SlideShare a Scribd company logo

The enterprise of subscription tv piracy

S
Sabastion Forward

A short overview of content theft I presented at Sectalks Perth back in November 2017. Thanks to the sectalks crowd especially @NHardy and @s4gi_ for their assistance.

Technology
1 of 25
Download to read offline
The enterprise of subscription TV piracy A mid level overview of (DVB) Digital Video Broadcasting content theft Presented at Sectalks (Perth) November 7 2017 By Sabastion F
Introduction The purpose of this presentation is to provide an end to end awareness of encrypted satellite and cable tv piracy. Also includes bit of technical history and where it is heading with the current advancement of technology. We will be touching on common InfoSec elements including • Reverse & social engineering • Criminal organizations • Investigations • Operational security, from both vendor and content providers
Disclaimer • I am NOT • A lawyer • A criminal profiler, investigator or any member of law enforcement • An employee or advocate for any content protection service • Commissioned to conduct research on any content protection systems • IMPORTANT This presentation is not an endorsement or meant to encourage the attempted circumvention of encrypted DVBS content. It is designed to explain piracy and anti piracy techniques used in the realm of piracy and cybersecurity as well as social drivers that support this industry.
Your Presenter Who Am I • A telecommunications and IT technician • Work in the telecommunications industry for a large part of my career and specializing in satellite communications and network infrastructure. • According to my partner - On the spectrum and have a overactive tendency for reverse engineering. Which includes the kids toys. • Currently working towards a career in information security
Summary of what were going to cover • Basics of satellite broadcasting • General overview of DVB content encryption and decryption • Introduce the players • The common criminal enterprise • Counter measures • The effects of DVB content piracy
Public acceptance of content theft Homer: [reading the "So You've Decided to Steal Cable" pamphlet] So you've decided to steal cable. Myth: Cable piracy is wrong. Fact: Cable companies are big faceless corporations, which makes it okay.
Captain Midnight Vs HBO - 1986 The HBO uplink hijack on Galaxy 1 was to protest against charges for access to scrambled satellite channels by HBO
Satellite Broadcasting structure
Receiving Equipment • Satellite Antenna / Dish • Satellite receiver with a (CAM) conditional access module or embedded decryption module • Subscription smartcard • Television
Encrypting the content • DVB or Digital Video Broadcasting uses Common Scrambling Algorithm (CSA) to encrypt or scramble the channels.
Decrypting the content • The CSA algorithm uses 64 bit decryption. Different proprietary decryption systems also implement additional encryption such as RSA, AES and 3DES during the key exchange.
The players Team 1 1) Pay TV Provider 2) Content protection service 3) Subscriber ( you) 4) Installation technician
The players Team 2 1) Hobbyists, Hackers & Opportunists. 2) Criminal organizations
The players Team 3 1) Law Enforcement 2) Internal and external investigators 3) Content protection services – OPSEC 4) Security research teams 5) Anti Piracy organizations such as CASBAA & ASTRA
The Criminal Enterprise • Criminal enterprises heavily invest in stealing research or purchasing solutions for which they can easily implement. • The target service is usually one that has the largest exploitable audience with the highest quality content including first release movies, sports and ppv. Bundling stolen content from multiple pay tv services from different satellites is also common. • They sell the equipment to access to the stolen content for a fraction of the cost, planning for fast and high number of sales, basic ROI. • Generally these criminal groups will be run by a single figure, sometimes a larger syndicate will fund the activity provided there is a guarantee of isolation from prosecution when they are caught.
The Criminal Enterprise • Depending on the legal penalties in the country for piracy, the business model could be to make 3Mil$ over the life of the activity and then take a 1Mil$ fine and minor or suspended jail time when convicted. • The money from piracy in larger syndicates go into supporting other illegal activities such as drugs, prostitution etc.. • The whole activity will be structured in some form of a legitimate business, with multiple supporting companies both with legal and illegal intent. • Some organizations would make 15-25k a weekend selling new or reprogramming smart cards after counter measures were initiated by content providers.
Exploit the technology Intercepting data between the conditional access module and card
Exploit the technology • Card Cloning Ongoing cost to replace card or reprogram after key updates or implementation of anti piracy counter measures. Pirates often omit details from the card to ensure it does not update during a counter measure from the content provider.
Exploiting the technology • IKS (Internet Key sharing) – Ongoing subscription by sharing the control word and IPTV streaming. IKS CW Server INTERNET DVB Descrambler Tuner Satellite Input MPEG-2 Decoder DVB Descrambler Tuner Satellite Input MPEG-2 Decoder IPTV Server INTERNET Streaming client Streaming client Streaming client Streaming client Streaming client Streaming client
Exploiting the technology • Streaming technology with ongoing subscription fee • Live stream via social media • Embedded STB with 3rd party plugins
Developing counter measures For effective counter measures to be developed requires the collaboration of several groups • Pay TV Content provider engineering and anti fraud departments • Content encryption provider engineering group • State & international Law enforcement • Private investigation of key criminal individuals and groups • Infiltration of online forums • Examples of the cards, devices and IP addresses of IKS servers and clients
Counter Measures • By purchasing a cloned pirate smartcard during investigations and extracting the details, content providers can turn off large quantities of cloned pirate cards by simply turning off the original card • Other counter measures can be targeted at specific emulated chip sets and not effect the paying subscriber base
Counter Measures • To assist identifying Illegal streaming sources, counter measures like this one identifies the user of the box by displaying the serial number of the smartcard, decoder or UID which can then be immediately de activated
Counter Measures • Streaming by social media can be a little simpler such as this recent case where the user streamed it under his own social media account.
Where is this all going • The subscription TV industry has made some fundamental mistakes since the 80s which can be used as lessons as new IOT technology evolves. • Cyber security professionals are now becoming an integral part of the analysis, investigation and forensic aspects of the subscription industry to improve encryptions systems, protecting the client contents and battle the ongoing illegal content redistribution. • Satellite subscription TV piracy is a cat and mouse game.

