Once upon a time the vast majority of piracy and counterfeiting involved physical goods. Not even movies changed hands without first being recorded onto an analog videotape or more recently, optical media.

 

These days everything is done online. A movie is just another file to be silently downloaded and the days of buying hacked satellite cards from the small ads in specialist computer magazines are long gone. Armed with a web browser and a little patience, it’s now possible for novices to have a pirate IPTV subscription up and running in no time. But for many, it’s even more simple than that.

 

In 2022, many people are exposed to these subscriptions through friends or the marvels of social media. Sellers are easily found on Facebook where they tout their wares for all to see, either completely oblivious or entirely indifferent to the risks.

 

The problem is that this type of offense is viewed as fraud, a criminal offense. The chances of getting caught are admittedly low but, for the unlucky minority, a criminal conviction could be life-changing. Fortunately, in most cases rightsholders and the police seem to recognize that too.

Rise of the ‘Knock-and-Warn’

This week the Federation Against Copyright Theft (FACT) announced another wave of enforcement action in the UK against people suspected of supplying illegal IPTV subscriptions.

 

FACT teamed up with officers from West Midlands and Warwickshire Police and instead of kicking doors off their hinges at 05:00, they took a more considered approach towards bringing any offending to an end.

 

Targeting homes in Alcester, Solihull, and Birmingham, investigators and police officers served so-called ‘cease-and-desist’ notices requiring suspects to cease any illegal activity with immediate effect, or face more serious consequences.

 

This may be an unpleasant experience for those served but given the possible alternatives, i.e a criminal prosecution by the police or even a private prosecution by FACT, a simple commitment not to keep breaking the law represents a simple get-out-of-jail-free card.

Cease-and-Desist Notices Are More Common in Fraud Cases

Documents seen by TorrentFreak indicate that police forces in the UK accept that cease-and-desist notices are little more than a tool in an administrative process. However, if they are issued appropriately, the fact that a notice has been served can provide evidence to support a subsequent criminal prosecution or even civil action.

 

Some forces say their responses to alleged fraud offenses are based on common sense and where it’s possible to innovate with partners (in this case, FACT), that can be the preferred approach to bring alleged offending to an end. However, other factors also come into play, with police balancing the seriousness of the alleged crime, the resources available, and the prospect of getting a conviction.

The FACT Approach is Reportedly Successful

According to the Intellectual Property Office’s IP Crime and Enforcement Report 2020-21 (pdf), FACT operations largely target lower-level offenders selling piracy-configued set-top boxes and IPTV subscriptions on social media.

 

In the year covered by the report, FACT claimed a success rate of 90%; 84 ‘cease and desist’ notices were issued and 70 offenders fully complied with their terms. At that time, investigations into 14 cases continued with FACT warning that in some cases, prosecutions could follow.

 

The image below from that report shows the regions where notices were issued during 2020-21.

 

The individuals targeted this week are located in the region marked ‘West Midlands’, which sits just below the clear ‘danger’ area of Cheshire and to its right, Lancashire and Yorkshire.

 

FACT works with the Government Agency Intelligence Network (GAIN) to gather intelligence on suspects and believes that the warning process was appropriate to those targeted this week.

 

“This latest action targeted individuals who were promoting unauthorized access to premium television content, which affects broadcasters and rights owners in the UK and worldwide, causing financial harm to the industry and the economy,” FACT’s statement reads.

 

“Whilst all the individuals visited were operating at a relatively low level, the objective was to prevent them from undertaking further criminal activity, and to deter others from getting involved.”

 

FACT says that further actions of a similar nature are planned to take place throughout 2022.

 

The Ultimate Fighting Championship (UFC) is the most recognizable mixed martial arts promotions company in the world.

 

The company’s events attract millions of viewers, some of whom are willing to pay big bucks to access monthly PPV events and even more money to watch live in often sold-out arenas.

 

For others, the costs involved are simply too steep. The UFC puts on a lot of events every year, which inevitably means some fans settle for highlights or find themselves tracking down widely available pirate streams. Another option is to go to a restaurant or bar where the fights can be enjoyed in a more communal atmosphere.

‘Pirating Bars’ and Restaurants

Broadcasting high-profile sports events can draw quite a few customers to these venues. This generates additional revenue, but not without incurring extra costs. After all, bars need an even more expensive license to legally show UFC PPV events in-house.

 

To avoid these costs, some establishments decide to take a gamble by showing UFC events without obtaining the correct license. This is a risky business as associated rightsholders often have spotters tasked with monitoring “pirating” bars and restaurants.

 

Joe Hand Promotions is one of these rightsholders. The company sells pay-per-view licenses for sports including UFC, Fox Sports Boxing, and WWE to commercial locations. The company is also responsible for taking legal action against venues that broadcast UFC PPV cards without paying for them.

 

Over the years, Joe Hand has sued hundreds of bars and restaurants in US federal courts. These lawsuits often result in settlements that can easily exceed ten thousand dollars. This sounds like a profitable business but not all cases result in a win and litigating federal lawsuits can be quite expensive.

UFC Copyright Battle at the Copyright Claims Board

So, when a cheaper option appeared in the form of the Copyright Claims Board (CCB), the UFC/boxing distributor was eager to give it a try.

 

The CCB is part of the Copyright Office and aims to make it cheaper for creators to resolve disputes. There’s no attorney required and the filing fee is limited to $100 per claim. The potential damages are also capped at $30,000 and those who prefer traditional lawsuits can choose to opt out.

 

When the CCB launched a few weeks ago we noticed that it was mostly used by smaller independent creators such as photographers. However, large companies can use it too.

 

This week, Joe Hand Promotions submitted six new cases to the CCB, all targeting bars and restaurants. These venues, including “Cabo Tacos & Beer”, “Fusion Spice Bar” and “La Barrita Bar” are all accused of broadcasting the 2019 WBA fight between Manny Pacquiao and Keith Thurman.

 

In addition, some of the bars also streamed UFC 240. Headlined by Max Holloway and Frankie Edgar, the main card was widely considered one of the worst of the year, but that doesn’t affect the need for a license.

 

The claims were filed exactly three years after the Pacquiao vs. Thurman fight took place. This is important to note, as the statute of limitations on CCB cases is three years; these cases appear to have been filed just in time.

 

The accusations themselves are fairly straightforward. The venues are accused of showing the broadcasts to their customers without obtaining an appropriate license.

 

“Defendants intentionally pirated the Program for the sole purpose of their own economic gain. Defendants exhibited the Program for the commercial purpose of attracting paying customers, patrons, members, and guests, thereby wrongfully benefiting financially by infringing Plaintiff’s rights in the Program,” the complaints read.

$30,000 Piracy Damages

As compensation, Joe Hand Promotions seeks $15,000 in damages from the bars and restaurants, per infringement. Since some of the venues showed two fights, they face the maximum damages of $30,000.

 

The distributor argues that these damages are warranted as the infringing activity was willful, intentional, and purposeful.

 

The claims now lie with the three-member CCB tribunal, which will make a decision without the need for either side to have an attorney. If the defendants don’t want to participate they can opt-out, after which the case can still be refiled in federal court.

 

Joe Hand Promotions is the first major rightsholder to file a series of claims at the CCB. It will be interesting to see if more cases will follow. In any case, the total number can’t be higher than 30 per year, which is the maximum number of claims per copyright holder.

 

To protect copyright holders, YouTube regularly removes, disables, or demonetizes videos that allegedly contain infringing content.

 

For years, little was known about the scope of these copyright claims but that changed last December when the streaming platform published its first-ever transparency report.

YouTube Copyright Transparency

The report covered the first six months of 2021 and YouTube recently released the second edition, which means that we now have access to the full-year statistics. This confirms the earlier finding that the streaming platform handles a staggering number of copyright claims.

 

Before diving into the numbers it’s good to clarify that YouTube has three main copyright reporting tools. The most basic one is a DMCA webform through which anyone can report an infringement. The second option is the Copyright Match tool, which is open to roughly two million channel operators whose content is regularly reposted.

 

The third and perhaps most well-known option is the aforementioned Content ID program. This service is the most advanced and works with reference files uploaded by rightsholders. Little over 9,000 rightsholders are approved to use this tool but, despite this limitation, 98% of all copyright claims on YouTube are handled through the system.

1,482,189,768 Content ID Claims

YouTube reports that it processed 759,540,199 Content ID claims in the second half of 2021, which is a slight increase compared to the months before. This brings the total number of claims up to nearly 1.5 billion last year.

 

Interestingly, a relatively small number of rightsholders are responsible for these claims. Between July and December last year, 4,840 copyright holders used the Content ID system. For comparison, the publicly available DMCA takedown webform was used by 272,815 rightsholders in the same period.

 

The graph below clearly shows that the relatively small group of Content ID users is responsible for the vast majority, roughly 98%, of all copyright claims on YouTube. The webform and Copyright Match tool each represent less than 1% of the total takedown volume.

99% Automated

Another interesting finding is that nearly all of the Content ID claims (99%) are submitted automatically. In these cases, potentially infringing content is flagged based on fingerprinting technology with limited human oversight.

 

Automation saves YouTube and rightsholders a lot of resources. However, it is also a potential source of abuse and errors. This is one of the reasons why just a small group of verified and responsible rightsholders can join the program.

 

“This is especially important because claiming can happen automatically, and while one copyright request removal made from the webform impacts only one (or a handful) of videos, just one invalid reference file in Content ID can impact thousands of videos and users, stripping them of monetization or blocking them altogether,” YouTube reports.

Abuse

Even with these precautions abuse can’t be ruled out. YouTube is riddled with videos complaining about mistakenly reported content. Even worse, scammers have used the system to flag content they don’t own. Flagged videos are sometimes monetized, in one case generating millions of dollars in revenue.

 

This monetization option is not just popular among abusers. Legitimate rightsholders have also embraced it as a tool to generate income. Of all the videos that are appropriately flagged by Content ID, 90% remain online, diverting the revenue to the rightsholder. In other words, copyright claims have become a serious revenue stream.

 

The vast majority of the Content ID claims go unchallenged, however, with recipients filing a dispute in just 0.5% of cases. While this sounds like a tiny fraction it still translates to 3.8 million disputed claims in six months.

 

YouTubers have the option to challenge these claims, often with success, as 62% are resolved in favor of the uploader. If both parties fail to come to an agreement, the claim will leave the Content ID system, after which the rightsholder must submit a regular takedown request.

 

The data reported by YouTube give a good insight into the scope of YouTube’s copyright issues. Now that we have the first statistics for a full year, it will be interesting to see what trends develop over time.

 

Faced with the prospect of copyright strikes, Content ID claims and potential account loss, thousands of YouTubers, TikTok users, and other content creators use music provided by Epidemic Sound.

 

Founded in 2009 and based in Sweden, Epidemic Sound has a library of more than 35,000 music soundtracks and 90,000 sound effects.

 

Licensing is offered on a subscription basis for as little as 9 euros per month and for that, personal creators can use Epidemic’s music and monetize a channel on YouTube, Facebook, TikTok, Instagram and Twitch.

 

Commercial users publishing content for clients and businesses pay a slightly higher rate. Enterprise users pay even more but are free to include Epidemic Sound content in TV shows and ads, for example. According to a lawsuit just filed in a California district court, Meta is utilizing Epidemic Sound content on a massive scale but isn’t paying the company a single penny for the privilege.

Massive, Rampant Copyright Infringement

“This action seeks to stop the theft of music created by hundreds of musicians, songwriters, producers and vocalists, theft occurring knowingly, intentionally and brazenly by Meta on its Facebook and Instagram social media platforms on a daily basis,” the complaint begins.

 

“Defendant Meta is not merely aware of this infringement. It has actively infringed, as well as participated in, encouraged and enabled such infringement.”

 

This type of language has been seen before in copyright infringement lawsuits filed against user-generated content platforms. Often the response from the platform is that if rightsholders send a DMCA-style notice, they’ll take down infringing content posted by their users. The complaint filed by Epidemic goes far beyond that.

 

Epidemic’s licenses allow its licensees (subscribers) to incorporate Epidemic’s tracks into their own content but no permission is given to license, sublicense, distribute or otherwise authorize use of Epidemic content to third parties. If third parties such as Meta want to use Epidemic content directly, they need to obtain their own license on the correct terms.

 

The lawsuit claims that Meta’s Facebook and Instagram are using Epidemic content as if it were their own, making that content available to users of Facebook and Instagram, but with no licensing in place to do so.

 

“Meta itself has been storing, curating, reproducing, performing, distributing, and otherwise exploiting Epidemic’s music on a daily basis, without a license,” Epidemic’s complaint reads.

