As part of Piracy Monitor’s 2021 Video Security Summit, event partner Colin Dixon, Chief Analyst of nScreenMedia, interviewed Ilker Uergenc, Tech Solutions Specialist at Akamai Technologies, who illustrated the size of the piracy problem for streaming services using detailed data and demonstrated how an attack works. Mr Dixon wrote this article.
In real-life tests, Akamai found that 40% of streams at a major sporting event were delivered to fraudulent clients. 8% of streams delivered by an on-demand service were also fraudulent. Here is how pirates launched their attacks. Akamai was a Lead Sponsor of the 2021 Video Security Summit.
Chapter 1: Introductions (00:50)
Mr. Uergenc introduces himself and what he does.
Chapter 2: The Dimensions of Piracy (1:20)
Mr. Uergenc reviews recent data characterizing the amount of piracy and regional hotspots. One of the data points he shared was a tracking test run by Akamai. It examined the IP addresses of streamers to a video site. During the test, the video site delivered over half a million hours’ worth of content to 11.2 million different IP addresses. The test revealed 7.7% of the IP addresses to be piracy. The IP addresses were deemed fraudulent because they were from VPNs, were shared, or came from unexpected devices running various piracy tools.
Chapter 3: The shift from torrent to streaming piracy (5:00)
Much of the conversation about piracy has focused on torrent sites. However, much of the pirate video activity has shifted to streaming. Piracy sites have become so adept at providing the video they sell subscriptions. Their customers may not realize they are subscribed to a pirate service.
Chapter 4: Anatomy of a sports piracy attack (7:00)
To illustrate how an attack on a streaming service is executed, Mr. Uergenc describes what happened at a recent major live sports event. He says that 40% of the content served was to fraudulent streamers. He also shows how the attackers shifted their attack strategy over the several days of the sports event.
Chapter 5: Application layer and DDOS attacks (9:30)
Application layer attacks work on vulnerabilities in the APIs (app programming interfaces) used by streaming client apps. The attacker can hire a hacker very cheaply to write scripts that take advantage of these API vulnerabilities.
Mr. Uergenc describes DDOS (distributed denial of service) techniques used by pirates to overload the servers powering a provider’s service.
Chapter 6: What happens between attacks (13:30)
Attacks tend to come in waves. Between each wave, pirates are taking what they learned in the previous wave and crafting a new approach to get around the defenses they previously encountered.
This interview was part of the 2021 Video Security Summit, conducted by Piracy Monitor.