Cisco Blogs

Same Pirates, New Means: From Card Sharing to Content Sharing

- September 2, 2016 - 1 Comment

By Miro Pinkas, Information Security Engineer, Operational Security, SPVSS, Cisco

Methods of video piracy have changed over the years — that’s for sure. What hasn’t changed is the motivation to do it in the first place. For one thing, consumers are price-motivated, and “free” is an enduringly popular price point. Viewers are inspired to see titles they may not be able to watch otherwise, usually as a function of geographic rights restrictions.

Pirates are motivated partly by the challenge, and partly by the economic upside: Many sell bootlegged video content at a fraction of legitimate Pay-TV prices, or generate financial upside through advertisements.

The first blog in our series on video content security discussed the changing face of piracy. Next we would like to share our research into the (very!) dramatic shift from “card sharing” to “content sharing.”

Here’s a quick backgrounder: For the past decade, video piracy was largely a matter of “card sharing,” which also goes by “control word sharing” — a reference to the Control Words that allow decryption of content in conditional access systems. Extracting the control word enabled video pirates to sell or otherwise share bootlegged content.


Over the same 10-year timeframe, security technology providers (ourselves among them) have consistently made it harder for card sharing to occur, which is good. Except there’s a much darker piracy cloud at hand, and it is directly overhead: Content sharing. Pirates are using the same exchange platforms that served them for card sharing, except that now they are sharing and trading actual content rather than, or in addition to, control words.

With history as a reliable guide, it’s only going to get worse. Right now, we’re in the rise of online forums that host “IPTV exchanges.” For example: Pirate Pete swaps his spoils with Pirate Patty, who has video assets he doesn’t. And vice versa.

Here’s a friendly explanation of how we found evidence of content sharing, in our research into not-so-friendly video piracy: Pete purchases one illegal subscription from a Greek provider, and Patty buys another, from an Italian provider. Both subscriptions contain some of the same channels, from all over Europe.

Aha! One day, one of the Italy-sourced channels displays a set-top box error — and the very same channel goes dark on the Greece-sourced channel, with the same error message. Conclusion: The same video source fed both illegal services. If nothing else, this proves that video pirates are sharing illegal feeds amongst themselves.

We spend a considerable amount of time looking “under the hood” of contemporary piracy techniques. In the course of those observations, we uncovered several disturbing advantages of content/stream sharing, over card/control word sharing:

  • No geographic restrictions: With card sharing, the client device must first be able to receive the signal. As such, the geographic footprint of the satellite or cable boundary limits coverage. Not so in content sharing, where the whole stream, audio and video, is shared over the boundary-less Internet. Around the world, in seconds.
  • No latency issues: Card sharing uses an innate timing mechanism to limit piracy. If the control word exchange doesn’t happen within a matter of milliseconds? No picture. Video streams, on the other hand, are unimpeded by latency. At worst, high latency creates a longer timing offset from the live stream: If the first server gets the stream with a 10 second buffer, the fifth server gets it with perhaps a 30 second delay. But, no glitches.
  • The pirate cloud: The cloud is everywhere. Pirates love it, too! That’s because streaming exchange servers run best in the cloud, on VPS servers, which stands for “Virtual Private Servers.” Receiving streams from VPS exchange servers, then re-streaming those assets to paying clients and other servers — it’s all in the cloud.

We did identify a few challenges of pirate streams, starting with bandwidth. Stream exchanges devour broadband capacity — especially now, with more people sharing HD content than lower-quality standard definition (SD) streams.

Take a look at the numbers. Receiving just one HD channel as a stream from another server consumes about 25 Gigabytes per day. So, to attempt to source, say, 40 channels, necessitates something like 1 Terabyte per day. (Hence bandwidth “caps.”) Obviously an SD channel would take much less bandwidth.

Yet here again, we run into nefarious advances by the “pirate clouds.” Various European providers of cloud-based solutions — such as a cloud-dedicated server (the aforementioned “Virtual Private Server”), include offers with 100 Mbps of traffic network speed, for as little as $3.49/month. Such a server can handle about 40 clients, simultaneously streaming in HD.

An enhanced offering includes a dedicated server with a 1 Gigabit per second (Gbps) uplink, 32 GB of RAM, and enough storage to host a pirate streaming server with 400 clients, hundreds of live channels, and a VOD library with thousands of HD-quality movies and TV series. No wonder it’s a favorite offer amongst professional pirates!

Pile onto that the load balancing techniques that enable pirates to “chain” multiple VPS servers into a single cluster, and the pirate cloud grows all the more vexing.

Another challenge is the relative complexity of setting up and maintaining such an advanced broadcasting system. Configuring the software and hardware associated with pirated IPTV content distribution and management can be pretty byzantine.

To make pirate’s life easier, there are fully working software solutions called “IPTV panels”. These software bundles include all the necessary tools to run IPTV broadcasting operations: subscriber management, channel management, packages, prices, statistics, and more. The most popular services aren’t free. Consider as an example the “Xtream Codes IPTV Panel,” which comes with published tutorials — as well as several fee-based options (around 19 Euros) to get it set up. But after all, pirates wouldn’t be pirates if they paid legitimate fees; many use “cracked” versions of paid IPTV panels and don’t pay any royalties at all.


Hopefully you found our second blog in our series on TV piracy informative. For us to collectively make a dent on the untold billions of dollars lost to video pirates, we need to continue to work collaboratively. Obviously, we know a lot more than we can share in a public blog. Suffice it to say that we have tons more data on the topic.

Come visit us at IBC in September in Hall 1 Stand A71 to see our new security for video solutions up close and personal.

  • Read Part One of our Security for Video blog series here
  • Read Part Three of the series here




In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


    Sure it's very informative. Thanks for sharing it.