 

The numbers in the complaint are significant. Epidemic says its music is available across millions of videos that have been viewed billions of times. Approximately 50,000 infringing videos and 30,000 new uploads containing Epidemic’s music are uploaded to Facebook and Instagram, respectively, on a daily basis.

 

The company estimates that around 94% of content using Epidemic’s music on Meta’s platforms is unlicensed and thus infringing.

Meta Incorporated Epidemic Content Into Its Music Library

Epidemic’s claims are potentially extremely serious. The company alleges that Meta has created a curated library of music that it stores and organizes by genre. This library is made available to users of Facebook and Instagram, not only for downloading and streaming, but also for use in user-generated video content and posts.

 

“Epidemic knows of over 950 of its music tracks that have been reproduced, stored, made available to, and distributed to its users by Meta through its Music Library or through its other content sharing tools without a license. Epidemic is confident that further research would reveal additional infringements,” the complaint reads.

 

In all cases, Epidemic is the copyright owner of both the sound recordings and underlying musical compositions, so more than 1,800 copyrighted works are allegedly being infringed by Meta. Epidemic says Meta is generating revenue on the back of this infringement but thus far, Meta hasn’t obtained a license or shared any portion of its advertising revenue with the music company.

Alleged Direct Use of Infringing Content

The complaint alleges that Meta’s infringement has “grown even more rampant” recently, in part due to Meta’s creation of tools and features that enable users of its platforms to infringe Epidemic’s rights. Two Instagram features – Original Audio and Reels Remix – are called out specifically.

 

When Instagram users create a short video clip called a Reel, they are able to search the platform’s audio library for music to accompany the Reel. If the Reel contains music not detected by Instagram as being included in its library, the ‘Original Audio’ feature presumes the content is owned by the user posting the Reel.

 

When other users view that Reel, a button appears that allows them to ‘rip’ the music to include it in their own Reel. The music can also be added to their personal library on the platform for future use.

 

“Meta provides the tools to allow the viewer to synchronize that music to that viewer’s own Reel and promotes such tool publicly. Meta acknowledges that this unlimited copying, sharing, synchronization and distribution of music, licensed or not, is the intention behind the Original Audio feature.”

 

“[T]he Original Audio feature allows Meta to extract, or separate the music from the original video content in which it was incorporated, and reproduce it for any of their billions of users who wish to incorporate it into their own video content, irrespective of whether Meta (or anyone else) has any authority to offer, reproduce, distribute or otherwise use that music in the first instance.

 

“No one, even Epidemic’s licensed subscribers, has the right to do this without Epidemic’s authorization,” the complaint adds.

 

Reels Remix allows users to take another user’s audiovisual content, including any music, and incorporate it into their own Reel. Epidemic claims the feature encourages and contributes to “exponential infringement”, whereby the infringing acts of one user are replicated by any number of others.

Meta Has “Stonewalled” Epidemic

Meta offers a tool called ‘Rights Manager’ that’s designed to help rightsholders “manage, authorize, protect and drive value from their videos, audio and image content on Facebook and Instagram.” According to the complaint, Meta allowed Epidemic to access Rights Manager for video content but refused to grant access for audio content management.

 

“Meta’s refusal continued despite Epidemic’s repeated explanations that the rights management tool for video was woefully insufficient to monitor or protect its music on Meta’s platforms at scale,” the company says.

 

“Meta’s unjustified and unexplained refusal to provide Epidemic with access to its rights management tool for music content has enabled and continues to contribute to the rampant infringement of Epidemic’s music on its platforms.”

 

The lawsuit states that in addition to infringement by users, Meta is aware that it is “actively storing, offering, curating, reproducing, performing and distributing” Epidemic’s music without a license, via its Music library and its “Reels Remix” and “Original Audio” features.

 

Epidemic says that Meta claims to have licenses with other distributors that authorize it to use some Epidemic tracks but Epidemic states that no third parties are authorized to provide Meta with rights.

Copyright Infringment Claims

The complaint states that by making or causing to be made unauthorized reproductions of Epidemic’s copyright works, and then made available for permanent download, streaming and synchronization, Meta commits willful direct copyright infringement. As a result, Epidemic is entitled to maximum statutory damages of $150,000 per work, to a minimum of $142 million in damages.

 

Epidemic says that Meta’s music library and associated features Original Audio and Reels Remix both encourage and provide the necessary tools for Facebook and Instagram users to infringe its copyrights. The complaint again demands maximum statutory damages of $150,000 per work for willful infringement, to a minimum of $142 million in damages.

 

The complaint states that Meta is also liable as a contributory copyright infringer by providing tools to its users to enable them to infringe Epidemic’s copyrights. Alleging willful infringement, the complaint again seeks maximum statutory damages of $150,000 per work but no less than $142 million. The company also seeks a permanent injunction.

 

Epidemic Sound’s complaint against Meta, obtained by TorrentFreak, can be found here (pdf)

 

In the content protection arena, the term ‘whac-a-mole’ is known all too well. When pirates or their links appear in one place, they can quickly reappear in another.

 

Another term referencing a similar problem relates to piracy platforms. When a lawsuit directly attacks a site’s ability to operate using specific domains or branding, for example, the ‘hydra effect’ comes into play. Mimicking the creature of the same name in Greek mythology, when one head is chopped off, two more grow back to take its place.

 

In April 2022, several Hollywood studios and Netflix won an injunction to shut down PrimeWire, a long-standing illegal streaming site that had evaded ISP blocking injunctions all over the world.

 

The MPA should’ve been given control of all PrimeWire domains within days but the response from registrars ranged from slow to none, meaning that some PrimeWire domains are still operational. Further hindering MPA enforcement measures is the reported growth of a new head on the PrimeWire hydra.

HydraWire.tv is The New PrimeWire, MPA Says

While the MPA has a clear legal win over PrimeWire and its operator, the case thus far shows that when a defendant cannot be physically identified, nothing is straightforward, especially when there’s a determination to continue business as usual.

 

According to the MPA, a new streaming site called HydraWire.tv claims to be PrimeWire’s successor. The MPA’s anti-piracy team became aware of the site around May 31, 2022, and they’re convinced that PrimeWire’s operators are involved.

 

The site’s domain was registered on April 21, 2022, one day after the PrimeWire injunction was handed down, and the site’s visual aspects are strikingly similar to those seen on PrimeWire.

 

Of course, websites are easily copied so the MPA’s investigation went beyond graphics and text.

Too Many Coincidences

Like PrimeWire’s domains, HydraWire’s has hidden registration details and sits behind Cloudflare. Both platforms have the same domain registrar (Sarek Oy) and the same host (FlokiNet) For those out of the loop, these two companies have a reputation for not rolling over easily in response to information requests.

 

The MPA says that HydraWire mostly uses the same cyberlocker services as PrimeWire to source its video content. HydraWire also has a feature that allows former PrimeWire users to ‘restore’ their PrimeWire libraries on the new platform using CSV files.

 

The MPA’s investigators have also been monitoring the /r/primewireli sub-Reddit where posts advertising HydraWire as the PrimeWire alternative were left up and those referring to competing services were taken down.

 

In summary, the MPA believes that HydraWire is strongly connected to PrimeWire and therefore covered by the existing injunction. As a result, the HydraWire.tv domain should be added to the growing list of enjoined PrimeWire domains.

 

“Defendants’ choice to name this site ‘HydraWire’ mocks the Injunction and Plaintiffs’ diligent efforts to enforce it. Plaintiffs request that the Court modify the Injunction to add www.hydrawire.tv to the list of enjoined domains,” the MPA informs the court.

The Studios Are Still Entitled to Damages

While the injunction is a valuable tool for enforcement, the MPA also wants damages from the operator of PrimeWire.

 

The Hollywood group has been conducting damages discovery for some months with the goal of filing a motion for default judgment. It has served subpoenas on third parties to hand over information about PrimeWire’s business dealings, but more time is needed.

 

“Plaintiffs’ meet-and-confer efforts with subpoena recipients remain ongoing,” the MPA informed the court this week.

 

“Subpoena recipients have requested extensions in order to provide notice to third parties and to deal with the complexity of searching for advertising revenue associated with particular URLs, as online advertising often involves multiple levels of intermediaries or brokers.”

 

Efforts thus far haven’t been futile, however. The MPA says that information received suggests that PrimeWire may have been generating “at least five-figures in monthly advertising revenue”, a not insignificant amount – especially to those looking forward to reappropriation.

 

Finally, the MPA says that HydraWire.tv has at times gone down, only to come back up again. This shouldn’t fool the court into thinking it’s not operational. At the time of writing, the domain is indeed down.

 

Documents including the proposed amended injunction can be found here (1,2,3, pdf)

 

VPN services are generally seen as neutral intermediaries. Technically speaking, they simply route traffic through their servers, adding an extra layer of protection for their users.

 

However, some VPN providers have gone a step further by marketing their services directly to online pirates. This is also what the Panamanian company “VeePN” did, according to a group of filmmakers.

Filmmakers sue VeePN

Earlier this month, several movie companies including Voltage Holdings and Screen Media Ventures filed a complaint against VeePN at a Virginia federal court. The filmmakers were joined by Hawaiian company 42 Ventures, which is owned by anti-piracy lawyer Kerry Culpepper who registered the trademarks for terms such as Popcorn Time, YTS, and RARBG.

 

The plaintiffs’ complaint argues that VeePN ‘promotes’ the use of pirate sites and Popcorn Time, while advertising its services on popular torrent site YTS.mx. This activity amounts to both copyright and trademark infringement, the film companies claim.

 

VeePN has yet to respond in court but the company is already facing its first setback. To stop the infringing activity and to secure VeePN’s assets, the filmmakers previously requested a temporary restraining order (TRO) that was granted last week.

Court Freezes VeePN’s Funds

The order requires various companies to freeze VeePN-related funds while the lawsuit is pending. This also applies to PayPal and Alipay, two of the payment processors used by the VPN.

 

In addition, VeePN is also required to immediately stop using the term “Popcorn Time VPN.” The VPN provider can no longer mention the piracy app in its promotional materials either. Meanwhile, the rightsholders are required to post a bond of $25,000.

 

In his order, District Court Judge Anthony Trenga concludes that the rightsholders satisfied all four factors that are necessary to issue a restraining order. This includes the likelihood that their initial claims could lead to a win at trial if the case goes forward.

Bad PR

The Judge cites several passages from the complaint which are sufficient to back the trademark and copyright infringement allegations. These have nothing to do with VPN technology, but more about how the service promoted itself.

 

“The Copyright Plaintiffs are likely to succeed on their contributory infringement claim because they have shown that VeePN promotes and distributes Popcorn Time VPN,” Judge Trenga writes, noting that this suggests that the VPN service induces or encourages direct infringement.

 

“Additionally, at the website https://veepn.com/blog/popcorn-time-vpn, Defendant VeePN promotes itself as ‘Popcorn Time VPN,’ explicitly stating that: ‘Downloading and sharing files via torrent is a violation of copyright law. It means that you may be punished by law. That’s why you need a Popcorn Time VPN’,” Judge Trenga added.

 

The other factors, including the likelihood that the rightsholders will suffer irreparable harm if no action is taken, are satisfied as well.

Ex Parte

Judge Trenga issued the order ex parte, which means that VeePN wasn’t heard. The court explains that this is warranted because the rightsholders fear that the VPN service would otherwise try to relocate the money, as other defendants have done in movie piracy cases.

 

Ironically, allegations that VeePN and the persons affiliated with the service took steps to conceal and obscure their identities, played a role in the decision to grant the ex parte motion. If the defendants were notified in advance, they might have attempted to transfer the funds elsewhere.

 

While there hasn’t been an official response from VeePN yet, the company did remove the “Popcorn Time VPN” blog post from its site over the past few days. That said, PayPal and Alipay are still listed as payment options at the time of writing.

 

—

 

A copy of the Virginia District Court Judge Trenga’s temporary restraining order is available here (pdf).

 

In September 2021, US broadcaster DISH Network filed a copyright infringement complaint in a Michigan court.

 

It targeted two sets of defendants. The first was Atlas Electronics, a Michigan-based retailer of unauthorized IPTV services, and company owner Alaa Al-Emara. The second was iStar Company, the supplier of iStar set-top boxes and the operator of the iStar IPTV service sold by Atlas, plus company owner Ahmed Karim.

 

Claims in the complaint included direct and indirect copyright infringement against iStar Company and Ahmed Karim, and an indirect copyright infringement claim against Atlas Electronics and Alaa Al-Emara. In closing, the lawsuit demanded an injunction plus damages in excess of $24 million.

 

Given the abuse DISH received in response to sending infringement notices, they were hardly going to demand less.

