A short overview of content theft I presented at Sectalks Perth back in November 2017. Thanks to the sectalks crowd especially @NHardy and @s4gi_ for their assistance.
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
The enterprise of subscription tv piracy
1. The enterprise of
subscription TV piracy
A mid level overview of (DVB) Digital Video Broadcasting content theft
Presented at Sectalks (Perth)
November 7 2017
By Sabastion F
2. Introduction
The purpose of this presentation is to provide an end to end awareness
of encrypted satellite and cable tv piracy. Also includes bit of technical
history and where it is heading with the current advancement of
technology.
We will be touching on common InfoSec elements including
• Reverse & social engineering
• Criminal organizations
• Investigations
• Operational security, from both vendor and content providers
3. Disclaimer
• I am NOT
• A lawyer
• A criminal profiler, investigator or any member of law enforcement
• An employee or advocate for any content protection service
• Commissioned to conduct research on any content protection
systems
• IMPORTANT
This presentation is not an endorsement or meant to encourage the attempted
circumvention of encrypted DVBS content. It is designed to explain piracy and
anti piracy techniques used in the realm of piracy and cybersecurity as well as
social drivers that support this industry.
4. Your Presenter
Who Am I
• A telecommunications and IT technician
• Work in the telecommunications industry for a large part of my
career and specializing in satellite communications and network
infrastructure.
• According to my partner - On the spectrum and have a overactive
tendency for reverse engineering. Which includes the kids toys.
• Currently working towards a career in information security
5. Summary of what were going to cover
• Basics of satellite broadcasting
• General overview of DVB content encryption and decryption
• Introduce the players
• The common criminal enterprise
• Counter measures
• The effects of DVB content piracy
6. Public acceptance of content theft
Homer: [reading the "So You've Decided to Steal Cable"
pamphlet] So you've decided to steal cable. Myth: Cable piracy
is wrong. Fact: Cable companies are big faceless corporations,
which makes it okay.
7. Captain Midnight Vs HBO - 1986
The HBO uplink hijack on Galaxy 1 was to protest against charges for access to
scrambled satellite channels by HBO
9. Receiving Equipment
• Satellite Antenna / Dish
• Satellite receiver with a (CAM) conditional access module or
embedded decryption module
• Subscription smartcard
• Television
10. Encrypting the content
• DVB or Digital Video Broadcasting uses Common Scrambling
Algorithm (CSA) to encrypt or scramble the channels.
11. Decrypting the content
• The CSA algorithm uses 64 bit decryption. Different proprietary
decryption systems also implement additional encryption such as
RSA, AES and 3DES during the key exchange.
12. The players
Team 1
1) Pay TV Provider
2) Content protection service
3) Subscriber ( you)
4) Installation technician
14. The players
Team 3
1) Law Enforcement
2) Internal and external investigators
3) Content protection services – OPSEC
4) Security research teams
5) Anti Piracy organizations such as CASBAA & ASTRA
15. The Criminal Enterprise
• Criminal enterprises heavily invest in stealing research or
purchasing solutions for which they can easily implement.
• The target service is usually one that has the largest exploitable
audience with the highest quality content including first release
movies, sports and ppv. Bundling stolen content from multiple pay
tv services from different satellites is also common.
• They sell the equipment to access to the stolen content for a
fraction of the cost, planning for fast and high number of sales,
basic ROI.
• Generally these criminal groups will be run by a single figure,
sometimes a larger syndicate will fund the activity provided there is
a guarantee of isolation from prosecution when they are caught.
16. The Criminal Enterprise
• Depending on the legal penalties in the country for piracy, the
business model could be to make 3Mil$ over the life of the
activity and then take a 1Mil$ fine and minor or suspended jail
time when convicted.
• The money from piracy in larger syndicates go into supporting
other illegal activities such as drugs, prostitution etc..
• The whole activity will be structured in some form of a
legitimate business, with multiple supporting companies both
with legal and illegal intent.
• Some organizations would make 15-25k a weekend selling new
or reprogramming smart cards after counter measures were
initiated by content providers.
18. Exploit the technology
• Card Cloning
Ongoing cost to replace card or reprogram after key updates or
implementation of anti piracy counter measures. Pirates often omit
details from the card to ensure it does not update during a counter
measure from the content provider.
19. Exploiting the technology
• IKS (Internet Key sharing) – Ongoing subscription by sharing the
control word and IPTV streaming.
IKS CW
Server
INTERNET
DVB
Descrambler
Tuner
Satellite
Input
MPEG-2
Decoder
DVB
Descrambler
Tuner
Satellite
Input
MPEG-2
Decoder
IPTV
Server
INTERNET
Streaming client
Streaming client
Streaming client
Streaming client
Streaming client
Streaming client
20. Exploiting the technology
• Streaming technology with ongoing subscription fee
• Live stream via social media
• Embedded STB with 3rd party plugins
21. Developing counter measures
For effective counter measures to be developed requires the
collaboration of several groups
• Pay TV Content provider engineering and anti fraud departments
• Content encryption provider engineering group
• State & international Law enforcement
• Private investigation of key criminal individuals and groups
• Infiltration of online forums
• Examples of the cards, devices and IP addresses of IKS servers and
clients
22. Counter Measures
• By purchasing a cloned pirate smartcard during investigations and
extracting the details, content providers can turn off large quantities
of cloned pirate cards by simply turning off the original card
• Other counter measures can be targeted at specific emulated chip
sets and not effect the paying subscriber base
23. Counter Measures
• To assist identifying Illegal streaming sources, counter measures like
this one identifies the user of the box by displaying the serial number
of the smartcard, decoder or UID which can then be immediately de
activated
24. Counter Measures
• Streaming by social media can be a little simpler such as this recent
case where the user streamed it under his own social media account.
25. Where is this all going
• The subscription TV industry has made some fundamental mistakes
since the 80s which can be used as lessons as new IOT technology
evolves.
• Cyber security professionals are now becoming an integral part of the
analysis, investigation and forensic aspects of the subscription
industry to improve encryptions systems, protecting the client
contents and battle the ongoing illegal content redistribution.
• Satellite subscription TV piracy is a cat and mouse game.