Saturday, January 27, 2024

TorrentFreak's Latest News

 

Dish & Sling Sue 'Pirate' IPTV Operation For Circumventing Widevine DRM
Ernesto Van der Sar, 26 Jan 10:08 PM

dish slingWith more ways to stream online video than ever before, protecting video continues to be a key issue for copyright holders.

This is often achieved through Digital Rights Management, better known as DRM; an anti-piracy tool that dictates when and where digital content can be accessed.

Widevine DRM is one of the leading players in the field. The Google-owned technology is used by many of the largest streaming services including Amazon, Netflix, Disney+ and others. As such, keeping it secure is vital.

Unfortunately for rightsholders, most protection measures have their weak spots. Widevine DRM comes in different security levels and pirates have repeatedly shown that the lower specifications are not exactly watertight.

Lawsuit Against 'DRM-Bypassing IPTV Pirates'

As a result of these and other weaknesses, pirate IPTV services are booming. This is a thorn in the side of Sling TV and parent company Dish Network, which sued one of these operations in a U.S. court this week.

The complaint, filed at the federal court in Atlanta, targets "Channel Wala", "Doordarshan," and several related individuals and companies, all from Georgia. They stand accused of selling set-top boxes (STBs) through their websites and Amazon stores.

One of the stores

STB

While the hardware itself is not illegal, the sellers also promoted free trials and paid subscriptions through stickers on these streaming boxes. These were more problematic, according to the undercover agents who purchased them.

"An investigator purchased a STB from Defendants through Channelwala.com. Upon receipt of the STB, the investigator messaged Defendants at the WhatsApp number on the sticker on the box and requested a free trial of the Services."

The Whatsapp conversation below shows that the investigator did get the promised free trial. This allowed them to access Dish and Sling channels, as well as those of many other media companies. According to the complainants, this is all done without permission from rightsholders.

Undercover WhatsApp (large)

whatsapp

Stickers and Flyers

In addition to the free trial, the investigator also discovered boxes with other stickers through Channelwala.com and the "MAG Box store" on Amazon. These versions directed buyers to visit Tvplususa.com, where they could get setup instructions and a streaming subscription for $6.99 per month.

All of these offers are unauthorized, Dish and Sling say. Besides the sticker promos, the plaintiffs also ran into several advertisements on Facebook and even flyers in physical stores throughout Atlanta.

"Defendants market the Services by distributing flyers and business cards in Indian grocery, liquor, and retail stores, gas stations, and other locations in the Atlanta metropolitan area," the complaint reads.

Flyers

flyers

As shown above, these flyers advertised the IPTV streaming service as an "Authorized Retailer" for Dish and Sling, which people could "WATCH FOR $7/mo." This amounts to false advertising and misuse of the Dish and Sling trademarks, the complaint notes.

Circumventing Widevine DRM

Thus far, the allegations are pretty straightforward. The people and companies involved, including Channel Wala LLC and Parshva Distributor LLC, sold set-top boxes that were linked to pirate IPTV services. However, it doesn't stop there.

The complaint adds several DMCA violations, accusing the defendants of circumventing Widevine DRM. This is not the first time that Dish and Sling have brought DRM-related claims before a court, but here they are rather specific about what happened.

"The Widevine DRM […] is circumvented using a specially developed computer program that emulates the behavior of a reverse engineered hardware device," the complaint explains.

"The computer program tricks Sling's Widevine DRM server to grant access and provide a channel decryption key by making the server believe the request originated from a legitimate Widevine supported device that would keep the channel decryption key secured."

The reverse-engineered hardware doesn't keep Sling's programming secure, of course, as it can easily be copied now.

"The unencrypted Channel can be uploaded to a server outside of the Sling platform and retransmitted to any number of users that can receive the Channel without purchasing a legitimate subscription from Plaintiffs," the complaint notes.

Cease and Desist

The DRM circumvention technique is described in detail but it's not immediately clear if the defendants had a hand in coding it. They are accused of using it, however, to pass on a variety of protected channels, also from many other rightsholders who use Widevine.

Last summer, Dish reportedly warned the defendant about their presumed illegal activities. The company sent a cease and desist notice in June, asking them to stop, but without result.