Lawsuit Progressed Slowly

Apparently getting nowhere as far as a response to the complaint was concerned, in January 2022 DISH requested a default judgment. The court granted several extensions to allow the defendants to file an answer or otherwise respond but at the seventh extension, the court said that no more extensions would be granted.

 

On June 28, a note from the court indicated that the parties were close to a reaching a settlement. On July 15, District Judge Laurie J. Michelson signed off on a judgment and permanent injunction, handing DISH what appears to be a big money win.

$5.7 Million in Copyright Infringement Damages

Naming Atlas Electronics Inc. and owner Alaa Al-Emara, the judgment and injunction appears to be the product of an agreement. It states that the company and its owner induced and materially contributed to copyright infringement in violation of the Copyright Act and 17 U.S.C. § 501, relating to more than 160 copyrighted works.

 

“DISH is awarded damages of $5,740,000 jointly and severally against Defendants pursuant to 17 U.S.C. § 504(c), which consists of $35,000 for each of DISH’s 164 registered, copyrighted works that Defendants infringed,” the judgment reads.

 

The injunction, which also applies to Atlas Electronics Inc. and owner Alaa Al-Emara, prohibits any “transmitting, streaming, distributing, or publicly performing in the United States” of protected DISH content “with any iStar set-top box, service subscription, or any other device.”

 

The restrictions also prevent the named defendants from distributing, selling or promoting iStar set-top boxes and IPTV subscriptions, if they infringe DISH’s rights. As injunctions go, it’s pretty standard stuff but then a few things start to stand out.

 

A $5.7m damages award is a significant amount but in this case, DISH and the defendants are paying their own attorneys’ fees and costs. It’s not unprecedented, but successful plaintiffs tend to enjoy making the other side compensate them for their trouble. But that is a small issue in the overall scheme of things.

No Mention of The Big Guys

Making an example of Atlas Electronics Inc. as a seller of infringing devices and subscriptions is obviously important. The much bigger issue is the apparent inability to do anything against the biggest infringer in the lawsuit – iStar itself and the pirate IPTV service it allegedly supplies under the brand “Online TV”.

 

Founded in 2006, iStar is a major problem for broadcasters. The Iraq-based service was called out by beIN last October in a report sent to the USTR. In 2022, beIN suggested that nothing could be done to bring iStar down due to links with the authorities in Iraq.

 

“beIN understands that the owners and operators of Earthlink, Chaloos, and iStar [three major Iraqi piracy operators] have significant influence among Iraqi government officials, both at the federal and regional levels,” the broadcaster wrote.

 

“This further supports the conclusion that there is little hope that the widespread piracy by these entities could be reduced or eliminated through the use of either civil or criminal judicial procedures in Iraq.”

 

Quite why DISH Network sued iStar anyway is unknown. Both DISH and beIN are members of IBCAP, the International Broadcaster Coalition Against Piracy, and with that kind of power there’s no question the necessary information would’ve been to hand at the time. It’s possible we’ll never know.

 

As things stand, however, IBCAP is celebrating its win against a retailer but not mentioning that at least for now, the big target got away.

 

Indeed, the domain names that DISH hoped to seize as part of the lawsuit remain stubbornly online, offering the devices and pirate IPTV subscriptions, apparently via WhatsApp with no retailer needed in the United States.

 

The complaint and $5.7m judgment can be found here (1,2, pdf)

 

Popular Internet infrastructure company Cloudflare has come under a lot of pressure from copyright holders in recent years.

 

The company offers its services to millions of sites, including multinationals, and governments, but also some of the world’s leading pirate sites.

 

Rightsholders are unhappy with the latter and some have even accused Cloudflare of facilitating copyright infringement by continuing to provide access to illicit platforms. In Italy, these complaints have been followed by legal action from key music industry players, resulting in injunctions that require Cloudflare to block several pirate sites operated by its customers.

 

Cloudflare fiercely protests these and other blocking demands. The company sees itself as a neutral third-party service that merely caches or passes on content. Even when Cloudflare blocks sites or customers, the associated sites remain operational.

Music Industry Demands Cloudflare DNS Blockade

Rightsholders agree that there’s no silver bullet to stop piracy, but they argue that Cloudflare can and should do more to address the problem. In a case before the Court of Milan, they argued that Cloudflare should go even further.

 

In court, anti-piracy outfit FPM and the music group FIMI pointed out that Cloudflare’s DNS resolver is problematic too. This DNS resolver helps people to access pirate sites, even when the sites are not using Cloudflare’s CDN services. As such, Cloudflare should be required to block problematic sites on its DNS servers too.

 

After hearing these arguments the Milan Court agreed. It issued an interim injunction that requires Cloudflare to block three torrent sites: kickasstorrents.to, limetorrents.pro and ilcorsaronero.pro. These sites are already blocked by ISPs in Italy following an order from local regulator AGCOM.

Landmark DNS Blocking Injunction

This is the first time that Cloudflare has been ordered to make pirate sites unavailable through its public DNS resolver 1.1.1.1. This is an important expansion since many Italians switched to public DNS resolvers to bypass ISP blocking measures. With the court order, rightsholders can remove this shortcut.

 

“We welcome the Court’s decision which will further strengthen the ongoing infringing site blocking program performed by AGCOM in Italy, whilst also increasing the efficiency of the enforcement actions carried out by the rightsholders to protect their online content,” says FIMI CEO Enzo Mazza.

 

According to Mazza, the court order is an important next step in the protection of copyrighted content online. It recognizes the responsibility of third-party intermediaries under the EU’s new Copyright Directive and clarifies that companies such as Cloudflare can be ordered to follow ISP blocking orders.

 

Thus far, Cloudflare has refused to take action, even when AGCOM put sites on a blocklist. With the recent court order, the company will have no other option as there are potential sanctions on the line.

Google and OpenDNS?

In theory, similar injunctions could follow against other DNS providers as well, including Google and OpenDNS. “The ruling opens the door to others that offer similar services, such as Google,” Mazza told local media.

 

While this type of order is new in Italy, we have seen a similar injunction in Germany last year. A local court ordered DNS provider Quad9 to block a pirate site but the decision is still under appeal.

 

Cloudflare is also expected to appeal the Italian injunction, which is only a preliminary ruling. For the time being, however, it is required to block the three torrent sites on its DNS resolver within 30 days. This also applies to any future domain names the sites may use.

 

In response to earlier orders targeted at pirate sites operated by customers, Cloudflare has chosen to implement measures that are limited to Italy. The company hasn’t commented publicly on the recent DNS blocking order, but we expect that this will only be enforced locally as well.

 

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only.

 

These torrent download statistics are only meant to provide further insight into the piracy trends. All data are gathered from public resources.

 

This week we have four new entries on the list. “Jurassic World Dominion” is the most downloaded title.

The most torrented movies for the week ending on July 18 are:

Movie Rank	Rank last week	Movie name	IMDb Rating / Trailer
Most downloaded movies via torrent sites
1	(1)	Jurassic World Dominion	6.0 / trailer
2	(2)	Doctor Strange in the Multiverse of Madness	7.2 / trailer
	(…)		5.3 / trailer
4	(3)	Fantastic Beasts: The Secrets of Dumbledore	6.4 / trailer
5	(…)	Thor: Love and Thunder	6.9 / trailer
6	(4)	The Batman	8.4 / trailer
7	(…)	The Black Phone	7.1 / trailer
8	(5)	Everything Everywhere All at Once	8.5 / trailer
9	(9)	Top Gun: Maverick	8.6 / trailer
10	(…)	The Sea Beast	7.1 / trailer

 

 

Note: We also publish an updating archive of all the list of weekly most torrented movies lists.

 

VPNs are valuable tools for people who want to use the Internet securely with decent privacy. They are vital for whistleblowers and people who rebel against Government oppression.

 

VPNs have recently become a sensitive topic in United States mainstream media. U.S. anti-abortion laws have increased the interest in privacy services as potential criminal penalties come into play. One of the problems, however, is that not all VPN services take privacy seriously.

 

This isn’t a new revelation. At TorrentFreak, we first highlighted this issue more than a decade ago. This revealed that the privacy policies at some VPN services were rather weak. Things become even more problematic when VPN providers say one thing and do another.

Lawmakers Urge FTC to ‘Monitor’ VPNs

There is currently little regulation in the VPN industry, prompting Senator Ron Wyden and Representative Anna Eshoo to sound the alarm bell. In a letter, sent last week, they urge FTC chair Lina Khan to take action.

 

“We write to urge you to use your authority to take enforcement actions against the problematic actors in the consumer Virtual Private Network (VPN) industry, focusing particularly on those that engage in deceptive advertising and data collection practices,” the letter reads.

 

“The VPN industry is extremely opaque, and many VPN providers exploit, mislead, and take advantage of unwitting consumers,” the lawmakers add.

 

Problems in the VPN industry have been highlighted in several reports and studies already. They are often the result of heavy competition. Many VPNs have the best interests of consumers in mind but others are simply interested in making profits.

No Logs?

This can lead to shady VPNs collecting and selling user data or promising not to log personal data but simultaneously handing ‘logged’ data over to the authorities. These are serious problems that have raised new concerns in response to the anti-abortion laws.

 

“Leading groups advise women seeking abortions that VPN with ‘no-log’ policies can be trusted to protect their data. While many popular VPN providers aggressively market their ‘no-log’ policies which allow users to anonymously surf the web, it’s nearly impossible to verify their claims.

 

“In various cases, VPN providers that advertise a strict ‘no-log’ policy have provided user activity logs to law enforcement,” the lawmakers add, pointing to a logging debacle at one of the larger VPNs.

 

The letter provides a detailed overview of the various problems and concerns. This includes a study on several free VPN apps that collected and shared data, as well as a more recent Consumer Reports study that identified some hyperbolic claims, including a reference to “military-grade encryption.”

VPN Reviews

VPN review sites are also put in the spotlight. These reviews often include affiliate links, which could lead to bias. That also applies to some of the bigger review sites that are owned by VPN companies.

 

Senator Wyden and Representative Eshoo are not against VPN use. On the contrary, they believe it can be vital. However, the FTC should step in to remove the bad apples, where possible. Making people aware of the potential benefits and risks could also be helpful.

 

“We urge the Federal Trade Commission (FTC) to take immediate action under Section 5 of the FTC Act to curtail abusive and deceptive data practices in companies providing VPN services to protect internet users seeking abortions.

 

“We also urge the FTC to develop a brochure for abortion-seekers on how best to protect their data, including a clear outline of the risks and benefits of VPN usage,” the lawmakers conclude.

 

The RIAA was well within its legal rights when it sued thousands of file-sharers in the early 2000s. But it looked bad. Like really bad.

 

The sight of corporate lawyers crushing everyone from students to moms and dads was a PR disaster. In today’s social media-powered world, it would’ve been devasting.

 

Interestingly, a brand new lawsuit filed by Bungie against what initially seemed like an ordinary guy may actually end up having the opposite effect in its gaming community. It’s that bad.

After Hitting Cheat Developers, Bungie Varies Tactics

There’s only one thing worse than being useless at an online game and that’s getting whooped into last place by gamers who cheat. This tiny minority has the capacity to transform a competitive yet balanced gaming environment into an arena where injustice rules. It’s not difficult to see why that’s a massive problem for players and gaming companies alike.

 

Through several lawsuits, Destiny developer Bungie has sent a clear message that it will not tolerate those who create, distribute, or sell cheating software. The company’s lawsuits variously claim copyright infringement (when cheat makers use pieces of original code or creative derivative works), circumvention of technical measures (under the DMCA), breach of contract, and/or violation of consumer protection laws.

 

For live-streaming Destiny-cheater @inkcel, who operates the Twitch channel ‘MiffysWorld‘, being held to a set of rules that are much harder to hack is set to become a miserable, regrettable experience.

The Squeaky Wheel Gets the Grease

In a complaint filed July 15 at a Washington district court, Bungie names Luca Leone as the sole defendant. Highlighting his Twitter handle ‘@inkcel‘, Bungie describes the California resident as a Destiny 2 user who routinely streams himself using cheats to gain an unfair advantage over regular players.

 

Bungie and Leone appear to have more than a little history. According to Bungie, access to Destiny 2 is only granted after the user agrees to the terms of a Limited Software License Agreement (LSLA). One of the agreed terms is that if a user cheats, Bungie can ban them. Leone allegedly cheated a lot and as a result, got banned a lot too.

 

By repeatedly creating new accounts and repeatedly agreeing to the terms of the LSLA, Bungie says Leone committed serial fraud. While that can be a serious offense from a legal perspective, other allegations are much more troubling. Leone’s battle with Bungie seems fairly personal and at times threatened to spill over into the ‘real’ world.

