How Seized Firesticks in a Plastic Bag Opened Up a Pirate Rabbit Hole

Home > Opinion Articles >

When piracy-related news is delivered via press release, the information provided is rarely enough to fully understand the bigger picture. Whether for legal or commercial reasons, details can be frustratingly scarce or in some cases, simply a bit one-sided. That means looking for more interesting information elsewhere or even stumbling upon it, completely by chance.

binocularsHere at TF we track a lot of lawsuits, not to mention buy, research, and then ultimately report on them. While that can be a lot of work, in the United States detailed information is mostly easy to find.

The same can’t always be said when piracy-related news is made available by various third-parties, often with a commercial interest in how information is presented. Through selective emphasis, useful information may not even be presented at all.

As a result, indirect yet open sources of information are increasingly important, not necessarily to report directly in public, but to better understand the bigger picture. Sometimes the bigger picture starts with an actual picture.

Zoom In. Now Enhance. Enhance Again

We’ve all seen the memes and subsequent compilations of those memes, so finding yourself in a zooming and enhancing situation can be unintentionally comical, at least initially.

Last year we reported on a series of raids in the UK against suspected IPTV resellers. With no services named and no clear idea who had been arrested, we reluctantly published the news as provided along with the officially-supplied images below.

Images from the raidsERSOU-IPTV-Seized1

A few days later, after being alerted to a failing SSD, a swift check of the data revealed little worth saving; if the SSD died, it died. However, the drive contained a handful of images with one in particular standing out due to a larger-than-usual file size.

After quickly opening the image in GIMP, the picture of the Firestick boxes in a bag appeared so, given its size, a quick zoom on the label seemed in order. Before the image finally ran out of resolution, it was possible to zoom and enhance nine times. The image below shows the detail at just six.

zoom and enhance

Zoom Out. Zoom Out Again

In itself, an image of Firestick boxes in an evidence bag is nothing unusual. The devices are cheap, functional, and as such are popular among those selling and buying pirate IPTV packages.

Whether there were any physical devices in these particular boxes is unclear because, on closer inspection, it appears that some of the boxes had been previously opened. The evidence label also mentions ‘4x Fire TV Stick’ but for some reason, the word ‘boxes’ was written on another line.

Firesticks Boxes

For those wondering why that might be important, it probably isn’t. The fact that GIMP indicated that the image had previously been rotated is very important, however.

GIMP was able to determine that fact due to the image’s EXIF data, a collection of metadata tags embedded in a file that can show anything from shutter speed and exposure compensation, to whether a flash was used or not. All of this data should’ve been stripped before the images were published online.

EXIF Data Jackpot

EXIF data can be extracted with a number of tools but in this case, FOCA was to hand and it always does a great job. According to the data, the Firestick photo was taken on a Samsung S21 smartphone (SM-G998B) at 07:44 and 16 seconds on the day of the raid. The metadata also confirmed (orientation: Right side. top (Rotate 90 CW) that the image had indeed been rotated.

Image metadata, also not stripped before being made available to the public, included GPS coordinates. This information is usually accurate to about five meters and revealed where the photo was taken.


The coordinates reveal that both photographs were taken at the same address in an area of London, not far from an area previously mentioned in connection with the case; although not exactly the same area according to a pair of helpful tools.

Distort. Mirror. Blur. Rotate. Flipzoom-enhance-flip

Thanks to Google Maps and Google Street View, identifying addresses and cross-referencing with other public data sources referencing people and sometimes historical events, building a bigger picture can be time-consuming. Frequently, however, it’s worth the effort.

Don’t Take Data For Granted

While the GPS coordinates in any image can be useful, they also have the potential to mislead or, in fringe cases, may have even been tampered with. Taking this case as an example, just because the photograph was taken inside a particular address, it doesn’t necessarily follow that the items were actually seized from inside that address.

We’re unable to commit the resources to prove one way or the other, but these devices may have been retrieved from a vehicle, rather than bricks and mortar.

While not necessarily used or useful in this case, other items in images like these can at times prove helpful. With carpet clearly visible, that has the potential be matched to an address. Since knocking on the door and asking to look around might not be well received, the property may have been sold recently. If so, an estate agent has probably photographed the entire house and left the listing online.

Finally, feel free to freak yourself out with GeoSpy AI, an online tool which tries to identify the location of photographs taken outside, even with metadata stripped. It can be hit-and-miss depending on image and location but when it gets it right, it does so with startling accuracy.

TorrentFreak previously notified the source of both photographs that metadata hadn’t been stripped


Popular Posts
From 2 Years ago…