At the 2022 NAB conference in Las Vegas, Synamedia showcased three descriptively named elements of its anti-piracy portfolio: OTT ServiceGuard, CSF Eye – where the ‘CSF’ is Credential Sharing and Fraud – and Streaming Piracy Disruption (SPD). Other Synamedia solutions at NAB included its Clarissa analytics platform, streaming security and multi-screen delivery platforms.
Common areas of vulnerability
Synamedia describes four areas where media and entertainment providers are vulnerable to piracy. The first is through applications built on open software platforms, which run on mobile devices, Web browsers, and streaming-capable boxes; in which some software environments are more secure than others.
The second is for authentication (OAuth tokens), which can be manipulated. The third is concurrency of access, in which pirates can disguise their access and make it appear that only one user is accessing a service. The fourth is in CDNs, where tokens can be duplicated and the same tokens may be allowed to access multiple plays or services.
Detecting credential abuse within legitimate streaming accounts
The premise behind OTT ServiceGuard is that while credential sharing is not piracy in itself, unsupervised credential sharing can result in unauthorized use (or, piracy). OTT ServiceGuard enables video providers to set parameters for concurrency, how to recognize and track it, and what to do about it. The platform uses AI and machine learning to help determine whether an individual user has a relationship with a legitimate subscriber household, and if not, to prompt a policy decision toward what to do about it.
This is particularly timely, after Netflix reported a plateau in revenue this quarter, in the face of increasingly powerful competition. The situation has forced Netflix to re-evaluate its business model and institute user fees for account sharing.
Control over account sharing can improve revenue
To demonstrate its CSF Eye platform, Synamedia showed a simulated video service with 359,000 household accounts, in which behavioral models and analysis revealed account sharing to about 72,000 additional households, which were identified to be candidates to convert to paying subscribers themselves.
Another consequence of excessive account sharing is a corresponding amount of excessive transport expense. The operator could then estimate the savings associated with this excessive use: “If we can reduce the cost of transport per hour by $0.01, at a sharing rate of 15%, we can gain $328,000 in return.
In another demonstration, a pirate script monitored an account and waited for requests from a pirate client, to open an asset for streaming. Once open, the pirate “tricks” the CDN so that when a second player makes a request, the CDN’s control plane doesn’t see the subsequent requests (the player count remains at one).
With the Synamedia countermeasure in place, the second request is detected and the user gets a ‘404’ (not found) message. The Synamedia process was described as analogous to air travel, where a boarding pass alone was once sufficient for boarding. But now, we can’t board the plane without a government-issued ID.
While some media accounts with sharing behavior may be very active, others are not. In another demo scenario, observations were made for three weeks, at the end of which, the platform saw 27% of users exhibiting ‘excessive viewing,’ meaning that they could be candidates to take further action.
Another benefit of monitoring is to detect patterns of viewing within a household account that has a known number of devices. Some devices remain in fixed locations, such as set-top boxes. Other devices are known to move. Monitoring may reveal that the location of one of the fixed devices is not the same as the others on the account, and a rule can be set so that such instances can be recognized and escalated for decision.
Based on behavioral analysis, some sharing situations are benign while others represent piracy. If a piracy situation has been detected, the video provider might monitor the situation to build further evidence, or take immediate action. One action might be to disable the user’s access: “We have detected unauthorized access to your account. Please re-set your password to continue;” which shows the subscriber that the video provider saw the activity, and that the video provider is concerned about the user’s security.
Another action could be to degrade service, or in cases where the individual user is within a household’s five-user limit but has exhibits anomalous behavior, to present a marketing offer: “three months free if you join today.” OTT ServiceGuard also can automate the process of filing a DMCA take-down notice to rights-infringing distributors.
Disrupting a piracy operation
Synamedia’s Streaming Piracy Disruption (SPD) platform enables a video provider (or Synamedia, as a service) to launch campaigns that watermark a playlist of licensed content over a defined over a span of time, by type(s) of content, and by chosen distribution channel(s), which are monitored over time.
A Synamedia operational security team will buy a suspected pirate’s illicit streaming devices (ISDs), download the pirate apps, and reverse-engineer them to discern how they work. Social networks are monitored for private links to streaming sites, or directly to stolen content assets.
When the anti-piracy campaign is executed, video captured through these devices can be stored as evidence. Synamedia’s SPD platform also presents aggregated results for all campaigns, such as “Out of 2,400 streams monitored, 53% were viewed through ISDs, 27% over Web and apps, and the rest over social media. 25% of the streams were disrupted. 80% of those streams were re-scanned to verify that they were taken down permanently and did not reappear through a different domain, IP address or device.”
Synamedia presents a single framework and portal within which to present each of its platforms. Underlying this, Synamedia runs a service that monitors where piracy is happening around the world. The company believes that this intelligence both helps it improve its security engine, and because all customers have similar vulnerabilities, the platform provides a reference point for individual customer installations.