A few weeks ago I interviewed Nitsan Baider, director of product management for security solutions at Synamedia, about the company’s release of its new OTT ServiceGuard anti-piracy offering.
During the interview, Baider mentioned in passing the company’s team that gathered intelligence on pirates in its effort to help protect the content of clients from theft. That piqued my curiosity about what those anti-piracy efforts might entail.
To find out, I recently interviewed Avigail Gutman, vice president of intelligence and security operations at Synamedia. In this interview Gutman discusses how intelligence is gathered, involvement with law enforcement to go after pirates, working with competitors to advance common anti-piracy goals and whether or not the company has ever suffered cyberattacks at the hands of pirates or hackers out for revenge.
(An edited transcript.)
TVTech: Since I spoke with Synamedia about OTT ServiceGuard a few weeks ago and the topic of tracking down pirate scripts came up, I’ve been thinking about what steps you might be taking to gather intelligence on pirates and the scripts they use to steal high-quality OTT content. Maybe you simply pay them to reveal their scripts and techniques. Maybe there’s some cloak and dagger going on, and you infiltrate these communities. Maybe you conduct some digital spying of your own. But that’s just my imagination talking; tell me what’s really going on.
Avigail Gutman: It’s probably all of those. When we gather intelligence about piracy and about hacking that leads to piracy, one of the important things to understand is that you're gathering intelligence about people who, on the one hand, don't want to be found. They’ll be hiding their activities or their conversations or their “Aha!” moments on breaking or exploiting.
On the other hand, these are people who need in terms of the hacker psyche, they want recognition for what they've done, and if they’re pirates, it’s a big business, so they need a sales outlet—whether it’s a sales point to sell a pirate subscription, stolen credentials or tools that enable you to parse a large database of stolen credentials. Or, maybe they want to sell scripts that enable you to break into a CDN and pull out video—maybe even strip it from DRM.
So, there's this constant tension within this ecosystem of both not wanting to be found but wanting to be exposed and to show off on the part of hackers and make money when it comes to piracy.
In that kind of environment, to find out what hackers and pirates are doing you have to employ a variety of methods to track them. So, yes, we do a lot of what you said. It’s a layered kind of approach.
TVTech: Tell me about those layers.
AG: At the very basic level, of course, we do internet research. We scour the internet. It’s known as web intelligence today, or open source intelligence.
You scour the internet for discussions, tools and pirate services. You have to do this in multiple languages. We do that in 20 languages, so we cover the world. We go into open forums. So there's a lot of open source information available, but we also go into closed groups and chats.
Of course, we don't go in as Synamedia and nor do our competitors or other anti-piracy professionals in the field who also use similar techniques where you go in undercover and you participate in the discussions, not only listen to them. To do that, you need to see the world from a hacker’s perspective or from a pirate’s perspective. So you need to become educated in the content itself and the subject matter, but also in the way people speak. The types of things that people on these forums share or don't share. You don't want to be found out and thrown out.
That's the first layer. You do this across social networks; you do this on open and closed internet forums, and also on the dark web where there's a huge sales market for tools that enable piracy that might be in the gray area and therefore not available publicly. I mean, there's a lot that is available publicly.
TVTech: And the next level?
AG: Well, you asked, “Do you join the networks? Buy a subscription to the networks?” Yes, we have to. Not all of the news that we read on the internet is true. I always say it’s not the Harvard Law School Library. The reliability is not very high.
So you need to validate or verify or refute some of the information. Sometimes that means if you have early information on a new hack or piracy method, that you actually have to go out, purchase it and test it functionally.
Then if it works, do some forensics on it. Both because you want to understand how it works, so that you can create a technology to prevent it from working, but also to gather evidence, because clearly, this is something that facilitates infringement on copyright.
TVTech: That gets to my next question. Do you work with law enforcement agencies?
AG: Absolutely. This is one of the reasons to do this. There’s really two reasons that we gather this intelligence in our business. One is for product improvement. The other is to go back to our customers and say, “Look, here are the pirates that we think are impacting you. Here is the intelligence we gathered on them.”
Oftentimes, we’ll make a recommendation and ask “Shall we go to law enforcement?” of they’ll say “We want to go to law enforcement with this.” At that stage, we have to turn the intelligence into evidence.
TVTech: What’s the reaction of law enforcement to video piracy?
AG: Law enforcement agencies are not preoccupied as a top priority with video piracy. They have to deal with street crime, but even in the cyber area there is what they consider to be much more serious cybercrimes—attacks on government, corporations and pedophilia.
So, even if they do see piracy as cybercrime—and many countries do today, by the way—their resources are not there to do the investigation from scratch based on a complaint. So one of the things we do is bring in the evidence that we’ve gathered to support law enforcement activities. We do this all around the world.
There was big action in Brazil a couple of months ago. That was a very coordinated action by the government across several states to raid and arrest video pirates. We had been working with an anti-piracy organization there and with the government to gather intelligence about the pirates who ultimately were raided.
TVTech: Then do you step back and leave it to law enforcement to execute the raid?
AG: We often accompany the police during the raid. We’ve done this in Bulgaria, in the U.K., in Asia, in East Asia, in Thailand and elsewhere. We accompany the police because oftentimes we can see a certain technical setup by a pirate. Maybe the police officer’s instinct is immediately to seize the equipment, but if they disconnect it, they might lose evidence. Today, the police are much more sensitive and educated about this, but still we are there.
We’ve also been tasked by law enforcement and by our customers to do the forensics on some of the findings of these raids to turn it into evidence and maybe even give expert testimony if needed.
Some customers might decide they don’t want to go to the police because that’s a huge, one-year operation. But they want to send takedown notices to ISPs to take down content. We help with that.
TVTech: Synamedia isn’t the only company in the area of content protection. Is there cooperation among competitors when it comes to combatting piracy?
AG: Absolutely. First of all, there are anti-piracy organizations around the world. Some of them are regionally based. We’re members of all of them. So are our competitors, and so are our customers and other industry players.
As part of those organization, we engage in cross-industry, anti-piracy activities wherever there is no conflict of interest. There is a sense of camaraderie and cooperation, so yes, where there’s no conflict of interest I will certainly pick up the phone to my counterpart at a competitor and tell him about pirates we happen to run across that are targeting him, not just me. We’ll even take joint action in some cases.
TVTech: What about retribution? Has Synamedia ever been attacked by a hacker or pirate who wants to settle a score?
AG: If we have, they haven’t done it successfully yet. Our customers worry about this as well. We, like anybody else or any other industry, work on the cybersecurity of our own organization. It’s not just pirates. You do this anyway with the surge in cyberattacks globally. Everybody is susceptible to this, and yes, we worry about it just like everybody else. Retribution is something we have to think about a lot.