According to the complaint, some sites were taken down but the IPTV operation kept working with resellers. Defendant Abhishek Shah allegedly runs a $20+ million business, while encouraging resellers to ignore the legal threat and keep going.

"Abhishek Shah forwarded an image of Plaintiffs' cease and desist letter to numerous resellers that purchase the STBs and Services from Defendants stating he has made more than $20 million, 'continue business as usual,' 'DISH can't stop us,' 'I am putting down my website but it does not impact you in any way,..," the complaint reads.

Injunction and Damages

Through the lawsuit, Dish and Sling hope to recoup damages, which could easily run into many millions of dollars. Besides the DMCA violations, where every subscription sold is seen as an individual offense, the rightsholders also request damages for trademark infringement.

Finally, they seek a permanent injunction to shut down the IPTV operation and have all infringing products destroyed.

At the time of writing, the Channelwala.com, Thegreatiptvsub.com, and Tvplususa.com websites are all offline. However, the resellers may still be in business, as the defendants instructed.

A copy of the complaint Dish and Sling filed at the federal count in Atlanta, Georgia, is available here (pdf)

From: TF, for the latest news on copyright battles, piracy and more.

Police Website Offers Pirated Live Sports Streams as IPTV FOIA Requests Denied
Andy Maxwell, 26 Jan 01:20 PM

police-uk-foiaFor the past few years, regional police forces in the UK have shown a growing interest in cracking down on those involved in the supply of illegal streams.

With regional organized crime units now part of the mix, joint press releases featuring police, the Premier League, Sky, and the Federation Against Copyright Theft, report enforcement action on a fairly regular basis. The importance of protecting copyright holders from criminal groups is the overriding message but for the last 12 months in particular, emphasis has shifted to include those who consume pirated content too.

A see-saw of deterrent messaging warns consumers not to become a victim of crime, through malware, fraud, and identity theft, for example. As that pushes pirates down on one side, the journey back up sees the same people warned of potential convictions for fraud, in this case for obtaining services dishonestly.

Baseless Threats or Genuine Intent?

Recent coordinated amplification of these threats in the tabloids has certainly raised awareness. Unfortunately, however, massive revving of the engine not only came too soon, but has left deterrent messaging with almost nowhere to go. Casual pirates are asking more questions than they did before. That may be considered a plus but, when it comes to weighing up risk, the lack of information weighs in favor of pirates, not against.

The big question, then, is whether there's any real intent behind the stark warnings. Since history has a habit of predicting the future, knowing what has been happening on the enforcement front could prove informative. Two Freedom of Information requests published this week asked two regional police forces to fill in the gaps.

The first, dated December 19, 2023, was directed at Wiltshire Police. It asked the following questions, all related to live sports streaming piracy, for the years 2019 to 2023 inclusive. (Questions edited to remove repetition)

1. How many people were cautioned for viewing illegal streams?
2. ….. were given penalty notices for viewing illegal streams?
3. ….. were arrested for viewing illegal streams?
4. ….. were cautioned for distributing / supplying illegal streaming services?
5. ….. were given penalty notices for distributing / supplying illegal streaming services?
6. ….. were arrested for distributing / supplying illegal streaming services?
7. For questions 4, 5 & 6, how many were supplying illegal streams digitally?
8. For questions 4, 5, & 6, were supplying illegal streams through dodgy boxes/firesticks?

Since any convictions of note are extremely well-publicized for deterrent purposes, ballpark figures are more readily available for distribution-related offenses. Question 7 appears somewhat redundant and only the person who asked the question would know the purpose of number eight.

It would be interesting to know the specific figures for 3, 4 and 5, while the answer to 6 would be much more valuable if placed against the number people actually prosecuted, rather than simply arrested.

No Information Provided, Too Expensive to Process

Of most interest, in our opinion, are the questions relating to those who faced action for simply viewing streams. The answers to those might inform those who remain undecided about the nature of recent warnings. Unfortunately, Wiltshire Police provided nothing of value.

The key points from the Force Disclosure Decision Maker's response read as follows:

The information that you are requesting is not stored in a way which permits easy retrieval. This is because illegal streaming does not have a specific crime code on our system. Therefore, in order to ascertain whether a caution was given due to illegal sports streaming, we would have to go into each individual occurrence on our system to determine whether this is related to the matter in question.

