The piracy website “filmai.in” — whose domain is registered in Russia and whose data center locations are constantly changing — poses a threat not only to users’ personal data, but also to Lithuania’s national security, says Andrius Katinas, representative of the Radio and Television Commission of Lithuania (LRTK).

According to the State Security Department (VSD), data stolen through such websites may be exploited by cyber groups linked to hostile states targeting national institutions and strategically important companies.

Andrius Katinas, Head of the LRTK’s Market Participants Supervision Division, noted that the website’s domain has been registered in Russia for around five years. During that time, the administrators have repeatedly changed the locations of their data centers in an effort to conceal their illegal activities.

“Currently, the domain is registered in Russia, but the website relies not only on its domain name — it also operates through servers and data centers where the films are hosted. At the moment, the content is being hosted in Amsterdam,” he told ELTA.

“Over the past five years, ‘filmai.in’ has changed its data centers multiple times. According to the Commission’s calculations, this has already happened for the sixth time. The aim is to hide their digital ‘footprints.’ (...) Russia does not comply with European Union legal requirements or LRTK orders, which is why it remains an attractive jurisdiction for the website’s administrators,” A. Katinas added.

He also recalled that in 2021 a major data leak involving users of the illegally operating website took place. At the time, cybercriminals reportedly exposed the usernames, email addresses, and passwords of around 650,000 “filmai.in” users. According to A. Katinas, this data remains accessible on the dark web to this day.

“Although the data is several years old, it is still highly relevant because people rarely change their email addresses or passwords. For financial fraudsters, such information is extremely valuable, as it can serve as a starting point for illegal activities,” he said.

The LRTK representative warned that it may only be a matter of time before new user data from the piracy website is leaked again. He also emphasized that such piracy websites may contain malicious software capable of collecting user information without their knowledge.

“When the data of more than 500,000 users is leaked, this is no longer just a personal issue — it becomes a national security issue. At the LRTK, we view online copyright infringements, just like illegal IPTV operations, through the lens of cybersecurity,” said the Head of the LRTK Market Participants Supervision Division.

VSD: Personal Data Leaks Pose Risks to State Institutions

According to the State Security Department, personal data leaks pose risks to the security of state institutions and strategically important enterprises.

“Several dozen cyber activist groups linked to hostile states are operating against Lithuania and other Western countries. Data theft and publication are among the methods actively used by these groups, posing a threat not only to private individuals but also to the security of state institutions and strategically important companies,” the VSD said in its response to ELTA.

The Department also stressed that residents should carefully assess the websites they visit and where they provide their personal information.

“The State Security Department encourages residents to familiarize themselves with safe online practices and to enter personal data on websites only after verifying their security and ownership,” the VSD emphasized.

According to A. Katinas, the LRTK has currently blocked more than 600 domain names and over 7,000 IP addresses linked to illegal IPTV activities. He also noted that copyright infringements are often associated with the spread of disinformation, war propaganda, and hate speech.

ELTA reminds readers that in February this year, the LRTK announced that, following monitoring activities, it had established that the content of the website “filmai.in” and its related subdomains was accessible through an IP address network hosted by the Russian company “JSC IOT.” According to the LRTK, this infrastructure enabled the distribution of audiovisual programmes prohibited in Lithuania.

Text prepared by Karolina Navakauskaitė (ELTA).