CDSA

One of the latest threats to the content delivery ecosystem is hijacked residential Internet Protocols (IPs), according to Piracy Monitor and Vancouver, Canada-based geolocation security software company GeoComply.

Millions of users download virtual private network (VPN) software to “bypass” territorial content restrictions, Steve Hawley, managing director of Piracy Monitor, said during the session “Hijacked Residential IPs – A New Threat to the Content Delivery Ecosystem” at the online 2022 Video Security Summit on June 14.

As a result, “they’ve unwittingly had their residential IP addresses hijacked by these VPN providers, even though their terms of service say they can’t, and then those IP addresses can even be sold to the highest bidder,” according to Hawley.

“Everybody has seen VPNs advertised on clandestine or pirate sites saying you can access all this pirated content through this VPN and often these VPNs don’t quite play by the rules,” he said.

“Usually, other VPNs who sell these residential IPs as a premium price option … also bypass detection,” he pointed out.

“So these services enable users to access territorially restricted content by pretending to be undetectable residential IPs in a specific territory,” he explained. “So whether you’re a consumer or a content owner or a rights holder or even a distributor, this session will tell [you] how geolocation fraud via hijacked residential IPs threatens really the whole ecosystem for content distribution.”

A Way to Solve the Challenge

James Clark, head of media and entertainment (M&E) at Vancouver, Canada-based geolocation security software specialist GeoComply, went on to explain how M&E companies can solve this challenge.

“We apply location to help secure our customers’ businesses,” Clark told viewers, explaining his company has the “ability to pinpoint exactly where people are, which is a very big use case in the online gambling industry, particularly in the U.S., where you’ve got to know where your players are because, between states, there are different laws as to whether you can gamble or not.”

About 99% of the U.S. gambling market depends on GeoComply to “pinpoint where their players are,” he said.

Because of that, he added: “We’re dealing with over 10 billion different transactions a year, we’re installed on over 400 million devices around the world and, through our media work, we are helping to service over 200 million global streaming users every day.”

Explaining further how GeoComply is able to achieve what it does, he said: “We look at many different data points to help pinpoint where a user is and that’s typically somewhere in the region of 350 different data points – and IP address … is just one of those.”

Sixty percent of VPN IPs are using residential IPs, while 18% are from providers offering both residential and hosting services, according to Clark.

When a streaming service sees a residential IP come in, “without additional data and additional checks, they’ve got no idea if that really is a real person at home or somebody on a VPN pretending to be a real person at home,” he pointed out.

So how are premium VPN providers getting access to so many residential IP addresses? One major way is through unsuspecting users signing up for supposedly free VPN services, he noted, echoing Hawley.

Among some of the other ways are: through malware inside VPN apps; hacked IP printers, routers and other Internet of Things (IoT) devices; and telecom companies possibly knowingly, or via deception, reselling blocks of residential IPs to VPN and proxy providers, according to GeoComply.

The event was presented by Piracy Monitor and nScreenMedia, produced by MESA, with sponsorship by Akamai, Verimatrix, FriendMTS, and Intertrust ExpressPlay, and was held in association with the Content Delivery & Security Association (CDSA).