back to article Dev gives HBO free math tips to nail Game of Thrones pirate leakers

Developer Bruno Cauet has offered HBO a series of mathematical equations that could have tracked the Game of Thrones season five leaker, or even killed the leak completely. The massively popular series thought to be HBO's most profitable production was rocked over the weekend when a leaker, thought to be a translator with an …

Silver badge

There's also the issue that the screener copies can get stolen without the screener's knowledge, copied regardless of the watermarks (you should see the bootleg markets) and then sent to all and sundry.

Plus, as noted, some pirates are determined to cover their tracks and are willing to cooperate with others to cover each other's butts by collaborating on their copies to defeat watermarks. Even audio watermarking like Cinavia has been shown to be vulnerable.

8
1
Silver badge
Pirate

"Plus, as noted, some pirates are determined to cover their tracks..."

Good business sense: if your sources get nicked, they won't be able to leak to you again. I'm sure the pirates could teach the big corporates a few things about customer care.

12
0
Silver badge

>>There's also the issue that the screener copies can get stolen without the screener's knowledge,

Just because a solution isn't perfect, doesn't mean it isn't good. Whether it is stolen from a particular recipient or they handed it over knowingly, it still narrows down your investigation a huge amount.

>>"Plus, as noted, some pirates are determined to cover their tracks and are willing to cooperate with others to cover each other's butts by collaborating on their copies to defeat watermarks"

Doesn't matter. It changes the requirement from needing one compromised source to several in order to pull off this "co-operation". You are supposing many sources to be compromised and conspiring. If there are few or only one, you have again narrowed your investigation enormously.

5
1
Silver badge

"Doesn't matter. It changes the requirement from needing one compromised source to several in order to pull off this "co-operation". You are supposing many sources to be compromised and conspiring. If there are few or only one, you have again narrowed your investigation enormously."

Thing is, if nations can cooperate on matters of mutual benefit, a group of ragtag pirates with a common goal should be able to put their heads together easily, especially since each additional leaked source (and as these and other popular series prove, their very popularity makes them hot targets for theft, especially from the inside) means one more set of tracks on the same road, messing each other up. It's much like with computer entropy: barring a super-human intelligence able to deduce a complete entropy trail and negate it, any new source you throw into the mix will usually help the cause and at worst do nothing to help or hurt it.

0
0

There's also the issue that the screener copies can get stolen without the screener's knowledge

Happened in a couple of recent Oscars didn't it??

I seem to remember the 'source' of one leak was the person presenting the Oscars.

0
0
Silver badge

It's not a matter of whether there are a group of pirates from different regions willing and able to co-operate. That's one requirement (and not a small one given these pirates compete with each other to be the first to release stuff, btw), but it's not the only requirement. It's also a matter of having to compromise multiple sources and about the distributor knowing which ones are compromised.

Right now the studio knows only that at least one of its recipients were compromised. With this, they can say: "studio X and Y in Poland were compromised, also studio Z in the UK". They can then proceed on that basis - this is valuable information. And if it were just one recipient that were compromised they would not merely have a shortlist of suspects, they would KNOW which one it leaked from. Also, it is harder to compromise many recipients than one.

You seemed determined to argue against this on a basis of lack of perfection. In fact, this is a very good and useful solution and the possible ways you point out to defeat this are partial and also more and more difficult the more recipients you hope to compromise.

4
1

As a pirate I could defeat this in seconds flat. Just drop a random number of frames from the start and end of each scene. Suddenly the file doesn't match any of the records.

The only way for a system like this to work is to have people not know what you did. You could hue shift parts of the screen slightly, modify the audio or any of a number of tricks but the key is people can't know what you did. If they don't know then they have to compare multiple copies and with leaked copies, your not likely to find multiple copies.

1
0
Silver badge

>>"As a pirate I could defeat this in seconds flat. Just drop a random number of frames from the start and end of each scene"

And I can see which frames have been dropped and add them back in. Your solution doesn't work unless the hidden information is always in start and end of each scene.

2
1
Silver badge

Just because a solution isn't perfect, doesn't mean it isn't good.

Indeed, since this is a security issue, there is no perfect solution. All the defenders can do is increase the cost (typically by increasing the work factor, but forcing them to share profits - which includes credit - also works) for the attackers (pirates). If a defense asymmetrically favors the defenders - that is, it increases cost for the attackers significantly more than it does for the defenders - then it's worth using.

