back to article Dev gives HBO free math tips to nail Game of Thrones pirate leakers

Developer Bruno Cauet has offered HBO a series of mathematical equations that could have tracked the Game of Thrones season five leaker, or even killed the leak completely. The massively popular series thought to be HBO's most profitable production was rocked over the weekend when a leaker, thought to be a translator with an …

Page:

  1. Charles 9

    There's also the issue that the screener copies can get stolen without the screener's knowledge, copied regardless of the watermarks (you should see the bootleg markets) and then sent to all and sundry.

    Plus, as noted, some pirates are determined to cover their tracks and are willing to cooperate with others to cover each other's butts by collaborating on their copies to defeat watermarks. Even audio watermarking like Cinavia has been shown to be vulnerable.

    1. Brewster's Angle Grinder Silver badge
      Pirate

      "Plus, as noted, some pirates are determined to cover their tracks..."

      Good business sense: if your sources get nicked, they won't be able to leak to you again. I'm sure the pirates could teach the big corporates a few things about customer care.

      1. Thorne

        As a pirate I could defeat this in seconds flat. Just drop a random number of frames from the start and end of each scene. Suddenly the file doesn't match any of the records.

        The only way for a system like this to work is to have people not know what you did. You could hue shift parts of the screen slightly, modify the audio or any of a number of tricks but the key is people can't know what you did. If they don't know then they have to compare multiple copies and with leaked copies, your not likely to find multiple copies.

        1. h4rm0ny

          >>"As a pirate I could defeat this in seconds flat. Just drop a random number of frames from the start and end of each scene"

          And I can see which frames have been dropped and add them back in. Your solution doesn't work unless the hidden information is always in start and end of each scene.

          1. Thorne

            "And I can see which frames have been dropped and add them back in. Your solution doesn't work unless the hidden information is always in start and end of each scene."

            How? If your method of identification is dropped frames and I drop more frames then you can only see the total dropped frames, not the number of frames I dropped thus you cannot work out the number you dropped to identify the leak.

            It's pretty obvious

            1. h4rm0ny

              >>"How? If your method of identification is dropped frames and I drop more frames then you can only see the total dropped frames, not the number of frames I dropped thus"

              Because I have the master list of which frames I have dropped for each recipient and can add back in any you have dropped which aren't on the list. Unless you magically coincide with the same frames by happy accident (and you have to win that lottery multiple times to really obscure the signature) then I can tell the difference between which frames you have dropped and which ones I have dropped.

              Now obviously if you had access to all or many different leaked copies you could do comparisons and work out which frames I had dropped from each of them and then remove all such frames from a single copy thus anonymising it, or put ones back in making it look like it's from another. But you can only do this between sources you have copies from which returns us to the situation where you have to have compromised many recipients rather than a small number or one.

              Basically, if you have only compromised one recipient, what you suggest cannot work. If you have compromised two recipients then what you suggest can obscure whether your copy originated from either of those but it doesn't help you because my inability to distinguish which one out of two gives me the same information - I know that these two recipients leaked. Your technique basically only works to obscure videos between leaked parties by which point I already have the information I want.

              1. Thorne

                "Because I have the master list of which frames I have dropped for each recipient and can add back in any you have dropped which aren't on the list. Unless you magically coincide with the same frames by happy accident (and you have to win that lottery multiple times to really obscure the signature) then I can tell the difference between which frames you have dropped and which ones I have dropped."

                And should I re-encode to a different frame rate, all is lost.

                My point is that once someone knows how you encode something, they can mess it up. They key is to do a range of things and not tell people what you did. That way the only way they can tell is by comparing two leaked copies looking for differences. The odds of getting two leaked copies before the release would be almost impossible.

                If done this way the leaker would be terrified that they missed a fingerprint which would incriminate them.

                1. h4rm0ny

                  >>"And should I re-encode to a different frame rate, all is lost."

                  No, because your new encode will still have length variations in scenes that relate to the source copies. You can average scene lengths but that brings us back to having successfully narrowed down a short-list of those recipients that were leaks. Think of your re-encode as adding 2 to every number in a sequence - it does nothing to conceal the original pattern. To do that, you need to know which numbers in the sequence are different to other sequences and change those parts in a way that is special. And you can only do that with ones that have leaked so once again - the distributor knows which parties contributed.

                  >>"My point is that once someone knows how you encode something, they can mess it up."

                  That may be the point you are trying to make but what you keep doing is posting what you think is an easy way around this which turns out not to be. Everything you say is exactly what someone who is intelligent but lacks experience in the subject matter comes out with. The problem is that each time you do this, you assume you are right without having tested it against things in practice or against counter-points.

