Operazione Tutto Chiaro hit more than 100 sites across Italy, France, and Germany, targeting a system that rebroadcast legitimate subscription codes every three minutes.
Italy’s Guardia di Finanza said on Friday it had dismantled an audiovisual piracy operation that streamed paid content from Sky, DAZN, Netflix, Disney+, and Spotify to thousands of subscribers using an app called CINEMAGOAL.
Officers carried out more than 100 searches and seizures across Italy on Thursday, with parallel actions in France and Germany coordinated through Eurojust.
The investigation was directed by the Bologna prosecutor’s office and led by the Ravenna unit of the financial police.
What investigators describe is unusual enough to warrant attention. CINEMAGOAL did not stream from an unauthorised library in the conventional sense.
Installed on a customer’s device, the app reached out to a foreign server and decrypted live audiovisual content using the credentials of legitimate subscriptions held by fictitious account holders.
Virtual machines positioned on Italian territory captured the active subscription codes every three minutes and relayed them, almost in real time, to paying users. The end product, in effect, was a clean signal pulled from a legal account whose registered name nobody had ever met.
The Guardia di Finanza says the architecture was specifically designed to evade detection. Because each end-user was decrypting content through the foreign server rather than connecting directly to a streaming platform, no traceable IP address was tied to the viewing session. That feature was, by police account, the main thing the resellers advertised to prospective customers.
Distribution was handled by more than seventy people across Italy, who sold annual subscriptions priced between €40 and €130 depending on the package, taking payment in cryptocurrency or through foreign and fictitiously held accounts.
They retained a cut and passed the rest up the chain to the organisers, in the familiar arithmetic of a tiered reseller network.
To seize the foreign servers that held the decryption data and the application’s source code, the prosecutor’s office turned to Eurojust to coordinate the simultaneous operations in France and Germany. About 200 finanzieri were deployed across the Italian raids alone, according to the Ravenna unit.
Investigators also flagged that the same network was running the more familiar pezzotto form of pirate IPTV in parallel, suggesting CINEMAGOAL was one product line inside a wider operation rather than a standalone scheme.
In a first estimate compiled with the affected platforms, the Guardia di Finanza put the damage from uncollected subscription rights at around €300 million. Investigators caution that the figure is provisional and will be revised as the seized material is analysed.
The first 1,000 subscribers traced through the investigation are being issued administrative fines ranging from €154 to €5,000, with more names expected to follow.
The charges under investigation are audiovisual piracy, unauthorised access to computer systems, and computer fraud. The case is at the preliminary investigation stage, and the GdF noted that any criminal responsibility will only be established by a final conviction.
Italy has spent the past two years running successive crackdowns against pirate IPTV, much of it organised around the AGCOM-administered Piracy Shield blocking system pushed by Serie A and the major broadcasters.
Tutto Chiaro suggests the next wave of evasion has already moved past blunt geoblocking. Rather than mirror a stolen feed, CINEMAGOAL hid inside the platforms’ own access controls.
European piracy figures have been creeping upward as streaming bills stack up, and the technical sophistication of what police seized this week makes it less surprising that the supply side keeps finding ways to meet that demand.
Get the TNW newsletter
Get the most important tech news in your inbox each week.