Millions of people in the UK consider football (Pond Football) to be their favorite sport. Every week, huge numbers go to places far and wide, but for people who don’t travel, watching matches on TV is the only option.
Broadcasters such as Sky and BT Sport want consumers to opt for their premium offerings but this can come at a high cost. Until then, the best Premier League matches played on Saturday afternoons have been banned from TV, thanks to “3 p.m. blackout“.
As a result, pirated IPTV services thrive, all of which whittle away high costs while completely ignoring obfuscation. In response, the English Premier League obtained a groundbreaking High Court injunction in 2017 that forced the largest internet service providers to ban “hacking” servers for a season. She has been given permission to continue in the same vein twice since.
Based on the information provided in the preliminary injunction, we previously provided a rough guide to how the system will work. However, the Supreme Court has also agreed that other details are confidential and agreed not to disclose them publicly.
Since then, TF has received various bits of information about how the blocking system works in practice, but recently a new source has emerged that provides more detail, both from the perspective of the IPTV providers who deal with the technology and based on the information we have been told. It was leaked from within an anti-piracy company.
The staff was able to review copies of some of the information. We could not confirm the manner in which the alleged leaks occurred, but a secondary source, who has proven reliable in the past, has acknowledged that a leak occurred. It therefore seems likely that the company in question, which we have chosen not to name, is already aware of the circumstances.
We’re told that the original source of the leaks, who the task force had no contact with and whose identity we don’t know, went AWOL several months ago and stopped providing data. The exact reason isn’t clear but at this point, the details aren’t particularly important.
within the ban system
In a detailed analysis, our source explained that, unsurprisingly, an anti-piracy company first needs to become a customer of the service providers you are targeting. This means signing up for services in the usual way and handing over money for what are essentially illegal services.
Documents reviewed by TF also suggest the use of fake social media accounts on the Internet asking IPTV providers for trials. One particular account, created less than a week before the start of the new season in August 2017, only had these types of requests on its timeline. At least one service provider has responded publicly, apparently unaware of the nature of their potential customer.
Other information provided indicates that in some cases, PayPal accounts with fake details have been used to register with IPTV providers. The source says this may have caused problems because the details in the accounts did not match the identities of real people, so they would eventually fail PayPal checks and become far less useful.
Once registered, the anti-piracy company can act like any other subscriber but this has not gone unnoticed. TF was shown a screenshot from the IPTV service’s customer panel, dated sometime in 2018, which revealed a suspected subscriber who had been a member for several months. The last login was made from a particular IP address which, according to current public WHOIS information, remains registered with the respective anti-piracy company.
A bill of between 10 and 20 euros, dated 2019, which the source says was issued to one of the anti-piracy accounts, gave a name as well as an address in London. The postcode provided relates to an address in a country other than the UK. When it’s all put together, it’s clearly a fake account, though we couldn’t positively link it to a specific anti-piracy activist.
However, it seems clear from the provided channel browsing logs (which we’re told are kept and provided by a cooperative third-party IPTV provider) that almost the average human viewer wasn’t behind on subscribing.
The records show that the sports channels were selected systematically, presumably parsed back into the base, and then skipped to new channels during strictly defined intervals. According to our source, these periods varied at times, in his opinion, in order to avoid being discovered as a computerized system.
Of course, not all attempts to subscribe to channels for anti-piracy purposes were spotted early by the affected IPTV providers. Once in, we know that the preferred way to look for transgression is via the humble m3u playlist file, where channels to be monitored are captured for set periods of time and then cycled.
The scan system is said to allow VPN to be set for each m3u line/account, in order to make detection more difficult. VPNs are also sometimes used to register and/or be used to contact customer support services provided by service providers.
Depending on the source, frames captured from “hacked” streams are compared to a live source from the original content. If there is an automatic match (sometimes manual intervention is required), the source server’s IP address is recorded and sent to the six largest ISPs in the UK for blocking.
We’re told an email is also being sent to the companies hosting the servers informing them of the ban, along with a link to the Supreme Court order. These notices are often not passed on to operators of IPTV services.
According to an IPTV provider, the process of checking for infringing streams starts about 15 minutes before a match starts and continues for 15 minutes afterward. Further checks are done temporarily to catch any IP address or other network changes made by service providers.
However, while apparently offending streams are blocked in “just a few seconds”, it can take up to a few hours for them to be unblocked by ISPs after the games are over.
While online reports indicate that some services have been affected by this type of blocking, it has also had some unintended consequences that may have made IPTV providers more resilient and more adept in the face of blocking software. We’ll cover some of those next time.