Content Cafe


‘Cryptojacking’ is the latest threat to users of piracy sites

by Lori Flekser, Executive Director, Creative Content Australia — 24/10/2019

Online content piracy continues to undermine creative industry investment and revenue, with the professional criminals behind pirate sites benefiting financially from other people’s work. With pirate website profits of up to 97 per cent (of course they don’t shoulder the cost of making anything), nefarious ways to make money from content theft are evolving.

Some years ago, the links between pirate sites and computer malware became apparent. At first, it was predominantly in relation to advertising. A 2013 study from the University of Ballarat found that only 1 per cent of advertisements on pirate sites were for “mainstream” ads – placed by legitimate businesses that operated within the formal economy. The remaining 99 per cent were considered “high risk” to the consumer, including malware (often through fake anti-virus ads), scams (fake jobs, fake prizes, investments, etc) and links to online gambling and pornography.

Fast forward to 2019 and meet “Pirate Matryoshka”, recently identified on The Pirate Bay, where scammers started seeding a host of cracked software copies, replacing the original source files with malicious files of their own.

Malware developments mean many attacks are often undetectable to the general population: cybercriminals have developed lighter-touch techniques to accessing data and information. Trojans in particular have seen a resurgence since 2018. These smarter, cleaner executions of data theft mean many consumers don’t even know they’ve been a target, or had their computer compromised.

Research then emerged demonstrating how pirate sites were looking beyond advertising to generate income. They were actively partnering with global digital criminals to steal money from consumers who visited their sites: imagine that, while you are buying a phone from the guy parked behind the pub, he nicks your wallet.

After comparing a sample of approximately 800 infringing sites, a 2015 study from the Digital Citizens Alliance found that one out of every three infringing sites surveyed contained malware. Visitors were 28 times more likely to get malware from an infringing site than on legal content sites.

Forty-five per cent of the malware on the infringing sites surveyed was delivered passively – meaning that visitors to the site could be infected without the user having to click a single link.

A 2014 study from the Digital Citizens Alliance (DCA) and MediaLink LLC examined ad revenue for the top 30 pirate sites and found they were earning average profits of over $4.4 million annually. And of course, because their business model relied entirely on the illegal distribution of innumerable titles – which had cost others billions to create – their profit margins ranged from 80 per cent to 94 per cent.  It demonstrated sadly that crime can pay when stealing other people’s work.

There is little doubt, even today, that pirated movies, games software or music remain a favoured method to spread malicious code or malware, embedded and disguised within a movie or music file.

Creative Content Australia has followed this trend for many years in its annual research.  Around 75 per cent of Australians agree that streaming or downloading pirated content heightens exposure to viruses and malware.

Why is there such high agreement? Because 49 per cent of those who visited pirate websites experienced viruses compared to only 16 per cent of non-pirates.

Last year, in order to quantify the risk of piracy, a researcher from Carnegie Mellon University observed the online activities of 253 people for a year. He concluded that every doubling of the amount of time that the users spent on various illegal torrent and streaming sites resulted in a 20 per cent increase in malware count on their computers.

“Cryptojacking” is a more recent method used by pirate sites to increase revenue. Pirate sites use visitors’ processing power to mine crypto. Ironically, content thieves were outraged that their computing power was harnessed for mining XMR.

And, if that wasn’t enough, some pirate sites, having been “persuaded” to shut down by rightsholder groups, are transferring user data to copyright holders who may pursue them legally.

Australians have never been more spoilt for entertainment choices with a vast array of low-cost streaming platforms plus the commercial and public broadcasters’ free online services. Logic suggests piracy incidence should be declining and yet, worldwide, the opposite is true.  When they have paid for one or more subscriptions to legal services, it appears that consumers are feeling justified to pirate any titles that aren’t on those services.

At the same time, Australians have become far more sensitive to and protective of their online data. Fifty per cent of those who claim to be pirating less often site their main reason as concerns about exposing personal data online.

There’s a disconnect between those concerns and their behaviours.

Creative Content Australia is very proud to be producing a new consumer campaign to remind consumers that accessing infringing content exposes users to elevated risks of malware.

For many years, we have questioned why they would risk the health of the creative industry for a free movie or TV show.  Now we question why they would risk their personal security.

Both the industry and the end user are the victims of piracy.

–Originally published by Inside Film magazine and republished with permission