Ban After Ban After Ban

There’s little need to document every ban handed down by Bungie but needless to say, many feature Leone using an account to stream himself using a cheat suite and Bungie using tools to detect the account cheating. Using display names including Hoehitter, Bungie, bungiemad, and hahahalolxd, the time between Leone making a new account and the account being banned became shorter over time. Then things began to escalate.

 

On May 18, 2022, Leone tweeted an image of Bungie employee Dylan Gaffner. “i just realized i’ll be moving to a place that’s 30 minutes away from dmg [Gafner],” he wrote, adding: “he is not safe.”

 

“it’s a warm summer day in portland and dylan has just woken up from his restless slumber. He rolls over to pick up his phone so he can check twitter as he sees that someone is cheating with his full government name as their bungie id [sic]. “DYLAN GAFNER LMDOAOAOAOAO.”

 

In various follow-up tweets Leone talks about being banned by Bungie, regularly taunting the company for good measure with comments such as “bungie will NEVER be able to stop me if I persisted in my actions” and “k let’s just remember this all started from a clip of me flying with infinite ammo walls and aimbot and then let’s stop replying ok? Ok”

 

On July 4, 2022, after temporarily moving to Washington State, Leone doubled down.

 

Just over a week later, Twitter banned Leone’s account following a tweet stating: “twitter celebrities deserve death.”

Bungie Discovers More – Decision to Sue “Easy”

Bungie already had enough evidence to bring a civil complaint but its investigation lifted the veil on something unexpected.

 

“Leone is an active member of the ‘OGUsers‘ account hacking and selling forum, where he sells (presumably stolen) social media accounts – and also ‘sells’ Destiny 2 emblems,” the complaint notes

 

Every sale of a Destiny emblem (a non-transferable digital art badge) is a violation of Bungie’s LSLA. However, Bungie says the technique used by Leone to transfer emblems represents a circumvention of the technical measures put in place to prevent fraud. Even considering the defendant’s previous alleged conduct, somehow this also manages to escalate, this time by affecting the charitable work of the Bungie Foundation.

 

“[A]mong the emblems Leone sells are emblems Bungie makes available only to players who donate to selected charity drives; thus, not only is Leone lining his own pockets in violation of the LSLA, but he is devaluing an award Bungie grants for charitable giving and thereby harming the Bungie Foundation’s ability to fund charitable causes,” the complaint continues.

 

According to Bungie, on July 6, 2022, Leone offered two “$100 donation links for $50 each,” adding: “Already redeemed mine”. Bungie says the donation links led to emblems only available to those donating $100 to the Bungie Foundation. Bungie linked the OGUsers account ‘Knight’ to Leone via an email address he also used to buy goods from the Bungie store.

 

“That combination of conduct makes Bungie’s decision to bring this lawsuit easy. As Bungie has demonstrated repeatedly, it will not allow its game, its community, or its employees to be abused, defrauded, or threatened. Leone has done all three, and this action is the consequence.”

Causes of Action

The terms of the LSLA represent a binding contract between Bungie and each individual player of Destiny 2. Bungie says Leone is in breach of contract by hacking or modifying Destiny 2 to gain an advantage (Anticheat Provision), commercially exploiting Destiny 2 by selling/transferring emblems, and creating new accounts to avoid bans.

 

By agreeing to abide by the terms of the LSLA in full knowledge that was never the intent, that amounts to fraud. On the copyright front, the cheat software used by Leone reportedly creates visual elements that are displayed as an overlay on, and within, the Destiny 2 visual display.

 

“As such, Leone infringed Bungie’s copyright in Destiny 2 as an audiovisual work each time that he used cheat software to create an unauthorized derivative work of Destiny 2,” Bungie says.

 

And then the screw gets turned again – and again.

 

Given that Leone created new accounts after being banned and always intended to violate the LSLA, Leone never had a valid license to play Destiny 2. As a result, every time he downloaded and/or used Destiny 2 he infringed Bungie’s copyrights.

 

Bungie says Leone also infringed its rights each time he launched the cheat software and when he streamed Destiny 2 gameplay without a license, that was yet more infringement.

 

Bungie says all infringement was willful and it’s entitled to damages in an amount to be proven at trial. In the alternative, the company seeks $150,000 in statutory damages for each copyrighted work infringed. And there’s more.

 

“By using cheat software to access data Bungie engineered the Destiny 2 software to withhold from players, Defendant bypassed technological measures Bungie put in place to control access to Destiny 2,” Bungie explains.

 

Under the DMCA’s anti-circumvention provisions, statutory damages awards are ‘just’ $2,500. However, that is $2,500 for every circumvention, i.e every single use of the cheating software. Whether Bungie can put a number on that is not mentioned in the complaint, but it seems more than likely.

 

Finally, Bungie is demanding an injunction to prohibit all of the above-mentioned behavior, including to prevent Leone from “harassing, stalking, or otherwise engaging in unwanted or unsolicited contact with Bungie, its employees, or Destiny 2 players.”

 

Bungie’s full complaint and additional allegations can be found here (pdf)

 

When copyright holders discuss online piracy, they often highlight the associated losses. However, not all pirated downloads equal a loss.

 

While there is certainly a group of pirates who simply refuse to pay for content, there are also people who simply can’t afford it.

Piracy and Poverty

This is particularly true for software, which can be rather pricey. Interestingly, software piracy can also open up a door to escape from poverty. Mastering coding or editing skills, for example, allows people to start a business or join the workforce.

 

The Internet is rife with examples of top designers who started with a piece of pirated software, mastered their skills, and went on to become a professional. This raises the question: can software piracy mitigate poverty?

 

A new paper published in the Balkan Journal of Social Sciences tries to provide some insight into the matter. The researchers examine the effect of software piracy on poverty in developing and Latin American economies between 2003 and 2017.

 

The piracy rate is determined by the per capita usage of pirated software or the claimed losses. Poverty is measured through six indicators including the percentage of the population living below the poverty threshold.

Study Links Software Piracy to Less Poverty

The overall conclusions based on those data are quite clear. Higher piracy levels are linked to less poverty. This effect is consistent and statistically significant for all six poverty indicators.

 

“[T]here is a statistically significant reverse relationship between usage of pirated software and poverty in all six poverty models for both developing and Latin American countries samples,” the researchers write.

 

This link between piracy and poverty remains intact when the model is controlled for other variables such as unemployment and health expenditure. This means that the hypothesis that “increases in usage of pirated software decrease poverty” seems likely.

Less Poverty Leads to More Piracy?

As highlighted earlier, it would make sense to find such an effect. That said, the methodology section of the paper is rather short and there is no discussion section that elaborates on the findings. However, people should always be cautious to explain such links as causal effects.

 

If we frame the research question the other way around, the results could also make sense. In other words, does a decrease in poverty lead to more software piracy?

 

It’s not hard to imagine that people living far below the poverty line aren’t particularly concerned with downloading copies of Photoshop. However, as poverty decreases, they might be able to buy a computer, which undoubtedly increases their likelihood of pirating anything at all.

 

So perhaps software piracy lowers poverty, while lower poverty also leads to more piracy. This flywheel effect may explain the significant results and could be particularly strong in developing countries.

 

The paper doesn’t mention this reverse relationship but it wouldn’t be a surprise if it plays a role here. Unfortunately, the researchers didn’t respond to our request for comment, but it might be worth a follow-up study.

 

Over the past four years, Brazilian authorities, entertainment industry groups and their anti-piracy partners have marked a new annual event.

 

Each year a new phase of ‘Operation 404’ takes place and champagne corks fly as hundreds of pirate sites and apps are taken down, blocked, or otherwise put out of action.

 

In 2022, a reported 226 websites and 461 piracy apps fell to Operation 404-4 due to the combined efforts of local authorities and their international partners. Even the US government stepped in to seize a few piracy domains last month.

 

Last year’s wave, Operation 404-3, either shut down or blocked 334 pirate sites plus 94 piracy apps. Operation 404-2 took place in 2020, leading to 252 pirate sites and 65 pirate streaming apps being handed the same fate. The inaugural phase of 2019 – the original Operation 404 – claimed 210 illegal websites and 100 illegal apps.

 

That’s a grand total of 1,022 websites and 720 pirate apps. A lot by any standard.

Nagra Says it Plays a Key Role in Operation 404

With the dust settling this week, anti-piracy company Nagra revealed that it was part of the large coalition that helped make the latest wave of Operation 404 happen.

 

The US company said it had been working with Latin American anti-piracy organization Alianza and had its anti-piracy operations team on the ground helping to coordinate, witness and capture the evidence last month.

 

“NAGRA has supported law enforcement for this kind of operations for more than two decades and has a worldwide reach for these types of operations,” said Pascal Métral, VP of legal affairs and head of anti-piracy intelligence, investigations and litigation for Nagra.

 

Nagra’s timing was spot on. A little while back we became aware of a discussion about Nagra’s work based on documents made publicly available on a regional website of an advertising regulation authority with offices across South America.

 

They show Nagra’s anti-piracy team playing what appears to be an important role in support of the core goals of Operation 404 – not just on one day, but a sustained effort over a much longer period of time. In 2017 we reported on Nagra’s operations tackling IPTV piracy and five years later, the company continues to press ahead.

Nagra’s Focus on Pirate IPTV Services and Apps

Nagra’s partner, the Alianza anti-piracy group, has several members including pay-TV operators DirecTV, Telefonica and SKY Brazil, pay-TV channel operators including Discovery, ESPN, Fox and Globosat, plus HBO and Spanish football league LaLiga.

 

Although absent from the image below, we understand that Alianza also cooperates with other anti-piracy partners including the Alliance for Creativity and Entertainment, the MPA, and the music industry’s IFPI.

 

Mid-2021, Alianza presented a special Nagra report that revealed some of the most popular set-top boxes being advertised in South America, including those with live IPTV, VOD, and key-sharing capabilities – exactly the kinds of devices authorities describe as a threat to legitimate content markets.

 

The report also detailed what the companies believed to be the most popular pirate IPTV services in South America at the time – ultraiptv.org, latinosiptv.com, megaplay.app, and megaiptvlat.com. They sit at the top of a fairly long list and at the time of writing, all appear to be operating as normal, outside South America at least.

 

Also listed were the most popular regional pirate streaming websites at the time – futbollibre.net, rojadirectatv.tv, televisionlibre.net, extremotvplay.com and rojadirecta.me. Again, just the top five in yet another long list and all apparently functional, unlike Sportsbay.org which Nagra and DISH scared into hiding last year with a US lawsuit.

Nagra’s App Detection work

Considering the increasing numbers of apps facilitating access to pirated content, it’s no surprise that Nagra has a rolling program to identify and then disrupt as many as it can. Nagra appears to have launched a new app detection program in the summer of 2019, dedicated to defending Alianza’s members in South America. Over the next year it took down just short of 300 piracy apps; global takedown figures are presumably much higher.

 

In the 12-month period between September 2020 and August 2021, Nagra reportedly kept up the pressure. Data shows that it took down 318 streaming apps providing free access to pirated content and an additional 275 that required payment to use – 593 in total. The most popular app with one million downloads was Cuevana 3 Premium, with copies found on APKCombo and perhaps surprisingly, Google Play.

 

A short trip around Google Play and APKCombo this week shows many more apps using similar branding, some with as many as 100,000 downloads but even more with 1,000+. It appears that while pirate apps are being taken down, pirates aren’t wasting any time putting them back up again.

 

That raises the inevitable question – are these types of takedowns (no matter who actions them, wherever in the world) targeting new apps each time or cosmetically different apps using the same range of back-end content? Without analyzing every single APK it’s very hard to say but while pirates are quick to react, they aren’t that quick at developing new sources of streaming content.

Whac-a-Mole, Whac-a-Clone

What is obvious by now is that lower-level pirates are exceptionally good at renaming or rebranding similar apps and reuploading them to new URLs. It’s exactly the type of behavior the much-demanded ‘takedown/staydown’ regime might be able to address, with ‘might’ being the operative word.

 

For example, the data shows that a particular Cuevana 3 app by a single developer was taken down from APKCombo in response to a complaint. At the time it had in excess of 1,000,000 downloads. While a quick check for that specific app indeed reveals it’s no longer present on the original URL, the problem hasn’t gone away.

 

The same developer behind the earlier ‘Premium’ variant is currently offering ‘Plus’ and ‘Pro’ variants instead. These apps have varying file sizes and different looks but in broad terms, much of the same functionality. As a result, some might view this type of resurrection as a win for pirates but there is a bigger picture to factor in.

