July 9, 2015 By Patrick Kehoe 4 min read

Digital piracy, or the illegal reproduction and distribution of copyrighted material on the Web, is extensive and growing rapidly.

As part of the “2015 State of Application Security Report,” Arxan and iThreat Cyber Group (ICG) analyzed data collected since 2012 that examined the distribution of pirated software and digital assets on the Dark Web and indexed sites that distribute these releases. Thousands of sites were analyzed, including more than 50 that are solely in the business of digital piracy. The results of the analysis are alarming:

  • There were over 1.6 million pirated releases in 2014, and if 2015 continues at the same pace, there will be 1.96 million pirated assets by the end of the year — an increase of 22 percent.
  • Online games are heavily pirated. If distribution of pirated games continues at the same rate, there will be over 31,000 pirated releases in 2015, which would be double the number of pirated releases from 2012.
  • The extent of digital media piracy is far more extensive than commonly perceived. In 2013 and 2014, an average of nearly 1 million pirated releases were discovered.
  • All types of content are being pirated. In reviewing the pirated assets found in 2015, entertainment videos accounted for about 50 percent and adult content made up approximately 25 percent.

Download the 2015 State of Application Security Report

What’s Driving the Growth in Digital Piracy?

1. The Distribution Model

The transfer of pirated releases from the Dark Web and other narrowly accessed sites to pages that have broader reach, such as private torrent sites and cyberlockers, is happening very quickly — typically within an hour. Furthermore, distributors are making good money: The largest content theft sites generated more than $200 million in advertising-driven revenues in 2014, according to the report “Good Money Still Going Bad.”

2. New Technologies

New technologies and applications enable easier access to sites offering the pirated releases. Even less technical users can now access pirated releases. For instance, jailbroken Android devices running the Kodi program can use add-ons that provide links to cyberlockers and make video streaming effortless.

The mobile app Popcorn Time is another good example. It provides a Netflix-like front-end for mobile devices that makes capitalizing on bit torrent sites easier. One NetNames study, “Sizing the piracy universe,” found that nearly 24 percent of worldwide Internet bandwidth was directed to these streaming websites. That’s an extremely high number that clearly shows that consumers around the globe are aware of distribution sites and the tools that access them.

3. Applications

Applications, including license management and digital rights management (DRM) applications, are increasingly mobile, but new vulnerabilities unique to mobile applications are not being addressed. The “2015 State of Application Security Report” cites analysis by MetaIntelli, which found that less than 10 percent of Android apps in the Google Play store had protected binary code. Unprotected binary code can easily be reverse engineered, tampered with to remove security controls, repackaged and redistributed. With games and DRM software, cybercriminals are targeting mobile apps.

Should We Care?

Whether you’re a consumer or a business producing software or digital assets, the costs of piracy are high. For businesses, the unmonetized value of these pirated materials in 2014 is estimated to be more than $800 billion, according to a report from Tru Optik. A joint study by the National University of Singapore and IDC on “The Link between Pirated Software and Cybersecurity Breaches” estimated businesses spent $491 billion in 2014 because of malware associated with pirated software. Specifically, organizations devoted $127 billion to dealing with security issues and another $364 billion to handling data breaches. Almost two-thirds of these enterprise losses can be traced to criminal organizations.

The same study estimated consumers paid nearly $25 billion and wasted 1.2 billion hours dealing with security issues created by malware on pirated software in 2014.

What Can We Do From an Application Security Perspective to Thwart the Growth of Digital Piracy?

Organizations need a concerted focus and holistic approach to protecting software, including the software that governs access to digital media. Teams responsible for application security should:

  • Leverage vulnerability testing and ensure that known risks — including those identified in the OWASP Mobile Top 10 list — are addressed.
  • Build runtime protections into applications to thwart tampering and malware attacks.
  • Protect cryptographic keys so they are not visible statically or at runtime in memory. White-box cryptography solutions provide this type of protection.
  • Rethink how much time and money you have allocated for application security. “The State of Mobile Application Insecurity” found that 50 percent of organizations had zero budget allocated toward securing mobile apps.
  • Lobby organizations that are responsible for setting standards and rules that penalize piracy.

The “2015 State of Application Security Report” illustrates the epidemic of copyright infringement. But it can be reduced if owners of games, digital media and software applications take the time to build static and runtime protections into their applications, ensuring that wherever they are deployed, they are protected. The question is: How long will it take for companies to wake up to the not-so-new attack vectors, and how much additional money will be lost before the necessary steps are taken to stem the rising tide of digital piracy?

More from Application Security

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today