TLDR; I hacked Winamp and their shoutcast services, I hacked set-top-boxes and negotiated multi-million-dollar deals - it all ended with a bang.

In the last few months of leaving a very shitty job overseas I realised that I missed watching British and US TV shows, at the time there were only a few good English speaking channels in Bulgaria - and by that I mean the best on offer was the Discovery channel. A light switched on in my hacker-brain and I figured the internet could help with this dilemma and this was right around the time that ShoutCast by Winamp was taking off.

The idea was that Winamp wanted individuals to host and stream their own content from their computers, perhaps even setup a radio station or two - and to help with the discovery of this streaming content you could browse the channels from within Winamp. As you can imagine, this rapidly became a very popular way to distribute pr0n and other nefarious content, as well as those few decent individuals streaming their own legitimate content - it was all a bit sketchy, but very popular.

That's where my and my friend Dustin come in, I had found Dustin via ShoutCast, he already ran a moderately popular service and I offered to do some freelance programming for him to help automate his solution, I wasn't expecting anything in return except some free TV content to pass the time. We got talking and arranged to meetup in the UK from there our plan was to go around the UK visiting some of the bigger contributers to Dustins company and maybe persuade them to join us in improving the service and taking it "to the next level".

We hadn't thought anything through.

When I met Dustin at Manchester airport, he wasn't what I was expecting at all - I was expecting some withdrawn scrawny Bill Gates character - instead he was an Eric Balfour lookalike who was currently serving with the US Military in Germany, he'd recently just got divorced at the age of 21. It was a largely an uneventful trip but it did involve a significant amount drinking and sharing some good stories.

When it was time for us both to sober up and go back to our day jobs, Dustin said he was looking for a cofounder and just immediately gave me half of the business - that suited me pretty fine. Looking back on it all now I think Dustin just needed someone to help him through a growth period.

A few weeks later I'd quit my job and I was due to move temporarily into has army barracks at Kitzingen, Germany.

As soon as I got there, my eyes were opened to army life - it really is another world - it was a nice experience travelling through Germany, but a totally different experience stepping onto US soil in Germany. The rules regarding visitors had been tightened up since 9/11 and I had to go through a fairly long process to be approved as a visitor. Dustin later advised me that visitors were only allowed on base until 11pm - so I knew that for me to live there as Dustin had planned was going to be problematic. In fact the base commander took a serious dislike to me and ended up raiding our barracks with 4 or 5 guys exploding into our room with dogs at 3AM. It was eventful. Dustin had to kiss some serious butt to keep the arrangement going.

So me and Dustin toyed with some ideas about how to make the service more popular, i.e: how to get more subscribers. It seemed to me that these listings in Winamp were the primary way to inform people of our service - and we could only really appeal to Winamp users since only they could play our content. The obvious route to get more exposure was to add more Shoutcast servers, but each one would take up a significant amount of resources in hardware and bandwidth. And all that costs money, which neither of us wanted to do. I decided to try and reverse-engineer the Shoutcast service and protocol to see if it could in some way be hacked, which was actually a major headache at the time because it was a very proprietary protocol with only some documentation written by community members.

Sure enough, with enough dilligence (and WireShark) I discovered some useful information about ShoutCast:

• It would send the first 1024 bytes of any streaming data to AOL's servers (AOL owns Winamp)
• Along with that would be some metadata (how many people, the title of the TV show, the company name, how many available slots on the server, etc...)
• It would do this every fifteen minutes with a smaller request (just metadata)

I captured it and spent the next few days forging requests to AOL's servers, the message was only very small, probably so that it didn't take up too much downstream bandwidth to AOL. Which worked out fine because it meant that we didn't need any additional servers and costs could be kept to a minimum.

I setup about 300 of these channels from my laptop and flooded the Shoutcast listings with our content, it advertised our content well... really well.

Business tripled in four days.

Looking back on it now, I think it was an immoral thing to do - the whole reason Winamp created that service was to encourage community driven content and personal broadcasting, a lot like what Grooveshark is doing now. And we basically abused that. I guess I was young and technically focussed - I was very hungry to grow the business and didn't even think of it being immoral. A friend had once said to me that it's easier to break the rules and ask for forgiveness than it is to ask for permission up front.

We were on our way to Wurzburg Army Barracks for some celebratory Subway when Dustin was notified of something alarming - the streams had been shut off - Winamp were onto us. Panicked, we returned home and I pulled the plug on the laptop to stop the repeated failing requests. Still stunned, and facing the prospect of having no way to advertise our business we were clueless what to do next. So I plugged the laptop back in and fired it up again to analyse the problem further. I fired up WireShark and begun monitoring the streams, only there was no problem - we were back up to 300 streams immediately.

It transpired that my laptop had been issued an IP address by DHCP and when I had re-connected it I had gotten a new IP, and all Winamp had done was block the old IP. Problem solved. So it became a game of cat-and-mouse between me and Winamp - whenever they blocked us, I'd just unplug... and plug it back in. Rinse and repeat.

I would later find out that the original ShoutCast protocol was devised in 1998 and no-one at AOL wanted to touch it to make it more foolproof.

