Pirate IPTV Ops See Damages Reduced By $7m, Admin Panel Evidence Fell Short

After years of plain sailing followed by several years of bad luck, two convicted IPTV operators in Sweden were sentenced to prison and ordered to pay rightsholders $18m in damages. On appeal, the men successfully argued that the amount was excessive and based on incorrect information. A dispute over an admin panel photograph led to damages being slashed by $7m.

From: TF, for the latest news on copyright battles, piracy and more.

money_offAfter receiving an anonymous tip in 2019, anti-piracy group Nordic Content Protection (NCP), and members including pay-TV company C More (previously Canal+), Warner Bros. Discovery and streaming service Viaplay, launched a pirate IPTV investigation.

NCP received a similar tip in 2020, this time from police in the city of Gävle. They were passing on the details of another anonymous tip detailing the activities of a suspected pirate IPTV network. After a period of surveillance, which included wiretapping an unknown number of suspects, police executed warrants at two addresses, one in Gävle and the other in Sandviken.

Two suspected operators were detained along with evidence that included 47 gold bars, an expensive whiskey collection, around $25,000 in cash, and roughly $41,000 in bitcoin.

At the Stockholm District Court’s Patent and Market Court in October 2023, the men were found guilty of criminal copyright infringement and sentenced to prison. They were also held jointly and severally liable for damages totaling SEK 196,247,000 ($18 million), payable to C More, Warner Bros. Discovery, and Viaplay.

The Inevitable Appeal

In the belief that the sentences were too lenient, the prosecutor asked the Patent and Market Appeal Court to increase the sentences of the defendants, who in court records are identified by the initials S.Ö. and JL.

S.Ö and JL asked the Patent and Market Appeal Court to acquit them, dismiss the copyright holders’ claims for damages and the requirement to pay their legal costs, plus a full dismissal of a confiscation order against seized IPTV boxes.

In common with the trial at the lower court, the men denied claims that they retransmitted the plaintiffs’ TV broadcasts. JL appears to have conceded limited involvement in IPTV sales, handling just a few clients via a guest login to a service he’d previously handed over to someone else, plus sales of unmodified IPTV boxes.

Evidence showed that during the raids on the men’s homes, no ‘outward flow’ was identified from the suspects’ computers. However, one of JL’s computers contained software “that enabled reception and streaming of IPTV.” Evidence showed that S.Ö. paid for server space while JL had purchased server licenses and software subscriptions for receiving and distributing IPTV.

The content of chat messages and their handling of payments confirmed to the satisfaction of the court that the men were indeed involved in IPTV. All that remained was to determine the scale of the offending.

Thousands of Customers, But How Many Thousands?

The prosecutor’s case against the men called on significant evidence that reportedly left little doubt that they were closely involved with all aspects of the alleged IPTV business. To demonstrate that the operation distributed content illegally to many users, the prosecution partly relied on photographs taken during the raids, including those that claimed to show how many users S.Ö and JL serviced on the platform.

“According to the prosecutor, the photographs show that S.Ö. at the time of the crackdown had 4,619 users in the network and that JL had 8,303 users in the network, i.e. their network had a total of 12,992 users,” the court’s decision reads.

Evidence Fell Short

But there was a problem. S.Ö. and JL informed the court that the photographs, which showed IPTV panel software Ministra (formerly known as Stalker portal), did not show the number of users but rather the number of ‘events’ generated by users. That cast doubt on the claim that the service had close to 13,000 users.

Instead, several pieces of evidence backed up the defendants’ assertion that their platform had around 5,000 users, a claim that was first made in the anonymous tip received by NCP back in 2019.

Without making any changes to the substance of the underlying judgment, the Court of Appeal recalculated the damages payable to the rightsholders. From just over SEK 196,000,000 (US$18,210,000) the new damages amount of just under SEK 114,000,000 (US$10,591,000) trimmed the original amount by roughly US$7 million.

The decision may be appealed before August 2, 2024 (pdf)

From: TF, for the latest news on copyright battles, piracy and more.

