Publicizing the closure of a big pirate service, the arrest of its operators, and the seizure of their assets, is a golden opportunity to discourage future crime by practical example.
It doesn't matter how successful you are, you will be caught, and your riches will be taken away, the message goes. But while anti-piracy groups and law enforcement agencies publicize headline-grabbing statistics about the services they target, it's not uncommon for the services themselves to go unnamed.
Considering that reduces the deterrent effect, it's probably a calculated decision.
Massive International Operation, Maximum Publicity
On June 10, 2020, the European Union Agency for Criminal Justice Cooperation (Eurojust) announced that authorities in Spain, Denmark, Sweden and Germany had arrested 11 people as part of a massive international investigation into a pirate IPTV platform with two million subscribers.
When all of the service's live TV streams and VOD items (movies, TV shows) were added together, the mystery service reportedly offered around 40,000 'channels'. Eurojust said that 50 of the IPTV provider's servers had been "taken down" but the service itself wasn't mentioned by name.
As part of the operation, police seized real estate, luxury cars, jewelry, cash, and cryptocurrency worth a reported €4.8 million. Another €1.1 million was frozen in various bank accounts. Eurojust revealed how payments were accepted by the IPTV platform and even explained how its owners – a Spain-based "organized crime group" – maintained payment processing servers in Poland.
A parallel statement by Europol, the European Union Agency for Law Enforcement Cooperation, put a little more meat on the bones. Their announcement read slightly differently, noting that authorities "took down 50 IP addresses and part of the online criminal infrastructure" but in the headline stated that the IPTV platform had been "switched off".
The EU law enforcement agency published an interesting video but, in common with Eurojust, did not name the service in its press release.
Europol's statement noted that police were working hard to obtain information that would "effectively dismantle" the criminal group behind the IPTV service. After arresting the alleged ringleader in Spain, they were already off to a good start.
Reportedly known as 'Dash The Iranian' among his colleagues, businessman Amir Zalaghi is the central figure in the Spanish investigation. It's alleged that he'd made at least €15 million from his pirate IPTV platform in the two years before the raids, with around €1.6 million invested in a luxury Spanish property and €400,000 spent on the vehicles pictured below.
Information published by EU law enforcement agencies at the time of the raids generated a lot of interest, and quite rightfully so. Shutting down a pirate IPTV service with two million users should be a seismic anti-piracy event, because when a pirate service 'runs away' with cash paid upfront by two million subscribers, that generates an awful lot of noise online.
In the days following June 10, 2020, that didn't really happen. The raids reportedly took place on June 3, 2020, days in advance of the official announcement, but whether anyone noticed any major disruption is still unclear. There are reports of a service suffering disruption for around a week at that time but no sign of any service being 'dismantled'.
More Information Trickles Out
Over time, more details about the operation appeared in various anti-piracy documents and reports. A statement from anti-piracy company NAGRA said that the "shutdown" of the "piracy ring" was the result of criminal complaints and the involvement of Deutsche Fußball Liga (DFL), Spanish league LaLiga, NAGRA, and Nordic Content Protection. The Alliance for Creativity and Entertainment was also involved.
NAGRA reported that several individuals had already been charged with various offenses, including crimes against intellectual property, communications fraud, money laundering, and involvement in a criminal organization. It was confirmed that the suspected leader of the group (now known to be Amir Zalaghi) and around ten others had been arrested – a total of four in Spain, one in Germany, three in Sweden, and another three in Denmark.
Soon after the initial announcement, TorrentFreak was informed that the "dismantled" pirate IPTV service was RapidIPTV, something we reported at the time. But while that detail was good to know, it didn't really help us to properly pinpoint which service had apparently disappeared.
Due to the popularity of the original RapidIPTV, many services have been operating under that name for years. Only adding to the confusion was that none seemed to have suffered a catastrophic failure. Deutsche Fußball Liga had been filing DMCA complaints containing RapidIPTV.net URLs, but in isolation that didn't prove much.
Eurojust did mention that the 'criminal organization' behind the service dates back to 2014, so that could potentially rule out all newer (and potentially unconnected) RapidIPTV domains except RapidIPTV.com, which was first registered in October 2014.
But whether users go to RapidIPTV.com or its .net variant, the results are the same today as they were in 2020. It's online, in business and apparently going nowhere. The same is true for the IPTV service's dedicated support forum at IPTV.community, where the previously mentioned disruption was reported.