Recommended

Understanding Australia's anti encryption law | EAGLEGATE
Understanding Australia's anti encryption law | EAGLEGATEUnderstanding Australia's anti encryption law | EAGLEGATE
Understanding Australia's anti encryption law | EAGLEGATENicole Murdoch
 
Cybersecurity legislation in Singapore (2017)
Cybersecurity legislation in Singapore (2017)Cybersecurity legislation in Singapore (2017)
Cybersecurity legislation in Singapore (2017)Benjamin Ang
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Benjamin Ang
 
The Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud ServicesThe Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud ServicesThis account is closed
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
 
Securing UC Borders with Acme Packet
Securing UC Borders with Acme PacketSecuring UC Borders with Acme Packet
Securing UC Borders with Acme PacketAcmePacket
 
Public Safety and the Internet of Everything Case Studies
Public Safety and the Internet of Everything Case StudiesPublic Safety and the Internet of Everything Case Studies
Public Safety and the Internet of Everything Case StudiesConnected Futures
 
DRM: A Skeptics View
DRM: A Skeptics ViewDRM: A Skeptics View
DRM: A Skeptics ViewLeigh Dodds
 

Recommended

Understanding Australia's anti encryption law | EAGLEGATE
Understanding Australia's anti encryption law | EAGLEGATEUnderstanding Australia's anti encryption law | EAGLEGATE
Understanding Australia's anti encryption law | EAGLEGATENicole Murdoch
 
Cybersecurity legislation in Singapore (2017)
Cybersecurity legislation in Singapore (2017)Cybersecurity legislation in Singapore (2017)
Cybersecurity legislation in Singapore (2017)Benjamin Ang
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Benjamin Ang
 
The Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud ServicesThe Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud ServicesThis account is closed
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
 
Securing UC Borders with Acme Packet
Securing UC Borders with Acme PacketSecuring UC Borders with Acme Packet
Securing UC Borders with Acme PacketAcmePacket
 
Public Safety and the Internet of Everything Case Studies
Public Safety and the Internet of Everything Case StudiesPublic Safety and the Internet of Everything Case Studies
Public Safety and the Internet of Everything Case StudiesConnected Futures
 