 

When a new app has to break through from scratch after being taken down, it lacks the kudos of a ‘1M+ download’ mark next to its name, meaning that regaining momentum is much more difficult due to lower visibility and diminished trust. Over time, this type of disruption can also have an effect on developer morale, leading to a reduction in the availability of infringing content.

 

As things stand, the classic whac-a-mole situation isn’t easily countered but Nagra still enjoys considerable success when it comes to removing infringing streaming apps from various online platforms. The anti-piracy group’s work appears to break the strides of apps with large followings meaning they have to rebuild their reputations, something that takes time.

 

According to the data, Nagra sent 62 complaints to APK Combo in August 2021 and all 62 apps were removed – a 100% compliance rate. In the same month, 30 complaints were sent to Google Play and all 30 apps were removed. The perfect streak was extended when online marketplace Aptoide received eight complaints and took down an equal number of apps.

 

Another app repository, Download APK, was sent 46 complaints and 45 were removed. APK Pure was sent 25 complaints but only removed three apps in that month. However, those may have been actioned during the next reporting period, potentially skewing the previous month’s results.

Pirate IPTV Playlist Sharing

Another area focused on by Nagra involves IPTV playlist sharing. Most people are aware that IPTV services offer paid subscriptions, accessed via a portal using a dedicated set-top box or via clickable .M3U/.M3U8 (playlist) files. These are compatible with many media players, VLC for example.

 

However, there are also many online communities where .M3U/.M3U8 playlist files (containing usernames and passwords to paid accounts) can be downloaded for free.

 

The reliability of these playlist files can vary dramatically, from not working at all or working for a short time, to offering thousands of channels in good quality for extended periods of time. At zero cost, most people don’t complain but these lists are a growing problem for rightsholders.

 

In a 24-month period between 2019 and 2021, Nagra took down almost 9,500 of these types of playlists. In August 2021 alone, the company took down close to 270 playlists providing illegal access to more than 33,300 TV channels, movies, and TV shows – perhaps even all three in some cases. While that does little to remove the underlying content, playlists present an opportunity for intelligence gathering.

Not Just a Game of Whac-a-Mole

It’s interesting to note that Nagra doesn’t just wildly take playlists and apps down, rinse and repeat, ad nauseam. According to its reports, when apps and playlists come to the company’s attention as potentially infringing, they are tested and then classified according to function.

 

This means that if a legitimate app is found, it will be categorized as such and left alone in the future. Infringing apps may also stay up when an investigation is underway. Apps that have been seen before are categorized based on whether they’re free to use or paid.

 

When new apps appear, they are subjected to a network traffic analysis in order to a) show they are indeed infringing and b) track down the sources of the infringing content. Since many pirate apps use a fairly limited range of sources, identifying those suppliers can be more useful than simply hitting what are, in many cases, just apps acting as fancy web browsers.

So What About the Takedown Claims of Operation 404?

As mentioned earlier, official announcements related to Operation 404 claim that 1,022 websites and 720 pirate apps have been taken down. The authorities involved don’t mention the names of the websites and thus far haven’t named a single app either.

 

That’s certainly not unusual but when the aggregated totals get bigger and bigger, one has to wonder what really lies behind the headline figures.

 

Nagra’s figures, roughly coinciding with the first wave of Operation 404 and through to what appears to be the third wave, show that roughly 600 apps were successfully taken down by the company. Whether these form part of the overall 720 apps mentioned by the authorities or should be added on top of that total is unclear.

 

Either way, it seems likely that this large volume can only be sustained by hitting multiple functionally-similar apps repeatedly. At least as far as we know, there just aren’t that many apps available in the market, at least ones that have their own content sources.

 

Add into the mix that this project covers only a specific set of rightsholders’ content in one geographic region, the scale of the global challenge in respect of all infringing apps must be a daunting prospect for rightsholders right now. The challenge isn’t being shied away from, however.

 

Over time it’s likely that legislative changes will make app resurrections much harder, meaning that when apps get taken down they’ll be less likely to pop back up again in the same place. Pirates won’t run out of apps anytime soon but over time it’s likely that the market will become much messier.

 

Rightsholders are aiming for that and more. And, as history has shown, they are in this for the long haul and will do whatever it takes.

 

DISH Network, Sling TV and technology partner Nagrastar are keeping their feet firmly on the gas in their mission to disrupt pirate IPTV services.

 

Last month the companies won a $100m judgment against the former operators of pirate IPTV service Nitro TV. It comes as no surprise to see another lawsuit filed in the United States against a service with alleged connections to Nitro.

Lawsuit Targets VNest TV

The companies’ latest anti-piracy lawsuit was filed in a Nevada court. It targets Las Vegas company Ventura’s Nest LLC and its alleged sole manager, Las Vegas resident Santina Fulton.

 

The plaintiffs claim that Fulton is behind a pirate IPTV service called VNest TV. Also known as VNest IPTV, the service was sold through a number of domains including vnestiptv.com and venturasnest.com. DISH believes that Fulton registered the domains, something borne out by historical WHOIS records.

 

“Defendants advertised VNest TV as a subscription-based service providing more than 5,000 channels, movies, sports programs, and other premium content, all for a low monthly fee,” the complaint reads.

 

“According to Defendants, VNest TV offers ‘the best content and up time than anyone else in the business.’ VNest TV advertising emphasized converting customers from legitimate cable or satellite services, such as those provided by DISH, by encouraging customers to ‘cut the cord’.”

 

VNest’s sites were offline after the complaint was filed but archived copies show that monthly subscription packages were available for $20. A one-year subscription cost $180.

VNest TV Was Told to Shut Down But Warning Was Ignored

The plaintiffs say that at least in part, VNest TV was fueled by unlicensed streams captured from DISH Network’s satellite broadcasts and content obtained directly from servers controlled by partner Sling TV. Some of these channels (‘numerous’ according to the complaint) were sourced from Nitro TV, the pirate IPTV platform that owes DISH more than $100 million in damages related to its own rebroadcasting scheme.

 

Identifying Fulton as the operator of VNest TV doesn’t appear to have been difficult. As the image below shows, investigators for the plaintiffs signed up for the service and made two test payments, one through PayPal and another through Venmo. When information from the payment receipts is combined, there’s enough to show company and personal names plus connections to social media accounts.

 

Despite VNest TV’s operator being terribly exposed, at least one cease-and-desist notification sent by the plaintiffs went ignored. The complaint notes that the defendants were notified that their service violated federal laws as early as October 2021 but the platform continued to operate.

Plaintiffs Seek Damages and Injunction

The allegations of infringement in the complaint are based on violations of the Federal Communications Act (content sourced from DISH satellite broadcasts) and the Digital Millenium Copyright Act (content obtained from Sling’s servers).

 

In respect of the former, DISH says that VNest TV violated 47 U.S. Code § 605(a) by accessing unauthorized communications willfully and for commercial advantage. They also willfully sold access to those communications, in violation of 47 U.S.C. § 605(e)(4).

 

The plaintiffs also allege breaches of the DMCA’s anti-circumvention measures under 17 U.S.C. § 1201(a)(2)). The complaint notes that Sling’s content is protected by DRM technologies including Google’s Widevine DRM, Apple’s FairPlay DRM, and Microsoft’s PlayReady DRM, so the plaintiffs’ are entitled to claim damages.

 

It’s impossible to state with any accuracy how much the plaintiffs might be entitled to but in cases of willful violations of the FCA, every violation can reach $110,000. The DMCA-related offenses top out at $2,500 in statutory damages each so when combined, the damages claim could easily reach double-digit millions.

 

In the meantime, DISH, Sling and Nagrastar are seeking an injunction plus an order requiring VNest TV to hand over all domains and business records.

 

The complaint can be found here (pdf)

 

Last year, we noticed that Google had delisted several popular pirate sites from its search results in some countries.

 

In the Netherlands, for example, The Pirate Bay and many of its mirrors and proxies were delisted by Google in response to a notice sent by local anti-piracy group BREIN.

 

Later, we learned that similar requests were being sent to Google by movie company representatives in other countries. In response, Google removed thousands of URLs from its search engine in countries such as France, Norway, and the UK. In all cases, the domains were already blocked by ISPs following a court order.

Google’s Blocking Reversal

Google’s decision to voluntarily take action is noteworthy. The company apparently removed thousands of ‘pirate site’ domain names without being named in a lawsuit and despite earlier objections to this type of whole-site blocking, of which it doubted the efficacy.

 

The search engine has clearly changed its views, much to the delight of rightsholders. That said, Google still needs a nudge to spring into action. In the UK, for example, The Pirate Bay remained in Google’s search engine while hundreds of smaller sites were delisted.

 

Initially, it wasn’t clear why The Pirate Bay remained unblocked but, in hindsight, the explanation appears to be quite straightforward.

 

The blocking notices that were sent to Google came from the UK law firm Wiggins, which works for the movie industry. The Pirate Bay blocking order, however, was obtained by the music groups BPI and PPL. Apparently, these groups hadn’t sprung into action yet.

BPI/PPL Ask Google to Delist Pirate Bay URLs

In recent weeks the UK music groups got on the bandwagon. The first request, sent by BPI and PPL, asked Google to delist the main Thepiratebay.org URL from its search results and the company swiftly complied.

 

Since then, several other requests have come in, targeting hundreds of Pirate Bay proxies. For example, earlier this month a BPI/PPL notice identified 486 additional blocking targets, although half of these appear to be duplicated. A week earlier, a similar notice targeted 73 ‘Pirate Bay’ URLs.

 

As a result of these actions, it’s now harder to find Pirate Bay proxies through Google. And indeed, a simple search for The Pirate Bay in the UK now comes with at the bottom of the results, indicating that several URLs were removed in response to a legal request.

 

The BPI informs us that it already asked Google to delist The Pirate Bay when the first blocking order was obtained in 2012. At the time, Google declined to do so but the search engine eventually changed its tune.

 

“Things have moved on a bit since then and Google is now prepared to delist sites which are the subject of Court Orders,” a BPI spokesperson informed us.

 

“It’s been a long time coming, and clearly not everyone uses Google to find infringing sites, but we are pleased that the biggest search engine in the world is now taking these steps, because the less visibility an illegal site has, the less it will be accessed.”

More Targets?

By now, it’s clear that the music industry groups have discovered their new power. However, as far as we can see their actions have been limited to The Pirate Bay. That’s noteworthy, as the music industry groups also obtained ISP blocking orders against many other sites.

 

The popular torrent sites 1337x, LimeTorrents and TorrentDownloads remain accessible through Google, despite a BPI blocking order. The same is true for the music download portal NewAlbumReleases and cyberlocker Nitroflare.

 

Even the blocking order for popular YouTube download tools such as Flvto.biz, 2Conv.com, 2Convert.net, and mp3.studio has yet to reach Google. This, despite the fact that these sites are seen as the largest piracy threat to the industry.

 

It’s not clear why these other sites haven’t been reported but perhaps they will be targeted at a later stage. TorrentFreak asked BPI if that’s the case but, at the time of publication, we have yet to hear back.

 

Japanese manga publishing giants Shueisha, Kadowaka, Kodansha, and Shogakukan are on a mission to disrupt piracy in any way possible.

 

Late October 2021, a law firm acting for Shueisha filed an ex parte application at a California district court seeking discovery of information for use in a foreign proceeding.

 

In our initial report we listed several domains of interest to Shueisha, all with a common denominator – connections to huge manga piracy site MangaBank. At the time the site was enjoying an estimated 81 million visits per month, making it Japan’s 44th most popular site overall.

 

Soon after the publishing of our report, MangaBank went offline. The site’s operator informed TF that his platform had previously been subjected to a continuous ~50Gbps/s DDoS attack from an AS in Japan. MangaBank utilized Cloudflare at the time but the unknown attackers knew the IP address of the site’s backend server. Mangabank never came back online.

After Months of Silence, News From China

As early as March 2021, there were signs that MangaBank’s operator may have had connections to China. Under the country’s e-commerce laws, telecommunication companies and access providers can’t be compelled to disclose the identifying information of internet service users. That didn’t prevent the publishers from finding their target in the end.

 

In November 2021, Shueisha, Kodansha, Shogakukan and Kadokawa said they were preparing to file a criminal complaint against MangaBank’s operator. The publishers also received assistance from the Fukuoka Prefectural Police, who had previously worked on the infamous Mangamura case.

 

The investigation eventually led to MangaBank’s operator in Chongqing, China, and a request to Japan-based anti-piracy group CODA to use its office in China to take action.

MangaBank’s Configuration Ensured No Piracy in China

An interesting aspect of the case is that MangaBank reportedly utilized geo-blocking to ensure that the site could not be accessed in China. This meant that Chinese authorities could not confirm local copyright infringement, leading them to conclude that at least locally, “no actual infringement” took place. CODA didn’t give up.

 

“[W]hen CODA filed a petition for administrative punishment with the Chinese authorities based on a petition summarizing the enormous damage situation in Japan, its punishment and the importance of detection, and various information, it was accepted. It was done,” the anti-piracy group says.

MangaBank’s Operator Sentenced

According to China’s “Regulations on the Protection of the Right to Disseminate Information on the Information Network”, any organization or individual that makes another person’s work, performance, sound or video recording available to the public, must obtain permission from rightsholders first.

 

According to an announcement on the website of the People’s Government of Wanzhou District, Chongqing, MangaBank’s operator did not obtain the necessary permission so was found in breach of Article 2

 

“[His] behavior of providing the works of others to the public without authorization through the information network violates Article 2 of the Regulations on the Protection of the Right to Disseminate Information on the Information Network,” the announcement reads.

 

The administrative penalty handed down to MangaBank’s operator has two components – confiscation of illegal gains (16,409 yuan / $2,427) and a fine for violating the right of communication (30,000 yuan, approx $4,437) – a total of $6,864.

 

When compared to penalties handed down in similar cases elsewhere in the world, especially in the United States, the penalty seems rather low. However, the average annual pay for employees in urban areas of China in 2021 was 62,884 yuan, around $9,300.

 

CODA believes that the site caused considerably more damage than this penalty suggests. It says more time will now be spent to clarify the scale of the infringement and any means of recovery available to the rightsholders.

 

The music industry has had a difficult relationship with new technologies over the past several decades.

 

Cassette tapes, recordable CDs, MP3s, and streaming services have all been described as a major threat to the revenues of artists and labels.

‘Infringing’ NFTs

More recently, various blockchain and NFT projects are seen as a growing problem. Earlier this year, the RIAA went after NFT marketplace HitPiece, describing it as a scam site designed to lead fans to believe that they had bought artist-endorsed collectibles.

 

HitPiece pulled the plug following this critique and NFT Music Stream followed soon after. But these aren’t the only sites with problematic NFTs. In a Variety op-ed published in March, RIAA CEO Mitch Glazier wrote that the problem is much bigger as many more sites are selling ‘infringing’ NFTs.

 

“These sites are charging exorbitant prices for these NFTs, promising ownership in a ‘unique song recording’ and often featuring album art or artist photos to lure in unsuspecting fans,” Glazier cautioned.

 

The problem isn’t limited to dedicated music NFT projects that sell ‘rights’ to songs and album art. Broader NFT marketplaces, through which third-party sellers can auction NFTs, present challenges as well. And for the RIAA, these issues hit close to home.

RIAA Goes After .ETH Domains

The music industry group recently sent a takedown notice to NFT marketplace OpenSea, asking the platform to remove several listings for Ethereum Name Service (ENS) domain names. These blockchain-based domains are known for their .ETH extension and are popular among crypto aficionados.

 

The RIAA doesn’t have any issue with the domain service itself but takes offense when third parties sell domains with RIAA branding and the names of its members and executives.

 

An RIAA takedown notice sent to OpenSea lists 51 ENS domain name auctions, including RIAA.eth, Sony-music.eth, Warnermusicgroup.eth, Atlanticrecords.eth, Virginrecords.eth, Universalmusic.eth and republic-records.eth.

 

In addition, several .ETH domains are named after music industry executives including RIAA CEO Mitch Glazier, Sony Music CEO Rob Stringer, and Columbia Records CEO Ron Perry.

 

The RIAA is not happy with these domain name auctions and recently filed a request for them to be removed. The group informed OpenSea that they violate the rights of the RIAA and those of its members.

 

“The ENS domain names […] infringe RIAA’s or our members’ trademarks, as they cause dilution, confusion, and/or tarnishment of these trademarks. The sale of these ENS domain names is also actionable under the Lanham Act.

 

“In addition, the sale of ENS domain names that contain the names of executives at RIAA or our member companies violates the AntiCybersquatting Consumer Protection Act,” the music group informed the platform.

Auctions Removed

OpenSea appears to have complied with this request as all of the listings have now been removed. Instead of a domain auction, the auction URLs now point to a delisting message.

 

While the RIAA certainly has grounds to take action against trademark infringements, not all domains are obviously problematic. After all, there are other people named Ron Perry or Rob Stringer who now have no opportunity to buy those domain names.

 

We reached out to the RIAA for more information but the group declined to make further comment. We expect that this won’t be the last time that it takes action against NFTs though.

LimeWire NFTs

 

The RIAA’s action coincides with a PR campaign from LimeWire, which just launched its own NFT marketplace. Ironically, the original LimeWire was previously shut down by the RIAA after being sued for copyright infringement.

 

This LimeWire reincarnation has nothing to do with the original file-sharing software. Even its founder is less than thrilled to see the brand being used for this new purpose. The domain name and other assets were sold last year and are now in the hands of a completely different team.

 

Given the brand’s history, the new LimeWire will be cautious of copyright issues. Its initial partnership with Soulja Boy shows that the platform is actively teaming up with artists, albeit one with a ‘piracy’ history. In addition, the site appears to be virus-free as well.

 

—

 

A copy of the RIAA/OpenSea takedown notice, obtained by TorrentFreak from a third-party source, is available here.

 

Three years ago, several of the world’s largest music companies including Warner Bros and Sony Music sued Internet Provider Bright House Networks

 

The recording labels accused the provider of not doing enough to stop pirating subscribers. Specifically, they alleged that the ISP failed to terminate repeat infringers.

 

Since the filing of the complaint the parties have gone back and forth in court with various arguments and accusations. Most recently, both sides requested summary judgments, hoping to start the trial with an advantage. These efforts failed and the case is now moving forward.

 

The legal battle is set to conclude in a few weeks. Before the trial starts, however, some outstanding issues need to be resolved. Specifically, the ISP and music companies want to limit what evidence and arguments the other side can present to the jury.

 

These motions in limine can offer an interesting insight into the biases and framing both camps expect during the trial. This case is no different, as some recent filings reveal.

No Human Rights Mentions

A few days ago, the music companies submitted a 19-page motion to the Florida federal court, asking for various restrictions. For example, they don’t want Bright House to argue that terminating someone’s Internet access is a human rights violation.

 

“This assertion is irrelevant because ‘human rights’ (and international law generally) have absolutely no bearing on this case, and it would confuse the jury as to the legal standards at issue,” they write.

 

The rightsholders note that there is little evidence for this claim. In addition, they point out that the DMCA specifically mentions Internet terminations as an option to curb piracy.

 

The human rights angle is not completely novel. Previously, a report from United Nations rapporteur Frank La Rue spoke out against rules and laws that would cut people’s Internet access. Those piracy-related terminations would violate human rights, the rapporteur argued.

 

It is clear that the music companies disagree and they go a step further still. In their motion, the labels also want to bar Bright House from arguing that it is “disproportionate” to terminate subscribers after receiving repeated piracy notices.

Spying, Price Fixing, and Exploitation

Internet terminations are not the only topic of concern. The music companies also fear that Bright House will use terms such as “spying” or “surveillance” to refer to measures it could have taken to monitor file-sharing traffic.

 

“These inflammatory terms are not relevant to any element of liability and would only confuse, mislead, and unduly prejudice the jury,” the music companies write.

 

Finally, the labels don’t want Bright House to bring up price-fixing allegations in the music industry, or allegations that some smaller artists are being exploited by music companies through terrible contracts.

 

“Plaintiffs’ contractual relations with their artists and songwriters, and aged disputes about those contracts, are not relevant to any claim or defense, nor to any statutory damages factor,” the companies inform the court.

ISP Also Requests Exclusions

The music companies are not the only party trying to control the narrative. Bright House also submitted a motion in limine requesting various restrictions. For example, the ISP doesn’t want the music companies to bring up the fact that many subscribers had their accounts terminated after failing to pay their bills.

 

In addition, the music companies should also be excluded from presenting subscribers’ piracy “admissions” to the jury. These testimonies are hearsay and don’t prove that Bright House was aware of this activity, the ISP argues. As such, they might confuse the jury.

 

“To allow the jury to consider subscribers’ hearsay statements described as ‘admissions,’ particularly ones that do not relate to Plaintiffs’ works-in-suit, would be confusing and unduly prejudicial.”

No Throttling and Monitoring

Bright House further notes that the music companies should not be allowed to argue that deep packet inspection and other network-monitoring technologies could have helped to determine whether subscribers were using file-sharing applications.

 

This suggestion may be technically correct but it’s far from undisputed. The same applies to port blocking and throttling. While these measures could hinder illegal file-sharing traffic, they would also impact legal transfers, which likely violates FCC regulations.

 

“It is undisputed that P2P has many lawful uses, and Plaintiffs’ own purported expert agreed that any attempt to block or throttle P2P during the Claim Period would have been a potential violation of FCC regulations; unsurprisingly, he was also unaware of a single ISP that ever employed such methods.”

 

“Plaintiffs should not be permitted to argue that, to avoid liability for copyright infringement, BHN should have adopted novel, untested procedures that no other ISP adopted at substantial legal risk,” the ISP adds.

 

The motions from both sides will now be reviewed by the court, which must then decide whether any of the issues should be excluded from the trial. The decision is expected in a few weeks, after which the case will head forward.

 

—

 

A copy of the music companies’ motion in limine is available here (pdf) and Bright House’s motion can be found here (pdf)

 

In the 2000s, Japan was a relatively safe place for people with a penchant for downloading content without paying for it. Even those running torrent sites were relatively worry-free when compared to their United States counterparts.

 

Inevitably, it wouldn’t stay that way. While uploading copyrighted content was already illegal, in 2012 Japan criminalized unlicensed movie and TV show downloading, punishable by fines and up to two years in prison. In 2020, Japan’s parliament followed up by criminalizing those who download pirated manga.

 

But perhaps the most significant change was a law that outlawed indexing sites. Known as ‘leech’ or ‘reach’ sites in Japan, these are platforms that host no copyrighted content themselves but link to external platforms that do. Following amendments that came into effect on October 1, 2020, anyone operating such a site faces up to a five million yen fine, a five-year prison sentence, or potentially both.

 

It seems that some people didn’t get the memo.

Suspected ‘Reach’ Site Operator Arrested in Japan

According to a report from anti-piracy group CODA (Content Overseas Distribution Association), officers from the Gunma Prefectural Police Cyber Crime Division and Takasaki North Police Station have arrested a man on suspicion of operating an unnamed ‘reach’ site.

 

CODA says that the site’s domain was registered in February 2018. At least initially it was used as a movie information site, providing details of movies alongside their official trailers. At some point later, however, the site began linking to copies of pirated movies that had been uploaded to overseas file-hosting platforms.

 

Covering both Japanese and Western movies, the site offered links to around 3,300 titles according to local reports. CODA highlights two popular recent anime titles – ‘Gundam Reconguista in G Movie III: Legacy from Space’ and ‘Knights of Sidonia Atsumu Guhoshi’ – plus affected rightsholders Bandai Namco Filmworks and King Records Co. Ltd.

Man Told Police He Just Wanted to Share

The suspect, a 51-year-old unemployed man, was arrested in Asahi Town, Yamagata Prefecture. He is being investigated for copyright infringement offenses and is said to have generated revenue from advertising. In comments to police, he said that his love for movies made him want to share.

 

“I like movies, so I wanted everyone to see them,” he said.

 

CODA sees things differently, noting that ‘reach’/indexing sites play a crucial role in the piracy ecosystem by facilitating access to content that would be harder to find otherwise.

 

“Various copyrighted works are illegally uploaded to overseas storage sites. In many cases, information such as the title of the work is not described, and the file name is a list of meaningless characters, so the user cannot reach the content without a guidance window provided by the reach site,” the anti-piracy group says.

 

“CODA continues to investigate copyright infringement on the Internet, including reach sites, and will endeavor to promote sound regular distribution in which content is properly protected.”

 

In February this year, the Gunma Prefectural Police targeted the suspected operator of another indexing site. The man was arrested for offering links to thousands of movies and TV shows, including content owned by production companies Toei and Toho.

 

Last month, the US Copyright Claims Board went live. Through this Copyright Office-hosted venue, copyright holders can try to recoup alleged damages outside the federal court system.

 

The board aims to make it cheaper for creators to resolve disputes. There’s no attorney required and the filing fee is limited to $100 per claim. Accused parties also benefit as the potential damages are capped at $30,000. Those who prefer traditional lawsuits can choose to opt-out.

 

The benefits of the board are clear to many rightsholders. Opponents, however, feared that the system could be used by opportunistic rightsholders to extract ‘easy money’ from less law-savvy individuals.