Any number of operational reasons could've led to the decision not to tell the public that RapidIPTV.net was the platform targeted in the raids, but we can confirm that it was. That it stayed mostly online and didn't go out of business would've caused a lot of confusion if it had been named, so that alone would've been a good reason not to identify it.
The fact that RapidIPTV suffered some disruption but quickly returned to normal service may even have been anticipated, but press releases from various entities painted a different picture. Some servers/IP addresses may have been disconnected and/or seized but any successes in keeping RapidIPTV down appear to have been short-lived.
Owner, Service and Operation Named
'Operation Atria/Sohan' or the 'Atria-Sohan Operation' appears to be the name given to the investigation, but there are few references to it online. One mention appears in a letter sent to 'Francisco' by MPA anti-piracy chief Jan Van Voorn, who thanked the Spanish National Police for their great work (pdf).
Francisco Pardo Piqueras is General Director of the Spanish National Police and respect between him and the MPA appears mutual. In October 2021, Piqueras presented MPA chief Charles Rivkin with the Distinguished Cross of the Police Merit with Distinction, the highest award the Spanish National Police can give to a civilian.
The meaning of 'Atria-Sohan' is absent from the letter but we suspect that a pirate IPTV system isn't the only technology under scrutiny in this case. The cryptocurrency investigation was obviously a big success and has already been used in training presentations. Right now though, more information is available on the IPTV service itself.
RapidIPTV is known for its reseller capabilities and according to the prosecution's case in Spain, the movie and TV show services offered via RapidIPTV.net, RapidIPTV.com, IPTVStack.com, and IPTV.community, were available to buy on roughly 1,000 other websites. The platform advises resellers that service is unavailable in two countries – China and Iran. Europol previously mentioned a Middle East connection.
While 50 servers were indeed targeted in the July 2020 operation, that represented a fraction of the service's overall infrastructure. RapidIPTV reportedly had 40 server farms in 14 different countries, all configured to keep functioning even if some of the servers went down. It's unclear if that information was known from the beginning but the system appears to have avoided a complete collapse.
Entertainment Companies Launch Prosecution
Major entertainment companies harmed as a result of the alleged crimes in the case are now involved in a private prosecution, as allowed under Spanish law. Companies including Disney, Warner, Universal, Columbia, Paramount, Netflix, Sony, New Line, and LaLiga have joined forces against the "criminal gang" after they generated millions from their copyrighted content.
Funds generated by the group were reportedly laundered through various payment gateways, cryptocurrency exchanges and shell companies. False invoices were used to give the impression the registered companies were doing some legitimate business.
As the legal process continues in Spain, developments relating to the same investigation are also being reported in Scandinavia.
Rights Alliance Announces Two Convictions
Danish anti-piracy group Rights Alliance was involved in the investigation that led to the June 2020 raids. In 2019 it developed "strong suspicions" that there were connections between Danish citizens and an international pirate IPTV network. Rights Alliance filed a request for SØIK, the State Prosecutor for Serious Economic and International Crime, to get involved.
Among the 11 people arrested in 2020 as part of 'Operation Atria/Sohan', three were from Denmark. Prosecutions were pursued against two men, aged 42 and 48, for selling illegal pirate IPTV subscriptions. Both pleaded guilty and have now been sentenced.
"[E]ach received a 4-month suspended sentence and confiscation of just over DKK 38,000 ($5,130). The two men convicted offered and sold illegal access to over 5,000 TV channels, including Danish channels such as TV2, TV3 and Kanal 5 as well as international channels," Rights Alliance reveals.
"In addition, they also sold illegal access to films and series, among other things through popular streaming services such as Netflix and HBO, just as they also made films available independently of TV channels and streaming platforms."
In total, the two men generated around $27,000 from their sales. It's a relatively small sum but large IPTV services can have thousands of these reselling partners, who effectively act as front men but have to pay in advance for the subscriptions they offer. That being said, it's easier than going it alone.
Everything Under One Roof
The case underway in Spain refers to RapidIPTV's reseller network as a pirate IPTV 'franchise', which enables resellers to create their own branded service as a subsidiary to the main platform. Since the service is still up, reading the website or watching an IPTVStack-branded tutorial provides a decent overview.
People who resell RapidIPTV subscriptions are given access to sophisticated tools that enable them to run what amounts to their own streaming business but without having to worry about content or management tools.
Other worries are harder to overcome because they come with the territory.
From: TF, for the latest news on copyright battles, piracy and more.
In June, the US Copyright Claims Board 
Copyright holders are increasingly demanding that ISPs should block access to pirate sites in order to protect their business.