    2. h4rm0ny

      >>There's also the issue that the screener copies can get stolen without the screener's knowledge,

      Just because a solution isn't perfect, doesn't mean it isn't good. Whether it is stolen from a particular recipient or they handed it over knowingly, it still narrows down your investigation a huge amount.

      >>"Plus, as noted, some pirates are determined to cover their tracks and are willing to cooperate with others to cover each other's butts by collaborating on their copies to defeat watermarks"

      Doesn't matter. It changes the requirement from needing one compromised source to several in order to pull off this "co-operation". You are supposing many sources to be compromised and conspiring. If there are few or only one, you have again narrowed your investigation enormously.

      1. Charles 9

        "Doesn't matter. It changes the requirement from needing one compromised source to several in order to pull off this "co-operation". You are supposing many sources to be compromised and conspiring. If there are few or only one, you have again narrowed your investigation enormously."

        Thing is, if nations can cooperate on matters of mutual benefit, a group of ragtag pirates with a common goal should be able to put their heads together easily, especially since each additional leaked source (and as these and other popular series prove, their very popularity makes them hot targets for theft, especially from the inside) means one more set of tracks on the same road, messing each other up. It's much like with computer entropy: barring a super-human intelligence able to deduce a complete entropy trail and negate it, any new source you throw into the mix will usually help the cause and at worst do nothing to help or hurt it.

        1. h4rm0ny

          It's not a matter of whether there are a group of pirates from different regions willing and able to co-operate. That's one requirement (and not a small one given these pirates compete with each other to be the first to release stuff, btw), but it's not the only requirement. It's also a matter of having to compromise multiple sources and about the distributor knowing which ones are compromised.

          Right now the studio knows only that at least one of its recipients were compromised. With this, they can say: "studio X and Y in Poland were compromised, also studio Z in the UK". They can then proceed on that basis - this is valuable information. And if it were just one recipient that were compromised they would not merely have a shortlist of suspects, they would KNOW which one it leaked from. Also, it is harder to compromise many recipients than one.

          You seemed determined to argue against this on a basis of lack of perfection. In fact, this is a very good and useful solution and the possible ways you point out to defeat this are partial and also more and more difficult the more recipients you hope to compromise.

      2. Michael Wojcik Silver badge

        Just because a solution isn't perfect, doesn't mean it isn't good.

        Indeed, since this is a security issue, there is no perfect solution. All the defenders can do is increase the cost (typically by increasing the work factor, but forcing them to share profits - which includes credit - also works) for the attackers (pirates). If a defense asymmetrically favors the defenders - that is, it increases cost for the attackers significantly more than it does for the defenders - then it's worth using.

        But, as usual, most of the Reg commentators refuse to acknowledge the most basic principles of security, such as threat models and relative costs, in favor of making banal, sophomoric claims about why someone else's idea is stupid.

        1. h4rm0ny
          Thumb Up

          >>"But, as usual, most of the Reg commentators refuse to acknowledge the most basic principles of security, such as threat models and relative costs, in favor of making banal, sophomoric claims about why someone else's idea is stupid."

          But if someone else is stupid, it means you must be the pointer out must be smart... right?

          Right?

    3. tmTM

      There's also the issue that the screener copies can get stolen without the screener's knowledge

      Happened in a couple of recent Oscars didn't it??

      I seem to remember the 'source' of one leak was the person presenting the Oscars.

  2. kbb

    Watermarking assembly

    (Dragging this from the depths of my memory so apologies if it is misremembered.)

    There used to be a shareware x86 assembler that claimed in the docs that it watermarked your output. It said that there were multiple x86 instructions that performed the same operation, so by choosing them in a predictable pattern during assembly, disassembling the output could determine if you were licensed or not.

    1. Brewster's Angle Grinder Silver badge

      Re: Watermarking assembly

      a86

  3. Anonymous Coward
    Anonymous Coward

    I've always thought of:

    Just modify a couple of pixels (not together) in a couple of frames slightly, each unique to the release.

    Not sure how compression would affect it though.

    A bit like the yellow dots on laser printers.

    1. DainB Bronze badge

      Re: I've always thought of:

      It takes 1/20 of a second to print page on a printer, how long would it take to add markers to video, pack it and write to DVD ?

      1. Charles 9

        Re: I've always thought of:

        The point is that MPEG video compression is lossy, so watermarks either have to play by MPEG's rules or risk being degraded beyond usability. That said, some screeners are willing to use destructive artifacts such as a burned "THIS IS A SCREENER" subtitle pasted periodically in the video. I suppose it depends on how far the producer is willing to go to detect or defeat screener pirates, since customizing each encode for each screener means you have to encode the movie multiple times, depending on how sophisticated your tools are (at the least, each altered section needs to be re-encoded and grafted onto the original stream).

