PDA

View Full Version : Xtream Codes IPTV System Targeted in Massive Police Operation (Updated)



zeekboy
19-09-2019, 10:07 PM
https://i.postimg.cc/t47kVmbh/iptv.jpg
Police in Italy have announced a huge anti-piracy operation against the company operating popular IPTV service management system Xtream Codes. Searches are reportedly underway in several countries including Italy, the Netherlands, France and Bulgaria, in a claimed effort to dismantle the company's entire infrastructure.
Reports of legal action and law enforcement activities against IPTV services and providers are a regular occurrence but news coming out of Italy this morning is particularly interesting.

According to the Guardia di Finanza (GdF), a law enforcement agency under the authority of the Minister of Economy and Finance, a huge operation is underway to target and dismantle the software service known as Xtream Codes.

What makes the case unusual is that Xtream Codes isn’t an IPTV provider as such. Usually operating from Xtream-codes.com, the company behind the software/system offers a comprehensive package that allows people to manage their own IPTV reselling service and its customers.

The system is subscription-based, starting at around 15 euros per month and running to 59 euros per month for the powerful “all-in-one” solution.

The Guardia di Finanza say that 100 officers from its Special Unit for the Protection of Privacy and Technological Fraud (NSPFT) are taking part in the operation to take Xtream Codes down.

Early reports suggest that the system has been “seized”, allegedly preventing 700,000 users from accessing the platform. Xtream Codes itself recently reported having more than 5,000 clients servicing in excess of 50,000,000 end clients.

The Italian police unit is describing Xtream Codes as an international criminal group that’s being targeted not only in Italy but with simultaneous searches in the Netherlands, France, Germany, Greece and Bulgaria.

Xtream Codes is registered as a company in Bulgaria, has a local VAT number, and lists an address in Petrich for its offices. According to its now-disappeared website, it was founded by two students. Police say that 25 “managers” have been identified but there’s no specific mention of any arrests.

Disruption is already being reported by some IPTV sellers utilizing the Xtream Codes system. Authorities in Italy are set to provide more information on the operation this morning so we’ll update this article as more news comes in.

Update1: A video made available by the GdF in respect of the above-detailed operation is embedded below. It is likely to cause confusion due to the depiction of what appears to be a ‘pirate’ IPTV provider being taken down. (see additional update below video)

https://To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. Update2: According to an announcement by EU agency Eurojust, the operation is broader than the targeting of Xtream Codes alone.

“A multi-country action day coordinated by Eurojust in The Hague led to the dismantling of an international criminal network committing massive fraud with pay-TV, which shows organized crime expanding its illegal activities to large-scale violations of audiovisual copyright,” the statement reads.

“The damage caused by the criminal gang amounts to approximately €6.5 million, jeopardizing the existence of many legal providers of pay-TV on the market. More than 200 servers were taken offline in Germany, France and the Netherlands, and over 150 PayPal accounts of the criminals were blocked.”

Update3: Zougla.gr has obtained a chart with details of the people and infrastructure targeted
https://i.postimg.cc/2jw79f8Q/xtreme-chart-zougla.png

zeekboy
19-09-2019, 10:07 PM
The Xtream Codes IPTV Takedown is Complex and Confused

The international law enforcement action against Xtream Codes and what appear to be several entities using its services is a complex affair. While some will argue that the IPTV management service was a neutral player offering no illicit content, it's becoming ever more clear that the authorities are viewing things from an entirely different and sometimes confusing perspective.

As reported Wednesday, police in Italy and several other European countries coordinated to take down Xtream Codes, at least one IPTV provider, and more than twenty individuals and related equipment linked to the services.

The precise roles of all these people remain unclear. However, there can be little doubt that emphasis is being placed on the importance of the Xtream Codes management system which, according to law enforcement officials, lay at the very heart of the targeted criminal operation even though the software didn’t supply any content.

This very large operation involved police forces in Italy, the Netherlands, France and Bulgaria. It was coordinated across borders with the assistance of Eurojust, an EU agency that helps agencies from member states to co-operate in criminal matters.

Yesterday afternoon, a press conference took place to explain how the operation panned out, who it had targeted, and to detail various additional pieces of information. It began with Filippo Spiezia, National Member for Italy at Eurojust, explaining that hundreds of officers had been involved in the operation to dismantle the technological infrastructure of a “criminal IPTV network.”

Spiezia confirmed that 181 servers had been taken down and seized and more than 800,000 users (police reported 700,000 earlier yesterday) had been disconnected from the Xtream Codes service when it was taken down.

In what became a common theme throughout the conference with several participants, Spieza sometimes appeared to speak generally about the entire operation, which included the takedown of at least one actual IPTV provider, then sometimes in relation to Xtream Codes alone.

This ambiguity and lack of clarity appear to be causing confusion. For example, Reuters reported the following yesterday:

“The biggest illegal platform shut down on Wednesday, dubbed Xtream Codes, had around 50 millions users worldwide,” Reuters reported, citing Gianluca Berruti of the Italian tax police.

“It sold a bundled pay-TV service that included premium content from Comcast’s Sky Italia, Netflix, Mediaset, Dazn, for a monthly subscription of 12 euros,” it claimed Berruti added.

Again, ‘pirate’ IPTV sellers utilizing the Xtream Codes platform may have been doing just that but, at this stage, the second claim above doesn’t make sense or indeed add up. Fifty million users multiplied by 12 euros a month is a staggering amount of money that wasn’t supported by financial information provided later in the conference.

