Thanks to an injunction obtained by the Premier League, ISPs can now be ordered to block 'pirate' IPTV services whenever they air live Premiership football games. The entire system is highly secretive but sources with knowledge of how it operates have been sharing what they know with TF. It's an intriguing and tactical game of cat and mouse.
Millions of people in the UK cite football (soccer for those over the pond) as their favorite sport. Every week, huge numbers head off to grounds far and wide but for the travel averse, watching matches on TV is the only option.
Broadcasters like Sky and BT Sport would like consumers to choose their premium offerings but that can be prohibitively expensive. Even then, the Premier League’s top games played on a Saturday afternoon are banned from TV, thanks to the somewhat archaic “3pm blackout“.
As a result, pirate IPTV services, which all but eliminate high costs while completely ignoring the blackout, are thriving. In response, the Premier League obtained a pioneering injunction from the High Court in 2017 that compelled the largest ISPs to block ‘pirate’ servers for a season. It has obtained permission to continue along the same lines twice since.
Based on information made available in the initial injunction, we previously provided a rough guide on how the system operates. However, the High Court also accepted that other details were secret and agreed to them not being detailed in public.
Since then, TF has received various pieces of information about how the blocking system works in practice but recently a new source came forward offering much more detail, from both the perspective of IPTV providers dealing with the technology and based on information that we’re told was leaked from inside an anti-piracy company.
TF was able to review copies of some of the information. We have been unable to confirm the manner in which the leaks allegedly took place but a secondary source, who has proven reliable in the past, acknowledged that a leak had taken place. It therefore seems likely that the company in question, which we have also chosen not to name, is already familiar with the circumstances.
We’re told that the original source of the leaks, with whom TF has had no contact and whose identity is unknown to us, went AWOL a number of months ago and stopped providing data. Exactly why is unclear but at this point, the details aren’t particularly important.
Inside the Blocking System
In a detailed analysis, our source explained that, unsurprisingly, the anti-piracy company first needs to become a customer of the providers it targets. That means signing up to services in the usual manner and handing over money to what are essentially illegal services.
Documents reviewed by TF also suggest the use of fake online social media accounts which solicit IPTV providers for trials. One particular account, created less than a week before the new season began in August 2017, had nothing but these kinds of requests in its timeline. At least one provider responded in public, apparently unaware of the nature of his potential customer.
Other information supplied suggests that in some instances PayPal accounts with fake details were used to sign up to IPTV providers. This, the source says, probably caused problems because the details on the accounts didn’t match real people’s identities, so they would eventually fail PayPal’s checks and become much less useful.
Once signed up, the anti-piracy company could act like any other subscriber but this didn’t go unnoticed. TF was shown a screenshot from an IPTV service’s customer panel, dated sometime in 2018, which revealed a suspect subscriber who had been a member for many months. The last login was actioned from a particular IP address which, according to current public WHOIS information, remains registered to the anti-piracy company in question.
An invoice for between 10 and 20 euros, dated 2019, which the source says was issued to one of the anti-piracy accounts, gave a name plus an address in London. The supplied postcode relates to an address in another country of the UK. When all put together it is clearly a fake account, although we weren’t able to positively link it to a specific anti-piracy operative.
Nevertheless, it seems clear from the supplied channel surfing logs (which we were told were retained and supplied by a cooperative third-party IPTV provider) that a normal human viewer almost certainly wasn’t behind the subscription.
The logs show that sports channels were systematically selected, presumably to be analyzed back at base, and then skipped to fresh channels over pretty precise set periods. According to our source, these durations were sometimes varied, in his opinion to avoid detection as a computerized system.
Of course, not all attempts at subscribing to channels for anti-piracy purposes are spotted early by the affected IPTV providers. Once in, we’re informed that the preferred method of scanning for infringement is via the humble .m3u playlist file, with channels to be monitored being captured for set periods and then rotated.
The scanning system reportedly allows for a VPN to be assigned to each .m3u line/account, in order to make detection more difficult. VPNs are also sometimes used to sign up and/or used for contact via customer support services offered by the providers.
According to the source, captured frames from ‘pirate’ streams are compared with a direct source from the original content. If there’s an automatic match (sometimes manual intervention is required) then the source server’s IP address is logged and sent to the big six ISPs in the UK for blocking.
We’re told that an email is also sent to the hosting companies of the servers informing them of the block, accompanied by a link to the High Court order. Often these notices aren’t passed on to the operators of IPTV services.
According to one IPTV provider, the process for checking for infringing streams begins around 15 minutes before a match begins and continues for 15 minutes after. Further checks are conducted in the interim to catch any IP address or other network changes carried out by the providers.
However, while infringing streams are apparently blocked in just a “few seconds”, it can take a couple of hours for them to become unblocked by ISPs after the games have finished.
While reports online indicate that some services have been affected by this type of blocking, it has also had some unintended consequences that may have made IPTV providers more resilient and more adept at countering the blocking program. We’ll cover some of those next time.