Openload piracy investigation hit ‘dead end’ due to false customer information *TorrentFreak

MpaIn response to a call for evidence from the House of Lords Committee on Fraud and Digital Fraud Act 2006, several companies, groups and organizations have offered their views on how the UK is tackling the rise in fraud.

the consultation It closed last month and among the applications is one chaired by an MPA with support from various entities including the BBC, BPI, BSkyB, Premier League, FACT, IFPI, ITV, Publishers Association and UK Music.

The submission paints a picture of companies trying to fight piracy (and stretch fraud) but then encountering investigative hurdles as they try to pinpoint their targets.

The lack of reliable information

The MPA says that for pirates to operate on a commercial scale (such as IPTV providers and streaming platforms), they need access to legitimate services such as online hosting, advertising, payment processing, and e-commerce platforms. During an investigation, these legal services can potentially be important sources of information but they don’t always work that way.

“[T]The problem is often due to the fact that the online intermediaries who provide the business infrastructure that enables the operation of the illegal service cannot provide any information that would allow verification of the illegal service provider. It is clear that that or the information they can provide has been stolen, fake, incomplete, or otherwise misleading.”

“The ease with which nefarious actors can remain anonymous in their underlying business transactions actively facilitates digital piracy and other crimes potentially committed online, including acts of digital fraud.”

Hacking as a Service

The MPA says the lack of accurate information helps so-called hacking platforms as a service (PaaS) thrive. These range from ready-made piracy streaming website templates, databases with tens of thousands of movies and TV shows, IPTV dashboards and infrastructure, to video hosting services that block links to infringing content.

These services lower the barriers to entry for people looking to engage in hacking – in some cases, the time required to build a hacking platform can be measured in minutes rather than days or weeks. The MPA says this provides fuel for more fraud, so the government should help by enforcing strict Know Your Business (KYBC) rules.

means to achieve this goal available in the E-Commerce Regulations 2002 but there is currently no enforcement. Rights holders would like to see an amendment that introduces penalties for those who currently choose not to comply, and hopefully this will lead to more due diligence and subsequent access of rights holders to accurate piracy identification information.

The MPA adds: “Introducing the KYBC obligation on brokers who provide internet services to others would require those brokers to confirm and verify the identity details of their trading customers, regardless of their location, before any business takes place between the two.”

The submission contains investigation summaries where the powerful KYBC system may help rights holders out. One example is particularly egregious to the point of being unbelievable, if only from an accounting and tax perspective.

Fatah: A multi-year investigation reached an unknown ‘dead end’

Openload was one of the biggest file hosting sites on the internet, but in 2019 and with little warning, the platform suddenly shut down along with the related Streamango service. With more traffic than Hulu, HBO Go, and Sky, this was a very big deal.

In the aftermath of the initial chaos, the Alliance for Creativity and Entertainment claimed responsibility for the demise of both sites. “The operator behind the two hacks is requested to stop operating the services and pay substantial compensation for the damage.” advertisement added.

Whether the payout clause actually leads to anything being paid remains unknown but in comments to the UK government, the MPA notes that due to KYBC’s lack of accountability, the Openload investigation was completely unplanned.

“Following a multi-year, resource-intensive investigation by the MPA, this service has been revealed to be hosted and operated from within the European Union (EU), with infrastructure from EU service providers,” explains the MPA.

“When the MPA obtained a court order directing the EU hosting provider to identify its customer for Openload and two other hacking services, we hit a dead end: the listed customer was an entity not located in Hong Kong.”

The frustration of MPA begins in France and ends in Asia

Documents dated 2020 seen by TorrentFreak reveal that the three sites were Openload, Streamango, and RapidVideo, a file-hosting site that shut down within days of the others in 2019. All three sites appear to have used the same hosting company, which the MPA described in the documents as ” A global scale cloud provider” with 300,000 servers in 28 data centers across 19 countries.

An order issued in August 2019 by the High Court in Lille, France, obliges this host country to hand over all information “allowing the identification of persons” who created and operated the three sites. With the kind of KYBC system the MPA would now like to see in place, that should have been possible. In this case, nothing close to that happened.

The host was not named by the MPA but was almost certainly based in France’s OVH. Responsible documents handed to the MPA at the time revealed that the three services paid €19 million in hosting fees. Invoices sent to Openload and Streamango were paid by the host using either a PayPal account registered to an advertising company in Costa Rica or untraceable credit cards.

The business address that Openload provided to the hosting company led the MPA to “dead end” in Hong Kong.

Openload Hong Kong

In what appears to be a follow-up from the host, the MPA was informed that “the data our client is sending is purely illustrative data. [Host] It therefore does not possess any element that allows for verification of authenticity.” A contact from another host company in Germany indicated that the information on file had been provided by the customer and had not been verified for accuracy.

“Introducing KYBC liabilities in the UK would remedy this failure by forcing UK-based brokers to know exactly who their trading clients are,” the MPA continues.

“In the MPA’s experience, coordinated action on transparency in the UK and EU will have the additional effect of degrading the quality of offending services that offending offshore operators can provide to UK consumers by forcing them to use lower-quality infrastructure based outside Europe.”

Submitting an MPA to the Lords Select Committee can be found here here