Accounts are being held to ransom under threat of a third and final copyright strike

Criminals are leveraging YouTube’s copyright system to hold content creators to ransom, with numerous users reportedly falling victim to extortion attempts over recent weeks.

In its efforts to clamp down on the distribution of copyrighted content, the Google-owned amp-video-sharing platform operates what is essentially a ‘three strikes’ system.

Under this policy, when YouTube receives a “complete and valid legal request” from a content owner, it takes the amp-video down.

Meanwhile, if a live stream is removed for copyright reasons, account holders’ access to this service will be restricted for 90 days.

After three copyright strikes, the account will be terminated, and all existing amp-videos will be removed.

Who needs ransomware?

Seemingly aware of their ability to cause denial of service to YouTubers (an increasing number of whom rely on the platform as their primary revenue source), miscreants have been taking it upon themselves to submit two false copyright claims against target channels.

They are then demanding payment in return for not submitting a third (and final) copyright strike.

YouTube gamer ObbyRaidz, for example, says he received a demand for either $150 via PayPal or $75 in bitcoin from a user called VengefulPayments.

“Once we receive our payment we will cancel both strikes on your channel,” the demand read.

After ObbyRaidz tweeted about the threat, he received another message: “Hey – we saw you tweet about us. Not sure why you thought that was a good idea or if you thought you would remotely get any help, but this has violated any potential deal.”

The same thing happened to another YouTube gamer, Kenzo, in this case with a demand for payment that was twice as high. Kenzo says YouTube failed to take action until he took to social media to broadcast his plight.

And one user, makeup vlogger Manny Gutierrez, has even admitted to using the technique to get the TeaSpill beauty news channel struck because it slated his review of a brand of foundation.

“Honestly guys, I did it out of frustration. I was getting hundreds of hate comments,” Gutierrez said, adding that he only removed the strike against TeaSpill after he and the site “solved the issue”.

Playing the system

When questioned over the potential for malicious users to exploit the platform’s three strikes copyright policy, a YouTube spokesperson told The Daily Swig that it was only alerted to the threats against ObbyRaidz once he tweeted about the issue, and that it then reinstated the amp-videos, removed the strikes, and terminated the accounts of the blackmailers within hours.

However, the company admits it relies on users to be honest when claiming copyright – and says it’s required by law to take down content when they do.

The law in question is the Digital Millennium Copyright Act (DMCA), which criminalizes the distribution of copyrighted content.

While YouTube does indeed have an obligation to remove content that has been flagged for copyright infringement, some have previously expressed concerns that the system is weighted against users, as they say it automatically assumes guilt once a channel has been subject to a claim.

We’ll perhaps never know how many other channels have been targeted in this way – nor how many users have successfully been blackmailed into paying up.

However, the chances are that unless YouTube can improve the process of challenging a takedown, this denial of service exploit will not be going anywhere soon.


RELATED Are hacking tutorials illegal? YouTube seems to think so