Godzilla Minus One bei Netflix: Als hätte es Godzilla wirklich gegeben

Nicht einfach ohne Farbe, sondern aufwendig bearbeitet, hat Godzilla Minus One in Schwarz-Weiß eine ganz eigene, viel realistischere Atmosphäre. Von Peter Osteried (Science-Fiction, Film)

Nicht einfach ohne Farbe, sondern aufwendig bearbeitet, hat Godzilla Minus One in Schwarz-Weiß eine ganz eigene, viel realistischere Atmosphäre. Von Peter Osteried (Science-Fiction, Film)

Anzeige: IAM Expert werden mit Keycloak

Das führende Open Source Identity und Access Management (IAM) Tool für effiziente Authentifizierung und Autorisierung ist Keycloak. Dieses dreitägige Intensivseminar vermittelt den fundierten Umgang. (Golem Karrierewelt, Server-Applikationen)

Das führende Open Source Identity und Access Management (IAM) Tool für effiziente Authentifizierung und Autorisierung ist Keycloak. Dieses dreitägige Intensivseminar vermittelt den fundierten Umgang. (Golem Karrierewelt, Server-Applikationen)

Mysterious family of malware hid in Google Play for years

Mandrake’s ability to go unnoticed was the result of designs not often seen in Android malware.

An image illustrating a phone infected with malware

Enlarge

A mysterious family of Android malware with a demonstrated history of effectively concealing its myriad spying activities has once again been found in Google Play after more than two years of hiding in plain sight.

The apps, disguised as file-sharing, astronomy, and cryptocurrency apps, hosted Mandrake, a family of highly intrusive malware that security firm Bitdefender called out in 2020. Bitdefender said the apps appeared in two waves, one in 2016 through 2017 and again in 2018 through 2020. Mandrake’s ability to go unnoticed then was the result of some unusually rigorous steps to fly under the radar. They included:

  • Not working in 90 countries, including those comprising the former Soviet Union
  • Delivering its final payload only to victims who were extremely narrowly targeted
  • Containing a kill switch the developers named seppuku (Japanese form of ritual
  • suicide) that fully wiped all traces of the malware
  • Fully functional decoy apps in categories including finance, Auto & Vehicles, Video Players & Editors, Art & Design, and Productivity
  • Quick fixes for bugs reported in comments
  • TLS certificate pinning to conceal communications with command and control servers.

Lurking in the shadows

Bitdefender estimated the number of victims in the tens of thousands for the 2018 to 2020 wave and “probably hundreds of thousands throughout the full 4-year period.”

Read 6 remaining paragraphs | Comments

With a landmark launch, the Pentagon is finally free of Russian rocket engines

It’s been a decade-long effort to end the US military’s reliance on the RD-180 engine.

Liftoff of ULA's Atlas V rocket on the US Space Force's USSF-51 mission.

Enlarge / Liftoff of ULA's Atlas V rocket on the US Space Force's USSF-51 mission. (credit: United Launch Alliance)

United Launch Alliance delivered a classified US military payload to orbit Tuesday for the last time with an Atlas V rocket, ending the Pentagon's use of Russian rocket engines as national security missions transition to all-American launchers.

The Atlas V rocket lifted off from Cape Canaveral Space Force Station in Florida at 6:45 am EDT (10:45 UTC) Tuesday, propelled by a Russian-made RD-180 engine and five strap-on solid-fueled boosters in its most powerful configuration. This was the 101st launch of an Atlas V rocket since its debut in 2002, and the 58th and final Atlas V mission with a US national security payload since 2007.

The US Space Force's Space Systems Command confirmed a successful conclusion to the mission, code-named USSF-51, on Tuesday afternoon. The rocket's Centaur upper stage released the top secret USSF-51 payload about seven hours after liftoff, likely in a high-altitude geostationary orbit over the equator. The military did not publicize the exact specifications of the rocket's target orbit.

Read 16 remaining paragraphs | Comments

Nhentai ‘Pirate’ Site Wants Court to Quash ‘Improper’ Cloudflare DMCA Subpoena

Copyright holders’ representatives frequently use DMCA subpoenas to compel online intermediaries to share personal details of alleged pirate site operators. Cloudflare is a popular target for these requests but according to the people behind popular adult site nhentai.net, DMCA subpoenas shouldn’t apply to ‘mere conduit’ intermediaries.

From: TF, for the latest news on copyright battles, piracy and more.

law scaleInternet infrastructure service Cloudflare serves millions of customers around the globe, providing various connectivity and security features.

When it comes to DMCA takedown requests, the company has always drawn a clear line; when it doesn’t store any content for a customer, it will simply forward DMCA takedown requests to the customer’s hosting company.

Ideally, rightsholders would like Cloudflare to take a more active stance. Since popular pirate sites, including The Pirate Bay, use the CDN service, they argue it would be helpful if Cloudflare disabled access to infringing content though its platform.

Cloudflare, however, sees itself as a ‘mere conduit’ service that merely passes on bits. This means that it is not required to take action against third-party infringements directly, unless content is permanently stored on its servers, which is rare.

DMCA Subpoena

Rightsholders are well aware of Cloudflare’s stance. While there have been plenty of complaints in the past, the status quo remains. Groups such as the Alliance of Creativity and Entertainment (ACE) still send DMCA takedown notices, but that’s mostly as a prelude to sending §512(h) DMCA subpoenas.

