Spanish police have shut down Cristal Azul, a popular Kodi add-on with an estimated 78,000 users. As sports rightsholders claim the fraudulent access cost them €42 million, in piracy circles the shutdown is being linked to a change of policy at Telegram. A direct warning that personal details could be handed over by Telegram coincides with some piracy groups abandoning the platform.
Whenever fans read about football in mainstream European media, carefully crafted deterrent messaging woven into anti-piracy news is unlikely to be too far away.
Suing everyone is impossible, but as rightsholders in Spain warn that fines are on the way, in the context of a reverse lawsuit lottery that nobody wants to win, ‘y si toca aquí?’
A press release issued by Spain’s Ministry of the Interior on Friday is fairly dry by most standards, but by withholding most of the important details (Who, What, When, Where, Why), those reporting on the story are left to fill in the blanks. As a result, arguably more significant developments may have been overlooked.
Operation Blue CorsairThe statement reveals that members of the Technological Investigation Team (EDITE) of the Madrid Command (Guardia Civil), were able to deactivate/disable “the most important streaming channel in Spain” as part of Operación Corsario Azul (Operation Blue Corsair).
Investigators reportedly discovered that a Kodi add-on “created by a developer external to the platform” provided free access to live streams of matches played in the first (and second) Spanish divisions. No straightforward mention of LaLiga, but still.
“Initially, the researchers focused their activity on finding out where the football matches were being broadcast, following the steps of the source code of the extension or ‘add-on’. After various searches for information, they managed to obtain said location, one of the most used instant messaging platforms in Spain,” the statement adds.
Tracking the CulpritThe Ministry says that to determine who is responsible for the unnamed add-on, which streams matches illegally from an unnamed messaging platform, apparently to 78,000 users for free, investigators focused on pseudonyms present in the source code of the add-on.
These investigations led to the identification of an unnamed “user of the platform” as the person responsible, who appears to be in considerable trouble. The 37-year-old was investigated for “a crime related to the market and consumers” with related fraud valued at exactly €42,547,104.
The operation also achieved the “blocking and elimination” of the channels used on the instant messaging app” as well as the “elimination of the programming code used illegally.” One of these claims seems like a bit of a stretch. The other may be more important that it sounds.
Some Meat on the BonesThe Civil Guard separately confirmed that “two well-known companies in Spain” were the victims in the alleged €42,547,104 fraud. Why the names of those companies seem hard to mention is unclear, but they’ll come as no surprise.
The investigation was triggered by a joint complaint filed by top-tier football league LaLiga, and Telefonica-owned broadcasting partner Movistar.
The target was a Kodi add-on called Cristal Azul, as these screenshots from a police video seem to confirm.
The GitHub repo seen in the video still exists, but it contains only a very old version of Cristal Azul (v0.0.12) from four years ago; the latest versions are v3.0.10+.
While not four years old, the news announced on Friday wasn’t exactly fresh either. In fact, those behind the add-on made an announcement on October 7, 2024, which left very little doubt that their position had become untenable, “ugly” even.
News that the addon would be immediately shut down and wouldn’t be coming back, was only the beginning.
Too Hot to ContinueBefore those behind Cristal Azul shut the add-on down early October, the software was available from the Luar repository hosted on GitHub. Presumably due to the unwanted attention, soon after Cristal Azul shut down, the Luar repository disappeared in similar fashion, leaving the message “See you soon” behind.
Most likely due to the disappearance of Cristal Azul, the Luar repository received a significant (but useless) traffic boost in October.
“See you soon” (translated from Spanish ‘hasta pronto’)
A slightly longer message on Telegram added: “It’s time to say goodbye. WE CLOSE DOORS. We hope that in these 4 years Luar helped you in some way. Thank you for being there. See you soon.”
Telegram Fears: More Addons Call it QuitsSince the demise of Luar, other add-on related platforms have taken action too. Whether these are true closures, relocations, rebrandings or any other strategy deployed by pirates, is unknown, but TVChopo and Kodivertido began limiting their exposure in the third week of October.
Not long after, Palantir also took steps to improve its security; in fact, all players mentioned above took exactly the same action.
The popular instant messaging app that the Ministry alluded to in its statement concerning Cristal Azul was Telegram; it appears some people are becoming quite nervous about having a piracy presence there.
After Telegram’s founder and CEO Pavel Durov was arrested in France in August, Telegram promised to address abuse on the platform, including being more responsive to piracy complaints. Telegram says it intends to stand by that promise.
IP Addresses and Phone NumbersWhen Spanish tech site AVPasion asked Telegram about its change of policy and how that could affect channel operators accused of infringement, Telegram was fairly bullish on the consequences.
“We’ve updated our terms of service and privacy policy, ensuring they are consistent across the globe. We’ve made it clear that IP addresses and phone numbers of those who violate our rules may be disclosed to relevant authorities in response to valid legal requests,” Telegram’s response reads.
For some who believed that Telegram was a safe haven, this may be an unexpected wake-up call. It really shouldn’t have been unexpected though and what comes next month or next year shouldn’t come as a surprise either.