Botnet for cheating auditions

Original author: William Bedell
  • Transfer


On our GT blog and the Hi-Fi World section, we share not only the expertise of Audiomania employees, but also analyze interesting cases covering a wide variety of aspects of the music industry. So, we talked about the possibilities that a real 3D sound can provide, talked about various gadgets and startups from the world of audio.

Today we decided to look at the phenomenon that many aspiring musicians and popular music producers face. It will be about the " cheating " of listening.

Spotify- This is a Swedish music service that allows you to listen to the music of many popular manufacturers, including Sony, EMI and Universal. Over 8 years of work, the service library has replenished with more than 30 million songs, and 80 million users amounted to approximately 1.5 billion collections of favorite songs.

This service is one of the incarnations of streaming multimedia , which is a relatively popular tool for earning money for both beginner musicians and world-class stars. This model of content distribution allows authors to receive modest deductions for each listening to the composition. For example, if you leave the Spotify playlist with the music of your favorite band all night playing, then about 72 cents will fall into the music box of musicians.

A simple botnet running on an old laptop can earn about $ 30 a day by cheating on auditions. This state of affairs indicates a significant vulnerability in the current business model of music streaming services. Of course, this is reminiscent of the “click-winding” that advertisers once faced, but well-known automatic protection measures can only worsen the situation with the small earnings of independent musicians.

Peter Fillmore, a security consultant from Melbourne, was one of the first to point out this problem, but he did it beautifully. In 2013, he brought his works to the top Australian chart of the music service Rdio (analogue to Spotify).

Subsequently, even specialized applications like Eternify appeared and many in the industry wondered what would happen if serious botnets were used that would put a wrap of listening on the stream. Of course, no one excludes their secret use by large players, but today we’ll talk about “artisanal” experiments.

In general, for Spotify, the process is as follows:

First, a remote server using browser automation systems registers several accounts on Spotify, generating random names, email addresses and birth dates. The number of accounts must be very large, otherwise Spotify will easily detect a handful of users with inhuman activity.

The central management server sends account information to cloud servers running Spotify clients at regular intervals. "Users" log in to the service, listen to music for several hours, and then disconnect.
Experience has shown that 50 Spotify clients on a 15-gigabyte cloud server can provide 18,000-144,000 listening. So, they will "earn" $ 0.08 per one song listening , which in the end will bring a good reward at a cost of only 0.003 to 0.012 cents for such an action.

Previously, when creating an account, Spotify did not ask for captcha or an email address, which opened the door to creating simple botnets at home. More complex bots that mimic human behavior can easily trick Spotify spam algorithms.

If we talk about making big music labels, they are protected from such risks, because their schemePayments have a much more complex structure. Sony has agreed to receive multi-million dollar advance payments from Spotify, as well as “actual lows” that guarantee fixed listening fees, even if the bots manage to reduce their overall revenue share.

For independent musicians and small labels, things are different - they will take on all the power of the blow, since the size of their payouts is more flexible. Advertisers will also suffer, as they will have to pay for ads that bots “listen to”.

Also popular now: