Law enforcement operations against pirate streaming networks have been a regular occurrence, particularly inside the EU.

This includes Italy, where the financial police, Guardia di Finanza (GdF), has routinely cracked down on the “pezzotto,” the term used for selling IPTV streaming boxes and subscriptions.

This week the financial police in Ravenna announced something they say is different. In an operation named “Tutto Chiaro” (“All Clear”), coordinated by the Bologna prosecutor’s office, around 200 officers carried out more than 100 searches and seizures across Italy, with parallel action in France and Germany.

At the center of the crackdown is an app called CinemaGoal. The GdF calls the technology behind it “highly advanced and previously unseen”.

“The operation, which stemmed from social media monitoring, uncovered, for the first time, the existence of an innovative technology,” GdF explained , noting that the app offered superior viewing quality while the anti-piracy detection rate was minimal.

How the GdF Says It Worked

According to the GdF, CinemaGoal was installed on a customer’s device, connecting it to a foreign server that decrypted the premium content. This included content from premium broadcasters such as Sky and DAZN, but the authorities also named Netflix, Disney+, and Spotify as targets.

The police explain that, every three minutes, virtual machines captured the “original” codes of legitimate subscriptions and instantly relayed them, sending a “clear” signal to pirate subscribers. Those legitimate accounts were registered to fictitious names, as well as some who have been identified.

Because the system tapped into the official streaming feeds, GdF says the quality of the streams was superior. Paired with a low anti-piracy detection rate and relative anonymity for its subscribers, the more than 70 identified resellers had little trouble selling these subscriptions.

New Anti-Piracy Tech?

The “previously unseen” framing relied on a broad description by GdF, referencing “Original codes,” a “clear” signal, a foreign server that “decrypts” content. This is press release language, not a technical explanation. But just how “new” is this technology?

The few concrete details shared by authorities are reminiscent of one of the oldest piracy tricks. For over two decades, pirates have hijacked pay-TV by copying the constantly changing key that unlocks a single legitimate subscription and sharing it out to everyone else. This is typically known as card sharing.

However, with card-sharing, keys typically change every few seconds. The GdF suggests that CinemaGoal refreshes codes every three minutes, which is significantly slower.

That timing, together with the claim that CinemaGoal actually looked better than an ordinary pirate stream, hints at something more modern. This would be largely in line with CDN leeching, which is an emerging problem that anti-piracy outfits have been referring to over the past years.

In 2024, anti-piracy group Irdeto noted that this technical breach is particularly popular among operations that use piracy-enabling devices.

“Typically, they will reverse engineer video applications to understand how to access and extract the CDN content, enabling them to distribute pirated material more efficiently,” the blog post explained, while also referencing the quality improvement.

“Pirates leverage CDN infrastructure to deliver pirated content more quickly and with lower latency, thus enhancing the streaming experience for their illicit users,” Irdeto added.

What type of operation was targeted by operation “Tutto Chiaro” remains unclear for now. The police reportedly have the source code, however, so more information may come out in the future.

Perhaps that will also explain a more straightforward problem with the official press release. Currently, the same “grab the codes every three minutes” description is used for all streaming services, from live sports on DAZN to on-demand video on Netflix, to music on Spotify. These platforms do not all work the same way, however, and cannot all be unlocked by a single trick.

Subscribers in the Crosshairs

Interestingly, public searches show that CinemaGoal has left no notable public footprint. TorrentFreak found no app store listing, APK mirror, reseller storefront, or forum thread predating the operation. Every reference dates to the announcement by the Italian police.

The GdF says the investigation began with “monitoring social media,” and, according to Italian outlet Il Post, the app was promoted through networks such as Telegram, with agents selling online or meeting customers in person. This would confirm that there was no public sales outlet mentioning the CinemaGoal app.

Through Eurojust, the authorities seized foreign servers holding the decryption data and the app’s source code. The same investigation found that the same operation also relied on the more traditional IPTV “pezzotto”, in addition to CinemaGoal.

Rightsholders have welcomed the latest streaming piracy crackdown. Sky Italia’s CEO Andrea Duilio thanked the GdF and the Bologna prosecutors, and warned that people who choose illegal streaming risk fines and expose their personal data to theft and fraud.

Whether the enforcement actions will effectively end the operation is unclear. There haven’t been any reports of arrests of the people who ran the operation.

GdF’s press release does suggest that many pirate subscribers are at risk. It notes that fines will be issued to the first 1,000 identified subscribers, who will receive claims ranging from €154 to €5,000. The GdF puts the total involved in the “thousands.”

This is not the first time that pirate streaming subscribers have come in the crosshairs of the authorities. Last year , thousands of subscribers, connected to an IPTV crackdown, received similar fines in the mail.

From: TF , for the latest news on copyright battles, piracy and more.