Streaming businesses are exposed to a loss
of revenue from users who are not paying.
But that’s not all: there’s also the associated
infrastructure costs to support non-paying
users; liability for fraud expenses alongside
expensive legal costs; loss of confidence from
customers; and even a tarnished reputation.
Your game strategy
The easiest first move is preventative action
including secure data centres and educating
your subscribers to use different credentials
for different services. To be truly effective,
this needs to be complemented with insight
into the threat landscape and actionable
intelligence.
To ensure valuable insight, you need to
work with a partner who constantly monitors
leaked credentials from data breaches.
We recently monitored over three million
credentials on the open and dark web to
identify credentials that were valid for
accessing our customers’ services.
To fully understand the threat from
fraudulent credentials, you need the
Orly Amsalem, product
manager, AI/ML based
video security and anti-
piracy solutions at
Synamedia, shares her
advice on how to keep one
move ahead of video pirates.
W
e have a front seat view of the
streaming wars as Disney and
Apple take on Netflix, Amazon
and dozens of other established services.
But instead of fighting each other for the
consumer’s heart and wallet, we believe these
media powerhouses should re-align their sights
to eliminate a common foe - video pirates.
Like a game of chess against unknown
opponents, the pirates’ goal is to stay one step
ahead of legitimate streaming services.
While illegal streaming
gets the lion’s share of
attention, it is not the only
form of piracy that streaming
providers need to address in
their game plan. The other
area that is eating away
at revenues and profits is
credentials sharing. Pirates
make it easy for non-paying
users to easily get full access
to streaming services, even
premium content in HD,
with a rich user experience
through stolen credentials.
As evidence of the scale
of the problem, more than 4
billion user credentials were
compromised during data breaches during
2019 alone, with yet more obtained from
phishing attacks.
Credentials abuse takes several forms:
l Casual account sharing is the form
familiar to many subscribers as passwords
are shared between friends or family
members. Some streaming services
encourage this behaviour in the expectation
that users will go on to set up their own
subscriptions.
l While casual account sharing can seem
like a grey area, swapping and pooling
is certainly not endorsed by streaming
providers. Users, often strangers who
meet on social media platforms, swap
their credentials for different service
subscriptions so they each have access to
two services while only paying for one.
l Phishing and credential stuffing is when
pirates obtain the credentials of legitimate
users without their knowledge and sell
them on either the open or dark web.
l Endless trials – this is when hackers
take advantage of the practice of allowing
subscribers to sign up for a
free trial. At the end of each
trial they simply generate a
new identity to continue.
Once hackers have obtained
credentials, they run each
username and password
combination through
account checkers to validate
the details for each specific
service before putting them
up for sale on marketplaces
and forums on the open
or dark web. As a result,
credentials for popular
sports services can be
purchased for just $15 for
lifetime access, and a log in
for a mainstream streaming service can cost as
little as $2.50.
Play cautiously
While subscribers might worry about the
threat from digital identity theft, streaming
service providers face a different risk because
hackers can have more sinister intentions
than simply obtaining access to a video
service. Just like pawns moving forward in
a game of chess, once pirates break in, they
leave the door wide open for others to commit
cyber-crimes including access to mobile or
Wi-Fi services.
Checkmate:
Outwitting the
credential theft
pirates
ongoing intelligence that comes only
from a comprehensive view of activities:
Continuously tracking and analysing the tools
hackers are using to verify lists of username
and password combinations; monitoring
phishing activities; and getting involved in
discussions on hacking forums and social
platforms, scam tutorials, and more.
Finding the right skills
To stay ahead of the pirates, we need to
think like they do, know how they work, and
move even faster than them. It’s like a game
of chess but there’s more than prize money
and pride at stake.
To help you in this endeavour, your
ideal partner will offer intelligence-based
operational security services with a smart
command and control centre combining
AI technologies with human intelligence.
The myriad skillsets required include
undercover investigators and cyber security,
psychology, criminology, and sociology
experts to monitor and map the piracy
supply chain and orchestrate anti-piracy
activities and legal and technical takedowns.
Armed with this insight, you can take
the right action, whether it’s informing
subscribers that their credentials are
compromised and requesting them to
take precautions, or being proactive and
enforcing multi-factor authentication or
resetting passwords.
We face a fast-changing threat
landscape, with new actors and methods
emerging all the time. So, buckle-up for a
bumpy ride and find a partner who can help
you plan many moves ahead like a chess
grandmaster.
EUROMEDIA MENA Special 17