We recently sat down with Maria Malinkowitsch, the director of product management for the award-winning Verimatrix Counterspy solution that provides operators with today’s most robust video piracy detection and response as well as uniquely powerful app shielding capabilities. 

Based in Munich, Maria heads all product direction for Counterspy, which aims to fill the gap in content protection created by the shift from operator-controlled set top box hardware to retail or app-based OTT clients. 

Counterspy enables operators to confidently distribute today’s valuable content by authenticating each app instance and tying it to a specific subscriber, ensuring transparency and control over the actual access to valuable video content. By safeguarding the authentication token from theft or manipulation, Counterspy prevents abuse and ensures legitimate access to content, going far above and beyond traditional DRM vendors. 

Maria brings a lengthy history in the M&E space and highlights not only the appeal of working with and helping lead Verimatrix’s team of anti-piracy innovators, but also the vigor within the team to provide the best possible proactive stance for fighting video piracy. 

Below is a quick Q&A designed to introduce you to Maria and her fast-paced success at illustrating Counterspy’s immense value for operators.

Q: Tell us about your experience in the industry and ending up at Verimatrix.

A: I’ve actually been in the video industry for ages, as I started working with video when I was still in school and did sound and voiceover work for kids’ movies. 

Later, I worked as a journalist in front of the camera, and eventually, I transitioned into the technology side of things. I joined as a provider, working in different roles from solutions engineering to sales and product management. 

In the past, I’ve been responsible for the satellite portfolio and products, but over the many years, there has been a major shift toward a changed environment in how people consume video products. Therefore, I was extremely eager to move into an area focused on the sustainability of video because we all know that video is struggling massively. 

People are cutting costs, and it’s a very weird situation because over 80% of Internet traffic is made up of video streaming, and it continues to grow as we speak. An enormous amount of video is being consumed. So, how is it that the video industry is struggling? There is a clear yet not always obvious answer because we can look at something else that continues to evolve. 

It’s not just that video creation is on the rise—it’s that piracy is on the rise as well. It’s very difficult to make out the exact numbers because pirates obviously don’t report taxes on how much they make from pirated video revenue. But we can say that in 2023 in the EU alone, piracy generated approximately 3.2 billion euros in revenue. The industry needs to recoup that. 

Let’s ensure that everyone consuming video does so legitimately so that producers, rights owners, OTT platforms, and technology service providers can all benefit—and in the end, so can consumers because they benefit from the content. This is the main reason I joined Verimatrix, as I see piracy as a major problem in the media industry, and I think that if we can bring back a sizeable chunk of these billions in losses, the video industry will be on the rise and more profitable. 

I’m totally passionate about spreading information across the world about what Verimatrix does and how Counterspy can benefit so many in the M&E sector. Verimatrix is decades old but still maintains a start-up mentality. That’s not only refreshing but also a win-win for the company and customers alike. 

We’re flexible, direct, and avoid unneeded complexities. Unlike many in the industry, we’re always moving quickly and remaining agile in the real sense of the word—not just in process. I believe that’s extremely important. 

In the end, we understand the problems in the market, we understand the pain our customers are facing, and we solve them. It’s great to work with a team full of talented engineers (I’m not an engineer) and work to confidently face today’s video piracy issues.

Q: So how do criminals steal video content today? What’s changed?

A: There’s been a big change that has happened to the media industry as well as the piracy industry, because way back when we were all watching TV screens with the help of set-top boxes that employed encryption, piracy was really something for criminal “professionals” to conduct. It required skill to hack that type of encryption on a box.

Now, you have all types of diverse devices, including mobile phones, tablets, laptops, computers, smart TVs, connected TVs, Android boxes—you name it. Each of them offers its own vulnerabilities.

If you look at how this has evolved, especially with the rise of large language models and AI becoming available to everyone, piracy has also become accessible to everyone. Every school kid can pirate content today, and we see that pirates have become lazier than they used to be. They want to spend as little time as possible hacking because there are so many ways to do it.

Today’s pirates have so many opportunities, so they just use the simplest ones. Plus, they want to increase their ROI. 

People are paying for piracy platforms wherever they spread content, and they don’t want to spend too much money running these platforms. So, they use legitimate platform providers‘ content delivery networks (CDNs) to steal content directly from the CDN

How do we know this? There are multiple ways. We talk to the industry, and we talk to customers, so we see what’s going on. We talk to rights holders who are following the market, and we cooperate very tightly with companies that crawl the web looking for pirated content. Plus, we have our own division, VMX Labs, which focuses solely on the latest cyberattacks.

Q: Address the combination of anti-piracy and video security.

A: Today, it’s not enough to have strong content protection. It’s super important to have a strong cybersecurity strategy that goes hand in hand with the anti-piracy strategy and the content protection strategy.

That means that just encrypting your content is not enough. Having a cybersecurity concept protecting your backend is not enough. You need something specific for video because the users are different and, indeed, the pirates are different.