Suspicious ‘Sky Group’ Claim

Thus far a few dozen complaints have been filed at the CCB. There’s no sign of systematic abuse but a rather strange copyright infringement claim was submitted last week, one that set off several alarm bells.

 

The claim was submitted by a group called “Copyrights Protection”, supposedly on behalf of the UK media giant Sky Group. The claim accuses the streaming app HA Sports Studio of infringing Sky’s rights.

 

“They are showing Sky Sports live broadcast through their mobile applications on Google Play Store without the permission of our client Sky Group,” the claim reads.

 

It would be a big deal if a major media company such as Sky began using the Copyright Claims Board to resolve a piracy issue. The piracy allegations may be true but in this case the claim itself is rather fishy.

 

When we go to the website of the supposed anti-piracy group we’re welcomed by a stock design template where various placeholder texts are still intact. There’s no contact address or information listed on the site either.

Sky is Not Involved

It seems odd that a company such as Sky would use an unknown and seemingly amateurish representative to file a case at the Copyright Claims Board. We reached out to Sky directly who informed us that it has nothing to do with this claim.

 

“This claim has not been brought on behalf of Sky. We have no association with Copyrights Protection, they are not authorized to act on our behalf and we will be contacting them to request the claim is withdrawn,” a Sky spokesperson informed us.

 

Sky’s response shows that someone is impersonating Sky at the Copyright Claims Board. This is relatively easy as rightsholders and their representatives are not required to verify their identity before submitting a claim.

Copyright Office Responds

When asked the US Copyright Office about this unusual case, it informed us that it doesn’t comment on pending cases or the internal work of the Board. However, it stresses that all cases go through a ‘compliance review’ where such inconsistencies may be revealed.

 

“Compliance review is the process in which CCB staff attorneys review a claim to determine whether it meets legal and regulatory requirements under the CASE Act and the Office’s regulations,” a US Copyright Office spokesperson says.

 

There is no formal identity verification process, as far as we know, but the Board may ask for additional information if needed.

 

“While the CCB generally does not conduct factual investigations, its review will naturally identify claims that have material inconsistencies and areas where the claimant may need to clarify certain issues, including its right to bring a copyright claim on behalf of another party.”

Who and Why?

It remains unclear who is behind this bogus claim and why it was submitted. We sent an email to the contact address “Copyrights Protection” provided to the CCB, asking for clarification but at the time of writing, we have yet to hear back.

 

Meanwhile, the “Copyrights Protection” website is no longer accessible, which makes it even more likely that we’re dealing with someone who sent a claim in bad faith.

 

We can only speculate at this point, but it’s possible that the sender hoped to get a damages award, without Sky noticing. Another, perhaps more likely option, is that a rival pirate streaming app is trying to get competition out of the way.

 

Pirate site blocking in the UK is now commonplace, with the movie, TV show, music, live sports and publishing industries all directly involved.

 

Recording industry group BPI and its member labels are among the most prolific blocking injunction applicants. To date more than 70 base pirate sites are listed in High Court injunctions but due to their ‘dynamic’ nature, those injunctions now cover thousands of related sites and domains, including proxy, mirror and clone sites.

 

These injunctions require the country’s major fixed-line broadband ISPs (those in the BT group, Sky, TalkTalk and Virgin Media) to block listed domains, rendering them inaccessible to subscribers. These blocks can be circumvented using VPNs and other tools but a much bigger access hole has existed for some time.

Mobile Networks Lead to The High Seas

While most torrent site users have historically preferred the convenience a PC, the explosive growth in smartphone ownership since blocking began has seen millions of users flood to illegal streaming platforms and MP3 download sites instead.

 

The reason that happened so easily in the UK is that the injunctions obtained by the BPI, Hollywood, publishers and sports companies only cover fixed-line broadband, not mobile networks. Ten years ago, expensive mobile packages with small data allowances didn’t pose much of a threat but today that’s clearly not the case so the BPI is taking action.

 

“The BPI, the representative voice for independent and major record labels, has today confirmed that High Court website blocking of pirate music sites and apps – which previously applied only to users of fixed line broadband networks – is being extended to users of mobile networks, starting with EE, part of the BT group,” the BPI’s announcement reads.

 

The UK recording industry group notes that previously-obtained injunctions led to BT group, Sky, TalkTalk and Virgin Media ISPs blocking thousands of domains. Those ISPs include EE, a broadband provider that’s also the operator of the UK’s largest mobile network.

 

The BPI says this is the first time since website blocking began in 2011 that a mobile operator has begun blocking pirate sites. So, during the past few hours, we had some tests carried out on EE’s network in the UK. The results are mixed.

 

Recent injunctions obtained by the BPI targeted several platforms including file-hosting site Nitroflare.com and YouTube-ripping site 2Conv.com. Using EE’s 4G network the sites now refuse to load but on an iPhone with Apple’s iCloud Relay activated, everything returns to normal. Testing another dozen or so blocked domains returns the same results.

 

This seems to suggest that blocking is taking place on EE but there are some outliers too. For example, another recent target – Mixdrop.co – loads with no issues and the same holds true for ThePirateBay.org, the BPI’s first ever blocking target a decade ago in 2012.

BPI Welcomes EE Development

The BPI cites figures from telecoms regulator Ofcom showing that in the last quarter of 2021, there were 85 million mobile subscriptions in the UK, a figure that exceeds the UK’s entire population. Quality of service is good too, not exactly an ideal scenario for suppressing piracy.

 

“Mobile data connections are faster and more reliable than ever,” says BPI General Counsel Kiaron Whitehead. “A quarter of people now connect to the internet over 3G, 4G and 5G rather than broadband and wi-fi. That growth brings with it the risk of increased music piracy.”

 

Whitehead notes that revenue generated by pirate sites goes into the operators’ pockets while none goes back to artists. Enhanced blocking on mobile networks may go some way to improving that.

 

“We are therefore pleased that EE – which was the first mobile network to launch 5G to the UK population – has now become the first mobile network to block pirate sites which are subject to our High Court blocking Orders under section 97A of the Copyright, Designs and Patents Act 1988,” Whitehead adds.

Mobile Network Blocking Raises New Questions

Considering the millions the company spends on advertising and marketing each year, EE makes absolutely zero personal appearance in the BPI’s announcement, not even a short comment from a spokesperson.

 

It’s hard to draw firm conclusions but this tends to suggest that EE doesn’t view site blocking as an exciting marketing opportunity. However, EE’s lack of public support raises other questions too.

 

The terms of site-blocking injunctions are negotiated between rightsholders and the ISPs. The details are hammered out in private but we do know that blocking on mobile networks was previously ruled out and is therefore not included in the orders handed down by the High Court.

 

That raises the question of whether EE Limited has made an agreement with the BPI to block sites voluntarily or whether additional court processes will be needed to modify existing injunctions. That leads to even more questions.

 

If EE is covered by existing injunctions or intends to block voluntarily, why are other mobile providers (e.g Sky Mobile, owned by Sky UK Limited) not carrying out BPI blocking as well?

 

There’s also the issue of ‘BT group’ companies being covered by existing injunctions. BT owns EE but BT Mobile customers also use the EE network. Does that mean users of BT Mobile will experience blocking on their connections too?

 

The same thing can be said about subscribers to other providers including Plusnet Mobile, Utility Warehouse, and other smaller companies such as 1pMobile, The Phone Co-op, Ecotalk, IQ Mobile, Zevvle, RWG Mobile, and To The Moon. These all use the EE network.

 

Also, today’s announcement only mentions BPI blocking injunctions in respect of EE. Is that the limit of EE’s blocking or does it intend to block the many, many thousands of sites listed in injunctions obtained by the MPA and Premier League, for example?

 

And then there is the matter of EE’s main competitors – O2, Three, and Vodafone. As a company, O2 has been named previously in at least one BPI fixed-line broadband injunction but Three and Vodafone have not. There is no mention of those companies implementing blocking so at least at this stage, it seems likely they haven’t agreed to it.

 

That leads us to all the injunctions handed down by the High Court in the past, which currently cover most of the big pirate sites. Will the BPI have to go back to court and have them all modified or perhaps the other providers will act voluntarily?

 

All of these questions were put to the BPI before the publication of this article. We’ll provide an update when we hear back.

 

Trackers are a crucial part of the BitTorrent infrastructure, making it easier for downloaders and uploaders to connect to each other.

 

Technically speaking trackers are similar to a DNS provider, they function as a ‘phone book’ pointing people to content without knowing what it is.

Demonii Tracker

In 2015, Demonii was the largest torrent tracker around. The Demonoid-inspired service handled requests from more than 50 million peers, resulting in more than two billion connections per day.

 

This reign ended abruptly at the end of that year. When the Motion Picture Association shut down the torrent icon YIFY, Demonii went down with it. As it turned out, YIFY was also the driving force behind the popular tracker; a fact that was relatively unknown.

 

With YIFY in the grasp of the MPA, some people feared that Demonii had been compromised as well. There was no evidence for this claim but that was irrelevant as Demonii soon went offline. It stayed offline too, until just a few days ago.

Surprise Comeback

Out of nowhere, Demonii suddenly became responsive again this month. The comeback went largely unnoticed by most torrent users but those that keep a close eye on tracker connections could have noticed. As it turns out, many active torrents still have Demonii in the tracker list.

 

Immediately after its resurrection, Demononii roughly started where it left off, coordinating transfers of over four million peers. These millions of torrent users connect to nearly two million older torrents that were also active before the tracker’s shutdown.

 

The instant activity shows how many active torrents still have Demonii listed as a tracker. And since these torrents often have less than a handful of downloaders today, a central tracker will help to improve connectivity.

 

The big question is, of course, who resurrected Demonii and how did they get their hands on the domain?

Demonii Has a new Owner

After reaching out to several people, we found out that ‘Suni’, a veteran in the BitTorrent scene, is behind the comeback. Suni was once the operator of a smaller torrent site and was connected to a collective of torrent sites that was started back in 2005.

 

This collective, which included popular sites such as myBittorrent and Fenopy, pooled resources and knowledge to get things done. The group eventually fell apart after a few years, but many site operators remained connected.

 

Suni eventually shut down his site, which he prefers not to name in public, but kept a close eye on the torrent ecosystem. When YIFY was shut down in 2015, he noticed that the Demonii.com domain remained in the hands of the original owner.

 

Demonii was “an icon” according to Suni, who decided to reach out to YIFY in the hopes that they would agree to hand it over. After all, with more than 50 million people relying on it, the tracker served an important function.

 

“The tracker served a purpose. While many may argue that the loss of Demonii back in 2015 was no big deal for the ecosystem, realistically, it was; it was one of the most relied-on Torrent Trackers in the world,” Suni tells us.

 

Indeed, while trackerless technology such as PEX and DHT were able to take over the functions of the defunct tracker in most cases, centralized trackers can be crucial for less popular torrents to survive.

7 Years Waiting…

Unfortunately for Suni, YIFY didn’t want to hand over the domain; at least, not at the time. It would take almost seven years before that would happen.

 

After the early offers to take over Demonii were rejected, Suni and YIFY remained in touch. Over the years the Demonii topic was brought up on occasion, but usually without success.

 

“I would jokingly be like ‘hey, you should give me Demonii.com,’ and always was rejected; never told why and of course, I accepted it.

 

“It wasn’t until we were chatting more recently about the cost of domain pricing for each of our online presences, that YIFY randomly sent back a random string of characters; and was like ‘it’s yours, let me know when it’s transferred’,” Suni says.

 

This version of what happened is corroborated by another source. We also spoke to a member of the original YIFY team, who preferred not to comment. However, the end result is that Demonii is operational again, with millions of people using it.

Tech Specs

Demonii, like the original, runs on the OpenTracker software which is relatively lightweight. Suni informs us that the tracker is currently hosted on two virtual machines, running Debian 11 from docker containers.

 

The tracker supports both IPv4 and IPv6 connections. The former are still much more prevalent and the dual-stack server handles around 300,000 active requests per minute on a 1x 6 Core 16GB machine. However, it’s only using a fraction of its total capacity.

 

“Everything is as optimized as possible; realistically anything and everything that can be stripped out is stripped. At time of writing; the v4 server is using 850mb ram. and about 11% of a CPU core,” Suni says.

 

The above shows that Demonii is ready for more growth if needed. Suni also ordered new hardware to expand the operation even further. This is all coming out of his own pockets as the tracker itself doesn’t generate any revenue.

Legal Issues?

It is important to stress that the tracker is content-neutral. It’s simply a service that anyone can use to add to their torrent files. The tracker itself doesn’t host any torrents, nor does it have any control over how people use the tracker.

