Slashdot Mirror
Vivendi Universal vs. News Corporation
timbo_red writes: "According to a BBC story, NDS, a company 80% owned by Rupert Murdoch's News Corp is being sued by Canal+ for allegedly cracking their smart cards, which could have had a serious effect on ITV digital, the major UK competitor to Murdochs Sky digital in the UK pay TV market."
So it seems that Canal+ are alledging that NDS (which News Corp alledges operates independantly despite being 80$ owned by NC) cracked their smart cards and published the result online! Either something very sinister happened (but I can't see how this would benefit NC as it would simply provide digital TV service of the wrong kind to their potential customers also) or this is the act of one person (or a very small group) within NDS who were stupid enough to post the crack from a trackable IP. It would be nice to know more, anyone have any substantial links?
Never underestimate the dark side of the Source
A French subsidiary of a French multinational is suing a British subsidiary of an (Australian?) (British?) multinational in a U.S. court, over a conspiracy centered in London?
Is this some sort of Pythonic joke?
668: Neighbour of the Beast
So, according to the article, NDS spent "huge sums" cracking the codes. It seems to me, that if the codes were sound, it should have been mathematically impossible for them to crack it for any amount of money (short of an optical, or quantum computer, of course). And if they weren't, why did they need to spend so much money on it?
DeCSS didn't have any huge backing...
Not at all. The DMCA is US law, the companies involved here are European (with perhaps a dash of Australian).
-- Alastair
Better Article
Turns out the lawsuit is in California because it was NDS Americas Inc. that transmitted the details onto the Internet.
Remarkably, the article doesn't mention if the DMCA is being invoked. It probably won't be, because then it would be applied in the manner Congress actually meant, which would break the perfect record of the DMCA only being misused. Also, News Corp. and it's subsidiaries are quite capable of fighting a legal battle of almost any scope and duration. This would increase the risk of an actual court precedent against the DMCA. Once again, this would break the perfect record of the DMCA only being invoked against relatively powerless victims. The DMCA is far too powerful a tool for misuse for anyone to risk it's long and promising future.
Here in Morocco, Canal+ Horizons (the digital service for Morocco) shut down because of local piracy of FRENCH Canal+. (in French)
I think it has a lot to do with clever hackers and the Internet propagating stuff, and very little to do with some big corporation.
It may be, however, that someone working there just happened to be a pirate at the same time, since he'd have had access to hardware to help him to crack Canal+.
Conversion Rate Optimisation French / English consultant
Hong Kong Gets Smart ID Cards
As several posts pointed out in that thread, it is only a matter of time and equipment to crack smart cards. We should also be conserned with how this technology all seems to be heading in the direction of the mark of the beast. Can it really be that long until we have to have an implant of a smart chip like this to buy and sell anything?
Lawrence Lessig is my personal hero.
AFAIK is not "mathematically impossible" to break even the strongest crypto available. It is "computationally infeasable." I.e., it's mathematically possible (by factoring all the large primes that could have been used for the key, for instance), but you can't afford the time/money (mostly time) required.
"ITV Digital may be more popular than had been thought," a source close to the case told BBC News Online.
Hmm. ITV's premuim channels clearly make their money from subscription fees, so who cares if your service is popular with people who aren't willing to buy it? ITV's regular stations appear to have commercials, so maybe it wouldn't hurt them to drop their prices and encourage folks to watch them legally.
Except the mark isn't "666", it's "VISA."
From the story:
News Corp has said that NDS chiefs operate independent of the media giant.
Interesting way of putting it. They could have said something more along the lines of "We didn't know what they were up to". Now they merely say that they didn't interfere. So, does this mean that News Corp knew what NDS was doing? :-)
If you're a bit drunk and squint at *anything*, you can see porn. That's the wonder of being drunk.
Quick summary for US readers - Canal+ (the french cable TV channel) uses SECA encryption, which is also used by ITV Digital (formerly OnDigital), the UK's terrestrial digital provider. Terrestrial digital is basically digital TV transmitted over the airwaves.
:)
The choice of SECA was considered unwise when OnDigital selected it, as SECA was already at that point known to be broken. Naturally, pirate cards started circulating shortly afterwards. The smart cards now sell for as little as 10 pounds (about 15 dollars) and card programmers can be obtained for about three times that allowing people to keep up to date.
At the moment, the UK has an arms race between ITV Digital and the pirates. ITV Digital will start broadcasting "ECMs" which exploit weaknesses in the pirate cards to cause them to crash (so they can't display TV). The pirates promptly fix their cards and release the new version, at which point it starts over again. There are several competing pirate codes around, and new versions are being released almost weekly.
There is a rumour that ITV Digital are less diligent than they need to be in tracking down and killing pirate cards, as these cards increase their marketshare against that of Sky (Murdoch's satellite TV company, the dominant "extra" TV company in the UK). This would be a tactic reminiscent of the way that pirate installations of Windows / DOS made those operating systems the standard in the past - whether there's any truth in the rumours is obviously uncertain, however.