In this industry, we all know that the worst thing that can happen is that the screen goes black. User experience is key, and you can’t just adapt another cybersecurity solution concept to an end-user app for using video because users won’t accept that.

And protecting your backend is not enough; you need something specific for video because, as I previously said, the users are different, the pirates are different. Verimatrix Labs is looking into cyberattacks, following the market, and helping us understand the problem.

It’s clear that most content protection providers haven’t yet addressed this change. Verimatrix Counterspy has been up and running for a year, with our first customer on board in July 2023.

We’re proud to be the first ones who really brought up this topic to an extent that goes beyond just patching existing leaks. It’s about providing a strategy that is future-proof and considers attacks that could happen tomorrow.

Even now, we can see that almost all studios and some sports rights holders who are distributing their content have to protect it, but it’s like applying a small patch to a wound that’s bleeding from all ends—it doesn’t help in the end.

You need to treat the issue seriously, and you need to have a combination that makes sense. It’s not just about obfuscating code because, as you know, if you look up the most common obfuscators, you’ll find the de-obfuscator right below it on Google. It doesn’t help at all.

What we are suggesting is really understanding what is going on, looking into the hackers’ heads. The cool thing is that Verimatrix provides a sneak peek into their minds—what they do and how they do it. Once you understand that, you can understand what they want.

Just like we need to understand what our customers want—our customers don’t care about content protection. And they don’t care about cybersecurity. They shouldn’t. They care about content and providing experiences.

Content brings subscribers, and subscribers bring revenue and ROI. That’s what the Verimatrix Counterspy customer cares about. That’s all. They shouldn’t have to worry about anything else. That’s why it’s so important to leave it to professional companies like us who know how to build a strong strategy without impacting user experience.

Q: Just how unique is Counterspy?

A: No one else appears to offer a solution similar to Counterspy.  We can see that our competitors have started to jump on the CDN leak train—protecting your code, protecting your application—but if you look at the solutions they’re offering, it’s nothing close.

For instance, they have developed some measures like anti-hooking, anti-debugging, and anti-tampering, but in the end, when they protect their app, it’s just not enough. We approach things differently. For us, the reverse channel—getting back information, looking at risk factors, looking at the patterns that pirates use—is key.

For example, if someone is constantly trying to debug and can’t, you see the debugs hitting your dashboard. Then suddenly, it stops. We can be totally naive and think, “Oh, he gave up,” but most likely, the pirate hasn’t. Why did the debugging attack stop? Because he figured out how to circumvent the protection.

We should never believe we are smarter than them. We should just be prepared. We should be stronger than them. So, we assume these attacks have ended, and we might be wrong, but we assume the hacker has found a way around it, so we need to renew our protection. That means that protection needs to be, as they say in the technical world, polymorphic—it should be so different that the pirate has no choice but to start from scratch.

Q: Hence, it’s all about not making it worth a criminal’s time and money to break protections in the first place—and knowing how to best do that?

A: Exactly. The difference, I’d say, between some of today’s other cybersecurity mechanisms and Counterspy is that we understand how video works.

In normal cybersecurity, you might say, “Let’s use two-factor authentication.” But no way is anyone going to do two-factor authentication on a video app. I want to watch my soccer game. I will never, ever do two-factor authentication—I’ll just cancel my subscription.

It’s really about talking the language of what people want to see and understanding the specific attacks on video because you don’t have, for example, CDN leakage in banks, right?

We have a comprehensive and complete video anti-piracy strategy that is different because others have content protection, some attempts at cybersecurity, and watermarking, but it doesn’t fit together.

Most video-specific cybersecurity measures from competitors lack the reverse channel, so they work blindly. They just hope that if they protect something, nothing will happen, but that’s not the case. It doesn’t help at all, even if the protection is working, because they don’t provide the means to ensure that only legitimate apps are used.

That’s why it needs to be like a well-fitting suit of armor that’s made up of the three components: Multi-DRM, Counterspy, and Watermarking.

With Verimatrix, customers can be assured that it’s not just protection or hardening—it’s Counterspy and everything that comes with it, including all the needed intelligence surrounding piracy attacks, credential theft, emulators, ad fraud, and CDN exploits.

 You’re not going to find a more comprehensive solution that offers:

  • Real-time piracy detection
  • Automated countermeasures such as service termination, quality degradation and associated warnings
  • Robust monitoring against credential and key theft
  • Powerful app shielding technologies
  • Rapid threat response capabilities
  • Zero code integration, seamlessly fitting into your in-house processes

Also, I would encourage readers to check out one of our latest anti-piracy insight pieces, “Protect Your Revenue Cow with Counterspy,” where the Verimatrix team layouts the argument that pirates aren’t just interested in stealing a couple steaks from your cash cow anymore; they’re after the whole darn cow!