Month: September 2024

Bei zwei namhaften Vergleichsportalen hat ein Experte Sicherheitslücken entdeckt. Dadurch sollen Kreditangebote mit sensiblen Daten frei abrufbar gewesen sein. (Datenleck, CCC)

In a couple of weeks the UK’s BeStreamWise anti-piracy campaign will celebrate its one-year anniversary.

Launched last October, the campaign aims to deter citizens from consuming live sports from pirate IPTV services and other platforms offering illegal streams.

With the slogan “Illegal Streams Let Criminals In” companies including Sky, Premier League, FACT, and ITV, hope that consumers will weigh cheap prices against the risk of malware and fraud, before concluding that a legal subscription is the best option overall.

12 Months of Saving

For the last year, the battle for hearts-and-minds has mostly played out online. Friendly tabloids and other publications known for their considerable social media reach, have taken a real interest in the campaign; not just by amplifying the message but presenting it as a preparatory hors d’oeuvre before the main course apocalypse.

The latest phase of the campaign, reported by BeStreamWise late last week, aimed to protect pirates seeking out pirated match streams on social media.

“BeStreamWise will redirect consumers searching for illegal streams of the game this weekend to protect them from the dangers of digital piracy.

“The initiative has been arranged for the high profile north London derby, renowned for being one of the highest scoring games in the top division and famous for the long-standing rivalry between its clubs,” an announcement on the campaign site reads.

“Highlighting the risks of illegal streaming, which include identity theft, fraud, viruses and dangerous malware, BeStreamWise will target those looking to watch the game illegally for free via X and Reddit. Those who click on the link will find that instead of watching one of the most exciting clashes in this year’s football calendar, they will instead see a gentle brook babbling its way past the camera lens.”

Given that a gentle babbling brook is a type of stream, the imagery complements the main theme of the campaign perfectly. The stream on the BeStreamWise website is actually Burbage Brook in Padley Gorge in Derbyshire’s Peak District, but whether the replacement live stream displayed this particular brook is still unconfirmed.

Determined to See the Stream

Our efforts to find fake Premier League match links that led to the live brook stream were a complete failure. There was no sign of any on Reddit or X, or any sign that any had ever been posted.

A plausible explanation is that posting links publicly was never the plan; a better option would be to wait for someone to show interest or ask for a pirate link, then send the fake link via DM. That would mean no instabans from Reddit mods for spamming fake links and no chance of being instantly called out on X for watering piracy down.

Another explanation is that in our desperate quest to find the link, leading to the brook and then salvation, too much time was spent clicking links that promised Premier League matches but mostly led to phishing sites and malware. With BeStreamWise falling short of omnipresence, self-preservation offered the only chance of survival.

Beware Glossy Tweets, Underneath Evil Lurks

The image below represents a game of two halves. On our left, X.com (formerly known as Twitter) featuring a rather glossy tweet that promises an entire season of Premier League games for free. With Premier League branding and official club badges, it certainly looks promising and of course, that’s the idea.

Apparently compatible with every mainstream device, all that remains is for the user to click on the TinyURL shortlink and wait for the streams in all their glory. A much better approach is to find out where a link leads before clicking it, as demonstrated in the screenshot on the right.

Find out where links lead in advance; BeLinkWise (click to enlarge)

Redirect Checker is a useful service for anyone confronted with a shortlink, regardless of the circumstances. In this case, the shortlink (marked 1 in the first image) looks neater and offers an element of surprise by hiding the destination. In other cases, shortlinks hide trackers that undermine privacy; all should be stripped before being clicked.

Redirect Checker doesn’t discriminate; paste the URL in the box (2) and the previously obfuscated destination URL appears below (3). Once the URL is exposed, testing it on a site like VirusTotal is the recommended option for most people. Understanding the results of a scan isn’t vital since the presence of red text makes it clear not to continue.

Continue Anyway, Cautiously

For theatrical and dramatic purposes, we decided to click through regardless of the VirusTotal report, albeit with a pretty secure setup inside a virtual machine ready to be dumped if necessary.

On the left of the image below is the website that appeared after accessing the ‘final destination’ URL indicated by Redirect Checker. However, when clicking through visitors are taken to another domain (present in the white diagram) that in our case triggered a malware/riskware warning. Until this point, security software had remained silent.

More gloss, more red flags

The website seems to offer everything, but makes it quite clear that visitors MUST sign up for an account first. Pirate IPTV sites do something similar except they tend to be quite up front about a) what’s on offer and b) the need to communicate when payment takes place.

Bright Red Flags

The offer of free streams here is still hidden behind a registration wall. That’s not typical of a completely free pirate streaming service. Often reliant on ads, more eyeballs on the site is usually preferred to unnecessary, traffic-limiting restrictions.

Never, EVER, put personal details into a pirate site

Visiting VirusTotal at the first opportunity would’ve given a vital heads-up on why proceeding this far was always ill-advised and an unnecessary risk.

The benefits of checking are obvious in this case, but the same applies equally to any other site, operating in any other niche, even (or especially) links received via email. There are no big campaigns warning the public about the dangers of email, but it remains the primary route through which internet users are exposed to phishing operations that aim to empty bank accounts, with zero regard for the devastation that causes.

Malware is Real

While we had zero intention of going any further, having seen enough of these types of sites in the past, we sincerely doubt that Premier League streams were ever on offer. Insult to injury, on the other hand, most likely in plentiful supply. The price of a genuine subscription package might sting and take a large chunk of a fan’s disposable income, but it won’t take all of it and give nothing back.

The majority of people are unlikely to find themselves saved by a BeStreamWise intervention. Nor will they receive any basic security advice such as constantly running up-to-date anti-virus software and, if possible, an anti-malware solution on top.

Yet, without seeing evidence themselves, any security risks will likely find themselves waved aside by the masses in favor of free streams. Some will get away without experiencing too many problems, many others won’t be so lucky. Malware’s effect on piracy rates is more difficult to quantify; what we know is malware increases as piracy consumption goes up, make of that what you will.

From: TF, for the latest news on copyright battles, piracy and more.

Beim Vorbeiflug der Esa-Raumsonde Juice an der Erde wurden Spuren von lebenswichtigen Elementen entdeckt. Das zeigt, dass die Instrumente an Bord der Sonde funktionieren. (ESA, Raumfahrt)

Nachdem Thierry Breton ausgebootet wurde, soll sich die Finnin Henna Virkkunen um die Digitalpolitik der EU kümmern. (EU-Kommission, Politik)

Eigentlich sollte sich Microsoft Edge künftig optisch stark von Chrome unterscheiden. Daraus wird aber erst einmal nichts mehr. (MS Edge, Microsoft)

Das Hosting von Webanwendungen ist ein wichtiges Thema - aber komplex. Die Azure Web Apps bieten unterschiedliche Optionen, das Deployment zu vereinfachen. Eine Anleitung von Fabian Deitelhoff (Web Apps, Microsoft)

Ein Ladegerät für den Zigarettenanzünder mit zwei Anschlüssen und 65-W-Schnellladefunktion ist bei Amazon zum Schnäppchenpreis erhältlich. (Technik/Hardware)

Die Nasa ist zunehmend vom privaten Raumfahrtsektor abhängig. Laut einem Bericht sind finanzielle Probleme nur eines von vielen Hindernissen. (Nasa, Raumfahrt)

Read 36 remaining paragraphs | Comments

Die Aliens kommen auf die Erde - und sie sehen nicht mehr ganz so aus, wie man sie kennt. Showrunner Noah Hawley hat einige Details preisgegeben. (Science-Fiction, Disney)