        1. the spectacularly refined chap

          Re: I've always thought of:

          The point is that MPEG video compression is lossy, so watermarks either have to play by MPEG's rules or risk being degraded beyond usability.

          There are better ways than tiny changes - large but subtle changes will pass through even heavy compression unhindered. Consider four different versions of the famous "Lena" test image I've prepared here (Safe for work, the naughty bits are cropped out). You can look at any of them in isolation and they appear quite natural. It is only when they are compared closely side by side that you can see the brighness curves of each have been subtly altered. Assuming that the image isn't compressed to the point that it would be unwatchable the differences between them will still be readily discernible. Apply that kind of filtering consistently to all the frames in a given shot and you would never know it has been done, but equally it is very difficult to get rid of without manually applying a different set of manipulations to each and every shot.

          I would think something like that is a far better options than randomly inserting and deleting frames which sounds simple but I suspect would cause problems in the general case with the audio - maintaining lip sync wouln't be a problem between scenes but the musical score often extends between scenes and has to still match up very definitely with the on screen action.

          Something like James Bond is the classic example for that sort of situation - the score may start gently as he makes his getaway on e.g. skis. When the bad guys start shooting at him the music responds instantly. It does so again when he skis over a cliff edge. There's a final flourish just as the parachute opens. If you do anything that alters the timing of the on screen action you ruin the dramatic effect for the reviewer, or you create problems later for the team dubbing it into Foreign.

  4. Anonymous Coward
    Anonymous Coward

    Ummmm

    Errrrr. This has been used in printed documents for at least 300 years, yah de yah de yah

  5. seven of five

    multiple sources

    so if the leakers have multiple sources and multiplex their release from these on a five minute timeslot basis we get a completely new "watermark" worthless to the copyright holders.

    1. phuzz Silver badge

      Re: multiple sources

      If the leakers have multiple copies then HBO's security is really buggered. Given that I've not seen many leaks for GoT before, I'd be surprised if there's more than a couple of people leaking.

      1. Anonymous Coward
        Anonymous Coward

        Re: multiple sources

        "If the leakers have multiple copies then HBO's security is really buggered."

        Or the leakers are just that damned determined, much as the paparazzi were when the Twelfth Doctor was being planned and the BBC realized they couldn't hide the news for long.

    2. samlebon2306

      Re: multiple sources

      Even worst if they could interlace the frames.

  6. Tom Chiverton 1

    Thought it was deliberately leaked as an advert.

    1. SolidSquid

      4 episodes is a bit much for that, if it had been the first episode or first and second at low quality maybe, but 4 is a decent chunk of the series and wouldn't really get you much more publicity than 1

      1. JeffyPoooh
        Pint

        "4 episodes is a bit much for that..."

        I would have thought that four of ten is precisely optimum to build the addiction. Who would dedicate time to watch four episodes, and then not be curious about the next six? Four is precisely ideal for an intentional leak marketing ploy.

        Do these four episodes end with a cliff-hanger mystery?

        1. Anonymous Coward
          Anonymous Coward

          Re: "4 episodes is a bit much for that..."

          Most GoT episodes end with you asking what happens next

          Episode 1 finished at a point where you ask what happens next.

          Episode 4 finished with you saying with those people dead what's going to happen to her.

          Answer (I think) Fly out on the back of her only free Dragon

    2. fandom

      Sure, the new season was going so unnoticed in the press that they needed this.

  7. Mr. Fatuous

    Surely they could just make sure each copy sent out had a different total number of nipples in it?

  8. Tom_

    Randomly add frames

    Would this be defeated by the pirates randomly adding, say, 0 to 3 frames to the end of each scene?

    1. Owain 1

      Re: Randomly add frames

      My thoughts exactly. Although in order to defeat it, the pirate would have to know that the method of watermarking is a frame count. Maybe it's some coloured dots. Maybe it's a bit of audio 2 hours in that says "THIS COPY BELONGS TO FRED" in the audio. Who is going to watch 2 hours of this rubbish in order to be able to find that. I think the point is that it's easy to defeat an obvious visual watermark.

      More importantly they were stupid to let such a large quantity of a valuable asset out in one chunk to a single 3rd party. Maybe next time they will employ more than one translation company and only give them half of each episode each (or something). Or get them to work in-house if that's too much of a risk. Or give them a really bad quality copy at 320x160 or something. Either way the error wasn't in the watermarking it was in trusting a 3rd party with the crown jewels in the first place.

      1. BristolBachelor Gold badge

        Re: Randomly add frames

        Doesn't work very well for translations, believe me. You need consistency. Imagine that you have 3 episodes, sent to 3 translators. The first translates "constructor" as "carpenter", the 2nd as "brick layer" and the 3rd as "welder". All of a sudden in the 3rd episode, you find out the killer was the welder and you are left wondering who the he'll that is when you haven't heard of them before. For the same reason, you need a few episodes after the current one to work out how to translate things that evolve in the plot.

