by David Newhoff, 25/02/2020
A new anti-piracy ad campaign, rolled out by Creative Content Australia this month, depicts victims of cybercrime (hacking, identity theft, etc.) receiving neither sympathy nor help from law enforcement because it turns out these victims contracted malware by visiting piracy sites.
While the message may seem like a parental finger-wag to anyone still laboring under the misapprehension that media piracy is a victimless crime, the campaign reinforces a key reason why law enforcement may in fact be acutely indisposed to help the cyberattack victim in such an instance: because media piracy supports much bigger crimes.
Beginning with self-preservation, piracy sites are ideal hunting grounds for hackers to set malware traps.
In studies conducted in 2015/16, the group Digital Citizens Alliance concluded that a visitor to a major pirate platform has a roughly one-in-three chance of inadvertently installing malware onto one or more networked devices.
Moreover, as malware continues to grow more sophisticated in both virulence and subtlety, it has also become easier to use. A modestly-skilled teenager can learn (often on YouTube!) to operate plug-n-play malware apps; and pirate sites offer a fairly easy environment for infecting files. These facts alone should be sobering to the regular pirate site visitor. How eagerly would most people engage in any activity if they were told it is only about 60% safe?
Whether one visits pirate sites using a computer or handheld device, or buys a plug-in streaming box—these are often called Kodi Boxes—promising “Free TV viewing,” the user opens portals for malware to infect the entire home network and install itself onto anything connected to the internet.
Once a single device on the network is infected, the malware can be used to search for passwords or private information; hack microphones and cameras to use for harassment or ransom; seize access to bank accounts; lock up files for ransom; or obtain information to use the victim’s identity to commit financial fraud.
And if the user runs a business and has any customer or client information stored anywhere on the network, that data is vulnerable as well, and the user could be liable for the breach.
Even Small-Scale Piracy Helps Support Big-Scale Crime
More broadly than one’s own personal security, pirate platforms are one component of what Digital Citizens Alliance has called the “crimeware economy,” a market in which malware is both conduit and commodity on that other internet most of us do not visit known as the DarkNet. A vibrant trade, supported almost entirely by cryptocurrency,* includes drugs, weapons, child pornography, malware itself, and all manner of hacked information obtained through malware attacks like those facilitated by pirate sites. In its 2015 report “Digital Bait,” DCA describes the “crimeware economy” thus:
“The DarkNet allows individual hacking groups to specialize in specific categories and to earn money for delivery of goods and services to other criminals. For example, one organization may specialize in developing the malware that is installed on consumer devices and sell it on the web. Another organization will be responsible for distributing and installing the malware on consumer PCs or mobile devices. A third group that runs a forum might also purchase stolen consumer credentials and resell them in the DarkNet.”
In this context, it is easy to understand why law enforcement officers might respond rather scornfully to a cybercrime victim whose vulnerability to attack was enabled through media piracy.
It’s a bit like filing a report for being mugged right after concluding a drug deal.
At the same time, however, as piracy itself becomes more sophisticated, this increases the potential of attracting innocent (or at least very naïve) users of pirate platforms—especially through the sale of plug-in streaming devices mentioned above.
In particular, one thinks of seniors, who are simultaneously archetypal victims of fraud and among the least sophisticated users of new technology. Grandma may be especially vulnerable to ads promising that she can “Watch TV Shows, Movies, and Sports for Free!” – the most deceptive characteristic of these boxes being that they appear legitimate. They look like Amazon FireSticks, AppleTVs, or Roku boxes, et al, and they may come pre-installed with viewing applications that look a lot like the Netflix interface, with elegantly-designed menus and large poster displays for each title.
What the user does not see, however, is that the applications on these devices are in fact searching the web for the selected title on a pirate server, thus exposing the user to that same one-in-three chance of infecting her network with malware.
So, the grandmother who unwittingly watches a pirated version of The Greatest Showman may not fathom how enjoying this lively, uplifting musical will be the reason she will soon discover that a thirty-thousand-dollar loan has been taken out in her name by some scam artist.
This is not an exaggerated hypothetical. This kind of fraud happens with startling and increasing frequency; and it is safe to assume that said grandmother would have opted to rent the movie on a legal platform for four dollars had she understood the risk she was taking. To say nothing of the fact that she probably does not wish to support the “crimeware economy” on the DarkNet.
The most common rationalization for piracy is that the creators of film and TV are all wealthy and, therefore, do not need the few dollars in rental fees or purchases denied through illegal access. And although this logic has been disproven time and again—not least because the majority of creators of filmed entertainment comprises middle-class labor—the role played by piracy sites in the complex and growing sector of cyber-crime ought to be reason enough to spend those few dollars for the legal alternative.
And if that doesn’t suffice as a rationale, you could think of it as one of the most affordable ways to improve your own network security. Then, if you are unfortunate enough to be a victim of a cyberattack, and you were not roaming pirate platforms, law enforcement may actually be able to help.
* A study at the University of Sydney into the scope of illegal activity transacted by cryptocurrency found, “… one of the largest marketplaces in 2017, “AlphaBay”, had over 350,000 items available for sale in categories such as drugs, weapons, malware, and illegal pornography.”
David Newhoff is a writer and artists’ rights advocate living in New York. He writes about the digital-age and copyright issues on his blog The Illusion of More.