A Danish music industry executive has been sentenced to eighteen months in prison after what appears to be the first publicly reported example of “industry insider” streaming fraud.
The case is also - as far as we know - possibly the first criminal prosecution of music streaming fraud resulting in a prison sentence. While there have been a number of successful prosecutions relating to streaming fraud of video - and in particular pay TV sports - these have generally been people reselling subscription TV services at scale, rather than fraud related to stream manipulation.
The man who has been prosecuted - who is as yet unnamed, but whose identity has been confirmed to CMU by sources - is a Danish music executive with a “long career” in the music business. Danish media are not naming the man - apparently while the case goes to appeal - and, while his identity is an open secret in the Danish industry, there seems to be an agreement that until all legal options are exhausted he should not be named, so we will refer to him as “NN” - nomen nescio.
The case is remarkable for three reasons: first, the perpetrator NN is an “industry insider” who apparently used his knowledge and connections to game the system, generating several millions of danish kroner in royalties. Second, the case involved taking legitimate music owned by legitimate artists - who were not parties in the fraud - and altering it slightly, releasing it under different names. Third, the duration of the fraud, which was apparently committed over a six year period.
Here is what we know from court reports and other sources. NN is a long time executive who, for some time, worked providing distribution services, including to a specific Danish label.
His long term but apparently unsophisticated fraud was seemingly discovered by accident when a member of folk group Trias discovered one of the band’s own tracks on streaming service Tidal, with an altered tempo and shorter run time. Another artist discovered that his music had been released under a different name, and contacted NN to query this.
The Danish Rights Alliance became aware of the case in 2017, after being contacted about unusual streaming activity on a number of platforms, and then conducted its own investigation before contacting Spotify.
According to Danish music and culture website Gaffa, the perpetrator created 69 different subscriber accounts on streaming services to stream 689 different songs - apparently via playlists. Thomas Heldrup, Head Of Content Protection And Enforcement at the Rights Alliance, told Gaffa “Some tracks went from 0 to 8000 plays in one or two days from a very small number of users”. In evidence heard in court NN admitted that streams came from user accounts that he had created.
Breaking down the numbers behind the Danish streaming fraud
Evidence provided to the Rights Alliance by Spotify apparently shows that a single user played the same playlist nearly 600 times per day over three days. Wired reports that over one week “244 music tracks were listened to 5.5 million times, with 20 accounts responsible for the majority of streams”. However, this means that each of those accounts would need to have generated around 39,000 streams each day. That’s around 1600 streams an hour or about 27 every minute. Gaffa reports this as “20 users played around 36,000 tracks in a week” and “during one week in 2016, around 36,000 plays were made”.
Without knowing exactly what evidence was presented in court, it’s hard to know precisely what happened. However, if the evidence really was that 20 accounts generated 5.5 million streams in a week, then there’s possibly a lot more to this than meets the eye. Or, perhaps, this is something that has - quite literally - been lost in translation.
When the case initially went to court, it was reported that part of the prosecution was the confiscation of DKK 4,278,323 - around £500k - representing the fraudulently obtained royalties.
Over six years, that’s an average of around £7000 a month. With an apparent 69 accounts across at least four platforms - Spotify, Apple Music, Tidal and Yousee Music, a local Danish “quadruple play” operator - this may actually represent a relatively modest number of streams each month.
As a very blunt rule of thumb, it could take as little as 1.5 million streams each month to hit this sort of threshold. Spread across 69 accounts, that would be around 700 - 750 streams per account per day, or around 29 streams per account per hour. That feels much more realistic.
Commenting on the ruling, Maria Fredenslund of the Danish Rights Alliance said “We are pleased that the court has affirmed that streaming fraud is deeply criminal and serious. It’s a historic verdict that sends a strong signal about the severity of stream manipulation challenges”
Jakob Huttel, legal chief at Danish collecting society Koda, adds, “We are pleased with the verdict in the case, as we see it as an important step in the fight against fraud and stream manipulation in the music industry. It’s not just immoral, but blatantly unfair to manipulate payments that should rightfully go to dedicated and hardworking music creators”.
The wider problems of stream manipulation and streaming fraud
As the industry continues to discuss the problem of streaming fraud and stream manipulation, attention has focused on either creator-orchestrated manipulation or industrial scale manipulation. In both situations bot farms are used to increase streaming activity on particular tracks - and often on specific platforms - usually, but not always, with the intention to make money.
Those bot farms are either owned and operated by the beneficiaries of the stream manipulation, or are operated by third parties that offer “stream manipulation as a service”, where people can buy “genuine streams” on various platforms by the thousand.
These “fake streams as a service” providers often position themselves as delivering “organic growth” for tracks on streaming platforms, pitching the fraudulent stream manipulation they offer as helping drive visibility. Part of the pitch is often that buying a few thousand streams will help “trigger” the algorithm and “boost” a track.
Of course, those promises are as fake as the streams the services are delivering - whatever promises of “authenticity” they make.
However, sources who have spoken to CMU in recent months have indicated that this is in fact the tip of the iceberg and most streaming fraud is simply designed to extract money from the royalty pool at scale and the “creator-instigated” fraud is a tiny fraction of the problem.
The key thing is that the bot farms in question are not always as unsophisticated as a bunch of mobile phones running stream apps, cranking through playlists on repeat. As the ‘whack-a-mole’ process of identifying and eliminating streaming fraud and manipulation becomes more sophisticated, the “black hat” perpetrators also become more sophisticated. And, as is often the case, they remain at least one step ahead of the “white hat” teams tasked with stamping out the fraud.
The “hairworm” streaming fraud
Sources who have spoken to CMU recently have identified a growing trend of “account hijack” and “man in the middle” streaming fraud, described by one source as the “hairworm” manipulation. Hairworms are parasites that infect crickets and hijack their nervous systems to make them do their bidding.
In the context of streaming fraud, hackers are obtaining account credentials for legitimate streaming users - either by phishing or “man in the middle” hijacks of poorly secured home routers - and then using those account credentials to direct streams towards tracks. This makes it harder - but by no means impossible - to filter out the “hairworm” streams vs genuine streams coming from the streaming account owner.
“Insider” fraud
Well placed sources across the industry have previously confirmed to CMU that there is also an issue - though, again, much smaller in scale - with “insider fraud”, where people in labels or other participants in the value chain engage in stream manipulation to get contracts, pass probation periods in jobs, win bonuses, or inflate catalogue revenues in the run up to a sale.
In one particularly egregious example that CMU became aware of, a small distributor was alerted to industrial scale stream manipulation being executed via its platform and then apparently tried to cut a deal with the fraudsters, offering to protect their music in return for a cut of the proceeds. That distributor - thankfully - is no longer trading.