Attackers are hijacking Jupyter notebooks to host illegal Champions League streams<\/title> <meta name=\"description\" content=\"Hackers exploit misconfigured Jupyter notebooks for illegal UEFA Champions League streaming, according to Aqua Security.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/misconfigured-jupyter-notebooks-uefa-champions-league-streaming\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Attackers are hijacking Jupyter notebooks to host illegal Champions League streams\"> <meta property=\"og:description\" content=\"Hackers exploit misconfigured Jupyter notebooks for illegal UEFA Champions League streaming, according to Aqua Security.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/misconfigured-jupyter-notebooks-uefa-champions-league-streaming\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-11-19T14:00:00+00:00\"> <meta property=\"article:modified_time\" content=\"2024-11-18T22:18:52+00:00\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/attackers-are-hijacking-jupyter-notebooks-to-host-illegal-champions-league-streams-2.jpg\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1731444340g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1731960560g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1732010462g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ddc036fa194c40cf406f\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/82656\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=82656\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmisconfigured-jupyter-notebooks-uefa-champions-league-streaming%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmisconfigured-jupyter-notebooks-uefa-champions-league-streaming%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-82656 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/misconfigured-jupyter-notebooks-uefa-champions-league-streaming\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.988764044944\">\n<div class=\"single-article__header-content\" readability=\"34.231920199501\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/misconfigured-jupyter-notebooks-uefa-champions-league-streaming\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> Normally reserved for data analysis, a cybersecurity firm caught online content pirates hosting soccer matches. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/82656\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/attackers-are-hijacking-jupyter-notebooks-to-host-illegal-champions-league-streams.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/attackers-are-hijacking-jupyter-notebooks-to-host-illegal-champions-league-streams-2.jpg 6092w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/attackers-are-hijacking-jupyter-notebooks-to-host-illegal-champions-league-streams-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/attackers-are-hijacking-jupyter-notebooks-to-host-illegal-champions-league-streams-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/attackers-are-hijacking-jupyter-notebooks-to-host-illegal-champions-league-streams-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/attackers-are-hijacking-jupyter-notebooks-to-host-illegal-champions-league-streams-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/attackers-are-hijacking-jupyter-notebooks-to-host-illegal-champions-league-streams-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/attackers-are-hijacking-jupyter-notebooks-to-host-illegal-champions-league-streams-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/attackers-are-hijacking-jupyter-notebooks-to-host-illegal-champions-league-streams-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/attackers-are-hijacking-jupyter-notebooks-to-host-illegal-champions-league-streams-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/attackers-are-hijacking-jupyter-notebooks-to-host-illegal-champions-league-streams-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/attackers-are-hijacking-jupyter-notebooks-to-host-illegal-champions-league-streams-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Shakhtar Donetsk’s Ukrainian midfielder #10 Georgiy Sudakov (C) vies for the ball during the UEFA Champions League football match FC Shakhtar Donetsk vs BSC Young Boys in Gelsenkirchen, western Germany, on November 6, 2024. Hackers were recently found to be exploiting Jupyter notebooks to host illegal streams of this particular Champions League game. (Photo by INA FASSBENDER\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"41.183870967742\"><body readability=\"83.873060648801\"><\/p>\n<p>Amid threats of state-backed APTs turning the geopolitical tide by diving into sensitive networks, some hackers are looking to use misconfigured Jupyter notebook servers to watch UEFA Champions League soccer, according to a new report from Aqua Security.<\/p>\n<p>Researchers at the cloud security company said in a <a href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2024\/11\/Aqua_Stream-Ripping_Embargoed-1.pdf\">report<\/a> released Tuesday that hackers were drawn to the misconfigured JupyterLab honeypots not because of possible proprietary data or other sensitive information, but to deploy a popular open-source video software and broadcast a match between the Ukrainian FC Shakhtar Donetsk and the Swiss BSC Young Boys on the Qatari beIN Sports network.<\/p>\n<p>\u201cWe saw tennis, saw a UEFA championship game, and we saw some basketball,\u201d said Assaf Morag, threat intelligence director at Aqua Security\u2019s Nautilus research team.