But, as usual, most of the Reg commentators refuse to acknowledge the most basic principles of security, such as threat models and relative costs, in favor of making banal, sophomoric claims about why someone else's idea is stupid.

2
0

"And I can see which frames have been dropped and add them back in. Your solution doesn't work unless the hidden information is always in start and end of each scene."

How? If your method of identification is dropped frames and I drop more frames then you can only see the total dropped frames, not the number of frames I dropped thus you cannot work out the number you dropped to identify the leak.

It's pretty obvious

0
0
Silver badge

>>"How? If your method of identification is dropped frames and I drop more frames then you can only see the total dropped frames, not the number of frames I dropped thus"

Because I have the master list of which frames I have dropped for each recipient and can add back in any you have dropped which aren't on the list. Unless you magically coincide with the same frames by happy accident (and you have to win that lottery multiple times to really obscure the signature) then I can tell the difference between which frames you have dropped and which ones I have dropped.

Now obviously if you had access to all or many different leaked copies you could do comparisons and work out which frames I had dropped from each of them and then remove all such frames from a single copy thus anonymising it, or put ones back in making it look like it's from another. But you can only do this between sources you have copies from which returns us to the situation where you have to have compromised many recipients rather than a small number or one.

Basically, if you have only compromised one recipient, what you suggest cannot work. If you have compromised two recipients then what you suggest can obscure whether your copy originated from either of those but it doesn't help you because my inability to distinguish which one out of two gives me the same information - I know that these two recipients leaked. Your technique basically only works to obscure videos between leaked parties by which point I already have the information I want.

2
1
Silver badge
Thumb Up

>>"But, as usual, most of the Reg commentators refuse to acknowledge the most basic principles of security, such as threat models and relative costs, in favor of making banal, sophomoric claims about why someone else's idea is stupid."

But if someone else is stupid, it means you must be the pointer out must be smart... right?

Right?

1
2

"Because I have the master list of which frames I have dropped for each recipient and can add back in any you have dropped which aren't on the list. Unless you magically coincide with the same frames by happy accident (and you have to win that lottery multiple times to really obscure the signature) then I can tell the difference between which frames you have dropped and which ones I have dropped."

And should I re-encode to a different frame rate, all is lost.

My point is that once someone knows how you encode something, they can mess it up. They key is to do a range of things and not tell people what you did. That way the only way they can tell is by comparing two leaked copies looking for differences. The odds of getting two leaked copies before the release would be almost impossible.

If done this way the leaker would be terrified that they missed a fingerprint which would incriminate them.

0
0
Silver badge

>>"And should I re-encode to a different frame rate, all is lost."

No, because your new encode will still have length variations in scenes that relate to the source copies. You can average scene lengths but that brings us back to having successfully narrowed down a short-list of those recipients that were leaks. Think of your re-encode as adding 2 to every number in a sequence - it does nothing to conceal the original pattern. To do that, you need to know which numbers in the sequence are different to other sequences and change those parts in a way that is special. And you can only do that with ones that have leaked so once again - the distributor knows which parties contributed.

>>"My point is that once someone knows how you encode something, they can mess it up."

That may be the point you are trying to make but what you keep doing is posting what you think is an easy way around this which turns out not to be. Everything you say is exactly what someone who is intelligent but lacks experience in the subject matter comes out with. The problem is that each time you do this, you assume you are right without having tested it against things in practice or against counter-points.

0
0
kbb

Watermarking assembly

(Dragging this from the depths of my memory so apologies if it is misremembered.)

There used to be a shareware x86 assembler that claimed in the docs that it watermarked your output. It said that there were multiple x86 instructions that performed the same operation, so by choosing them in a predictable pattern during assembly, disassembling the output could determine if you were licensed or not.

3
0
Silver badge

Re: Watermarking assembly

a86

1
0
Silver badge

I've always thought of:

Just modify a couple of pixels (not together) in a couple of frames slightly, each unique to the release.

Not sure how compression would affect it though.

A bit like the yellow dots on laser printers.

3
0
Bronze badge

Re: I've always thought of:

It takes 1/20 of a second to print page on a printer, how long would it take to add markers to video, pack it and write to DVD ?

2
1
Silver badge

Re: I've always thought of:

The point is that MPEG video compression is lossy, so watermarks either have to play by MPEG's rules or risk being degraded beyond usability. That said, some screeners are willing to use destructive artifacts such as a burned "THIS IS A SCREENER" subtitle pasted periodically in the video. I suppose it depends on how far the producer is willing to go to detect or defeat screener pirates, since customizing each encode for each screener means you have to encode the movie multiple times, depending on how sophisticated your tools are (at the least, each altered section needs to be re-encoded and grafted onto the original stream).