DRM: A Skeptics View
DRM: A Skeptics ViewDRM: A Skeptics View
DRM: A Skeptics ViewLeigh Dodds
 
Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy clubGet up to Speed
 
Fintech & blockchain technology 06.12.2021
Fintech & blockchain technology 06.12.2021Fintech & blockchain technology 06.12.2021
Fintech & blockchain technology 06.12.2021Oluwaseyi Adeniyan
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
Security For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers SafeSecurity For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers Safewoodsy01
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareTzar Umang
 
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...Prasanna Hegde
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselOCTF Industry Engagement
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICSDr. Prashant Vats
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxprtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessImran Khan
 
nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptxssusera5ade5
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsAdrian Dumitrescu
 
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30This account is closed
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataAccellis Technology Group
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessLucy Denver
 
IRSF Protection with PRISM
IRSF Protection with PRISMIRSF Protection with PRISM
IRSF Protection with PRISMXINTEC
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperationsAntonio (Tony) Robinson
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 

More Related Content

Similar to The enterprise of subscription tv piracy

Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy clubGet up to Speed
 
Fintech & blockchain technology 06.12.2021
Fintech & blockchain technology 06.12.2021Fintech & blockchain technology 06.12.2021
Fintech & blockchain technology 06.12.2021Oluwaseyi Adeniyan
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
Security For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers SafeSecurity For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers Safewoodsy01
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareTzar Umang
 
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...Prasanna Hegde
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxprtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessImran Khan
 
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30This account is closed
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataAccellis Technology Group
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessLucy Denver
 
IRSF Protection with PRISM
IRSF Protection with PRISMIRSF Protection with PRISM
IRSF Protection with PRISMXINTEC
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 

Similar to The enterprise of subscription tv piracy (20)

Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy club
 
Fintech & blockchain technology 06.12.2021
Fintech & blockchain technology 06.12.2021Fintech & blockchain technology 06.12.2021
Fintech & blockchain technology 06.12.2021
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Security For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers SafeSecurity For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers Safe
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-ware
 
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counsel
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
 
nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptx
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
 
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your Business
 
IRSF Protection with PRISM
IRSF Protection with PRISMIRSF Protection with PRISM
IRSF Protection with PRISM
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1
 

