Home > Anti-Piracy > DMCA >

The company behind notorious anti-tamper technology Denuvo, filed an interesting DMCA takedown notice at GitHub this week. According to Irdeto, unnamed parties cloned the company’s website, registered a similar domain, and ran their own mail server behind the scenes. A short investigation by TF suggests that the culprits may have known Irdeto would attempt to track them down and may have left Easter eggs along the way.

Mirror and clone sites were once deployed to keep popular sites alive as they imploded under the weight of their own popularity and ensuing traffic.

The strategy was famously deployed around Suprnova, one of the original torrent giants. Given how often the whole site went down, unable to cope with unprecedented success, in hindsight it was given an unintentionally appropriate name.

Today, some clone and mirror sites still exist for the same purpose but most fall off the end of a streaming site conveyor belt, to trade on the popularity of sites with known brands, generate confusion with similar domains, or both.

As a leading cybersecurity and anti-piracy vendor, Irdeto will be only too aware of the mirror and clone site phenomenon. Whether it expected its own website to be cloned and placed online is up for debate. As the owner of Denuvo, perhaps the most hated anti-piracy tech currently on the market, it probably didn’t come as a surprise.

DMCA Takedown Notice to GitHub

Irdeto’s DMCA notice was sent to GitHub on its own behalf, which probably doesn’t happen very often.

“We are writing to you from Irdeto B.V. (‘Irdeto’). We own the exclusive copyright to Irdeto.com and its related assets,” the notice begins.

Responding to GitHub’s request to identify the original copyrighted work that had allegedly been infringed, Irdeto pointed towards its own website.

“Irdeto.com and it’s related assets (such as text, website design, and images) is our copyrighted corporate website. The reported repositories have duplicated the Irdeto website code and assets. As this repository contains a direct copy of Irdeto.com, confirm that we own the copyright for all the contents within the repository.”

Cloned Sites Operating Under Two Domains

Irdeto goes on to claim that the owner of the infringing repos, described simply as “this individual” had attempted to impersonate Irdeto. One of the domains used in connection with the cloned website was Irdeto.fr but whether there was a broader plan isn’t revealed in the notice. That being said, the existence of a mail server quite rightly generated additional concern.

After identifying the repos to be removed, Irdeto requested a rapid takedown and action against the alleged culprit.

“We respectfully request that Github removes the infringing content expeditiously and suspends the user. If anything is preventing you from removing the reported content, please let us know what additional information is required,” the company wrote.

The first request was obviously granted by GitHub but whether it took any action against the user is unknown.

Unexpected

Suspended from GitHub or not, taking on a company like Irdeto has the potential to end quite badly. At the very least, there are much less risky targets, so who would choose to take on a corporation expecting to beat it at its own game?

Unable to resist a short look around, we began with basic questions; who owns Irdeto.fr, what other domains do they own, and why are WHOIS records nearly always frustrating?

Yet amazingly, not at all frustrating today. With no blanket of redactions, no wall-to-wall privacy service, Irdeto.fr seems like an image of openness.

Registered on January, 28, 2024, Irdeto.fr offers something most domains do not, personal information – or at least that’s what the information suggests it might be. Unwilling to fall into any mischief traps, or possible registration proxies, details redacted below.

With limited time, the next easy step was to find other domains registered by the same person. Using the email address listed for Irdeto.fr we ran a check and got another suspiciously easy hit.

The same email address is not only listed against another domain, but a .US domain, which are not usually redacted. This was no exception.

At this point completely out of time, we took that as a direct order. Almost certainly, Irdeto will not, despite 121K domains left to trawl.

Irdeto’s DMCA notice is available here