Hijacked Residential IPs – A New Piracy Threat for Sports … · 2021. 1. 12. · The effects of geo-piracy can be seen in the 2020 case of BeIN Sport, a Qatar-based sports network,

Hijacked Residential IPs – A New Piracy Threat for Sports Leagues, OTTs and RightsholdersHow to stop the COVID-19 related surge in VPN/DNS proxy based content piracy

WHITE PAPER

White Paper | 2

Executive SummaryDuring COVID-19 there has been minimal fan attendance at sporting events, so the

revenue generated from live sports broadcasts has become more important than ever.

This white paper provides insights on how sports rightsholders and over-the-top (OTT)

broadcasters can safeguard this vital revenue stream, which is being threatened by VPN

providers aggressively marketing their products to promote wide-spread geo-piracy.

It also details how millions of users who downloaded “free” VPN software have

unwittingly had their residential IPs hijacked and then “leased” to other VPNs who sell

them as a premium option to enable users to bypass existing VPN detection using

“undetectable” IPs.

The white paper explains the tools and techniques that sports rightsholders and OTT

broadcasters can use to combat both conventional VPNs as well as the new threat

caused by hijacked residential IPs, including solutions integrated at the content delivery

network (CDN) level.

Table of ContentsExecutive Summary 2

Geo-Piracy: a Major Risk for OTT Sports Broadcasters and Rightsholders 3

Geo-Piracy Undermines Territorial Business Model 4

Don’t OTT Broadcasters Already Check End-User Location? 5

Hijacked Residential IPs – A New Threat to Broadcasters and Rightsholders 6

Solving the Residential IP Problem 7

VPN and DNS Proxy Providers Know What Customers Want to Watch 8

Stopping VPN-Based Geo-Piracy Safeguards Revenue 9

How GeoGuard Can Help 9

White Paper | 3

Geo-Piracy: a Major Risk for OTT Sports Broadcasters and RightsholdersWith minimal or no fans at sporting events due to the

pandemic, comes a dramatic increase in the use of live sports

streaming services. This situation has also led to a huge surge

in the use of VPNs and DNS Proxies to access geographically

restricted live sports content. As more people are staying

home, VPN and DNS Proxies providers are using the pandemic

to aggressively market their location spoofing products.

For OTT sports broadcasters, content leakage and geo-piracy

via VPNs and DNS Proxies puts them at potential breach of

their territorially-based content distribution contracts with

rightsholders, and undermines their existing pricing strategies.

For rightsholders, geo-piracy erodes the value of their content,

putting the ongoing economic viability of their operations at

risk.

Because OTT access is multiplatform, protection needs to

be applied evenly, ideally at the CDN level, across all popular

digital touchpoints. Additionally, GeoGuard has identified at

least six major VPN and DNS Proxy providers using hijacked

residential IP addresses to circumvent traditional VPN

detection.

GeoGuard provides a suite of geo-filtering and fraud detection

solutions, combined with human intelligence, to stop internet

users from spoofing their location. Our solutions are already in

use by some of the world’s leading broadcasters, rightsholders

and OTTs and are integrated at the CDN level on both Akamai

and AWS CloudFront, as well as many other platforms.

Contact us at [email protected] for more

information.

White Paper | 4

Geo-Piracy Undermines Territorial Business ModelMinimal or no fans at sporting events during the pandemic means more demand

for live sports content over the internet. This has led to an increase in the use of

streaming services and in the use of VPNs and DNS Proxies for users to spoof their

IP address in order to access geo-restricted content.

In addition to the illegal piracy aspect of this activity, the growth in geo-piracy via

VPNs and DNS Proxies undermines the territorial business model that sports

leagues, content owners, sports rightsholders and premium OTT broadcasters rely

on for revenue.

The effects of geo-piracy can be seen in the 2020 case of BeIN Sport, a Qatar-based

sports network, when they classified Serie A’s football matches as non-exclusive

content because of rampant piracy.

Its chief executive, Yousef Al-Obaidl, told the live sports streaming ecosystem if

rightsholders don’t do everything they can to protect their content from piracy, then

he’s either not going to bid for those rights or will price them lower accordingly.

