On the surface there’s a world of difference between the crisp-suited executives of international corporations and the internet-dwelling swashbucklers intent on reappropriating their copyrighted content as swiftly as possible.
In reality, the closer one gets to the piracy front lines, the more difficult it is to tell the factions apart. They use similar tools and obfuscation techniques, need to innovate to stay ahead of the game, and even participate in the same discussions. Earlier this year a group of ‘pirates’ on Reddit obtained all kinds of information on at least a dozen pirate apps using ancient lost arts; opening accounts months earlier, pretending to be almost clueless, and then just blatantly asking.
Totally unsurprisingly, there was zero shortage of helpful pirates willing to answer, but these kinds of efforts are only useful in limited circumstances and can only yield so much useful intelligence. Technical information needs to be obtained methodically before being meticulously documented, potentially for use in future legal action against pirates themselves or intermediaries – or both.
IFPI – Content Protection & Enforcement
Global recording industry trade group IFPI has a sophisticated anti-piracy team tasked with mitigating threats, gathering evidence for use in legal action, and staying on top of the latest piracy trends.
In a job listing posted Monday, the group called out for a new technical investigator to join the team at IFPI’s impressive headquarters in London.
“The ideal candidate will have well-rounded technical knowledge and be capable of analyzing and testing infringing services and producing written reports in a clear and concise manner. The candidate will work closely with the technical investigators and analysts within the team, developers, operational staff, and lawyers, as well as law enforcement professionals,” the listing reads.
While prosecutions are still carried out in the UK, most music pirates have moved on from selling pirate CDs at the local market. The role at IFPI seems to be a thoroughly digital affair, with investigations focused on pirate apps, social media platforms, and online streaming services.
The successful candidate will also have knowledge of ancillary technologies, including blockchain, decentralization, metaverse and gaming platforms, and of course, Artificial Intelligence. They will also have a blemish-free past, which IFPI will confirm via an enhanced background check. These checks go beyond convictions and include any information the police may have on record that’s considered in some way relevant.
OSINT & Technical Investigations
While techniques and tool availability have developed significantly in recent years, the basic questions requiring answers in any piracy investigation remain the same; how does the infringing service or platform deliver content to end users, where does that content come from, what type of infrastructure supports it, and who are the humans involved and what roles do they play.
Investigations can be triggered when a new app appears online. Whether iOS or Android (mostly the latter), the process is the same; find out how the app functions, and then determine where the content comes from and how. The IFPI job listing gives little away on the specifics but does state that the successful candidate will have experience with three specific tools – Wireshark, Charles, Postman.
In Your App, Sniffing Your Traffic
There’s no doubt that Wireshark is the best-known tool of the three. Launched in the late 1990s and originally called Ethereal, Wireshark is the leading network protocol analyzer by far and is used by millions of people worldwide.
Wireshark is also completely free of charge but for most novices, completely overwhelming too, at least in the beginning.
For those who persevere, Wireshark offers a window into the hidden world of protocols, packets and networking, and is as proficient at monitoring the communications behavior of a regular browser accessing YouTube, as it is monitoring a mobile piracy app, or sniffing out unauthorized BitTorrent traffic on a network.
Wireshark is an extremely powerful tool and as likely to appear in a pirate’s toolbox as it is an anti-pirate’s. In most aspects Wireshark is more powerful than Charles, or Charles Proxy as it’s often known, but sometimes a more focused piece of software is preferable to all-out overkill. Charles has some interesting tricks up its sleeve.
While Charles also monitors traffic, it’s a web-debugging tool rather than a packet analyzer. In a typical scenario where an investigator wants to know how a new Android music streaming app works, the smartphone running the app (or an emulator) can be made to connect to Charles before it goes about connecting to external sources to stream music or obtain covers etc.
Meanwhile, Charles acts as a ‘man-in-the-middle’ silently listening and logging all activity, even when pirate app traffic is otherwise ‘protected’ by encryption. Charles can decrypt SSL/TLS connections, obtain cookies and grab passwords.
It sounds like the kind of behavior pirates might enjoy but on the piracy war frontlines, the sides have more in common than either would like to admit.
IFPI’s job listing can be found here