Live Streaming: Is It Secure or Not?

Did anybody think of live streaming to be a serious security threat? If so, we are here to shed some light on this issue and give you a few recommendations regarding how to protect you from scams and possible hacking attacks.

Live Streaming and Security Concerns

Everyone will agree that the same is true for the virtual world as it is for the real one – there is no such thing as 100% security. There are numerous holes in software that can be exploited by scammers and other Internet criminals. With online streaming, things are not different. It is true to say that with our global, mass technologies and blurring borders, the constant threat from spammers and hackers is inevitable. It becomes more difficult to secure IP, and IP-spoofing could seriously harm revenue streams. To make connection secure, live streaming content, which is stored on the server, must be protected. However, most live streaming platforms prefer cutting costs on security issues. And economic dimension is not the only reason why they do so. Experts say that multiple layers of security can slow the things down. And for the streaming content, where the speed of transmission plays a crucial role, this is unacceptable. Ray Stanton, Executive Vice President accountable for BT Advise, see the biggest security problem in the fact that most Streaming Protocols are proprietary and poorly designed. Because of technical imperfection of security layers and the overall lack of attention to security issues, there have been multiple cases of online crimes associated with live streaming platforms. Here are only some examples:

Case #1. Twitch Suffered a Hacker Attack

One of the most sensational hacking attempts was Twitch security breach in 2015. All Twitch users were force to change their passwords, and the authorization through Twitter and YouTube were turned off. In the course of the attack, some users were stolen their email and physical addresses, telephone numbers, names and passwords (probably, hackers intended to use these data for the next phishing attack), others – were robbed their game artefacts and virtual money. Perpetrator of the crime, the hacking group “Lizard Squad”, managed to recruit popular Twitch streamers/YouTubers, including Sky Williams, MaxMoeFoe and Mia Rose to write “Lizard Squad” on their forehead, and tweet out the photos. Giving proper respect to Twitch owners, they paid stolen money back to the users’ accounts.

Case #2. “Eskimo” Speculations with Twitch Users

There are various ways to make harm to online streamers. In 2014, the cyber criminals launched malicious software called “Eskimo” that stole money from Steam-wallets of Twitch users. “Eskimo” asked the user to follow a link and fill in the questionnaire as a lottery participant. It was stated that a registered player could win a digital weapons and collectable items for the famous shooter “Counter-Strike: Global Offensive.” Once the malicious software got access to Steam-account, it started making screenshots, adding new friends, buying new items, etc. Hackers used the fact that Twitch users are accustomed to such bots: there are streamers who used to earn money by driving subscriptions by using the similar software in chat rooms.

Case #3. Massive Attack of Several Streaming Services

In 2014, the servers of Steam, Battle.net, Origin and League of Legends were undergone DDoS attacks that have left gamers struggling to log in and engage in online play. The group of people named DERP claimed responsibility for the incident. There were some measures taken to create better safeguards against future DDoS attacks, so all four sites are successfully functioning today.

Are There Some Rules and Preventive Measures that Can Protect You from Scams and Hacking?

There are numerous possibilities to find your personal information in the Internet. The simplest way is to google your user name. If you use the same name on other sites, be ready that scammers will easily find this information and use it for their dirty purposes. Another way is to make you click a malicious link which gives the user your IP. The listed scenarios are only few of hundreds. In order to feel safe online, start you streaming career from scratch: use a new username, dissociated email, etc. Be aware of what you post online. Don’t give your steam wallet to people you don’t trust. Be careful when you add somebody on xbox live or playstation gaming network: multiplayer games depends on how the game handles traffic and, unfortunately, most of them do nothing to protect gamer’s IP from other clients. There are simple things that can be done to up your level of security while live streaming. Here are some of them:
  • Email
Keep you email private. Detach your Twitch email from other accounts. Your email can also be seen donations are made, but only if you have a personal PayPal account.
  • Personal Info
Don’t tell people your private information: place of living, unless it is a very big city, your last name, place of employment, etc. If you are a popular streamer and feedback is important for you, you can set a PO BOX and associate everything with this address. In case you have a website, use domain privacy, so that nobody can see your details in WHOIS. Don’t tell anybody the information you use for your password recovery. Usually, these are common questions that are easy to wheedle out, such as “where you born”, “what is your mom’s name,” etc. Anyone can look at Facebook or other networks to find out this information. So, try to make up questions inventing a fake name and location. This will take effort, but add protection to keep your account safe.
  • IP-address
Use VPN application to mask your IP address. You can also set specific parameters on your computer that won’t allow being online without using VPN connection. In this case, if your VPN stops functioning, Internet will goes down automatically. It is also advisable to use VPN connection for all your devices.
  • Skype
Don’t give out your Skype name to prevent DDOS attacks: if your Skype and Twitch usernames coincide, create a new account dissociated with your Skype data. Make sure that your Skype application is inactive while steaming.
  • Chat
A lot of steamers have suffered from random viewers posting the streamer’s IP in chat or DDOS-s attacks. Disable links in chat or use a bot like Nightbot to filter safe domains. Never click on any link in chat from people you do not know. If you are a novice with a few hundred viewers, it won’t be a problem to monitor chat. But, when thousands of people are involved in chatting (especially, if we talk about big gaming tournaments), filtering the chat becomes more difficult. In this case, try, at least, filtering out specific keywords, require viewers to verify their emails. You can also add to blacklist your personal info, so that when people type it, it gets removed automatically.
  • Password
Create secure password that includes long random mix of characters (numbers, letters, symbols). Examples: 1. BAD PASSWORD: Almondcake2! – in spite of using different character types, the password mainly consists of one word and is definitely unsecure 2. OK PASSWORD: IAdoreAlmondCake – using different words and multiple character types is good, but the words are too common 3. PERFECT PASSWORD: [email protected]$cake? – this is an excellent password as you are using an uncommon mix of characters. You can invent such a password by yourself or better use random password generator.

Take Away

The recommendations above are not imperative. They are just some ways to make your streaming more secure. Overall though, live streaming isn’t too risky until you give all your private information out voluntary. In spite being attentive to possible security risks, there is always the potential for making a mistake, for example, accidently show up your email address. But, for the most part, if you are a small streamer, broadcasting for pleasure, it is a low risk that somebody will take advantage of your mistakes.  

10/12/2016