The price of the piracy for Serie A translated into approximately $200 million

dollars, which is the estimated amount that Serie A refunded to BeIN.

The Risk Posed to Rightsholders by VPNs/DNS Proxies:

White Paper | 5

Don’t OTT Broadcasters Already Check End-User Location?Geolocation checking based on a users’ IP addresses is currently the most popular method among OTT broadcasters.

However, due to a lack of commonly applied standards, often the geo-fencing techniques used are undermined by:

Virtual Private Networks (VPNs)

A tool used to add security and privacy to

private and public networks in order to

mask the user’s IP address. Thousands of

sites offer easy to use, one time setup VPN

services that will allow the user to hide their

location. VPNs are increasingly popular.

Plus, due to VPN-blocking attempts, they

now even offer residential IP addresses to

bypass existing detection methods.

DNS Proxies

Enable a computer or mobile device to

access region-restricted or blocked content

from anywhere in the world. A connection

between the consumer and the site serving

restricted content is established through a

proxy server located within the approved

areas for accessing the content.

Plus, it’s easy for consumers to bypass IP address checking. Common methods include:

Using no or poor

quality VPN/DNS

Proxy detection.

Failure on the part of

the OTT broadcaster

to integrate properly

(or at all) at the CDN

level with their geo-

fencing vendors.

Failure to

differentiate between

mobile and fixed

Internet connections.

Failure on the part of the

OTT broadcaster to share

traffic data or collaborate

with their VPN/Proxy

detection vendor to block

the most popular VPNs

and Proxies.

1 2 3 4

White Paper | 6

Hijacked Residential IPs – A New Threat to Broadcasters and RightsholdersTo circumvent geographical restrictions on content, users have been downloading

“free” VPN software. However, these “free” VPN providers, such as HolaVPN and

SmartProxy, essentially “hijack” the residential IP address of the people who

download the free software (through a complicated terms of service agreement)

and then sell (or “sublease”) these residential IPs to other service providers.

These service providers in turn sell these residential IP to users as “undetectable” or

premium IP addresses in order to bypass traditional VPN detection, which can only

detect the data center IPs used by VPN/DNS Proxy providers.

Examples of “Free” VPN Providers Selling Residential IPs

HolaVPN

Over 130 million users of their VPN services; their Chrome browser extension alone has almost 9 million weekly users

SmartProxy

40 million residential IP addresses

Luminati

72 million residential IP addresses

Oxylabs

70 million residential IP addresses

White Paper | 7

By integrating VPN detection at the CDN level, this switch can be easily detected and the illegal stream stopped.

Did You Know?

GeoGuard is integrated with industry-leading CDNs

GeoGuard’s advanced, continuously updated VPN and

DNS Proxy detection solution is now integrated directly

with some of the world’s largest CDN providers, including

Akamai and AWS CloudFront, making it even easier to

combat geolocation fraud and content piracy. This CDN

strategy provides rightsholders and content owners with

the highest level of protection from geo-piracy caused by

both standard data center IPs and residential IPs.

If you’re utilizing Akamai, AWS CloudFront or any other

CDN, please contact us at [email protected] for

more information.

Buy Now

Learn More

Solving the Residential IP ProblemResidential IP addresses are expensive to use for the actual delivery of the streaming video content, so they are only

employed at the website level to grant users access to the content. When the actual stream starts, the VPN provider

switches to a cheaper, non residential IP (a data center IP) at the CDN level.

White Paper | 8

VPN and DNS Proxy Providers Know What Customers Want to WatchGeoGuard actively tracks the most popular and active spoofing services (over 1,000 of

them and counting). These companies market themselves aggressively, often targeting

specific sports content or an OTT broadcaster it knows consumers are looking to watch.

For instance, they offer step-by-step guides on how their product can be used to access

major sporting leagues’ streaming content at drastically lower costs.

Geolocation performed by using the end-user’s IP address.

