Cybersecurity blog header

Stolen accounts, IPTV apps and pirate platforms: how audiovisual fraud work

IPTV lists are one of the most important audiovisual frauds today.

You get home after a long day at work. You open a bottle of wine and sit down in front of the TV to watch an episode of a series that helps you relax and disconnect. But when you try to log in to your account on a well-known streaming platform, the system tells you that the user limit has been exceeded. How is this possible if you can have four connected devices and you only have one? You have probably been a victim of one of the most popular audiovisual fraud: the theft of streaming portal accounts.

This hypothetical situation allows us to shed light on one of the biggest challenges faced by companies dedicated to the production, distribution, and broadcasting of audiovisual content and the cyber intelligence services in charge of detecting, studying, and combating criminals: audiovisual fraud.

In addition to the theft and sale of credentials of users of legitimate streaming platforms, audiovisual frauds that have emerged in recent times, such as illegal IPTV services or pirate streaming portals, coexist with long-standing techniques, such as those used by satellites and decoders.

The following is an overview of audiovisual fraud that are posing the greatest challenges to companies in the sector, as well as advanced cyber intelligence services that can reduce their impact.

1. Back to the future: Audiovisual fraud is not new, but it’s on the rise

Audiovisual fraud has been around for decades and has undergone a complex evolution. Many things have happened since the days when bars and homes enjoyed soccer matches broadcast on pay satellite TV thanks to pirated decoders, including the digitization of society and the expansion of the Internet to all areas of our lives.

Nowadays, the players behind audiovisual fraud have huge resources at their disposal, including ambitious infrastructures to support their activities.

To reach this point, over the years there has been a constant evolution in the practices and procedures used by criminals, also in response to the countermeasures implemented by cybersecurity and cyberintelligence teams aimed at preventing and investigating this phenomenon.

The content that is the target of fraudulent viewing has also undergone changes. Although there is still more criminal activity during high-profile events, such as major sporting competitions, the fact is that it is no longer only soccer that captures the attention of users. The law of (very wide) supply and (insatiable) demand has brought into the spotlight everything from major productions and trendy series to exclusive premieres and even the latest seasons of the reality show of the moment. Content has proliferated exponentially with the rise of streaming services.

Criminal practices have been evolving as society and technology have evolved, adapting to market circumstances, user preferences, and the countermeasures implemented by audiovisual companies.

The techniques and methodologies used are different, but the criminals still have the same objective as a few decades ago when they hacked satellite decoders: to do business illegally, violating the legitimate rights of companies.

They coexist over time: a well-known objective, to do business illegally; changing techniques and procedures that require an increasingly agile and adaptive response; and an exponentially growing loss of profit for the companies that suffer from it.

2. Streaming Wars: Criminals fight back

Satellite and cable TV have given way to other technologies such as Internet Protocol TV (IPTV) or streaming platforms. The paradigm shift has been of such a caliber that, in 2011, the most popular platform globally, Netflix, had 21 million subscribers. Ten years later, in 2021, this figure was joined by a 2 in front of it: 221 million accounts worldwide.

However, this extraordinary growth has slowed for the first time in a decade. So much so that, in recent quarters, the company has recorded subscriber losses for the first time.

The consultant and university professor Elena Neira has popularized the concept of Streaming Wars, playing on the name of a popular saga owned by Disney, to explain the rise of platforms such as Netflix, HBO Max or Disney + and their race to grab as much market share as possible.

Beyond the battle between all the legal players in the sector, the truth is that the Streaming Wars hide, like the moon, a hidden face: the proliferation of players who offer audiovisual content illegally. People who use technological advances to violate the rights of legitimate companies and compete within the legal framework.

3. Perfect heist: Hacking and account theft

If there is one audiovisual subgenre that fascinated audiences a century ago and continues to do so today, it is heists. Anyone who has seen a few heist movies knows that the best heist is the one that takes a long time to be detected even after it has been committed. That’s the philosophy behind one of the fastest-growing audiovisual fraud: credential theft. How does it work?

Criminals hack and steal user accounts on streaming platforms. They take advantage of the fact that, in many cases, these accounts are shared by several people. In such a way that, in rare cases, all of them access the portal at the same time. This means that legitimate users do not use all the accesses to which they are entitled. In other words, credentials are stolen and subsequently sold without the persons who have contracted the services being aware of it.

Described in this way, this type of fraud seems minor, even quantitatively unprofitable, but nothing could be further from the truth. The groups and actors behind many of these frauds have such a structure that they facilitate the change of password, account, extension of services or technical support immediately.

Literally, on many occasions, they not only offer a technical support service for any incident, but also boast, in their commercial message, that this is far superior to that provided by the legitimate platforms themselves.

