In today’s OTT world, pay-media operators continually modify their business models to find the sweet spot; what resonates best with their consumers. Unfortunately, the same is true with cybercriminals. For them, the introduction of account generator sites is at the heart of this evolution.

No longer limited to the DarkNet
In an earlier blog, I explained how compromised account details are regularly being sold on the DarkNet. However, in the last few months the Irdeto cyber-services team has witnessed a change. The sellers have become bolder. Adverts for compromised account details are now filling the Internet.

The increased availability of the compromised account details means that prices have plummeted. One example is Netflix. Their global success has made them a prized target. Compromised Netflix account details are being traded for as little as USD 0.25.

But like any business, this price erosion means that the cybercriminals need to reduce their operating expenditure. The way they have done this is by creating account generator sites.

What are we seeing? 
The account generator sites offer a full service. For as little as a one-off USD 15.00 subscription fee you can obtain access to all the accounts that the seller has to offer. You effectively scroll through and select the service you want. What’s more, you can query the site up to 50 times a day (sometimes unlimited) for different account providers. And on top of this there’s also illegal access to VPN providers to avoid geo-blocking.

Taking a sample of just 13 generator sites, let me give you a glimpse at what the Irdeto cyber-services team has seen:

  • Affected OTT Service Providers/Websites (excluding porn and filehosts): 105
  • Subscribers: 284057
  • Accounts Generated: 73,049,014
  • Accounts Available: 173765

Even with some duplication on different sites, these are eye opening figures!

A new avenue 
It’s these sites which are paving the way for a new pirate business model. Instead of a number of servers hosting the illegitimate streaming sites, cybercriminals are now exploiting jailbroken devices such as Amazon Firesticks.

Effectively they are creating a pirate device by loading the compromised account details from the generator sites onto the jailbroken devices. Cybercriminals are now selling these devices authenticated or pre-loaded with compromised credentials.

What can be done? 
To start with, it’s about getting to grips with the intelligence problem. It is important to identify which operator’s database has been compromised and the extent of the attack.

From there, the next step is to validate that the account credentials for sale on the generator sites are legitimate. Once validated, evidence is then gathered to support civil or criminal proceedings. In addition to this, cybercrime prevention services can advise on how to better secure your OTT set-up; making it more difficult to hack.

Ultimately, cybercrime readiness is about more than just technology. It’s about how quickly you can take action. Getting the basics right can significantly lower the overall risk.