Irdeto: How the Industry Can Address 3 Top Piracy Trends

Irdeto: How the Industry Can Address 3 Top Piracy Trends

August 3, 2022 | To effectively address the constantly evolving landscape of online piracy it is important to stay on top of the latest “trends.” Streaming piracy is on the rise and attacks on OTT (over-the-top) infrastructure are increasingly sophisticated. Pirates never cease searching for ways to take advantage of platform vulnerabilities. Without a 24/7 end-to-end security approach, it is exceedingly difficult to address such threats. In this article we will focus on three of the latest piracy trends and how you can tackle them.

The top three piracy trends are:

  1. Circumvention of geo-blocking using VPNs (Virtual Private Network) and proxy servers
  2. The theft and unauthorized sharing of session tokens from legitimate customers
  3. Extraction of content keys from licenses by leveraging the security vulnerabilities in devices

We will go into broader detail, but at Irdeto we have solutions to detect these traces of piracy activities and prevent them using:

  • Geo-location restrictions
  • Smart concurrent stream management
  • Anomaly detection using AI (Artificial Intelligence) and ML (Machine Learning)
Using VPNs and Proxies to Circumvent Geo-Restrictions

Geo-blocking is essentially the process of putting up blockades on the web to restrict access to websites from specific locations. This is made possible thanks to IP addresses that function as geographical identifiers and allow providers to better understand where content requests originate. ISPs are assigned a limited number of these IP addresses to assign to their (consumer) customers’ devices that are connected to the internet. As a result of the vast number of online devices, consumers are often given dynamic (frequently changing) IP addresses while businesses often obtain static IP addresses. This allows the ISP to reassign an IP address, which was previously assigned to a device, to another newly connected device when the original device has not been connected to the internet for some time. Since ISPs operate in specific regions, the IP addresses that are assigned are indeed based on location.

By using VPNs, users can “disguise” their location by encrypting and directing the internet traffic through servers hosted in various parts of the world. This could circumvent geo-blocking in the process. One big drawback of using VPNs is that this process drastically reduces the speed through which you would consume content. A proxy (or more specifically a proxy server) on the other hand works similarly to VPNs but without the encryption. This still allows users to access geo-blocked websites without negatively affecting speed or performance but at the cost of reduced security due to the unencrypted communications.

To combat piracy and protect content, companies can place geographical restrictions that can be set at a subscriber level as well as a content level using professional geo-IP database which are frequently updated as IP address ranges are assigned to the ISPs around the globe. This allows the targeted flexibility to restrict (and of course allow) users by city, region, or country. In the case of a license request failing due to the location not matching a geo-restriction, relevant error information can be provided to the user. This allows companies to detect and block VPN and proxy services by using professional VPN and proxy database that are frequently updated to incorporate any new VPN and proxy providers.

Stealing and Sharing Subscriber Session Tokens

A second significant trend we are seeing is “session token sharing.” In short, pirates steal and reuse session tokens from legitimate customers and share them openly.

These session tokens and cookies are used for subscriber authentication. While cookies are bundles of data created by a server and sent to a client for communication purposes, tokens are signed credentials encoded into a long string of characters created by a server. When browsing on the web, even if you authenticate with one request, the server essentially “forgets” that authentication for future connections. As a result, you often need to provide a previously authenticated token for every request to prove your identity.

If this token is stolen and shared by a pirate, the user of the pirated service can access the content pretending to be you. One way of preventing this is by using CSM (Concurrent Stream Management) which helps prevent these tokens from being used simultaneously from multiple locations.

It is advised to use concurrent stream management as it will help companies to:

  • Eliminate the risk of increased cost to support piracy service customers
  • Avoid the risk of overloading CDN (Content Delivery Network)during high profile events due to illegitimate streaming
  • Maintain full monetization of value-added services
  • Reduce potential loss of new subscriber revenue

One of the benefits of using a Concurrent Stream Management solution is that it leverages license renewal to enforce concurrent stream limits. A new license is only valid for a brief period of time, so the device needs to periodically request a renewal to continue to decrypt the content. If the license is not renewed within a defined interval the playback will stop.

Targeting Security Vulnerabilities and Extracting Content Keys

As many will no doubt know, not a day goes by without mentioning how either AI or ML will help consumers, governments and companies solve complex problems. With streaming piracy rapidly on the rise, and increasingly sophisticated attacks on streaming infrastructure, a comprehensive end to end approach is needed. To detect attacks quickly, the use of tools such as AI and ML are essential, complimented by a broad team of analysts and investigators.

The security of content is only as good as the tools, technologies, and teams you use. An important goal should be to detect suspicious user activities by using multiple deep learning algorithms and review these using a team of cybersecurity analysts & investigators. Finally, the ability to scale up the solution to handle data volumes during high profile events is essential.

End-to-End Security is Key

These are just some of the ways pirates steal content and hurt valuable revenue. Online piracy is dynamic and evolves quickly. Protecting your content requires an end-to-end suite of products and services that match your specific needs and a security partner who works with you to target and address specific threats.


Mark Mulready is VP Cyber Services for Irdeto, where he leads a global team of analysts, investigators and engineers providing a suite of managed cyber services to protect clients in the video entertainment, video games and IOT connected industries. 


For more information, please visit