This went on for two or three days until Dustin received a call - it went like this:

DUSTIN: Hi

WINAMP: Hello, is that the owner of ###?

DUSTIN: Yes, one of the owners, I have Matt right here

WINAMP: Hi guys, this is ### from the Winamp team at AOL. Are you aware that your currently flooding our ShoutCast service?

DUSTIN: Yes...

WINAMP: ... can you stop?

DUSTIN: We could if we wanted to

WINAMP: You know you're violating our terms of service

DUSTIN: No, are we? So what?

WINAMP: Guys, listen, you have to stop - if you don't stop we'll be forced to go down a legal route

DUSTIN: OK

WINAMP: OK!?

I don't think the Winamp team were very happy with what we were doing. Me and Dustin talked it over and arrived at the conclusion that if Winamp were going to do their worst, they would already have done it by now - but they're probably already working on a way to shut us down for good.

For me, I'm glad I had a co-founder at this point in time - if you have a scare as a solo-founder it can be tempting to back down - but sometimes what you need is someone to say "Don't worry let's carry on".

I soon automated the disconnecting and reconnecting process, and we bought a server with a bunch of IP addresses and hosted it on there - every few months we might change hosting provider just to keep AOL guessing.

We had learnt a hard lesson by gaming Winamp and we were realising that Winamp was losing popularity to other media players that had taken a slice of the market share. So we began to re-encode our content for display on the web (MP4), offered an on-demand option, and changed our marketing strategy. Our business had turned a corner and we were lowering the barrier to entry all the time, which resulted in more subscribers.

By all accounts our website and our content was highly illegal, we had 300 TV shows with full seasons for each one, and we could usually push freshly aired content out to our customers within ten minutes of it broadcasting on live TV - we also had HD versions of all our content.

Our plan now was to legitimise the business - the part where we ask for forgiveness. If we could work with an actual content provider, then we both agreed that we'd be willing to take a hit on the profits and it would open us up to VC funding to help us expand to other content providers. Even looking back on it now I still don't think that's a bad plan.

I was also working with hardware manufacturers to spec out a set-top-box that could stream our content in HD to a consumers TV, this was 2005 and the H264 codec was still pretty new. It would require some expensive hardware to decode our content but we found some willing manufacturers and started working with some sample products, were looking at a pricepoint of around $150 to the consumer, maybe less. We thought it would put us in a really good position to VC's if we had this kind of equipment already thought out, and we could potentially branch out into doing some consulting for some big media companies if we could build a few prototypes. We got a few sample boxes and I started hacking on them to turn them into basically a web-browser with a video decoder, it worked surprisingly well.

Later on in life I would take this technology to Deutsche Telekom (they own T-Mobile) and a few other German media companies to help implement their own IPTV strategies.

I was also in negotiations with ICOA, a company which provided WiFi to some fairly major airports as well restaurants and sports complexes all over the world. They were very interested in having our content on their homepage when users logged onto their WiFi - of course it would be at a fee to the consumer. This deal was worth millions and that was just for a trial run.

At this point, things were looking pretty rosy, the business was making a substantial amount of money and having moved from Germany to the US, we were prospecting other cities around the world we'd like to move to.

The last peice of the puzzle was getting approval from a major content owner (FOX) and their affiliated networks. We were in talks with an executive, I totally forget his name, we had to explain what we were doing multiple times - he didn't really understand it but he did understand that we had money, subscribers and some illegal content. His terms with us were pretty simple - he wanted 100% of the money and in return he would be so kind as to not call the cops on us. We called a few times in case he didn't some time to digest the fact that what he was proposing was unrealistic. It always went pretty much the same way.

We moved onto some other smaller content owners and they struggled more with the concept than the executive from Fox. None of them were helpful, and all of them seemed completely confused. If you've ever had to call a media company before you might know how difficult it is to reach anyone with any decision making ability, or even reach someone with the ability to form coherent sentences.

It turned out that we would fall at the last hurdle, despite all the promising contracts and a strong subscriber base we just couldn't seem to get a major content owner on board. A few weeks passed, and things stagnated a little - until one day we received a letter, a cease-and-desist letter from the MPAA. The MPAA are an aggressively letigious group of media companies who only seem to exist for the purposes of frightening the hell out of people, most of the money the earn from sueing people stays in their pockets and only a small fraction makes it back to the content owners. They also have an international reach having pressured Swedish police into raiding the Pirate Bays servers, so we had good reason to be scared.

I was faced with a choice, shut it down or stay illegal.

In the end, I gave my half of the company back to Dustin and returned to the UK. It was an exhilerating and fun time but it was time to move on - I often wonder if we could have been where Netflix is now - but I doubt it, we focused on TV shows whereas their focus was movies.

Most content owners and TV networks have been slow to move with the speed of the internet. I think only in the past few years have they started to realise that international airing of content at the same time and low barriers to entry are what people want. I really beleive that if they adopted that strategy then piracy would be almost non-existent and would cost the big media companies a lot less than having the MPAA as their attack dog.

Despite all of this, I class this as a successful startup, there was no real exit but we did make money, we did learn valuable lessons and made some good friends along the way. Also, it's still running today.