Permission to DDoS may set a tricky legal precedent
A Hungarian telecoms association is considering a bold plan to tackle IPTV piracy – hit them with a denial-of-service attack. Naturally, they are seeking permission from the authorities but some fear that exemption from the law might establish a difficult legal precedent.
Pirate IPTV platforms use regular domains, IP addresses, websites, servers and cloud services and are well aware that legal rightsholders are watching them. The criminals are ready for any attempts at domain seizures and other interference to their crime business. Legal measures such as blocking IP addresses and Domain name servers, blocks on their payment processing and other disruptions only slow them down. A distributed denial of service (DDoS) attack would be outside the law, so the Hungarian Communications Association (MKSZ) wants the boundaries of the law to be stretched especially for its telecoms industry members.
That may cause a problem for some parties. Once that principle is in place, there are fears that people in power abuse it. MKSZ says there’s at least 100 illegal distributors operation, who are unaffected by the ‘slow and ineffective’ measures used by the authorities.
Since 2018, just one prosecution has ended in a guilty verdict and a damages award. The one-year suspended prison sentence imposed hardly sent the deterrent message that rightsholders were hoping for.
So MKSZ’s members want to become vigilantes and begin launching cyberattacks. In a statement to Hungary’s Media1, the MKSZ said it is holding discussions with domestic stakeholders about launching their own kind of distributed denial of service (DDos). What might concern stakeholders, who are legislators, copyright holders, neighbouring rights holders, Internet service providers and broadcasters, is that DDoS isn’t legal. The aim of the roundtable talks is to discover whether it’s possible to launch DDoS attacks against IPTV providers while enjoying protection under the law.
“For the sake of legal validity and international transparency, RIPE, at the initiative of the Hungarian communications authority, should designate a certain IPv4/IPv6 address range for the use of legal and registered DDOS attacks and make it publicly available,” begins the proposal.
The authority must appoint a suitable professional organisation, which would be entitled, subject to official supervision and control, to conduct a DDoS attack. However, it’s not that easy. “First there needs to be a preliminary expert investigation based on a stakeholder report, with the appropriate legal authorisation, against the detected illegal service IP addresses launched from the authorized DDoS address range for a legitimate DDoS attack.” Some say all this due legal process gives the criminals time to regroup.
If sanctioned, MKSZ believes such an attack could degrade the quality of an illegal distributor’s service and ruin the viewing experience for subscribers. The plan is to keep up the pressure so that any mitigation methods are overcome. If the illegal service provider detects a DDoS attack and changes their IP address in order to continue the illegal signal distribution, this involves a significant time delay. In order to re-inforce the measures, the process could be used continuously with IP address tracking, the proposal explains.
Repeating this action several times will eventually achieve the desired outcome, said MKSZ. The customers of the IPTV pirates will cancel their subscriptions in response to the poor-quality service and the pirates will be deprived of their income. However, there may be collateral damage, critics have warned. Innocent third-party services could be disrupted, but this will at least send a message to hosting companies about their choice of clientele. “If the [illegal IPTV] service is provided from a rented server, the owner of the server that provides the technical background for the service should also consider it undesirable and terminate its contract with such a customer,” MKSZ argued, “the perpetrator should not easily find a server to implement the illegal service.”
Currently it is uncertain whether telecoms group MKSZ and its partners will obtain the special permission needed to carry out an otherwise illegal act.