Under the circumstances I am absolutely confident that to locate, retrieve and extract the information you seek would by far exceed the time obligations upon this authority to comply, and in so doing would exceed the fees limits. This is set at £450 calculated at a flat rate of £25 per hour for those work activities comprising of confirming the information is held, locating it, retrieving it and extracting it.

Ordinarily under our Section 16 duty to provide advice and assistance, we would advise you how to refine your request to a more manageable level. However, due to the difficulties outlined above, I cannot see how this can be achieved in this particular case.

The questions sent to West Yorkshire police were broadly similar. This time, however, the decision to suggest specific keyword searches such as 'set-top box', 'top box piracy', 'Kodi', 'IPTV', 'firestick', 'dodgy box' & 'internet TV media box', plus 'sports streaming', 'sports piracy', 'illegal streaming', and 'football streaming', may have unintentionally captured other offenses.

"Between 01/01/2019 and 18/12/2023 there were 1,287 crimes recorded based on the offenses and/or keywords provided. In order to provide a response to the full question set would involve a manual review of each crime. At an estimate of 1 minute per record this would take 22 hours to provide. In addition to this there were 1,939 arrests for the aforementioned offenses taking a further 65 hours at 2 minutes each," the response reads.

"Unfortunately, West Yorkshire Police are unable to provide you with the information requested."

Yorkshire Police note that a revised request may be considered but even then, reasons exist for not providing the requested information.

"We may be able to provide you with information based on crimes classified as an offense under the Copyright, Designs and Patents Act 1988 and specifically related to illegal streaming. Please note however any information held is subject to exemptions under the Freedom of information Act," the rejection notice adds.

It's worth noting that viewers of illegal streams have been advised of a potential offense under the Fraud Act.

Lack of Access to Information

That the requests were unsuccessful doesn't come as an especially big surprise. We've had our own narrow requests rejected in the past, and we've seen other requests handled in the same way. What does seem remarkable is that scant police resources are being deployed to tackle a very specific type of crime, as part of a national campaign that has government support, yet readily accessible figures are simply unavailable.

That raises the question of whether deterrent and enforcement measures undergo evaluation for efficacy within the force, or if rightsholders supply that information for the guidance of the police. If that's the case, even in part, history shows that the problem is perpetual, rarely improves for very long, and only responds to changes in the market that are non-reliant on force.

Avon & Somerset Police Has Its Own Pirate Website

While trying to determine whether additional FOIA requests had been filed with other forces in the UK, something rather bizarre caught our attention.

The website of Avon & Somerset Police is usually available at avonandsomerset.police.uk and indeed still is, as the image below (left) shows.

On the right is the website as it appears on the 'opcc-maintenance' subdomain of avonandsomerset.police.uk. The small text on the left, whatever it means, was enlarged by us. That doesn't look like a standard police-issue font.

police-domain

More significant concerns appear in search engines where at least hundreds of police URLs containing the 'rogue' subdomain now advertise pirate streams of live sporting events.

It's possible the subdomain started life as a staging area for web development but as the image below shows, the current situation goes way beyond that.

click to zoom

On the left of the image is a small sample of the modified URLs as listed in search engines. In the middle, a small selection of the hundreds or thousands of links claiming to offer pirated live streams. On the right is a screenshot of where people end up after clicking any of the police links containing the subdomain.

Mindful of all the malware stories lately, we progressed no further, even though the Australian Open was apparently on offer. Those visiting that portal via the links in search engines proceed at their own risk; anyone with the nerve to do this to a police website wouldn't think twice about doing almost anything else, to anyone else, should the opportunity arise.

piracy-police-links

Avon & Somerset Police have been informed via the regular 'report a crime' system, but this may have been going on for quite some time already. There are no URLs listed on the Wayback Machine, but publicly-listed subdomain scans show that the problematic subdomain existed back in the summer of 2020.

The Freedom of Information requests can be found here and here (pdf)

Crime reported, delays expectedreported

From: TF, for the latest news on copyright battles, piracy and more.

270x90-blue

Are you looking for a VPN service? TorrentFreak sponsor NordVPN has some excellent offers.

 
 
Powered by Mad Mimi®A GoDaddy® company

No comments: