This isn't the only company selling access to near-real-time re-broadcasts of live content.
I'm surprised the NYT article doesn't mention others.
This part is interesting:
"The beIN antipiracy team believes it knows how beoutQ is stealing the signal. Essentially, the website is re-airing content delivered to an individual subscriber. Since each subscriber has a unique identification number that is usually visible, known as a fingerprint, beIN engineers thought they would be able to easily identify the offending customer. However, the pirates have figured out how to hide their fingerprints."
I'm sure there are challenges in doing this in real-time, and without introducing additional compression artefacts, but isn't this as simple as diffing feeds from 2 or more original subscribers feeds, to find where in the picture the subscriber info is encoded?
Surely they could do an overlay like what channels already put in with their logo, with a couple-pixel discrepancy (an 8x8 pixel shape with only 10% opacity or something) that translates to a user ID. Forums have been doing similar for close to a decade to figure out which user leaks info (we do it on some EVE Online forums).
It's yet another strange manifestation of "cyberwarfare". Since there's no international agreements restricting it we're only going to see more. Controlling what another country's citizens watch (and how much they pay for it!) is a lot of power.
(See also Facebook's sudden decision to ban foreign political ads in the Irish referendum)
Googling indicates that beIN has started using ASiD which seems to be the state-of-the-art in digital watermarking at the point of receiving (the beIN set-top box). I wonder if beIN is still being pirated effectively with this new deterrence.
> ASiD is a true step change in the fight against video piracy. Its combination of discrete identifying symbols, fractional second display and sophisticated placement, and interpretation algorithms make it impossible to obscure or mask with zero impact on the consumer experience.
Anytime somebody says impossible in a statement, you know it's marketing talk. Just off the cuff, what of simply taking multiple accounts, synchronizing them based on keyframe similarity, and then sampling from the accounts at random, applying an invisible distortion filter, and broadcasting?
Seems like a fun technical problem to solve. It's certainly a cat and mouse game, but in this case I think the odds are stacked in favor of the mouse, as this sort of task seems like child's play compared to the work that e.g. video game crackers go through and in that case the crackers have negligible resources whereas this station has vast resources.
Interesting. Given the negligible delay of 10 seconds, perhaps they did create processing clusters to do the pipeline of what you suggested.
More from the marketing brochure:
> The only requirement outside of the client-side embedder library is the installation of a video fingerprint generator appliance in close time proximity to the video encoder. Operating independently of the encoder on a copy of the signal, signatures are calculated and other frame analyses are performed to enable precise triggering and recovery of the identifying symbols.
I'm sure they did, but 10 seconds isn't "negligible" (if you've ever watched the superbowl in an apartment building on a hot day you'll know what i mean)
This is likely a satellite broadcast signal. That signal is encrypted, and the watermark is inserted by the decoder. If the decoder gets hacked they have no options.
(disclaimer: I used to build set top boxes doing satellite/cable protocol stuff ...)
they start by uploading new firmware to the decoder and changing it to only accept signed images (I bet they already do this, up to date firmware typically runs on a slow carousel on each satellite transponder)
Once you have your code in control on all your valid boxes you can switch the crypto - either the hacked box falls off the crypto and stops working or it does your watermarking - you can send EMMs to all the boxes telling them to identify themselves - blink out their box id in a random pixel somewhere (or do the binary thing mentioned above) - once you have that you send them an EMM to shut off their crypto
I did network consulting for one such organisation. Their management had taken the following -utterly brilliant- decisions in succession.
1. They got hacked, didn't respond.
2. Someone used the (published) hack to make cheaper decoder boxes. Management decided to sell these hacked, rather than the genuine ones. Or to put it another way, they screwed up logistics of their own boxes to the point that they decided to sell someone else's boxes.
3. Someone started rebroadcasting their signal. First on the internet, eventually on actual radio waves.
Because of 2) they couldn't turn off the hacker's signal. And they didn't want to because this would mean "taking a loss" to shareholders (ie. admitting the financial consequences of their own disastrous past decisions).
So "for business reasons" it may not be as simple as redoing the encryption.
Sure, but they only need to figure out which subscriber it is and start replacing his screen with content that is sure to infuriate their customers.
Of course this requires people who actually have the technical capability to do this. These are in VERY short supply in the middle east, so likely this company is purely a financial construction that outsources all it's technical stuff to the lowest bidder, which itself is a company that bought the system long ago from someone else.
So it is simple, or at least straightforward with no unknowns, provided you can work with the technology you're using.
If multiple channels are involved (the article mentions "10 beoutQ channels"), it is quite possible they have worked out how to compromise the conditional access on the broadcast, allowing the stream to be viewed,processed (and rebroadcast) without the mandated set-top box, and avoiding any client-side watermarking.
Various Pay TV conditional access (read: encryption) have been cracked over the years, it wouldn't surprise me if there are undisclosed 0days floating around.
The decoder box has to decrypt the satellite signal, run it through a video codec, apply the fancy watermarking, and then output the signal. I'm guessing they've worked out a way of hacking the STB to extract the signal between the decryption and watermarking stages.
FTA it sounds like the pirates may actually control the satellite? Arabsat appears to be the source of the signal, so could the issue be a "leaky" legit distributor for BeIN?
