Cracking Down on Content
Posted on May 1, 2024 by FEED Staff
As streaming becomes ever-more prominent, content security in broadcasting will remain a critical concern. Our panel of experts share the best solutions to the piracy problem, plus challenges they’ve faced when tackling a breach
The experts
Robin Boldon, head of product, Friend MTS
Crystal Pham, vp operations and programme management, Trusted Partner Network (TPN)
Mike Mulready, vp of cyber services, Irdeto
The host: Verity Butler
FEED: What are the biggest security risks faced by the broadcast and media tech industries?
CRYSTAL PHAM: The media industry is constantly evolving, whether it’s disruptive technologies or changing consumer content consumption.
Trends show that security attacks against content and personal identifiable information (PII) are occurring earlier in the media supply chain.
There are also more places to secure: on-premise facilities and hardware, private and public clouds, remote facilities, at home and on multiple devices.
Remote work has greatly impacted the media tech industry, and even though it has boosted creativity leading to more content, using public networks (airports, coffee shops, libraries etc) is not particularly secure.
Since applications reside on a wide range of hardware and devices, vulnerabilities can be difficult to find and patch.
Vulnerable applications can also give attackers a gateway to access data on platforms that were never intended to be accessed, such as other user data and account information.
Attackers can also render these devices useless through denial-of-service attacks.
As OTT platforms continue growing, so do the risks associated with data breaches, unauthorised access and content piracy.
Since OTT service providers rely on public internet to distribute their content to reach as many viewers as possible, the attack surface is wide.
Plus, many OTT services are interconnected with other data and applications.
For example, lost data for a single OTT application could include user credentials, payment information, user data, shopping habits and connections to other high-value applications from single sign-on (SSO) data.
MIKE MULREADY: The broadcast, streaming and media tech industries are confronting a wide array of security challenges. One of the foremost concerns is content piracy, where unauthorised access and distribution of copyrighted material lead to significant revenue losses and devalue original content.
Cyberattacks, including network breaches to steal sensitive data or disrupt services, present a persistent threat.
The misuse of legitimate access credentials – through either sharing or theft – gives unauthorised access, while phishing and social engineering tactics deceive individuals into compromising confidential information.
API and interface security is another critical concern, as insecure APIs can serve as entry points for cyberattacks.
Intellectual property theft extends beyond content to include trade secrets and proprietary technologies, greatly impacting competitiveness.
Emerging threats like deepfakes and synthetic media, generated by AI, pose risks for misinformation and fraud, complicating the landscape further.
Addressing these multifaceted security challenges demands complete cybersecurity strategies – encompassing encryption, watermarking, AI-driven solutions and ongoing vigilance to protect against evolving threats.
ROBIN BOLDON: We see three prevalent and financially damaging security threats: content leaks, platform design vulnerabilities and cyberattacks.
Content leaks and the for-profit redistribution of unlicensed content by pirates can occur from production and post-production workflows, plus final distribution channels.
Monitoring various pirate sources for leaked content is crucial to ensure it is detected and taken down before any significant financial losses are incurred.
Scale, scope and automation all have a key role to play in enabling rapid action – given the sheer number of illicit sources, delivery platforms, apps and devices that pirates use, as well as the speed leaked content spreads through extensive pirate networks.
At the same time, platform design vulnerabilities need to be addressed to prevent content from getting into illicit channels. Issues such as a lack of DRM key rotation, session binding, deprecated CDM revocation and account fraud analysis all need to be taken into account.
Cybersecurity should be a focus for any organisation operating in the digital world.
Cyberattacks to obtain sensitive IP and information for the purposes of blackmail, extortion or reputational damage are an ongoing threat and for the M&E industry.
Fraudulent, for-profit credentials sharing is a growing issue.
FEED: Are there some recurring trends when it comes to protecting content?
MIKE MULREADY: Here are some of the key trends are shaping the strategies and technologies being deployed:
• Watermarking: Unique marks are invisibly embedded into video content before broadcast, containing identifying information. Specialised systems scan live streams for these watermarks, detecting unauthorised distribution.
• Site blocking: A technique used to restrict access to websites or online platforms known to host or facilitate the distribution of copyrighted content illegally. The process typically involves legal action against internet service providers (ISPs) or other intermediaries to compel them
to block specific websites at the network level.
• App protection: Protecting the application plays a pivotal role in fortifying video service platforms’ security, serving as a cornerstone in the defence against video piracy in general. This approach involves a range of measures to prevent reverse engineering, unauthorised tampering and malicious clones. Techniques such as code obfuscation, anti-tampering and integrity checks bolster the resilience of applications against threats.
