news icon

One of the most enduring online movie scams involves sites that claim to offer premium content, but turn out to be some type of scam. These services do not discriminate, so whether 'customers' are pirates or just regular people hoping to buy content, everyone is a potential victim. The scam has been running for at least 20 years yet, seemingly out of nowhere, pro site-blocking studies now describe it as a major piracy-related security threat.

As the RIAA sued thousands of students for music piracy, Hollywood knew that faster internet connections would soon make movies a similarly easy target.

For downloaders in the early 2000s, faster connections couldn’t come soon enough.

In the meantime, ads promising faster downloads began appearing everywhere. Some offered magical ‘internet booster’ software that in reality did little or nothing to improve speeds. Others linked to all-you-can-eat ‘direct download’ portals with flashy names and equally flashy graphics.

As the months and years rolled on, these platforms used content availability as a selling point and through various deceptions, many gave the impression that they offered every piece of content imaginable for a small fee, completely legally.

These platforms deployed various business models, but for consumers who signed up for a short trial, what followed was never good. In most cases there was no content to download. Some sites were selling subscriptions that were structurally difficult or even impossible to cancel, or in some cases incurred an extortionate ‘leaving’ fee.

https://studionumerique.radio-canada.ca/projet-x/videos/anim-0.mp4

Due to the presentation, many people believed they were paying for legal content at a discount. What they often received instead was involuntary membership of a ‘subscription trap’ that relieved them of their money while generating millions of dollars for scam site operators. In many cases busy people simply didn’t know that their opportunity to cancel had expired, or that they were being charged $50 or $60 every month for absolutely nothing.

Evolution

Hoping to secure their piece of the pie, new players entered the market in the years that followed. Deception wasn’t just limited to movies either. Hundreds of bogus music download sites promised unlimited legal MP3 downloads, while bogus eBook sites offered extensive libraries of junk. In broad terms the content ostensibly on offer was merely a distraction; underneath they were substantially the same.

What many had in common was their targeting of people prepared to pay for content; people who could’ve used legal services if they’d known any better. But as law enforcement and entertainment industry action shut down pirate sites servicing customers who preferred not to pay, fake ‘legal’ download sites continued to defraud people who actually wanted to pay, year after year.

By 2021, the business model had evolved. Advertising still promised the earth, but instead of receiving nothing for their money, subscribers were given access to obscure and unpopular content; a far cry from the blockbusters promised but a veneer of legitimacy for dubious operators.

Dutch anti-piracy group BREIN is known to report scam sites to ScamAdvisor, but the only major action against these platforms came in the summer of 2021. Radio Canada’s Décrypteurs program exposed what was probably the largest operation of its type in the world with an estimated 1,000+ sites in the network.

Within two months, the business was reportedly shut down, but the idea could never be put back in the bottle. In fact, after effectively ignoring these scams for more than 20 years, new Hollywood piracy studies now describe them as a greater risk to consumers than pirate sites themselves. In itself that’s intriguing but as we explain below, their appearance in piracy studies is problematic.

Studies Funded By MPA

The first study to attract our attention was published on the MPA’s EMEA website in September. Consumer Risk from Piracy in Poland (pdf) discloses that it was funded by the MPA and “produced independently” by Dr Paul Watters at La Trobe University (Melbourne).

The aim of the study “was to quantify the cyber risks faced by Polish consumers who engage with digital piracy websites.” The paper begins by defining what it claims are the four predominant types of digital piracy service operating in Poland; P2P Sites, Illicit Streaming Sites, Fraudulent Piracy Sites, and IPTV Subscription Services.

What is a Fraudulent Piracy Site?

While three of the categories above are self-explanatory, Fraudulent Piracy Sites are defined on page 10 as “presenting pirated content as legitimate” and “tricking users into payments or downloading malicious software”. The study claims that these activities “violate content creators’ rights” and also “carry legal consequences for both distributors and consumers.”

No site of any kind is named in the report so it’s impossible to visually confirm what “presenting pirated content as legitimate” actually means. Perhaps a logical example might see a pirate site dressed up as Netflix, but streaming pirated content rather than the fully-licensed content users paid for. This would make sense; pirated content is close to free, the consumer pays for what they believe is a legitimate product, and the pirate service generates profit from the gap in the middle.

Unfortunately that logical example fails to help here due to a confusing clash of definitions in the study.

The definition of ‘Fraudulent Piracy Site’ on page 10 of the study is followed by another definition of the same term on page 18. When placed side by side, with each definition’s key point highlighted (red), the problem clearly stands out.

The deception described on page 10 sees pirated content presented as legitimate content, with perceived value on the consumer side facilitating the scam; seems viable. The deception on page 18 describes a concerted effort to present zero value nonexistent pirated content, as low value pirated content on a scam site masquerading as a pirate site with no actual content.

The brief history of ‘fake’ download sites outlined earlier suggests that the most successful scam model involves masquerading as a legitimate service. That Canadian operation reportedly generated CAD$100 million doing just that. By presenting as legitimate, it’s likely that victims factored in perceived value.

Since in general only pirates recognize pirate sites, an absolutely flawless imitation would likely fool some pirates. Unfortunately, the value proposition versus a legitimate service falls way short, especially when pirates are then expected to pay for pirated content.

Similar Risk Report For the Philippines

A similar study appeared on the MPA’s EMEA website in November. Consumer Risk from Piracy in the Philippines (pdf) discloses that it was funded by the MPA and “produced independently” by Dr Paul Watters, this time at Macquarie University (Sydney).

“The aim of this study was to quantify the cyber risks faced by Filipino consumers who engage with digital piracy websites, including fraudulent sites, illegal streaming services, proxy sites, P2P sites, or IPTV platforms,” it begins, broadly in line with the Polish report detailed earlier.

The definition of a Fraudulent Piracy Site in this study follows the ‘fake pirate site’ model: “Fraudulent piracy websites masquerade as piracy platforms to swindle users. These sites often mimic the layout, advertising style, and even domain names of popular unauthorized content sharing platforms.”

The graphic below ranks ‘Fraudulent Piracy Sites’ almost as highly as real pirate sites.

The reports covered here are clearly designed to prompt Poland and the Philippines to ensure that site-blocking measures are implemented to counter the pirate site threat. The researcher removes all doubt by making extremely specific recommendations in both reports that fall precisely in line with the MPA’s policy goals for each country.

Once published, studies like these are used to support all kinds of legislation, the global campaign to block sites for copyright infringement especially. As the Polish report confirms, preference is for an administrative site-blocking program in Poland, i.e one that functions without judicial oversight.

The surprise mention of transparency is welcome, however, since administrative programs such as Portugal’s operate behind closed doors. The complication is the introduction of ‘Fraudulent Piracy Sites’ which, incidentally, are just as predatory as any other cybercrime targeting the public today.

Unfortunately, an indisputable fact hasn’t been addressed; these are NOT ‘piracy sites’

There is no precedent anywhere in the world, in any other pirate site-blocking program, that has even discussed blocking these platforms. Quite frankly law enforcement should’ve taken action 20 years ago but here we are, facing a state of emergency that demands a “zero day” response to prevent further exploitation.

So apart from muddying the piracy waters with a new category of pirate site that contains no pirate sites, why is this important?

Once site-blocking is introduced, nobody will spend another second worrying about ‘Fraudulent Piracy Sites’ beyond their usefulness as a lobbying tool. As a result, when all pirate sites are eventually blocked in Poland, for example, what type of site is most likely to enjoy a massive influx of business as people try to find sites that aren’t blocked?