Recently our security experts have noticed a worrying new type of piracy attack. This article explains what CDN Leeching is, why you need to know about it, and what you can do about it.
The battle against video piracy is a constantly evolving one. The pirates are organised and inventive, often bankrolled by substantial criminal funds, and are constantly developing new ways to illegally access video content. Recent years have seen a shift from operating peer-to-peer networks and download-based technology such as BitTorrent, to the more lucrative live interception and restreaming of content, whether that be a Pay-TV sports match or the latest episode of a hit show.
As an industry we have become adept at dealing with them. At VO our Anti Piracy Center has shifted its focus in turn, developing tools and methodologies with partner companies and the legal establishment to take down live streams while the event is still occurring, helping protect revenues throughout the chain. Coupled with education initiatives highlighting the detrimental impact of video piracy in many countries, this has made life uncomfortable for the pirate organisations.
However, approximately two years ago our experts started noticing a new technique being used for the first time; CDN Leeching. Due to its complexities it has spread comparatively slowly throughout the pirate community since. But, as we start to approach the first in a new cycle of large, global sporting events, we are seeing more and more incidents of it occurring. That’s more, these are increasingly coupled to sophisticated front end operations that, to all intents and purposes, look like legitimate streaming providers with subscriber offers, discounts, advertising, and more. The trend is concerning.
This is what we know about CDN Leeching so far.
CDN Leeching: What it is
One major streamer talks about CDN Leeching as enabling ‘vampire services’ and it’s an appropriate description. Essentially the pirate uses a variety of different attacks to allow an unauthenticated user to get content from a CDN. Without going into too much detail, there are three main intertwined limitations that can be exploited here:
- The CDN not checking the ID of the user requesting the content
- DRM weakness involving web browsers
- Multi-DRM licensers that do not implement security measures such as a user identity check or requests threshold.
Careful analysis of an exploitable CDN will then reveal that a percentage of the destination servers in its structure are no longer legitimate; instead they are routing content directly to the pirates. All they have to do then is create a front-end to their ‘service’ and they can start selling access to the illegally obtained content.
Gaining direct access to a CDN can be a complex process, but it represents a significant win for the pirates. It means they have to make zero investment in any infrastructure themselves and have direct access to high quality content.
For broadcasters and operators however it is a lose-lose situation. Not only is their investment in content rights and opportunity for subscriber growth undermined, but, because of the cost structure of the average CDN service, they end up paying for the bandwidth that the pirate services are using.
It is not an isolated problem either. We have shown results of our analysis proving an infection of CDN Leeches in their services to several high profile streamers. Their typical reaction is one of alarm that their content is being so stealthily and seamlessly misdirected, which then quickly turns to anger when they realise that they are effectively also paying extra for it to happen.
CDN Leeching: What can be done?
Unfortunately there is not as yet any simple solution to CDN Leeching. Untangling the web of parasitic services from the legitimate ones is a delicate task that requires a surgeon’s precision. You have to make sure that only the illegal services are blocked and halted while the legitimate ones continue unaffected, and it is a painstaking process.
The first stage, however, is to detect that you have a problem in the first place. This is not an easy process either. However, key to its success is to utilise data analytics as part of your anti-piracy operations. We have found that using AI and machine learning to correlate data between the CDN structure, the Service Delivery Platform, and the DRM licenses that help to verify it can reveal unusual patterns of behaviour that warrant further investigation. Very simply put, we are looking for an expected number of licenses for the amount of bandwidth being consumed. When these values do not match we investigate further.
The reality is, of course, a good deal more complex than that. But the key takeaway here is that analysis is crucial. It is only by examining your entire streaming infrastructure, and continuing to do so on an ongoing basis, that you can discover how big the problem is and then begin to take actions against it. It is also advisable to make sure that your multi-DRM licensers implement the proper security protocols. Without doubt some CDN leeching exploits can be blocked by using a first-class DRM licenser.
CDN Leeching: Still early days
As we have already said, CDN Leeching is a comparatively new problem. However, it is one that we see starting to grow at an accelerated rate. With several global sporting events coming up, the pirates are mobilising to offer an increased range of live streaming services via websites and social media links. And, as we already know, to address piracy fully we need to target the back-end as well as the front-end, fix the problem at its roots in the streaming infrastructure as well as via take-down notices against websites and link removals.
CDN Leeching is also new enough that no one yet knows precisely how much it is costing the industry in terms of lost revenue, though those that have been attacked are already keenly aware of the additional costs it adds to the CDN. However, the uptick in infestations that we have detected in recent months is definitely worrying, especially when coupled with the at-times lengthy and necessarily delicate process of remedying it.
At VO we are, of course, treating CDN Leeching as a matter of extreme urgency, and are fast tracking the development of AI and machine learning tools to first detect it and then to deal with it as quickly as possible. If you have any concerns, please contact us.