. One irony that’s hard to miss in this regard is that DCA describes a hierarchy of retailers buying distribution credits from wholesalers, which is fundamentally a licensing scheme, albeit for contraband material. Funny how permission is a constant, even among a network of thieves.

As consumers continue to change their viewing habits, and legitimate creators continue to adapt to the changing market, DCA and NAGRA are right to ask that policymakers track the development of these unlicensed IPTV services. Even if they were not directly antagonistic to legitimate distribution models (and they are), they remain intertwined with trafficking, extortion, child pornography, identity theft, and other forms of cybercrime. And nine million supporters of that activity is a lot more than too many.

[1] Source: Statista.

UPDATE: As originally published, I made too casual use of the term IPTV without the qualifier “pirate.” There are legal IPTV services. Thanks to Hugh Stephens for the note.