How to control piracy of premium video content by identifying major leakage points

With the increasing popularity of over-the-top (OTT) video content has emerged the threat of video piracy. Hackers exploit weaknesses in the delivery system to extract high-definition video streams and sell it in the grey market. Content leakage in the OTT space can broadly be categorized into the following types, which put pressure on the platform resources and lead to revenue compromises:

  1. Sharing of accounts: When there are multiple authentication authorizations with different IP addresses/ISPs and from different geographical locations, it is possible that the account might have been compromised. It could also mean that an authorized user has shared their credentials with friends and family or a much wider group.
  2. Viewing outside the designated geographical area: Sometimes users view content from outside the designated service area. While the initial authorization attempts could have been genuine, the true location might be revealed from other data sources. This creates cost escalation for the platform as users in legitimate geographies have to share platform resources with the ones outside permitted areas.
  3. Compromised accounts: Sometimes the viewing sessions of an authenticated and authorized user change IP addresses frequently within a short time frame and spanning multiple geographical areas. This could indicate that the account has been compromised with multiple users accessing the service without the knowledge of the authorized user.
  4. Viewing only live streaming DRM protected content for very long periods of time in a single session by a user could also lead to additional expenses for the content distributor.
  5. Tampering with the playback environment: Hackers tamper with the code in the delivery chain to illegally access video assets. This can be detected in various ways, such as tamper warnings fired from the code obfuscation solution, session token data mismatches, multiple authorization attempts, or multiple content license request attempts for a single-use token.
  6. Viewing from anonymous IPs: Viewer’s traffic can sometimes come from a proxy/VPN server or a suspected network source such as a cloud infrastructure vendor instead of an ISP.

Even with increasing competition and high demand for streaming content driving storage pricing down, the cost of delivering compressed video to the client device is an expensive affair. The service pricing is usually modeled based on the per-user delivery/CDN cost, DRM implementation fee, and cost of video watermarking, which are driven by view time per user session among other factors. Hence, if the aggregate consumption exceeds the predicted model adopted by the content distributor due to such leakages, it leads to additional expenses.

Hence, once a subscriber has signed up for a service on an OTT platform, the user behavior must be monitored to identify fraudulent or suspicious activity. This is crucial for revenue protection as well as for abiding by the content licensing deals.