Criminals use Telegram and Discord to market their illegal services

4. A (dangerous) star is born: IPTV applications and lists

IPTV technology allows audiovisual companies to transmit television channels over the Internet through a private network between the operator and the user. In such a way that bandwidth is reserved for this transmission of content, the signal reaches the router and it is necessary to have a decoder to obtain the signal and watch the channels that we have contracted.

This legal aspect is opposed by an illegal one that has become the star service of fraudulent broadcasting: IPTV lists.

These lists incorporate multiple channels that can be viewed via streaming. This emulates legitimate content that is provided through a link. It is sufficient to have a VLC-type player installed to be able to view it.

In addition, criminal organizations have been developing applications that can be found in major stores such as the Play Store or the Apple Store and that facilitate the creation of an account, offer the service, or provide a URL to access the IPTV list.

Through this audiovisual fraud, illegal providers can unify several types of services. In such a way that, by purchasing a single package, users have at their disposal sports content such as Champions League soccer matches or Formula 1, but also everything produced and distributed by multiple companies.

At an economic level, these illegal services are unbeatable. For only 40 or 50 euros a year it is possible to acquire a variety of audiovisual content that, if contracted legitimately, with each operator, balance would amount to several hundred euros a year.

5. Invasion of the body snatchers: Pirate streaming platforms

In the B-movie classic Invasion of the Body Snatchers, aliens infiltrated the bodies of humans. People kept their usual appearance, but inside they were no longer the same.

This is basically what happens with pirate streaming platforms. These are portals that, using the technology used by companies such as Netflix or Filmin, broadcast fraudulent content via streaming.

These online platforms openly sell illegal content, for which they have no rights. Thus, the user can sign up Prime Video or HBO Max content from portals that are not authorized to market it.

Sometimes, this fraud is even more sophisticated, designing these platforms with a total appearance of legality, counting even with traditional communication channels to impact consumers.

As a result, sometimes the end consumer who is paying for the service is not even aware that the audiovisual content he is consuming is fraudulent. This attests to the total absence of malice with which this type of platforms operate.

6. Decoders: Classics never die

Although technological advances have enabled the creation and consolidation of less costly audiovisual fraud, there are still organizations that offer audiovisual content through cardsharing or Internet Key Sharing (IKS). Both of these technologies use an old fraudster’s old acquaintance: the set-top box.

6.1. Cardsharing

Its implementation requires advanced knowledge of how satellite connections work. This fraud is based on extracting content from a legitimate service, emulating it, and sending it to customers via a satellite signal.

Criminals provide the user with codes that are configured in his decoder and allow him to connect to the signal and watch it. This is made possible by the fact that not only the image and sound data, but also the password to decrypt the content is sent in the signal.

6.2. IKS

The use of IKS consists of changing the decoder’s firmware for another, illicitly supplied, which allows access to the requested content.

Cardsharing is more effective and the signal suffers fewer cuts, largely because the criminals have a large-scale infrastructure that allows them to emulate the content and broadcast it successfully. Thus, they have a huge deployment of decoders and user cards to be able to broadcast soccer, TV channels, series, etc…

This deployment is key to explaining why audiovisual fraud continues to be carried out using cardsharing and IKS. Criminals have made a large investment that they do not want to lose. And users also want to get a return on the money they have spent on the decoder. That is why new users entering the field of illegality don’t opt for these fraudulent ways, but for others as IPTV lists or the buying and selling stolen passwords.

Beyond the economic issues, many actors continue to use these methodologies for personal interest in the technology, having turned a fraudulent activity that brings them ample profits into a hobby.

The fight against this type of fraud is also complex since cyber intelligence professionals must have very precise technical knowledge of the operation of the satellite connection and the devices and protocols involved in the operation. This means that not just any technician can handle this type of work.

Illegal consumption of sports broadcasts is widespread

7. NBA teams and neighborhood players: Is there a criminal profile?

One of the big problems encountered by anti-fraud teams and companies impacted by these activities is that there is no single offender profile.

Highly advanced organizations coexist with users who are laymen in terms of technical knowledge and infrastructure design and implementation.

Criminal gangs are characterized by powerful means and structures. These actors spend a great deal of time and effort in designing countermeasures to circumvent the actions of anti-fraud teams and judicial decisions.

Basically, huge amounts of money and the very jobs of the people who are part of these organizations are at stake. In other words: their bread and butter and their way of life is at stake.

7.1. Content and software marketing

In addition, these organizations have been able to diversify their criminal business models. Not only do they market their content broadcasting services, but they also sell the technological development they have created to be able to carry out audiovisual fraud.

They offer kits for users to set up their own operations and set up servers so that users can distribute content to new customers. The way they operate resembles, to some extent, that of a classic pyramid scheme.