I remember back in early 2000s getting premium satellite tv for free was as easy as just installing a firmware on your STB. Eventually, the encryption got too hard and expensive to crack, so regular hackers stopped working on firmwares.
Superimpose it on a random area of the screen, making it look like it's something painted on the field, if the image goes to the satellite with the message already there, 10 seconds wont be enough to block it without disrupting the transmission.
This article made me wonder if the criticism of the Qatar World Cup - the working conditions of the labourers, the weather, the lack of football tradition, the pay-for-play - if that is all planted by Saudi Arabia and her Western allies trying to discredit and isolate Qatar.
I've read the stories about migrant labour and construction deaths. They sound terrible but people died in South Africa too. The climate will be significantly cooler than in Orlando. Japan wasn't a footballing power before it hosted the tournament. And literally everyone who wants to host it has to make it financially worthwhile for FIFA. So why the Qatar backlash?
It probably has something to do with the part about Qatar being a very tiny place (a native population of 300,000!) with very wealthy people and never having qualified for the World Cup before. That seems ripe for a bribe, especially because everyone knows FIFA is and was corrupt.
All the football live streams on Facebook alone and no one is doing anything (at least it feels like it) to remove them. And they're all with arab text scrolling on the bottom.
When a game is on, our visitor numbers drop by a large % (almost completely). When a game is on I can be sure our ad revenue is down by at least 70%, because those games are so widely accessible via Facebook.
36 comments
[ 5.6 ms ] story [ 80.7 ms ] threadI'm surprised the NYT article doesn't mention others.
This part is interesting:
"The beIN antipiracy team believes it knows how beoutQ is stealing the signal. Essentially, the website is re-airing content delivered to an individual subscriber. Since each subscriber has a unique identification number that is usually visible, known as a fingerprint, beIN engineers thought they would be able to easily identify the offending customer. However, the pirates have figured out how to hide their fingerprints."
I'm sure there are challenges in doing this in real-time, and without introducing additional compression artefacts, but isn't this as simple as diffing feeds from 2 or more original subscribers feeds, to find where in the picture the subscriber info is encoded?
(See also Facebook's sudden decision to ban foreign political ads in the Irish referendum)
> ASiD is a true step change in the fight against video piracy. Its combination of discrete identifying symbols, fractional second display and sophisticated placement, and interpretation algorithms make it impossible to obscure or mask with zero impact on the consumer experience.
Seems like a fun technical problem to solve. It's certainly a cat and mouse game, but in this case I think the odds are stacked in favor of the mouse, as this sort of task seems like child's play compared to the work that e.g. video game crackers go through and in that case the crackers have negligible resources whereas this station has vast resources.
More from the marketing brochure:
> The only requirement outside of the client-side embedder library is the installation of a video fingerprint generator appliance in close time proximity to the video encoder. Operating independently of the encoder on a copy of the signal, signatures are calculated and other frame analyses are performed to enable precise triggering and recovery of the identifying symbols.
they start by uploading new firmware to the decoder and changing it to only accept signed images (I bet they already do this, up to date firmware typically runs on a slow carousel on each satellite transponder)
Once you have your code in control on all your valid boxes you can switch the crypto - either the hacked box falls off the crypto and stops working or it does your watermarking - you can send EMMs to all the boxes telling them to identify themselves - blink out their box id in a random pixel somewhere (or do the binary thing mentioned above) - once you have that you send them an EMM to shut off their crypto
1. They got hacked, didn't respond.
2. Someone used the (published) hack to make cheaper decoder boxes. Management decided to sell these hacked, rather than the genuine ones. Or to put it another way, they screwed up logistics of their own boxes to the point that they decided to sell someone else's boxes.
3. Someone started rebroadcasting their signal. First on the internet, eventually on actual radio waves.
Because of 2) they couldn't turn off the hacker's signal. And they didn't want to because this would mean "taking a loss" to shareholders (ie. admitting the financial consequences of their own disastrous past decisions).
So "for business reasons" it may not be as simple as redoing the encryption.
Of course this requires people who actually have the technical capability to do this. These are in VERY short supply in the middle east, so likely this company is purely a financial construction that outsources all it's technical stuff to the lowest bidder, which itself is a company that bought the system long ago from someone else.
So it is simple, or at least straightforward with no unknowns, provided you can work with the technology you're using.
If multiple channels are involved (the article mentions "10 beoutQ channels"), it is quite possible they have worked out how to compromise the conditional access on the broadcast, allowing the stream to be viewed,processed (and rebroadcast) without the mandated set-top box, and avoiding any client-side watermarking.
Various Pay TV conditional access (read: encryption) have been cracked over the years, it wouldn't surprise me if there are undisclosed 0days floating around.
Like being forced to purchase a bundle of channels or a season of games when you only want to watch one team or a specific sport.
If these media companies would make it convenient, ala carte, and priced reasonably, piracy would plummet.
All you need to do is look at iTunes, Spotify, etc.
I've read the stories about migrant labour and construction deaths. They sound terrible but people died in South Africa too. The climate will be significantly cooler than in Orlando. Japan wasn't a footballing power before it hosted the tournament. And literally everyone who wants to host it has to make it financially worthwhile for FIFA. So why the Qatar backlash?