        I often watch films with audio and subtitles in different languages, and some films lose all meaning because of botched translations.

        1. Sir Runcible Spoon

          Re: Randomly add frames

          How about using some reversed audio for a particular sound effect?

          eg. ID number spoken, reversed and blended into a sound effect for a wheel-cart going over a bump?

          or what about a blacksmith hammering out an id number in morse code?

          There are a number of opportunities available.

        2. Michael Wojcik Silver badge

          Re: Randomly add frames

          I often watch films with audio and subtitles in different languages, and some films lose all meaning because of botched translations.

          My brother has a bootleg (I assume) of the HK cult classic Xian Si Jue, aka Duel to the Death, which is both dubbed and subtitled in English - with different scripts. The scripts both more or less follow the plot of the original, but the dialog is often different and some characters have different names.

          Makes for an entertainingly jarring experience.

          Of course the film itself is pretty wildly over the top, even by period-fantasy wuxia standards.

      2. Anonymous Coward
        Anonymous Coward

        Re: Randomly add frames

        "they were stupid to let such a large quantity of a valuable asset out in one chunk to a single 3rd party."

        Strangely enough, given the total cost of this shite, it was probably down to... cost. They chose a one-stop shop that promised them heaven for rock-bottom price... so they got it.

    2. Sorry that handle is already taken. Silver badge

      Re: Randomly add frames

      They could delete frames, perhaps. To add frames, they'd have to know what was in them.

  9. Harry the Bastard
    Holmes

    "I think that binge-watching the first four episodes is a stupid idea that will make you ache for a month waiting for the fifth episode"

    surely that should be, "I think that watching this dross is a stupid idea, it will rot your brain and leave you obnoxious, stupid and lazy"

  10. Anonymous Coward
    Anonymous Coward

    "Cauet has advice for Game of Thrones fans too: "I think that binge-watching the first four episodes is a stupid idea that will make you ache for a month waiting for the fifth episode""

    Yeh, are you guys crazy? Torrent them each week like a sane person.

    I somehow doubt that for fans, that have waited ten months already between seasons four and five, that a one month "ache" will hurt that much. They will probably ease the pain by watching the four episodes they have every until episode five is released.

    Fans will probably only need to wait another week for the next six episodes to leak anyway...

    1. Anonymous Coward
      Anonymous Coward

      The other six episodes are sitting on the ftp server waiting for release.

    2. Anonymous Coward
      Anonymous Coward

      I binged all 4 episodes and thought it was a bit weak, slow and the body count was woefully lacking.

      4 week wait for ep 5 -piece of pish

  11. Dan 55 Silver badge
    Coat

    Petyr Baelish copy protection

    They could put a unique watermark of his accent for every DVD sent out, it changes so much that nobody would notice.

  12. Xpositor

    Physical Copies

    All of the other issues aside, are they still releasing physical copies for review/translation etc?

    1. Charles 9

      Re: Physical Copies

      IIRC they're in high-def and some translators have shoddy Internet access, so it's physical or bust. Besides, even for an Internet copy, a determined foe would use an HDCP stripper combined with an HDMI recorder.

  13. Anonymous Coward
    Anonymous Coward

    Make it big and loud

    If DVD/BluRay's were mailed to individual translators, why did each custom copy not have the name of the translator scrolling across the screen in giant marquee letters, that would make each individual copy unsuitable to be pirated. And if it leaked, this would allow better traceability. Also if your name was scrolling across the copy that was sent to you, you would think a bit harder about how to protect it.

    Adding subtle digital artifacts, is not always the best solution.

    I would see the leaks as a failure of one or more people involved in the post production. Maybe pay them more, it is not like the actors can easily leak copies. Maybe the industry needs to implement just in time post-production.

    1. Charles 9

      Re: Make it big and loud

      Given the time it would take to encode each one for each screener/translator, not to mention the problem that this would also make them unsuitable for pressing (and you can only get a ROM-Mark with a pressed BD), how do you make a short-run screener unsuitable for pirating?

      I suspect that ANY screener/translator copy is worth pirating. I see bootlegs with burned "THIS IS A SCREENER" subtitles here and there. If pirates are willing to take blatantly-obvious watermarked copies, few things will be taboo for them.

  14. Anonymous Coward
    Anonymous Coward

    oy!

    stop having them clever ideas RIGHT NOW! :)

  15. d3vy

    How about a massive semi transparent watermark diagonally across the whole thing?

    1. Charles 9

      They'll take it anyway. They take copies that emblazon "THIS IS A SCREENER," for crying out loud.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon