‘Pirate’ Cyberlocker Sites Vulnerable to Takedown, Study Finds

A study carried out by Queen Mary University of London has found that streaming piracy sources are vulnerable to takedown. The research, which sampled 33 cyberlocker sites during 2017, found that just two hosting providers hosted 58% of the videos. Targeting these hosts could remove 71% of the servers from the data set, the study found.

While BitTorrent indexing sites dominated the landscape until just a few years ago, streaming is now the most visible form of online video piracy.

Through networks of hosting platforms and indexing sites, pirate streaming is now available to any Internet user, as long as he or she can operate a web browser. It’s a far cry from the complex file-sharing world of yesterday.

This shift prompted researchers at Queen Mary University of London to examine this relatively new ‘pirate’ ecosystem. Titled ‘Movie Pirates of the Caribbean: Exploring Illegal Streaming Cyberlockers‘, their study finds a “remarkably centralized system with just a few networks, countries and cyberlockers underpinning most provisioning.”

Co-author Dr Gareth Tyson informs TF that after previously looking at technologies like BitTorrent, the team decided to take a closer look at the role cyberlockers are playing in the distribution of copyright media.

“At first, we weren’t really sure about how they were being used. So we decided to dig into things a little bit and found that there were hundreds of them, but lacking the types of search functionality of YouTube,” Dr Tyson explains.

“This piqued our interest and we decided to dig a bit deeper, which led us to the indexing sites. I suppose the short answer is that it seemed a pretty interesting ecosystem that nobody had looked at before, so we got curious.”

While simple on the surface, the cyberlocker ecosystem isn’t entirely straightforward. Most hosting sites don’t allow users to search directly, which means visitors are often redirected from indexing platforms that are more specific about the content that’s available.

“This has created an interesting ecosystem where cyberlockers depend on third party (crowd-sourced) indexing websites that create a searchable directory of direct links (URLs) to the videos. These two types of website operate hand-in-hand with a symbiotic relationship, collectively underpinning a global network of online piracy,” the researchers write.

Given the scale of the ecosystem, examining everything would prove impossible. Instead, the researchers homed in on three indexing sites – Putlocker.is, Watchseries.gs and Vodly.cr – which were found via Google and selected for their regular appearances in search results.

Also under the spotlight where 33 cyberlockers including Movshare, NowVideo, and Openload, whose content was accessed via the indexing sites.

“We started off by scraping the indexing sites because it seemed that they were the main ‘entry point’ to the cyberlockers,” Dr Tyson informs TF.

“This was because many of the cyberlockers had fake front pages (i.e. they didn’t show their real content – presumably to hide all the copyright stuff) and they lacked search features to find it. Hence, it was pretty much impossible to access the copyright infringing content by visiting the cyberlocker alone.”

Between January and September 2017, monthly crawls collected information from the indexers and scraped related data from the cyberlockers, including file availability and where the videos were hosted. This revealed some interesting data indicating a potential weakness for the cyberlockers when defending against enforcement attempts.

“A key finding is the apparent centralization of these portals, with a small
set of dependencies vulnerable to attack from copyright enforcers. For example, we observe that 58% of all videos are located within just two hosting providers [M247 and Cogent/LeaseWeb], despite being spread across 15 cyberlockers,” the researchers reveal.

“M247 is based in Romania, which (as a country) hosts the largest share of streaming servers, containing 42% of the total streaming links witnessed. Similarly Cogent/Leaseweb are based in the Netherlands which hosts 23% of streaming links.”

The team cites previous research which found that a lack of copyright enforcement coupled with high capacity Internet infrastructure may drive sites to use these territories. However, putting all eggs in one basket could be a risky strategy, if the tides begin to turn.

“A sudden increase in copyright regulation within these countries may see a shift in this behavior and, again, we argue that this dependency on individual countries poses a resilience challenge for the cyberlockers,” they note.

Also of interest are the researchers’ findings that the same sets of pirates could be behind multiple websites, with DaClips, GorillaVid and Movpod put forward as candidates.

“These three cyberlockers alone host 15% of observed content. Again, this suggests a distribution model that is far less resilient than its decentralized P2P counterparts,” they add.

Digging deeper, the researchers say at least one-fifth of the cyberlocker domains in the study are actually operated by just two organizations/individuals, something which confirms a “remarkable dependency on just a small number of stakeholders.”

Also under the researchers’ spotlight was the number of takedown notices issued against the domains in the study. Using LumenDatabase, 21.8m allegedly infringing URLs were identified across 49,829 individual complaints sent by 304 organisations.

To see how the cyberlockers react to copyright complaints, six were chosen for their mixture of behaviors. Openload.co, Estream.to and Streamin.to are said to have reacted “positively” to copyright complaints with 75% of videos being deleted within a month of reports being registered on Lumen. Vidzi.tv and TheVideo.me earned a poor report, with less than 30% of videos deleted within the same period.

Finally, the researchers reveal some interesting findings in respect of where infringing content is hosted and how that relates to takedowns.

“We observe that the videos that are not deleted from openload.co, estream.to,
vidzi.tv are all hosted in Romania on M247. That said, it would be unwise to draw conclusions here, as Romania hosts both the cyberlocker that ignores the most complaints and the cyberlocker that acts upon most complaints,” they write.

“Overall, the country hosting content that least frequently respects complaints is
the Netherlands, where only 6% of requests are acted upon. Hence, the diversity seen within individual countries suggests that the decision to act upon a complaint is largely driven by the individual cyberlockers.”

Aware that research of this type can often have links to rightsholders, TF asked the team at Queen Mary University of London if their research had in any way been funded or shared with content industry groups.

“No, the research was performed independently,” Tyson confirmed. “The research was not funded by any movie studios and the university received no external funding for this particular stream of research.”

Tagged in:

, , , ,

You may also like:

c There are 0 comments. Add yours?

comment policy