• Device blocking: This is a proactive measure crucial in curbing video piracy, serving as a pivotal defence mechanism against use of compromise devices. By maintaining a comprehensive list of authorised devices and employing robust device identification mechanisms, streaming providers can effectively block access to content from unauthorised or compromised devices.
ROBIN BOLDON: One trend is the need to ensure baseline security is sound. We’re aware of cases where basic entitlement security – the integration of DRM with content delivery infrastructure (CDN) – hasn’t been implemented properly, making it easy to access premium content.
Other trends we’re seeing include:
• The circumvention of geo-blocking using VPNs and
proxy servers
• The theft and unauthorised sharing of session tokens from legitimate viewers
• The extraction of content keys from licensees by taking advantage of a device’s security vulnerabilities
• The sharing of user credentials – either casually within family and friend groups or on an industrial scale for-profit and commercial gain.
CRYSTAL PHAM: While ransomware and phishing attacks are not new, they occur more frequently, being more sophisticated and impactful than ever before.
FEED: Could you offer an example of a security breach you feel broadcasters could learn from?
ROBIN BOLDON: A common OTT distribution breach we see is when a service provider is relying solely on the use of DRM to protect premium content, with absolutely no consideration given to restricting access to the actual video content – in technical terms, the manifest and segments. This means if a pirate is able to extract the decryption key from a DRM licence, the content can be readily accessed from the CDN and decrypted by any user. This problem is then further exacerbated by infrequent key rotation; in other words, the keys remain unchanged for months at a time, and the same key issued to protect multiple linear channels and across multiple adaptive bit rate (ABR) ladder variants, which is very good news for pirates because it makes it all too convenient to ‘hack once and hack all’.
MIKE MULREADY: Irdeto Cyber Services team contributed to the shutdown of Mobdro, the world’s largest illegal streaming app. Modbro had a large catalogue of live TV and video content from around the globe – including live sports, gaming, music, podcasts as well as several VOD channels airing TV series and movies 24/7 to more than 100 million users. This journey wasn’t easy, but rather a lengthy process with much investigative work and collaboration with the Premier League, La Liga and law enforcement agencies in Spain, Andorra and Portugal dating back to 2018. Research estimates Modbro’s overall illegal profits at more than €5 million, affecting many rights owners and broadcasters (including many of our customers), so it is extremely rewarding to see our contribution led to its shutdown.
Irdeto has previously assisted one of our clients to tackle a worldwide piracy incident where our customers channels were made available on a pirate set-top-box and sold in many countries. The pirates rebranded the channels and added their own commercial breaks. This made it hard for the consumer to differentiate between official and unofficial content.
Irdeto has worked to remove advertisements of these devices, investigated how the content was being stolen, having rebroadcasted and assisted in placing features to prevent these pirates from stealing the channels. Irdeto also identified some of the people behind this operation and captured key evidence, which enabled our client to commence litigation. This resulted in the shutdown of this pirate network, which was causing commercial harm to our client.
FEED: What examples have your worked on to help protect content?
MIKE MULREADY: In addition to providing comprehensive coverage of the Rugby World Cup 2023 matches, Dstv and Irdeto successfully thwarted piracy attempts through real-time interventions. By employing a multifaceted approach including forensic watermarking, technical investigations, IP blocking and real-time analysis, they ensured pirate operations were disrupted globally. This resulted in minimal piracy of live games within South Africa. Legitimate viewers enjoyed seamless access to the tournament while pirates faced significant obstacles. The combined efforts of automated technologies and human analysis enabled pre-emptive anti-piracy measures, preventing pirates from acquiring new credentials and continuing illegal activities. These interventions led to immediate successes and highlighted the effectiveness of proactive anti-piracy strategies in safeguarding intellectual property rights and promoting legitimate viewing channels.
A valued Irdeto customer requested investigative support into an active piracy threat. Intelligence about the pirate operation was identified, which indicated that this operation was specifically targeting the customer’s content. The content was offered in many different ways and channels; it was even wholesale (such as selling streaming devices in bulk to resellers), making this streaming pirate a huge streaming threat.
The Irdeto anti-piracy team supported the customer with a covert investigation, which included making test purchases directly from the pirate and technical investigations into the provided devices and service. As result of an ongoing investigation – persistence and expertise combining OSINT with data acquired during the technical and covert investigation – the Irdeto team was able to find an identity behind the streaming pirate operation.
Because of this investigation, the team was able to create a comprehensive case file including evidence about the streaming operation, which helped tremendously with forwarding the casework to law enforcement in the Netherlands.
ROBIN BOLDON: Friend MTS has developed a portfolio of comprehensive technology solutions to combat the unique real-time challenges of live broadcast piracy. By developing our technology in-house, Friend MTS has effectively solved the challenges of identifying content piracy at scale and in real-time as the source is broadcast.