In common with all of those present at yesterday’s gathering, Filippo Spiezia expressed satisfaction at the success of the international operation, noting that cross-border cooperation had proved invaluable since the investigation began.

“During these months of work at Eurojust, we have adapted to the judicial needs of the Italian authorities….to the specific legal requirements of our new partners. This is the first example of an action conducted with these modalities,” he said.

“Thanks to this action we have sent out a very clear signal to criminals that even in this specific domain, even in this specific area which represents the most advanced form of criminality, we will [respond] to them.”

Vincenzo Piscitelli, Deputy Prosecutor in Naples, painted a picture of small offenses by end-users (pirate IPTV subscribers) fueling “huge illegal activities” behind the scenes.

“So this is why we really tried to hit these organizational structures at the heart and that was done through the investigation that was carried out by the public prosecutor’s office of Naples,” he said.

Next up was Valeria Sico, Public Prosecutor in Naples. Sico spoke quickly and through a translator, so that may account for what at times felt like confusing output. While clearly an expert in law, those looking for clear and specific technical details from the Prosecutor failed to receive them.

Some of what Sico said made sense but the fact that Xtream Codes isn’t normally understood to be an actual provider of illegal streams (although it is undoubtedly used by outsiders to manage them), it’s worth reproducing some of her words in full, to see how muddied this has become.

“There was software created by two citizens of Greek nationality. They have a company which had a legal seat in Bulgaria,” Sico said, confirming the information previously supplied by the Italian authorities.

“So this software enables the disclosure and the transmission of [pirate] TV signals through digital ways to different servers which were constructed by the organizations, by the host providers in the Netherlands and in France.

“Through these servers, the signal – the digital signal – was therefore sent to different IP addresses of final users and these people would then receive the [illegal] television signal in their homes.”

Again, it’s worth reiterating that Sico was speaking through a translator so some context and detail may have been lost but from there, the explanation didn’t really become any more clear.

“For the first time, having identified the company that was producing the software, we went directly to the company that was producing the software so they were enabling people to decrypt the signal,” she said.

“So this is why we also went right to the physical place where the disclosure [broadcast] of the signal would take place within these hosting provider companies in Holland and in France….the signal was broadcast to the company that had created the illegal signal – the software company – and then that was sent to the end-users.”

Again, this isn’t the broadly accepted function of the Xtream Codes system, unless the company itself was also involved in the provision of illicit streams. That claim has been the subject of speculation in the past 24 hours, perhaps based on the Reuters report.

Thankfully, Cybercrime Prosecutor Lodewijk Van Zwieten from the Netherlands kept things fairly simple in his prepared speech.

He began by noting that 93 servers had been taken down in one location in the Netherlands, all of which had targeted the Italian market. This seems to be a reference to equipment operated by the actual IPTV provider shown in the video published yesterday.

According to a chart published by the authorities and reproduced below, it was using the Xtream Codes management software, something which seems to have led the company’s software becoming embroiled in the investigation.
Credit: Zougla.gr
Van Zwieten said that no offenses had been committed by Dutch citizens but confirmed that local Internet infrastructure had been abused by the ‘criminal’ network.

“In the Netherlands, we are proud of the fact that we have a big affordable hosting industry which is very important for our economy but we don’t want these services to be used on a large scale for criminal activities,” he said.

“That is why we find it so important, together with the Dutch hosting industry, to act very diligently against abuse. So it was our pleasure to comply with a request from our Italian colleagues.”

Riccardo Croce, Head of Financial Cybercrime Investigation with the State Police in Italy, said that the “criminal group” (again, no precise explanation of which entities that phrase encompasses) had five million users in Italy alone, contributing to the 2,180,000 euros generated every month in illicit funds.

As highlighted earlier, the figures offered by various parties don’t add up, lack clarity, and as a result, appear to contradict each other.

In common with Sico’s speech, Creco’s was also presented through a translator. However, Creco was absolutely clear that the plan was to get to the “complex mapping of international technological infrastructure and to really hit them at the heart of the infrastructure.”

He spoke briefly about the complex technological network being used to transfer the actual streams but then appeared to touch on the importance of Xtream Codes once again, noting that entities in the chain were able to use a particular service to sell the product to the public.

“Our investigation was based on this, to go to the source level of this illegal signal, to disarticulate completely all servers in various European countries in which the infrastructure existed to replicate these signals,” Creco said.

“And, to hit for the first time, the company that was offering this very interesting support to the criminal infrastructure which put at its disposal these panels, network panels, the computer system through which the multitude of pay channels were able to be sold and resold through a chain of people called resellers throughout Europe so it could end up at the end-users.”

The paragraph above is possibly the clearest description of Xtream Codes’ function from someone in authority since yesterday’s raids. Creco’s statement not only separates the system from the actual provision of illegal streams but describes its function as most people understand it.

While many will argue that Xtream Codes was content-agnostic and capable of being put to plenty of legitimate uses, it’s clear that the authorities do not believe that was the intent at all. Through their statements, as confusing as they were at times, the message seems to be that Xtream Codes was perhaps the most important cog in the wheel.

There are many huge questions now being asked in the unlicensed IPTV community but perhaps the biggest is what information was held on the servers of Xtream Codes at the moment they were seized. They are a potential goldmine of information, not only relating to the many IPTV providers and sellers that used the service but also their customers. The worldwide fallout could be immense.

Importantly, however, Xtream Codes (as popular as it was) is not the only product out there capable of doing this kind of management job. So while the company’s days may already be over, others are already gearing up to fill in the gaps. Whether anyone will want to centralize their data with a vulnerable third-party again will be up for debate, however.