Italian authorities have dismantled a hacking scheme centered on the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify.
Unlike traditional IPTV service providers who openly market themselves online and disclose their activities, CINEMAGOAL’s approach was subtle, as it uses an app installed by customers on their devices.
During a major anti-crime campaign called “Tutto Chiaro” (All Clear), Italian law enforcement officers carried out 100 investigations throughout the country and seized items that could help investigators identify the people involved, as well as find the amount of illegal profits.
According to the Guardia di Finanza, a legal agency working under the Ministry of Economy and Finance, the operators of CINEMAGOAL have probably made millions of euros through audiovisual crimes, unauthorized access to computers, and computer fraud.
The CINEMAGOAL app is directly connected to official streaming platforms and authenticated using valid encryption codes downloaded from external servers.
The system used virtual machines in Italy to capture valid verification/decryption codes from valid registrations every 3 minutes and distribute them to customers. These legitimate subscriptions were opened using false identification data to Sky, DAZN, Netflix, Disney+, and Spotify.
The authorities highlight that CINEMAGOAL not only avoided blocks but also provided the highest broadcast quality, since users streamed content directly from the service rather than receiving pirated broadcasts, and the real IP addresses of customers were hidden.
“A very advanced and unprecedented system that not only bypasses the security blocks used by the platforms, but also increases the quality of the view, reducing the possibility that the end users will be ‘caught'” by the regulatory system,” explained the Guardia di Finanza.
“Access to the aforementioned application, in fact, does not involve the use of communication directly related to a specific IP address, thus providing greater protection to the end user.”
In an action coordinated by Eurojust, the military seized CINEMAGOAL’s servers in France and Germany containing the source code of the application and secure broadcast recording functions. 200 financial officers are involved in this project.
The illegal streaming business had more than 70 vendors, selling annual subscriptions for between €40 and €130 ($46-$150).
Payments are made using cryptocurrency or to foreign bank accounts and accounts registered under fake names.
It is estimated that CINEMAGOAL has caused a loss of approximately €300 million ($347M) in unpaid subscription revenue during its lifetime.
Authorities are now analyzing the seizures to identify all parties involved, including end users, and estimate the full benefit.
They have already identified many subscribers and sent fines ranging from €154 to €5,000 ($179-$5,800) to their first 1,000.
The investigation into CINEMAGOAL is still in its early stages, as clarified by the Guardia di Finanza.
During the same enforcement action, an IPTV service known as “pezzoto” was also identified and dismantled.
Automated testing tools deliver real value, but they’re designed to answer one question: can an attacker deploy on a network? They are not designed to check that your controls block threats, your firewall detection, or your cloud configs.
This guide covers the 6 areas you really need to verify.
Download Now