Grounded in the same law, DMCA subpoenas allow rightsholders to request the personal details of Cloudflare customers who are allegedly engaged in pirating activities. These subpoenas don’t require judicial oversight and Cloudflare generally complies with them, handing over customer data.

Earlier this month, a seemingly obscure DMCA subpoena request was submitted at a California federal court. The request came from J18 Publishing, the owner of Doujin.io. With the subpoena, J18 hopes to uncover the identity of the alleged operator of pirate site Nhentai.net.

Nhentai is by no means a small site. With more than 70 million monthly visits, the free hentai manga and doujinshi reader has a sizable audience. Understandably, rightsholders would like to know who’s running the site.

nhent

As is often the case, a court clerk swiftly signed off on the subpoena paperwork, requiring Cloudflare to comply. In this case, however, that’s not going to be straightforward.

Improper

A few days after the DMCA subpoena was issued, lawyers representing Nhentai slammed on the brakes. They don’t want any personal data to be disclosed and argue that the subpoena should have never been granted.

Nhentai asks the court to quash the subpoena for several reasons. For one, it argues that these DMCA subpoenas are not intended for use against companies that operate as mere conduit providers.

In its defense, Nhentai cites several precedents where courts have concluded that DMCA subpoenas don’t apply to mere conduit services. This includes the RIAA vs. Verizon case.

“In analyzing the issue in a very detailed fashion, Courts have quashed §512(h) subpoenas where they were served on a party that was not ‘engaged in storing on its servers material that is infringing or is the subject of infringing activity’,” Nhentai writes, adding another example.

“The D.C. Circuit further held that ‘§512(h) does not authorize the issuance of a subpoena to an ISP acting as a mere conduit for the transmission of information sent by others’.”

Mere Conduit

As highlighted earlier, Cloudflare has clearly positioned itself as a ‘mere conduit’ provider under the DMCA. Nhentai argues the same, and stresses that DMCA subpoenas are not applicable for that reason.

“Cloudflare is a §512(a) ISP that acts only as a conduit with respect to Nhentai.net, and accordingly, it is not properly subject to subpoena under §512(h). Specifically, images from Nhentai.net never pass through or are stored on Cloudflare servers in any form.”

conduit

Nhentai further notes that the subpoena is too broad, arguing that the owners of the domain name are not the infringers. In addition, the subpoena would violate the owners’ right to anonymous speech.

Thus far, Cloudflare itself hasn’t objected to DMCA subpoenas, and this case is no exception. Courts have recently quashed DMCA subpoenas directed at mere conduit ISPs, reiterating that they don’t apply to companies that store no content, so it will be interesting to see how Nhentai’s challenge pans out.

Fringe Case, Landmark Decision?

For now, the California federal court has stayed the matter, meaning that Cloudflare doesn’t have to comply with the subpoena. Meanwhile, J18 Publishing has two weeks to argue why it should be granted after all.

While Nhentai operates in a fringe corner of the broader piracy landscape, this case could have far-reaching consequences. If the court quashes the subpoena, similar efforts from other mainstream rightsholder groups, including ACE/MPA, may have to be reevaluated too.

In recent years, DMCA subpoenas have become one of the primary tools in the anti-piracy toolbox, so the outcome of this case may eventually turn out to be a landmark decision.

Given what’s at stake, it’s possible that other rightsholders may want to intervene in the matter, and Cloudflare may want to share its thoughts on the matter too.

A copy of Nhentai’s motion to quash the DMCA subpoena is available here (pdf)

From: TF, for the latest news on copyright battles, piracy and more.

Apple stealthily adds minor features in iOS 17.6, macOS 14.6 releases

The M3 MacBook Pro now supports multiple external monitors.

An iPhone lies on a wood surface, showing the Software Update panel on its screen

Enlarge / iOS 17.6 installing on an iPhone 13 Pro. (credit: Samuel Axon)

Apple has some minor updates for all its operating systems, and the releases include iOS 17.6, iPadOS 17.6, tvOS 17.6, watchOS 10.6, and macOS Sonoma 14.6.

Apple's notes for these updates simply say they include bug fixes, security updates, or optimizations. However, there are a few hidden features.

macOS 14.6 reportedly enables multi-display support in clamshell mode on the M3 MacBook Pro, allowing users of that device to use two external displays at once. That was already possible on the M3 Pro and M3 Max variations. Apple had previously released a similar update to bring that functionality to the M3 MacBook Air.

Read 5 remaining paragraphs | Comments