<\/p>\n<p>While the motivation is financial, the rare use of misconfigured statistical software also highlights a new vector of attack and possible data- leak source, Morag said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>JupyterLab is a well-known interactive coding environment that is mainly used for data analysis and other scientific or educational uses. Jupyter Notebooks are also seen as an easy way to introduce programming concepts and scientific-friendly languages like Python and R. <\/p>\n<p>Nautilus researchers discovered the scheme while threat-hunting on inbound network traffic, discovering unusual activity on honeypot servers. The activity was due to streamers taking advantage of unpatched bugs and weak passwords to gain unauthorized access to the Jupyter notebooks, then deploying a shell to download FFmpeg, an open-source software suite used for handling video, audio, and other multimedia files and streams.<\/p>\n<p>Using computer resources for illegal sports streams may not be a critical threat for most organizations , but the information on the notebooks themselves could be sensitive, Morag warned. After a cursory search on the internet-connected device search engine Shodan,, Aqua researchers found around 150 Jupyter servers that allow for remote code execution similar to the soccer-viewing scheme .<\/p>\n<p>\u201cNautilus\u2019 analysis shows some private personal Jupyter notebooks, as well as corporate and startup whose servers are exposed to anyone, actively exploited,\u201d the report noted.<\/p>\n<p>Morag said the entertainment industry is affected most by unlicensed sports streaming. In this case, hackers were directing the video output to ustream.tv, a video-streaming platform that pays through ad revenue.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cTo qualify for these earnings, creators often need to meet minimum requirements for followers or view counts,\u201d the report said. \u201cUnfortunately, threat actors exploit similar methods by stream-ripping sports event feeds and illegally broadcasting them on their own channels to profit from unauthorized views and ad revenue.\u201d<\/p>\n<p>Last week, a federal jury convicted a Cuban citizen and U.S. resident for <a href=\"https:\/\/www.justice.gov\/opa\/pr\/computer-programmer-convicted-helping-run-one-biggest-illegal-television-show-streaming\">operating the streaming service Jetflicks<\/a>, which the Department of Justice said contained \u201cone of the largest quantities of infringing works.\u201d<\/p>\n<p>Jetflicks was based in Las Vegas and claimed to have 183,285 television episodes, the DOJ said. The number of offered episodes far outstripped the costly-but-licensed streaming services. The report noted that illegal live-streaming events cut into revenue streams for licensed streamers.<\/p>\n<p>Morag said that organizations that wish to avoid illegal streaming or any other intrusions should run the stack with restricted IPs, strong authentication, HTTPs, and secure token management.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.5562310030395\">\n<div class=\"author-card\" readability=\"9\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/attackers-are-hijacking-jupyter-notebooks-to-host-illegal-champions-league-streams-1.jpg?w=640&ssl=1\" alt=\"Christian Vasquez\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Christian Vasquez<\/h4>\n<p> Christian covers industrial cybersecurity for CyberScoop News. He previously wrote for E&E News at POLITICO covering cybersecurity in the energy sector. Reach out: christian.vasquez at cyberscoop dot com <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/misconfigured-jupyter-notebooks-uefa-champions-league-streaming\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Attackers are hijacking Jupyter notebooks to host illegal Champions League<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3137,634,45,282,78,3138,1073,3139,256,288,3140],"tags":[3141,635,53,286,86,3142,1076,3143,262,294,3144],"class_list":["post-6303","post","type-post","status-publish","format-standard","hentry","category-champions-league","category-cloud","category-cloud-security","category-cybercrime","category-cybersecurity","category-jupyter","category-open-source","category-piracy","category-research","category-threats","category-uefa","tag-champions-league","tag-cloud","tag-cloud-security","tag-cybercrime","tag-cybersecurity","tag-jupyter","tag-open-source","tag-piracy","tag-research","tag-threats","tag-uefa"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/champions-league\/\" rel=\"category tag\">Champions League<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cloud\/\" rel=\"category tag\">Cloud<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cloud-security\/\" rel=\"category tag\">Cloud security<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/jupyter\/\" rel=\"category tag\">Jupyter<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/open-source\/\" rel=\"category tag\">open source<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/piracy\/\" rel=\"category tag\">piracy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uefa\/\" rel=\"category tag\">UEFA<\/a>","tag_info":"UEFA","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6303","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6303"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6303\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6303"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6303"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6303"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":6303,"date":"2024-11-19T08:00:00","date_gmt":"2024-11-19T14:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=82656"},"modified":"2024-11-19T08:00:00","modified_gmt":"2024-11-19T14:00:00","slug":"attackers-are-hijacking-jupyter-notebooks-to-host-illegal-champions-league-streams","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/11\/19\/attackers-are-hijacking-jupyter-notebooks-to-host-illegal-champions-league-streams\/","title":{"rendered":"Attackers are hijacking Jupyter notebooks to host illegal Champions League streams"},"content":{"rendered":"