Piracy sites tempt users with free movies as malware lies in wait, report says

Advocates have tried just about everything to protect Hollywood intellectual property. But attempts at legislation have floundered, and persuading people to give up illegal downloads has proved a Sisyphean task.

Now activists are trying a new tactic — appealing to people’s fears by pointing out that piracy websites aren’t just illegal, but dangerous.

The source of the danger? Malware, the malicious software that takes over systems and pilfers private information.


Digital Citizens Alliance, an Internet safety group that has worked with members of the Motion Picture Assn. of America, said in a report released last week that people who visit content theft sites are 28 times more likely to be exposed to malware than those visiting regular website.

Malware is a big business for online pirates, who collect an estimated $70 million in annual revenue from malware makers, according to Digital Citizens. Cyber criminals use free copies of new movies and TV shows to lure unwitting consumers into the crosshairs of malware distributors, the report says.

Criminals have realized that the single easiest way to expose people to malware is with content theft.

— Tom Galvin, executive director of Digital Citizens Alliance

“Criminals have realized that the single easiest way to expose people to malware is with content theft,” said Tom Galvin, executive director of Digital Citizens Alliance. “They’re baiting consumers and that’s concerning to us.”

Piracy has long been the bane of Hollywood. But lobbyists for the major studios have largely avoided legislative fixes since taking a black eye over the the failed SOPA/PIPA legislation in 2012. Law enforcement has also struggled to thwart pirates. The U.S. Department of Justice last week hailed the arrest of the owner of KickassTorrents in Poland and the seizure of associated domain names. Yet clone sites of the popular file-sharing destination popped up online almost immediately.

Piracy and malware is typically associated with groups based outside the U.S. But the new Digital Citizens report tries to bring the issue closer to home by singling out two tech companies with U.S. offices that it says are helping to facilitate illegal activity, albeit indirectly.

The report accuses CloudFlare, a San Francisco-based company that provides security and other services to websites, of not doing enough to crack down on sites that spread malware.

According to Digital Citizens, CloudFlare’s service masks the true hosting company’s information, thereby protecting the illegal site.

“Are these companies doing anything illegal?” the report asks. “No more than the landlord of an apartment isn’t doing anything illegal by renting to a drug dealer who has sellers showing up day and night.”

CloudFlare co-founder and Chief Executive Matthew Prince said that the company is not a Web host and is thus is not responsible for taking down infringing content. The firm, whose customers include major corporations and government agencies, leaves the policing of the Web to law enforcement, Prince said.

Further, if a customer’s site is found to be distributing malware, CloudFlare can post a page on the site warning Internet users of the potential danger. That’s similar to what Google does when users encounter malware through its search engine. What’s more, the company doesn’t want to play the role of Internet censor.

“Do we catch it all? No, but we do catch a lot,” Prince said.

In addition to CloudFlare, Digital Citizens takes aim at Hawk Host, a Web hosting service in Ontario, Canada with offices in the U.S. According to the report, Hawk Host was found to host malware-ridden piracy sites including and

Hawk Host says it takes significant measures to find and block sites that violate its policies, including the distribution of dangerous software. The company has agreed to block the sites identified by Digital Citizens.

“While we actively scan for malware on accounts, one thing that’s difficult for us (and other providers) is actively detecting phishing websites before they get used,” said Cody Robertson, Hawk Host’s chief technology officer, in a statement included in the report.

Follow Ryan Faughnder on Twitter for more entertainment business coverage: @rfaughnder


Covered California health insurance coverage doesn’t guarantee doctor access, study says

By buying Yahoo, Verizon scoops up a rare prize: Silicon Valley real estate

What to expect from the Fed’s first meeting since ‘Brexit’