31 March 2021

Group-IB: What makes Jolly Roger sad. The state of video piracy in Russia

Group-IB, a global threat hunting and adversary-centric cyber intelligence company, has estimated the revenue of the video piracy market in Russia in 2020 at $59 million. The market decline has slowed down, however, with 7% drop in 2020 compared to 27% in 2019. Online pirates were not quite successful in fully restoring the video content database after the elimination of the CDN big three. After Moonwalk, HDGO, and Kodik were shut down, the geographical scope of pirate CDNshas been quite limited, with three locations: the Netherlands, Lithuania, and Russia (Mnogobyte/ZeroCDN). Furthermore, they have lost the advertising profits and found themselves in a competition for viewers with legal online streaming platforms which were able to increase their audience during the pandemic. Despite the circumstances, digital pirates found a workaround for the anti-piracy memorandum.

In the pandemic-hit 2020, the number of people using legal video streaming services in Russia increased by 17% and rose to 63 million viewers compared to the previous year. According to TMT Consulting, the revenue of the legal streaming services market in Russia increased by 66% and reached $365.7 million.

The number of searches in popular search engines in Russian for free trending movies and TV shows on illegal websites has also grown. The figures show a 12% increase compared to 2019, amounting to 11.8 billion search queries (compared to 10.5 billion in 2019). The number of searches for illegal content rose to a record-high 1.4 billion intentions in April 2020. At times, servers streaming illegal content failed to deal with such a high influx of viewers.
Nevertheless, despite a growing interest in illegal video content, the pirate video content market continued to shrink last year, losing 7% in revenue: it fell from $63.5 million in 2019 to $59 million in 2020. The market decline has slowed down, however, with 7% drop in 2020 compared to 27% in 2019.

In summer 2020, Group-IB released a report called “Jolly Rogers patrons”, which revealed that online casinos and betting websites benefit the most from the Internet piracy market. They sponsor the illegal streaming of movie premieres and TV shows, translation into several languages by voiceover studios, and release of the pirated content. Illegal streaming platforms are used for advertising banners, promotional codes, and links to attract new gamblers. The advertisers started losing interest after law enforcement, financial institutions and regulators increased their focus on shadow money traffic. The average CPM (Cost-Per-Mile) numbers saw a 16% decrease to $5 compared to $6 in 2019.

By mid-2020, the Big Three CDNs Moonwalk, HDGO, and Kodik, taken down in 2019, were replaced by eight new second-wave CDNs: Collapse, HDVB, VideoCDN, Videoframe, Bazon, Ustore, Alloha, and Protonvideo. However even at this point the the content database coverage of these 8 biggest CDNs includes just 50% of the Big Three’s vollume which supplied 90% of the largest illegal platfroms in Russia & CIS with 75,000 films and TV shows. The geographical scope of pirate CDNs has been quite limited, with three locations now: the Netherlands, Lithuania, and Russia (Mnogobyte/ZeroCDN).

The next technological innovation adopted by pirates in 2020 was integrating CDNs with fully automated streaming services. The first mass prototype was the Cinemapress script and about 400 pirate streaming services were based on it. In April 2020 Cinemapress was replaced by Yobobox with its 250 domains discovered so far, which — unlike its predecessor — is entirely free and integrated with Collapse, one of the largest CDNs.

Yandex search engine remains the main viewer source for illegal streaming services which accumulates up to 90% of traffic, even though this number decreased by 5% over the year as per November 2020 measurements. The remaining 10% are brought by other search platforms (including Google with its %2) as well as social networks, messengers, and direct website visits. Furthermore, Yandex bot’s faster indexing of the new links alongside automation methods used by video pirates may neglect the effect of link elimination from the search results unless any tools for high-frequency monitoring are applied.

Experts’ biggest worries are tied to the fact that in 2020 Russian-speaking video pirates learned to quickly detected the links eliminated by the anti-piracy memorandum, to generate duplicates in real time (using alternative URLs), and use mutating links (scripts for automatic changing of paths in links) resulting in a decreased effectiveness of countermeasures. It’s worth noting that the 2018 anti-piracy memorandum obliged its members to delete any links in their search queries tied to illegal content. Up until recently the memorandum served as an effective tool to counter the online piracy.

In 2020 both legal and illegal streaming platforms significantly increased their audience but failed to get the maximum benefit out of it. We witnessed pirates recover from the three largest CDNs being shut down. Pirates are restoring their technical capacity and increasing opposition to copyright owners. Some digital pirates use mutating links, domain changes, and decentralized CDNs to bypass the anti-piracy memorandum, thereby undermining attempts of manual regulation and anti-piracy techniques that were relevant several years ago.

Dmitriy Tiunkin

Dmitriy Tiunkin

Head of Digital Risk Protection Europe at Group-IB

Group-IB experts have no doubt that a traditional monitoring and blocking approach is no longer enough. Adversary infrastructure must be identified and blocked using an automated system in order to find and eliminate digital risks. Successful takedown activities also require a knowledge database updated daily with information about the infrastructure, tactics, techniques, and new schemes used by video pirates.

Group-IB is one of the leading providers of solutions aimed at detection and prevention of cyberattacks, online fraud, and IP protection. Group-IB Threat Intelligence & Attribution system was named one of the best in class by Gartner, Forrester, and IDC.

Group-IB’s technological leadership is built on the company’s 17 years of experience in cybercrime investigations worldwide and 65,000 hours of incident response accumulated in our leading forensic laboratory and 24/7 CERT-GIB.

Group-IB is a partner of INTERPOL, Europol, and a cybersecurity solutions provider, recommended by SWIFT and OSCE. Group-IB is a member of the World Economic Forum.

Report an incident

24/7 Incident Response Assistance +65 3159-4398

Thank you for the inquiry! We will contact you soon.
Cookies

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

 
Report an incident