Thus, they not only increase their means of obtaining economic resources but also encourage the spread of fraud and the emergence of actors less prepared to confront companies and cyber intelligence services, which thus place themselves in the front line of fire. This undoubtedly helps large organizations to hide behind them.

These people with basic knowledge can buy software as a service (SaaS) and deploy it to set up an IPTV scam, for example. So the ecosystem of audiovisual fraud becomes more complex and atomized. And professionals and companies cannot only pursue large structures because these users can also generate big problems.

8. Catch a Thief: How Criminals Protect Themselves

Given the complex magma of audiovisual fraud and the actors who commit them that exist today, we must address what are the keys to the success of these criminal activities, beyond the economic advantages they offer to users who buy this kind of completely illegal services.

8.1. Obfuscation and protection

Organizations that illegally sell audiovisual content use multiple tools to hide from detection software and fraud investigation tasks. They obfuscate incoming requests or use cloud services to host their systems, making it difficult for cyber intelligence professionals to extract knowledge.

In addition, some organizations turn to legitimate services such as Cloudflare for additional security. The aim is to make it impossible to attack their infrastructure and to hide the location of the infrastructure they use.

8.2. Proliferation

As we pointed out in the previous section, the proliferation of types and number of actors makes it very difficult to investigate and fight against audiovisual fraud. In addition, it allows large organizations to hide behind secondary actors who are more lay and unprepared to circumvent the countermeasures that are put in place against them.

As with the memories in Blade Runner, criminals are lost «like tears in the rain».

8.3. Globalization and inaction by some states

The war against audiovisual fraud is global. A criminal can have his infrastructure in Poland, host his hosting in Senegal and market his services in Spain. To use a soccer metaphor: companies have to play a global and extraordinarily complex game.

Not all states have markedly restrictive legislation against piracy. In fact, some of them, such as China or Russia, do not carry out the relevant actions to dismantle a criminal domain or the infrastructure that supports it.

9. Never give up

On December 21, 1983, Spain’s men’s national soccer team achieved an almost impossible feat. That night in Seville, the national team beat Malta 12-1. An 11-goal difference was the exact number of goals the national team needed to qualify for the 1984 European Championship. Not one more, not one less. Goal number 12, scored by Juan Señor, became an icon of effort, faith, and struggle.

Over the years, some companies in the audiovisual sector have come to believe that it is impossible to fight criminals.

This has generated a dangerous dichotomy in the audiovisual ecosystem. On the one hand, some companies have taken the fight against audiovisual fraud seriously, investing in cyber intelligence services and prosecuting offenders. This strategy is bearing fruit. For example, LaLiga succeeded earlier this year in getting the courts to ban up to 85 IPTV applications.

On the other hand, some companies have given up investing resources in cracking down on audiovisual fraud, which may generate a sense of impunity that encourages more people to engage in providing audiovisual or audio content illegally.

A fundamental issue for all companies affected by audiovisual fraud has also been placed at the center of the debate: the loss of profits. That is to say, the number of economic resources that are lost due to the proliferation of criminal actors who illegally sell content that is not theirs, nor do they have any right to market it.

10. You are not alone in the face of danger: Cyber-intelligence services to curb audiovisual fraud

In the iconic western starring Gary Cooper, Alone in Danger, the sheriff of a small town had to face a gang of criminals on his own, in the face of the cowardice of the rest of the town’s inhabitants.

Fortunately, the companies involved in the production, distribution, and broadcasting of content are not alone in confronting audiovisual fraud. They have on their side legislation that is increasingly incisive in its fight against piracy and that seeks to protect copyright and intellectual property rights; the work of the courts; and the experience and expertise of cyber intelligence professionals.

As in any far-reaching war, the strategy outlined by the anti-fraud team and its clients must address the day-to-day battles, without losing focus on the long term.

Moreover, this fight against audiovisual fraud cannot be packaged. In other words, it is not possible to have software that, as a response, can effectively curb these activities. If we have been highlighting something throughout this text, it is the continuous evolution of methodologies, structures, technologies, viewing, actors, and context, a complexity that can only be tackled with a team with high technical knowledge, specialized and dedicated, daily, to detect, investigate and prosecute this fraud.

More articles in this series about Digital Fraud

This article is part of a series of articles about Digital Fraud

  1. Counter-Phishing: Anticipating the criminals
  2. Stolen accounts, IPTV apps and pirate platforms: how audiovisual fraud work
  3. Hacking of social network accounts and creation of fake profiles: No one is safe
  4. SIM swapping, when your phone, and your money, are out in the open
  5. How do cybercriminals carry out fraud in the tourism sector?
  6. Black Friday alert! 10 keys to cyber-attacks against e-commerce and their customers
  7. Digital asset theft: Easy money for cybercriminals
  8. Cryptocurrency fraud, social media hacking, malware, and AI