0
0

Re: I've always thought of:

The point is that MPEG video compression is lossy, so watermarks either have to play by MPEG's rules or risk being degraded beyond usability.

There are better ways than tiny changes - large but subtle changes will pass through even heavy compression unhindered. Consider four different versions of the famous "Lena" test image I've prepared here (Safe for work, the naughty bits are cropped out). You can look at any of them in isolation and they appear quite natural. It is only when they are compared closely side by side that you can see the brighness curves of each have been subtly altered. Assuming that the image isn't compressed to the point that it would be unwatchable the differences between them will still be readily discernible. Apply that kind of filtering consistently to all the frames in a given shot and you would never know it has been done, but equally it is very difficult to get rid of without manually applying a different set of manipulations to each and every shot.

I would think something like that is a far better options than randomly inserting and deleting frames which sounds simple but I suspect would cause problems in the general case with the audio - maintaining lip sync wouln't be a problem between scenes but the musical score often extends between scenes and has to still match up very definitely with the on screen action.

Something like James Bond is the classic example for that sort of situation - the score may start gently as he makes his getaway on e.g. skis. When the bad guys start shooting at him the music responds instantly. It does so again when he skis over a cliff edge. There's a final flourish just as the parachute opens. If you do anything that alters the timing of the on screen action you ruin the dramatic effect for the reviewer, or you create problems later for the team dubbing it into Foreign.

2
1
Anonymous Coward

Ummmm

Errrrr. This has been used in printed documents for at least 300 years, yah de yah de yah

1
7

multiple sources

so if the leakers have multiple sources and multiplex their release from these on a five minute timeslot basis we get a completely new "watermark" worthless to the copyright holders.

3
0
Silver badge

Re: multiple sources

If the leakers have multiple copies then HBO's security is really buggered. Given that I've not seen many leaks for GoT before, I'd be surprised if there's more than a couple of people leaking.

3
0
Anonymous Coward

Re: multiple sources

"If the leakers have multiple copies then HBO's security is really buggered."

Or the leakers are just that damned determined, much as the paparazzi were when the Twelfth Doctor was being planned and the BBC realized they couldn't hide the news for long.

0
0

Re: multiple sources

Even worst if they could interlace the frames.

0
0

Thought it was deliberately leaked as an advert.

2
0

4 episodes is a bit much for that, if it had been the first episode or first and second at low quality maybe, but 4 is a decent chunk of the series and wouldn't really get you much more publicity than 1

2
0

Sure, the new season was going so unnoticed in the press that they needed this.

5
0
Silver badge
Pint

"4 episodes is a bit much for that..."

I would have thought that four of ten is precisely optimum to build the addiction. Who would dedicate time to watch four episodes, and then not be curious about the next six? Four is precisely ideal for an intentional leak marketing ploy.

Do these four episodes end with a cliff-hanger mystery?

1
0
Anonymous Coward

Re: "4 episodes is a bit much for that..."

Most GoT episodes end with you asking what happens next

Episode 1 finished at a point where you ask what happens next.

Episode 4 finished with you saying with those people dead what's going to happen to her.

Answer (I think) Fly out on the back of her only free Dragon

0
0

Surely they could just make sure each copy sent out had a different total number of nipples in it?

20
0

Randomly add frames

Would this be defeated by the pirates randomly adding, say, 0 to 3 frames to the end of each scene?

2
1

Re: Randomly add frames

My thoughts exactly. Although in order to defeat it, the pirate would have to know that the method of watermarking is a frame count. Maybe it's some coloured dots. Maybe it's a bit of audio 2 hours in that says "THIS COPY BELONGS TO FRED" in the audio. Who is going to watch 2 hours of this rubbish in order to be able to find that. I think the point is that it's easy to defeat an obvious visual watermark.

More importantly they were stupid to let such a large quantity of a valuable asset out in one chunk to a single 3rd party. Maybe next time they will employ more than one translation company and only give them half of each episode each (or something). Or get them to work in-house if that's too much of a risk. Or give them a really bad quality copy at 320x160 or something. Either way the error wasn't in the watermarking it was in trusting a 3rd party with the crown jewels in the first place.