 

Still, rightsholders may yet demand the blacklisting of certain torrents. Like others such as OpenTrackr.org, Demonii will consider accepting these requests, although it doesn’t believe that it’s doing anything illegal.

 

“I am of course, more than willing and able to implement blacklisting, it’s a small price to pay really. But like others I would be putting up lists of hashed that have been blacklisted from the tracker,” Suni says.

 

All in all, Suni believes that Demonii is just offering a neutral service, much like ISPs or even torrent clients. And judging from the more than 400 million requests per day, it’s quite a popular service already.

 

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only.

 

These torrent download statistics are only meant to provide further insight into the piracy trends. All data are gathered from public resources.

 

This week we have five new entries on the list. “Jurassic World Dominion” is the most downloaded title.

The most torrented movies for the week ending on July 11 are:

Movie Rank	Rank last week	Movie name	IMDb Rating / Trailer
Most downloaded movies via torrent sites
1	(6)	Jurassic World Dominion	6.0 / trailer
2	(1)	Doctor Strange in the Multiverse of Madness	7.2 / trailer
3	(2)	Fantastic Beasts: The Secrets of Dumbledore	6.4 / trailer
4	(4)	The Batman	8.4 / trailer
5	(5)	Everything Everywhere All at Once	8.5 / trailer
6	(7)	Rubicon	4.5 / trailer
7	(…)	The Sea Beast	7.1 / trailer
8	(8)	The Princess	5.4 / trailer
9	(back)	Top Gun: Maverick	8.6 / trailer
10	(back)	The Northman	7.2 / trailer

 

Note: We also publish an updating archive of all the list of weekly most torrented movies lists.

 

Every day an estimated 30 million players jump into Roblox, an online game where players can play games created by other users. Around 40 million games is the current estimate.

 

Developing games for Roblox can be extremely lucrative. The company behind Roblox revealed that developers and creators earned more than $500 million on the platform in 2021 alone, a huge amount considering that most developers are mostly young adults, some earning around $2m a year.

 

It’s clear then that Roblux content is worth protecting so it wasn’t much of a surprise to see a DMCA subpoena filed at a California court last week complaining about piracy on the platform. After digging further into the details, it soon becomes apparent that what goes on in Roblox doesn’t necessarily stay in Roblox and can have real-world consequences.

Developer Wants to Identify Alleged Infringers

Filed on July 8, 2022, the DMCA subpoena application is nothing special in itself. It references a set of four DMCA complaints sent to Roblox, beginning in December 2021 and running to May 2022. It seeks the identities of the infringers detailed in those complaints, promising that any information obtained will only be used for protecting the developer’s copyrights.

 

According to the application, the developer is Christopher Boomer but the importance of that is only revealed when reviewing the original DMCA takedown notices. According to Boomer’s legal representative, his client holds copyrights in several games and provides links to the Roblux platform (included below) as evidence of that.

 

Weight Lifting Simulator 2 was uploaded to Roblox in August 2017 and since then has been visited 77 million times. Weight Lifting Simulator 3 was uploaded in September 2018 and has been visited more than a billion times. Muscle Legends was uploaded in September 2018 and it too has been visited more than a billion times.

 

According to the application, other Roblox developers have been leveraging the success of the above titles by publishing games with the same names using artwork, code and assets from the originals.

 

One alleged clone, originally called Weight Lifting Simulator 3 and uploaded in July 2021, has been removed and its page renamed, but not before amassing in excess of three million visits. Another clone, Weight Lifting Simulator 5, has also been removed after clocking up a million visits.

 

Those were the small ones – two other alleged clones racked up 34.3 million and 15 million visits respectively.

Developer Homes in On Specific Infringers

In a letter dated May 17, Boomer’s legal team in Northern Ireland informed Roblux’s legal department of continuing infringement on the platform, supported by evidence of Boomer’s registered copyrights in the above games and others including Legends Of Speed and Ninja Legends.

 

The letter goes on to claim that Boomer is being deliberately targeted and calls on Roblox to take action. A Roblox developer group called “17_Qv Studio” is specifically called out while two other allegedly-affiliated groups – Estatics (20K+ members) and Estatic Networks (71K+) – also get a mention.

DMCA Subpoena is Extremely Broad

As far as the DMCA subpoena goes, Boomer has a long list of people he wants to identify. Whether the court clerk will simply sign on the subpoena’s dotted line is unclear but in this case the oversight of a judge is almost certainly warranted given the scale.

 

The requests for information are split into three groups – game URL, groups, and specific users.

 

For each allegedly-infringing game URL on Roblox (10 in total), the developer demands “documents sufficient to identify all current and previous owners, operators, developers, and contributors to the game” including usernames, real names, physical addresses, telephone numbers, e-mail addresses, and IP addresses “associated with each owner, operator, developer, and contributor.”

 

For each infringing group (7 in total), the developer demands “documents sufficient to identify all current and previous members of the Infringing Group, including but not limited to Documents sufficient to identify all usernames, real names, physical addresses, telephone numbers, e-mail addresses, and IP addresses associated with each member.”

 

To say that this could involve a considerable number of people is putting it mildly. Admittedly there could be some membership overlap between groups but potentially thousands of people – including those who are not necessarily guilty of any wrongdoing – could get sucked in if the subpoena is simply signed off.

 

The affected groups and their member counts are as follows: 17_Qv Studio has 248,000+ members, Estatic Studios has 63,000+ members, Estatic Games has 93,000+, Estatics has 20K+, Speedster Games Inc has 11K+, and FreshyWay Studios has 25K+.

 

In respect of individuals, Roblox users Vectus, Avectus and Avectus II – members of Flamen’ Studios and Speedster Games Inc – are listed in connection with an alleged clone of Weight Lifting Simulator 3 that pulled in 155m+ visits, a Weight Lifting Simulator 2 clone (6.1m) and Ninja Simulator (408K).

 

Roblox users Underesteem and Codosky are listed due to alleged involvement in a Weight Lifting Simulator 2 release (384K visits) and Bitdows is linked to a Speed Simulator 2 release (2.8m visits). Users linked to releases of Weight Lifting Simulator 3 include Metadowed, MrN3koglai, BabyJohn, DUDUARTZRBLX, plus the plainly named ‘Mark’.

 

In common with the other categories, Boomer wants to match usernames with real names, physical addresses, plus email and IP addresses.

Trademarks and Luxury

If the DMCA subpoena goes uncontested, which seems unlikely given its extraordinary scope, any information obtained can only be used to protect copyrights. That being said, Boomer has a lot of trademarks registered in both the United States and United Kingdom, covering the above games and other IP.

 

Of course, trademark registrations need the name of the owner plus that person’s address – both listed here on the database and viewable by anyone with a browser.

 

There could be some unknown factors at play here but if piracy of Roblox games is indeed causing lost sales, no real evidence of hardship will be found here. Or maybe it’s just a very, very big mortgage – payable in Robux.

 

The DMCA subpoena application and supporting documents can be found here (1,2,3,4)

 

Measures to tackle online piracy are often described as a game of whac-a-mole, in this case a game where pirates get bashed on the head only to pop up somewhere else – supply of movies, TV shows, live sports and music intact.

 

From the average pirate’s perspective, the game is completely pointless – futile even. But for anti-piracy groups all around the world, engaging pirates in this irritating game is an important form of disruption. It’s the next best option given the 0% chance of killing all piracy and the greater than 0% chance they’ll switch to a legal service.

 

The massive proliferation of pirate IPTV services in recent years is a big problem for many rightsholders. They’re able to annoy a few with ISP blocking but behind the scenes they’re also shutting a few down here, and a few down there. How they do that is rarely for public consumption but documents made available to TorrentFreak shine a little light on the basics. But first a short primer.

OSINT – Open Source Intelligence

At the lowest level, OSINT is available to all by simply gathering and processing data found using a search engine. In the world of OSINT, however, search engines represent only a handful of tools in an extremely large toolbox. When these tools are combined and harvested data is processed effectively, it’s possible to obtain worrying levels of information on all but the most hardened targets.

 

The screenshot below shows just some of the tools listed by OSINT Framework but even this selection barely scratches the surface, especially if we include the associated skills needed to effectively gather and then correlate data.

 

When it comes to online anti-piracy investigations, OSINT tools and techniques can feel almost tailored for the task at hand. Any single piece of information about a site operator (such as a domain name, IP address, or email address) has the potential to expose a person’s online footprint. And since today’s online lives tend to be inextricably entwined with those enjoyed offline, it’s not hard to see where things can end up.

IPTV – Investigation Examples

In 2021, a project funded by the European Union/EUIPO gave a presentation in Asia that focused on the investigation of various players in the illegal IPTV ecosystem. The chart below lists everything from content providers, aggregators and developers, to money and ‘subscription mules’ – otherwise known as ‘resellers’.

 

One interesting section concerns server devices known as ‘transcoders’. Video streams are sent to these servers from external sources (live TV or IP streams) and then transcoded/converted into multiple streams for delivery to multiple users’ viewing devices, usually via other networking infrastructure.

 

The specific model mentioned in the slides (TBS8520) can be managed using a system called ‘Kylone’ which is accessible using a web browser. So, when the investigators searched for ‘Kylone’ using ‘ZoomEye‘ (an OSINT search engine for the ‘Internet of Things’) the system was able to provide information on more than 141 transcoders. (Note: Using Shodan is also an option)

 

Knowing where these servers are located is useful information for obvious reasons. An IP address (such as the first result in the chart above) has the potential to lead to a hostname or even a physical location using simple tools.

 

(Note: Hosting companies, including the one in the example, may have no idea a customer is involved in illegal activities and, in any event, the customer in question is probably long gone)

Ulango.TV: A Lesson in How To Get Caught

In January 2020, we discovered that the Alliance for Creativity and Entertainment had taken down Ulango.tv, an ‘IPTV solution’ offering thousands of live channels through an app. As far as we’re aware, ACE still hasn’t claimed responsibility but there’s no doubt they took it down or were involved in some way.

 

According to slides in the EU/EUIPO presentation, cracking the case was simplicity itself. Armed with the site’s domain name (ulango.tv) and a WHOIS service, the investigators were able to obtain an IP address and the details of the company hosting the server.

 

Next they created a map of the ulango.tv site using this tool, which produced a list of external sites the .tv domain linked to. That included a link to a Twitter account and another piece of the puzzle.

 

Turning then to Hunter.io, a very powerful service for email-related investigations, they searched for the Ulango.tv domain and found an email address connected to it. At this point they appear to have used a little bit of skullduggery.

 

Using the services Fakemail and Fake Person Generator they made an account on Ulango.tv with bogus information. Obviously, there are reasons investigators don’t want to expose themselves in situations like these since that could be counterproductive.

 

As the slide shows, the next step was to move towards a purchase of the site’s premium service for the princely amount of two euros. Then, after clicking the ‘checkout’ button, they were given the option to pay by credit card or bank transfer.

 

Out of necessity an IBAN number was provided along with the name of the account holder, a name that had also appeared earlier in the investigation. It wasn’t difficult but it appears to have been effective.

IPTV Investigation Using Multiple Tools

Finally, the slides detail another investigation but since our checks indicate the platform is still live, we don’t intend to name it here. Instead, we’ll simply walk through the steps.

 

Using the site’s domain name, investigators used Viewdns.info to conduct a WHOIS search to reveal the name of the domain registrant. Armed with that name they conducted a reverse WHOIS search, which displays other domains registered by the same person.

 

In total, these steps turned up a name, an email address, a potential physical address and 10 additional domains, mostly connected to pirate IPTV services.

 

The next step was to load up the main domain and view its source using a regular browser. By searching that source code for the term ‘UA-‘, they were able to find the site’s Google Analytics ID. By conducting a Reverse Google Analytics search, other sites using the same ID were revealed and connected to the first site.

 

Then it was a matter of attempting to pay for a subscription at the first site and noticing that payment was being processed by another. That site was (and still is) presented as a legitimate business and as such is incorporated as a limited company in the UK.

 

All limited companies in the UK have a listing at Companies House (another great OSINT resource) and a search there gave up the name of the director (a foreign national), a date of birth, and an address in London. The latter is a known virtual office and the home of many people who prefer not to give up their real address.

 

At this point the slides reveal no more so it’s unclear whether the investigation ended there or is still ongoing. The sites in question appear to be up so for educational and entertainment purposes only, we’ll see if the case can be cracked using the incredible capabilities of Maltego and Spiderfoot.

 

These tools allow users to automate their OSINT queries and investigations but such a short description does them both a huge disservice. They both have a free option so there’s no excuse for not giving them a try, preferably in a virtual machine and certainly behind a VPN, especially in the case of the latter.