Piracy Devices Are Part Of The Botnet Problem, Broadcaster Tells Canada’s Telecoms Regulator

Home > Anti-Piracy > Site Blocking >

In January, the Canadian Radio-television and Telecommunications Commission (CRTC) launched a consultation on a framework to address the harms caused by botnets - malware-infected computers under the control of malicious actors - and whether these should be blocked by telecoms providers. Super Channel owner Allarco Entertainment believes that piracy devices are part of the threat.

Streaming KeyOnline piracy and the Internet-based services and networks that they rely upon are inextricably linked. That being said, many copyright holders believe that pirate services shouldn’t have access to the Internet at all.

With this ultimate goal still a long way off, entertainment companies have been doing what they can to disrupt Internet access to pirate services, most commonly by preventing them from reaching their end-users through the use of ISP blocking injunctions.

At the same time, there are broad efforts to portray pirate services as propagators of malware, hoping that when services aren’t blocked by ISPs, users will make the decision to cut them off themselves. This ‘piracy device=malware’ argument has now taken an interesting turn as part of a process in Canada hoping to deal with botnets.

CRTC Calls For Comments on Network Blocking Framework

Back in January, the Canadian Radio-television and Telecommunications Commission (CRTC) launched a consultation on a framework to address the harms caused by botnets. The proposal envisions a network-level blocking system to limit the harm caused by botnets, which CRTC characterize as responsible for an increasingly large proportion of cyber threats.

“A botnet is a network of malware-infected computers (bots) that are under the control of a command and control (C2) server operated by a malicious actor. The malware infection is caused by a computer program installed without the computer owner’s knowledge or consent. Each bot is an Internet subscriber’s computer or other device that communicates through the subscriber’s service provider en route to an associated C2 server,” CRTC explained.

CRTC suggests that Internet service providers could introduce network-level blocking to counter the botnet threat, including domain blocking, IP address blocking, and blocking based on protocol. Interestingly, Super Channel owner Allarco sees this as an opportunity to address its own copyright-infringement problems, by painting pirate devices as part of Canada’s botnet problem.

Allarco Entertainment’s Submission

As previously reported, Super Channel owner Allarco is currently engaged in legal action at Alberta’s superior court to prevent Staples, Best Buy, and other retailers from selling ‘pirate’ set-top boxes in their stores.

Along with allegations of mass copyright infringement, Allarco issued a warning that piracy-configured devices – largely Android-based and imported from China – are often pre-loaded with malware that targets consumers and puts their machines at risk. The company builds on this claim in its submission to the CRTC.

Allarco says that it hired an expert to examine some of the set-top boxes sold by the retailers and found that they “exhibited invasive and/or potentially malicious behaviors.” These behaviors included “secret network scanning and probing” of computers and other local network devices for files such as Word documents, databases, spreadsheets, PDFs, audio, video, and other files.

The entertainment company also claims that the devices reported to “unknown servers in China” returning information about the devices such as their location, software load, security level, installed software, and the structure of the network they were connected to.

“Pirate Devices Are Part of the Botnet Problem”

Allarco acknowledges that CRTC’s request for submissions relates to botnets under the control of a command-and-control server but believes that the regulator should look at pirate set-top boxes too, as these “exhibit many of the same attributes.”

“[T]he key questions posed by the Commission, in reference to botnets, are relevant to the sale and deployment and operation of Pirate Devices,” Allarco writes.

“Not only are botnets used to steal and distribute pirated programming, piracy becomes a trojan horse and vector through which the botnets expand their illicit networks used to distribute malware, and carry out Denial of Service attacks and other nefarious purposes. The commercialization of piracy is greatly aided by botnets.”

Blocking Pirate Devices Would Achieve Two Goals

Allarco says that if TSPs or ISPs blocked “pirate device communications”, two key goals could be achieved.

Firstly, it would help to curtail the “theft” of intellectual property in Canada. Second, it would stop the “malicious transmission” of personal data from set-top devices to servers located outside of Canada, allegedly China.

“The blocking of the Pirate Devices, and hence, blocking of spyware, malware, etc., is warranted, and would not undermine the overall precepts of network neutrality,” the company adds.

Internet Users Should Not Be Able to Opt-Out of Blocking

One of the questions posed by CRTC concerns the transparency of any blocking program to ensure accountability and help consumers make “informed decisions” when selecting an ISP or choosing whether to participate in a blocking program. Allarco firmly believes that consumers should not have the ability to “opt out” of a blocking program should they be using a pirate device.

“It has been Allarco’s experience that in many cases Canadian consumers who purchase the Pirate Devices from retail outlets are not informed that the devices intercept and thereby steal copyrighted content. Some Pirate Device sellers misinform Canadian consumers that using the devices to ‘steal’ programming is not illegal,” Allarco informs the CRTC.

“If due to implementation of a blocking framework, the Pirate Devices were unable to connect to servers containing the pirated intellectual property, members of the public would suffer no direct harm.”

With similar logic, Allarco says that there should be no “opt in” program either when it comes to the use of pirate devices. The company says that their primary purpose is to access pirated content so no user should have the right to avoid any blocking mechanism.

Allarco Has No “Over-Blocking” Concerns

In its call for submissions, the CRTC raised the possibility that any blocking mechanism could block IP addresses or servers it should not, potentially preventing access to a legitimate service. Allarco is confident that if pirate devices were targeted, there would be no over-blocking.

The company says that it would provide independent expert evidence that the IP addresses to be blocked are transmitting malware or facilitating the distribution of pirated video content.

“Since the Pirate Devices, are generally single-purpose devices, we would not foresee situations where the consumer is precluded from carrying out lawful activities, on their other (lawful) streaming devices (e.g. Roku, AppleTV, Amazon FireTV) in their homes or offices, or impact their ability to use their computers, tablets or mobile phones for such purposes as web-surfing, email, video-conferences, etc,” Allarco adds.

Allarco Has No Plan For How Blocking Could Be Achieved

The notion that pirate devices can be effectively blocked in their entirety, especially without any over-blocking whatsoever, seems more than a bit of a stretch from a technical perspective. Unfortunately, Allarco doesn’t have any solutions or ideas of its own as to how that could be achieved.

“Allarco has no definitive response at present. Allarco is neither an ISP nor a TSP, so we have no expertise in respect of blocking techniques which could be implemented by an ISP or TSP. Allarco reserves the right to comment on filings by TSPs and ISPs and other intervenors at the reply phase,” the company notes.

Finally, it’s worth highlighting ‘Exhibit 2’ of Allarco’s submission to the CRTC (pdf).

It relates to the connections made by some of the ‘pirate’ boxes to various IP addresses around the world and is titled “Incoming and outgoing connections to Locations in China and other countries.” While the emphasis is clearly placed on China (with the China IP addresses carefully highlighted in the list), the report reveals that Chinese IP addresses represent a tiny, tiny minority.

For example, one device – named as a NeonTek N11 – had dozens of incoming connections on its first connection to the web, the overwhelming majority from Google but also including Cloudflare and other US-based services. In fact, just four of these connections were to China-based IP addresses, three of which are owned by tech-giant Tencent.

Allarco’s submission can be found here (pdf), supporting documents here and here (pdf)


Popular Posts
From 2 Years ago…