1
3
Gold badge

Re: Randomly add frames

Doesn't work very well for translations, believe me. You need consistency. Imagine that you have 3 episodes, sent to 3 translators. The first translates "constructor" as "carpenter", the 2nd as "brick layer" and the 3rd as "welder". All of a sudden in the 3rd episode, you find out the killer was the welder and you are left wondering who the he'll that is when you haven't heard of them before. For the same reason, you need a few episodes after the current one to work out how to translate things that evolve in the plot.

I often watch films with audio and subtitles in different languages, and some films lose all meaning because of botched translations.

7
0
Silver badge

Re: Randomly add frames

How about using some reversed audio for a particular sound effect?

eg. ID number spoken, reversed and blended into a sound effect for a wheel-cart going over a bump?

or what about a blacksmith hammering out an id number in morse code?

There are a number of opportunities available.

0
3
Anonymous Coward

Re: Randomly add frames

"they were stupid to let such a large quantity of a valuable asset out in one chunk to a single 3rd party."

Strangely enough, given the total cost of this shite, it was probably down to... cost. They chose a one-stop shop that promised them heaven for rock-bottom price... so they got it.

1
3
Silver badge

Re: Randomly add frames

They could delete frames, perhaps. To add frames, they'd have to know what was in them.

0
0
Silver badge

Re: Randomly add frames

I often watch films with audio and subtitles in different languages, and some films lose all meaning because of botched translations.

My brother has a bootleg (I assume) of the HK cult classic Xian Si Jue, aka Duel to the Death, which is both dubbed and subtitled in English - with different scripts. The scripts both more or less follow the plot of the original, but the dialog is often different and some characters have different names.

Makes for an entertainingly jarring experience.

Of course the film itself is pretty wildly over the top, even by period-fantasy wuxia standards.

0
0
Holmes

"I think that binge-watching the first four episodes is a stupid idea that will make you ache for a month waiting for the fifth episode"

surely that should be, "I think that watching this dross is a stupid idea, it will rot your brain and leave you obnoxious, stupid and lazy"

3
21
Anonymous Coward

"Cauet has advice for Game of Thrones fans too: "I think that binge-watching the first four episodes is a stupid idea that will make you ache for a month waiting for the fifth episode""

Yeh, are you guys crazy? Torrent them each week like a sane person.

I somehow doubt that for fans, that have waited ten months already between seasons four and five, that a one month "ache" will hurt that much. They will probably ease the pain by watching the four episodes they have every until episode five is released.

Fans will probably only need to wait another week for the next six episodes to leak anyway...

3
0
Anonymous Coward

The other six episodes are sitting on the ftp server waiting for release.

1
0
Anonymous Coward

I binged all 4 episodes and thought it was a bit weak, slow and the body count was woefully lacking.

4 week wait for ep 5 -piece of pish

0
0
Silver badge
Coat

Petyr Baelish copy protection

They could put a unique watermark of his accent for every DVD sent out, it changes so much that nobody would notice.

7
0

Physical Copies

All of the other issues aside, are they still releasing physical copies for review/translation etc?

0
0
Silver badge

Re: Physical Copies

IIRC they're in high-def and some translators have shoddy Internet access, so it's physical or bust. Besides, even for an Internet copy, a determined foe would use an HDCP stripper combined with an HDMI recorder.

1
0
Anonymous Coward

Make it big and loud

If DVD/BluRay's were mailed to individual translators, why did each custom copy not have the name of the translator scrolling across the screen in giant marquee letters, that would make each individual copy unsuitable to be pirated. And if it leaked, this would allow better traceability. Also if your name was scrolling across the copy that was sent to you, you would think a bit harder about how to protect it.

Adding subtle digital artifacts, is not always the best solution.

I would see the leaks as a failure of one or more people involved in the post production. Maybe pay them more, it is not like the actors can easily leak copies. Maybe the industry needs to implement just in time post-production.

3
0
Silver badge

Re: Make it big and loud

Given the time it would take to encode each one for each screener/translator, not to mention the problem that this would also make them unsuitable for pressing (and you can only get a ROM-Mark with a pressed BD), how do you make a short-run screener unsuitable for pirating?

I suspect that ANY screener/translator copy is worth pirating. I see bootlegs with burned "THIS IS A SCREENER" subtitles here and there. If pirates are willing to take blatantly-obvious watermarked copies, few things will be taboo for them.

3
0
Anonymous Coward

oy!

stop having them clever ideas RIGHT NOW! :)

0
0
Silver badge

How about a massive semi transparent watermark diagonally across the whole thing?

0
0
Silver badge

They'll take it anyway. They take copies that emblazon "THIS IS A SCREENER," for crying out loud.

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018