Use Case: A sports fan in the United Kingdom wishes to watch English Premier League football matches without paying for a domestic Pay-TV subscription. While doing some online research, the sports fan comes across a foreign free-to-air OTT broadcaster which shows the same games in English. However, the website cross-references the fan’s IP address against a standard IP location database, detects that it comes from another country and displays an error message stating their location is outside the broadcast territory.

The fan does some additional research and finds several VPN providers detailing ways to circumvent the restrictions. After signing up for a VPN subscription and installing a small piece of software, the fan can set their IP address to be inside the foreign broadcaster’s territory. After revisiting the free-to-air website, it fails to detect the IP address as one that has been used for the last three months by the VPN provider and grants full access to watch the games.

Solution: When the fan visits the OTT broadcaster website via a VPN, their IP address is screened against a highly accurate and up-to-date database of known IP addresses used by IP anonymizing services - a database that is updated several times a day. The IP address is recognized as one belonging to a known data center which hosts VPN connections. An error message is displayed informing the fan that the IP address is outside the broadcast territory.

Scenario 1 – IP-based Geolocation

Geolocation performed by using functionality available at the CDN level.

Use Case: A German consumer wants to watch the latest local football matches. The consumer is aware of a cheap streaming service which broadcasts them across a number of Latin American countries. Using a computer connected to the internet via Wi-Fi, the consumer visits the relevant site in order to sign up to the service.

Upon launching, the site queries the user’s IP location and informs them that the Wi-Fi connection is located in Frankfurt, Germany, not in any part of Latin America. However, the consumer anticipated that this could happen, so they activate their premium VPN that employs residential IPs to get access to the website. Once on the site, they select the stream for the match they want to watch.

Solution: Residential IPs are expensive, so they are only employed at the website level to grant users access to the content. Once the actual video starts streaming, the VPN or DNS Proxy provider switches to a cheaper non-residential IP address (a data center IP). By integrating a solution at the CDN level, this switch can be detected by the CDN to stop the stream.

Scenario 2 – CDN-level protection

Example Scenarios

!

Stopping VPN-Based Geo-Piracy Safeguards RevenueBecause sports content varies considerably in price

between domestic and foreign markets, broadcasters

need to implement a high standard of end-user location

verification to remain compliant with rightsholders’

requirements. To protect their business and pricing

models, they must ensure that their geolocation

solution is effective and approved by the relevant sports

rightsholders.

With less or no fans in the seats for sporting events,

it is critical for sports rightsholders and OTT sports

broadcasters to ensure they are gaining the maximum

revenue from their live sports broadcasts and safeguard

the value of this content for their international OTT

providers, who bid for exclusive broadcast rights. As

we have seen, if rightsholders are not doing everything

in their power to protect their content from piracy, the

value of their content will decline.

The pandemic has seen a surge in all forms of piracy

as users seek ways to illegally access content. It may

seem a daunting task to address piracy in its entirety,

but fortunately geopiracy and geolocation fraud caused

by VPNs and DNS Proxies is one area that can be easily

tackled through the use of the integrated solution that is

offered by GeoGuard.

At GeoGuard, we focus solely on geolocation-based

security and protection of digital content. As the only

independently rated market leader for protection

against VPNs and DNS Proxies and a Hollywood

Studio Approved solution, we help the digital media

ecosystem and other industries guard against

geopiracy and location-based fraud.

GeoGuard’s industry leading VPN/DNS Proxy detection

solution is continuously updated and fully integrated at

the CDN level with Akamai, AWS CloudFront and others

to provide fast and easy access to our award-winning

technology. This enables online broadcasters to

utilize GeoGuard’s solutions to remain compliant with

studios’ and sports rightsholders’ content protection

obligations.

Our detection solution is updated multiple times per

day and can distinguish between mobile and fixed IPs,

residential IPs (via CDN) and IPv6 addresses. GeoGuard

has been independently tested and rated as 97.5%

effective in detecting and blocking VPNs by Kingsmead

Security.

Contact us to learn more at [email protected]

GeoGuard is also available through Akamai and AWS Marketplace

How GeoGuard Can Help