Recently uploaded

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

The enterprise of subscription tv piracy

  • 1. The enterprise of subscription TV piracy A mid level overview of (DVB) Digital Video Broadcasting content theft Presented at Sectalks (Perth) November 7 2017 By Sabastion F
  • 2. Introduction The purpose of this presentation is to provide an end to end awareness of encrypted satellite and cable tv piracy. Also includes bit of technical history and where it is heading with the current advancement of technology. We will be touching on common InfoSec elements including • Reverse & social engineering • Criminal organizations • Investigations • Operational security, from both vendor and content providers
  • 3. Disclaimer • I am NOT • A lawyer • A criminal profiler, investigator or any member of law enforcement • An employee or advocate for any content protection service • Commissioned to conduct research on any content protection systems • IMPORTANT This presentation is not an endorsement or meant to encourage the attempted circumvention of encrypted DVBS content. It is designed to explain piracy and anti piracy techniques used in the realm of piracy and cybersecurity as well as social drivers that support this industry.
  • 4. Your Presenter Who Am I • A telecommunications and IT technician • Work in the telecommunications industry for a large part of my career and specializing in satellite communications and network infrastructure. • According to my partner - On the spectrum and have a overactive tendency for reverse engineering. Which includes the kids toys. • Currently working towards a career in information security
  • 5. Summary of what were going to cover • Basics of satellite broadcasting • General overview of DVB content encryption and decryption • Introduce the players • The common criminal enterprise • Counter measures • The effects of DVB content piracy
  • 6. Public acceptance of content theft Homer: [reading the "So You've Decided to Steal Cable" pamphlet] So you've decided to steal cable. Myth: Cable piracy is wrong. Fact: Cable companies are big faceless corporations, which makes it okay.
  • 7. Captain Midnight Vs HBO - 1986 The HBO uplink hijack on Galaxy 1 was to protest against charges for access to scrambled satellite channels by HBO
  • 9. Receiving Equipment • Satellite Antenna / Dish • Satellite receiver with a (CAM) conditional access module or embedded decryption module • Subscription smartcard • Television
  • 10. Encrypting the content • DVB or Digital Video Broadcasting uses Common Scrambling Algorithm (CSA) to encrypt or scramble the channels.
  • 11. Decrypting the content • The CSA algorithm uses 64 bit decryption. Different proprietary decryption systems also implement additional encryption such as RSA, AES and 3DES during the key exchange.
  • 12. The players Team 1 1) Pay TV Provider 2) Content protection service 3) Subscriber ( you) 4) Installation technician
  • 13. The players Team 2 1) Hobbyists, Hackers & Opportunists. 2) Criminal organizations
  • 14. The players Team 3 1) Law Enforcement 2) Internal and external investigators 3) Content protection services – OPSEC 4) Security research teams 5) Anti Piracy organizations such as CASBAA & ASTRA
  • 15. The Criminal Enterprise • Criminal enterprises heavily invest in stealing research or purchasing solutions for which they can easily implement. • The target service is usually one that has the largest exploitable audience with the highest quality content including first release movies, sports and ppv. Bundling stolen content from multiple pay tv services from different satellites is also common. • They sell the equipment to access to the stolen content for a fraction of the cost, planning for fast and high number of sales, basic ROI. • Generally these criminal groups will be run by a single figure, sometimes a larger syndicate will fund the activity provided there is a guarantee of isolation from prosecution when they are caught.
  • 16. The Criminal Enterprise • Depending on the legal penalties in the country for piracy, the business model could be to make 3Mil$ over the life of the activity and then take a 1Mil$ fine and minor or suspended jail time when convicted. • The money from piracy in larger syndicates go into supporting other illegal activities such as drugs, prostitution etc.. • The whole activity will be structured in some form of a legitimate business, with multiple supporting companies both with legal and illegal intent. • Some organizations would make 15-25k a weekend selling new or reprogramming smart cards after counter measures were initiated by content providers.
  • 17. Exploit the technology Intercepting data between the conditional access module and card
  • 18. Exploit the technology • Card Cloning Ongoing cost to replace card or reprogram after key updates or implementation of anti piracy counter measures. Pirates often omit details from the card to ensure it does not update during a counter measure from the content provider.
  • 19. Exploiting the technology • IKS (Internet Key sharing) – Ongoing subscription by sharing the control word and IPTV streaming. IKS CW Server INTERNET DVB Descrambler Tuner Satellite Input MPEG-2 Decoder DVB Descrambler Tuner Satellite Input MPEG-2 Decoder IPTV Server INTERNET Streaming client Streaming client Streaming client Streaming client Streaming client Streaming client
  • 20. Exploiting the technology • Streaming technology with ongoing subscription fee • Live stream via social media • Embedded STB with 3rd party plugins
  • 21. Developing counter measures For effective counter measures to be developed requires the collaboration of several groups • Pay TV Content provider engineering and anti fraud departments • Content encryption provider engineering group • State & international Law enforcement • Private investigation of key criminal individuals and groups • Infiltration of online forums • Examples of the cards, devices and IP addresses of IKS servers and clients
  • 22. Counter Measures • By purchasing a cloned pirate smartcard during investigations and extracting the details, content providers can turn off large quantities of cloned pirate cards by simply turning off the original card • Other counter measures can be targeted at specific emulated chip sets and not effect the paying subscriber base
  • 23. Counter Measures • To assist identifying Illegal streaming sources, counter measures like this one identifies the user of the box by displaying the serial number of the smartcard, decoder or UID which can then be immediately de activated
  • 24. Counter Measures • Streaming by social media can be a little simpler such as this recent case where the user streamed it under his own social media account.
  • 25. Where is this all going • The subscription TV industry has made some fundamental mistakes since the 80s which can be used as lessons as new IOT technology evolves. • Cyber security professionals are now becoming an integral part of the analysis, investigation and forensic aspects of the subscription industry to improve encryptions systems, protecting the client contents and battle the ongoing illegal content redistribution. • Satellite subscription TV piracy is a cat and mouse game.