Owning the end-to-end technology means Friend MTS can very quickly adapt to combat changes within pirate infrastructure and their attack vectors.
We recognise the immense value of media ecosystem integrations. Our solutions tightly integrate with CDNs, DRM vendors and content processing services, in addition to social media platforms, ISPs as well as various hosting providers.
Critically, we invest in a complete R&D programme fully supported by actionable intelligence to ensure the protection of content.
CRYSTAL PHAM: At the Trusted Partner Network (TPN), our framework allows our community to proactively identify security vulnerabilities and remediate them to keep content secure. At the heart of TPN are the shared experiences and lessons learned, which feed the continuous improvement and progress we’re making together as an industry.
The MPA Best Content Security Practices are a key tool, as they provide the framework and implementation guidance for securely storing, processing and delivering protected media and content.
FEED: How can broadcasters bolster their protection of consumer data?
CRYSTAL PHAM: A company-wide content security policy is an excellent and effective way to reduce vulnerabilities. There are also numerous best practices:
• Ensure secure connections, and do not log into applications from unsecured networks
• Keep applications regularly updated and patched
• Use strong passwords and authentication mechanisms
• Do not share your accounts or credentials with anyone
• Always install OTT applications from trusted sources
• Leverage the Motion Picture Association (MPA) Best Practices and complete a TPN assessment (self-assessment or third party).
MIKE MULREADY: To enhance consumer data protection among the rise of VOD, mobile apps and streaming services, broadcasters should focus on key strategies: implement strong encryption for data; enforce strict access controls; minimise data collection; conduct regular security audits; adhere to data protection regulations; apply secure development practices; integrate privacy by design; train employees on data security; and establish a solid incident response plan. These measures collectively strengthen data security against potential breaches and unauthorised access.
ROBIN BOLDON: Prioritise security requirements and follow industry standards such as ISO 27001, GDPR when designing services that collect and retain consumer data including staff training, data access methods and incident response.
Know your customer by implementing systems to identify fraudulent behaviour patterns – particularly for account sign-ups, free trials, payment fraud and account abuse, combining them with early warning signals from content delivery platforms to identify specific user fraud, device abuse, content leaks and platform vulnerabilities.
Set up clear incident management – often referred to as the OODA loop (observe, orient, decide, act) – if a breach is detected, a broadcaster can mitigate the risk. Lessons learned from the attack should form part of a continual improvement process.
Consumer education programmes are also important with the likes of the MPA running campaigns to raise awareness of the personal risks of illegal content streaming, including malware and identity fraud.
FEED: Any advice for someone hoping to make an impact in the content security space?
ROBIN BOLDON: Identify how to measure the impact and efficacy of your security programme with your key stakeholders. Do a security audit to identify potential vulnerabilities and gain insights into the platform’s performance. Security audits should be carried out regularly to ensure a platform is robust to new forms of attack.
Choose a content security provider who has a deep understanding of the pirate ecosystem. Pirates will always find new ways to exploit weaknesses in the broadcast and video supply chains – so to make an impact that a content security provider needs to anticipate – adapt and scale with anti-piracy techniques that keep pace with the rapidly shifting landscape, as well as addressing the pirates’ talent for reinvention.
Collaborate with other industry participants to share knowledge and patterns of pirate behaviour. Join with trade associations such as AVIA, CDSA and AAPA to keep informed and updated. Campaign for change in legislation alongside supporting law enforcement operations and collective litigation.
CRYSTAL PHAM: An always-on security mentality allows an organisation to adapt its security policies and practices alongside varying degrees of risk. As content security awareness continues to build, we’re witnessing a shift toward creating a corporate culture of security – putting security first rather than as an afterthought.
MIKE MULREADY: To make a meaningful impact in the anti-piracy, content and cybersecurity sectors, staying updated with the latest industry developments is essential. This means continually educating yourself about new technologies, trends and challenges. Technical proficiency in key areas such as digital rights management (DRM), encryption and network security is crucial – as is a solid understanding of the legal frameworks governing digital content and cybersecurity.
It’s crucial to accurately assess the impact of piracy by conducting a thorough analysis of data. This involves correlating content delivery network usage with user login and other system data, utilising both traditional analytics and artificial intelligence technologies. For livestreaming platforms, correlating digital rights management data with CDN data can help identify unauthorised streams. Using techniques like CDN tokenization or tagging on both ends can further facilitate seamless correlation. Moreover, identifying users involved in unauthorised activities is vital for targeted mitigation efforts.
This masterclass was first published in the Spring 2024 issue of FEED.
