UK ISP Sky Broadband is monitoring the IP addresses of servers suspected of streaming pirated content to subscribers and supplying that data to an anti-piracy company working with the Premier League. That inside knowledge is then processed and used to create blocklists used by the country’s leading ISPs, to prevent subscribers from watching pirated events. An anonymous reader shares the report from Torrent Freak: In recent weeks, an anonymous source shared a small trove of information relating to the systems used to find, positively identity, and then ultimately block pirate streams at ISPs. According to the documents, the module related to the Premier League work is codenamed ‘RedBeard.’ The activity appears to start during the week football matches or PPV events take place. A set of scripts at anti-piracy company Friend MTS are tasked with producing lists of IP addresses that are suspected of being connected to copyright infringement. These addresses are subsequently dumped to Amazon S3 buckets and the data is used by ISPs to block access to infringing video streams, the documents indicate. During actual event scanning, content is either manually or fingerprint matched, with IP addresses extracted from DNS information related to hostnames in media URLs, load balancers, and servers hosting Electronic Program Guides (EPG), all of which are used by unlicensed IPTV services.

The big question then is how the Premier League’s anti-piracy partner discovers the initial server IP addresses that it subsequently puts forward for ISP blocking. According to documents reviewed by TF, information comes from three sources — the anti-piracy company’s regular monitoring (which identifies IP addresses and their /24 range), manually entered IP addresses (IP addresses and ports), and a third, potentially more intriguing source — ISPs themselves. The document revealing this information is not dated but other documents in the batch reference dates in 2021. At the time of publishing date, the document indicates that ISP cooperation is currently limited to Sky Broadband only. TorrentFreak asked Friend MTS if that remains the case or whether additional ISPs are now involved. It appears that instead of monitoring customer IP addresses, Sky is compiling data on which IP addresses subscribers are pulling most data from during (and potentially before) match or event times. Sky then uploads the highest-trafficked IP addresses along with the port the traffic is streamed on to the S3 bucket mentioned above, every five minutes. It is then accessed by the anti-piracy company which, every five minutes, extracts the IP, bandwidth rate, and the port number that bandwidth is on. At the time of the document’s publication, the Sky ‘Top Talker’ threshold for the Premier League’s ‘RedBeard’ module was 100mbps. The IP address information provided by the ISP that exceeds this limit then appears to be cross-referenced by IP address and port number with data obtained during game week scanning at Friend MTS. It is then processed accordingly. Torrent Freak goes on to note that the Premier League is “seeking cooperation from additional ISPs too.”

“In summary, it appears that Sky …read more

Source:: Slashdot