Filter blogs by:

Understanding the triple threat of CDN Leeching

CDN Leeching is the latest form of piracy to threaten operators’ revenues and is perhaps one of the most serious ones yet, as it poses a triple threat to their businesses.

cdn leeching data centre

When we first wrote about CDN Leeching last year, we became one of the first companies involved in securing the media supply chain to discuss this new threat's emergence. Its arrival has disturbed many in the industry as it is difficult to detect and challenging to deal with, and interest in the topic has remained understandably high ever since. In addition to being particularly troublesome in how it works, it also represents a new problem for operators, as it threatens their revenues in three different ways.

Before we get to that, it’s perhaps worth a brief recap detailing what CDN Leeching is.

CDN Leeching is a form of video piracy that utilizes different attacks to allow an unauthenticated user to attach end points to a Content Delivery Network (CDN). Following that, it can access all the legitimate services that the CDN carries, bundling them up to offer consumers via increasingly sophisticated services and websites.

A good way of thinking about it is comparing it to energy theft. Thieves can tap into the standard electricity supply and steal it using their own cables to connect the supply to homes and businesses, marketing it as their own and charging users for it. And, equivalent to energy theft, the consequences of CDN Leeching can be very serious for the original distributor that owns the cables.

cdn leeching energy theft

Essentially, it dramatically widens the pirate’s impact on the industry. To date, it was mainly content owners who bore the brunt of the losses to illegal content, and it has been content owners who have historically been the ones most eager to pursue anti-piracy initiatives as a result. CDN Leeching is changing all that. With this new form of piracy, operators are now the primary targets and the ones that most urgently need to take action to prevent revenue loss.

The triple threat

So, how exactly does CDN Leeching affect operator revenues in three ways?


  1. Subscriptions loss

This is a form of revenue loss that is common to many forms of piracy and, indeed, probably the one still most associated with it. Essentially, users select pirated services instead of legitimate ones, typically because they are priced more cheaply or offer content unavailable on their legitimate services or in their country via legal means.

It is important to note that this has worsened over time as the new era of live-streamed pirated services has grown to resemble legitimate video providers more closely, with improved picture quality, sophisticated web and social media marketing, customer onboarding, special offers, and more. 

The way CDN Leeching works means that, in some important consumer metrics, such as picture quality and buffering, the pirate service can be indistinguishable from the legal one. Unfortunately, this means that the quality argument that has traditionally been used to deter consumers from accessing illegal sources is no longer relevant.


  1. Increased expense

Due to how CDN Leeching works, the operator can end up effectively paying for the pirate services’ distribution. Essentially, when the pirate hooks into the CDN service, it allows its subscribers’ end points to access the streams directly from the CDN. That inflates the amount of data flowing through the CDN and, in turn, the costs it charges the legitimate operator to distribute its content. 

The result is that operators face higher bills, and even though they may be puzzled by the scale of their CDN costs, detecting precisely what is going on is extremely difficult.


  1. Service impacts

CDN Leeching can also have a definite detrimental impact on the consumers quality of experience when it comes to the legal service being pirated. If all infringers are, for example, using the same stream, it may disrupt the quality of service for legitimate users, leading to picture degradation, buffering, and all the other service disruptions that viewers are well known to hate. In the worst-case scenario, CDN overload can also occur if the pirate bypasses CDN load-balancing mechanisms.

All this means that the blameless legitimate service can offer a substandard QoS to the end users. Premium service quality has long been one of the arguments presented to viewers for using legitimate streaming platforms. When this is undermined, it can further accelerate subscription and revenue loss in an unpleasant continuous loop.

Fighting against CDN Leeching

One of the great difficulties when stopping CDN Leeching is detecting it in the first place. The red flags it raises are subtle, often meaning that the key to successfully detecting its presence lies in utilizing data analytics as part of an overall anti-piracy strategy. Using AI and machine learning to correlate data between the CDN structure, the Service Delivery Platform, and the DRM licenses allows operators to verify CDN Leeching is taking place and to reveal the unusual patterns of behavior that are its signature and can warrant further investigation.

This is challenging to deal with. Even after detection, unraveling the web of parasitic services from the legitimate ones is a tricky and time-consuming process. However, by using AI/ML-based anti-piracy services, operators can target CDN Leeching and other known and emerging threats and begin to fix the problem at its roots via both the front and the back end of the streaming infrastructure.

Anne-Sophie Cornet

Anne-Sophie Cornet is Product Manager of VO’s Anti-Piracy Services. Throughout her 18-year career in the telecommunication industry, she has worked in a variety of high-profile roles, building experience in the international broadcast ecosystem, and working in software development and integration for the Pay-TV sector. She joined VO in 2010, working initially as an STB Integration Engineer, before moving on to becoming a Project Manager, and then later assuming the position of Product Manager. Anne-Sophie holds a Master's degree in Electronics and Telecommunications from ISEN (Institut supérieur d'electronique et du numérique de Brest).