Anyone interested in more information should consider the newsgroups uk.tech.digital-tv and uk.tech.digital-tv.crypt, although be warned that those groups are infested with pirates, script kiddies and the usual crop of 14 year old flamers!
You're talking about the encryption on analog Canal+. This story is about the digital encryption (SECA) which you certainly can't beat by squinting.
:)
Although enough alcohol and eyestrain might induce pornographic hallucinations.
Whatever technology Canal+ placed on their smart cards, it would have been picked apart, prodded, poked, and eventually cracked and placed on the web regardless of funding from the big company.
In this situation, Canal+ actually has the advantage of being able to point the finger at the Big guy with the huge corporate pockets and get some payback for loss of revenue.
Good or bad? Who knows? Inevitable... definately.
Canal should count themselves lucky that they might get damages awarded by a court as opposed to what they'd get if it was joe schmoe locked in his basement who cracked the smart cards, as happened with most other smart card technologies.
I can see the motivations behind NDS wanting to know how the competition's smart cards work.. it's a simple matter of knowing what the other guy is up to. But placing it on the web was just dumb. I highly doubt this was a corporate decision. Most likely just some geek in the cube maze wanting to share the goods with friends. From what I can see in the article, they've refused to comment on the issue. Anyone have any info on where the decision to post it publicly came from?
Moral indignation is jealousy with a halo - H. G. Wells
When big boys like this start duking it out over greed based issues, and lets be honest thats what this is, the end is near, It woulda been more fun to see say sony vs disney or maybe someone else they dont already own :)
:)
Remerber when Ibm started trying to sue all the clone makers ? Or apple. Remeber when Sony sued over the betamax, or so on so forth.
I think what happens is greed reaches an apex, it cannot make money off going after the little guys distributing css, (it can try to limi it) but at some point it all falls like a house of cards when companies like this focus all their energies out of squeezing every last cent out of anyone for any reason , and in the process become a company for which litigation is their core business. V/Unv core business is supposed to be entertainment. I wouldnt know I have boycotted any materials, my small part in the struggle. But it seems no longer like a company interested in entertainment but more so litigation.
When companies like these start running around suing each other its often too late and they are only trying to salvage what they can, or make a stnd where they are, anyone know their current financials ? (the real ones please
Sig went tro...aahemmm.....fishing........
- Bugs in the code on the card. This is somewhat analogous to
buffer overflows and format string bugs in poorly written daemons like IIS,
UPNP, and BIND. Often the first thing that hackers will do with a new
smartcard is to explore its known instructions to try to find "read holes"
(which let you read the ROM or EEPROM) or "write holes" (which allow you to
modify the code on the card).
- Glitching. In order to circumvent the security on smart cards,
some hackers will buy a special device called a "glitcher" that momentarily
lowers the power supply voltage going to the card at just the right
time in order to get the CPU on the card to skip the desired
instruction. The result is that the security on the card can be bypassed.
In the case of DTV access cards, glitching is also used to "unloop" cards
that have been illegally modified and subsequently disabled by DTV's
electronic countermeasures.
- Replay attacks. Often a card may be convinced to accept ROM
updates by crafting an instruction packet that appears to be an authorized
update, but in fact has a forged signature on it. This is caused by the
use of weak mathematics such as IDEA and CBC, which have been almost fully
compromised.
- Communication logging. Often, critical data that passes between
a card and its peer can be observed and logged. This data can leak
important decryption keys, passwords, and data.
- Power use analysis. Hackers with access to expensive equipment
can observe how much power a smartcard uses while performing a given
operation, and can sometimes deduce decryption keys from this power trace
as a result of poor implementation of cryptographic algorithms.
- Insecure operating environments. Some smartcard designers
choose to implement things like Java or Lunix on their smartcards, which
have proven security vulnerabilities and cannot withstand a dedicated
attack.
The one thing that surprises me about this article is that NDS spent a million dollars on this research. Satellite hackers who want to steal DirecTV's signal do the same thing for free every day, and usually do a more thorough job of cracking the card. However, the one lesson to take from this is simple: smartcard security Just Doesn't Work(tm).Bill
"NDS spent huge sums cracking the code on Canal Plus smart cards, and handed the code to a website used by fraudsters, documents filed in a California court allege."
IF... they cracked any sort of code, that should be enough to subject them to the DMCA, unless there is some sort of jurisdictional issue at play. Nevertheless, if they do business in the U.S., then the DMCA would apply to them (ask Elcomsoft).
No, the actual crime would be in the US, according to the claims. The US division of the company is the one that purportedly gave out the hacks for ITV's smartcards. It would be a DMCA violation, if that is the case.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
I thought all TV in the UK was pay. I.e. the governement collected money for each TV you own so it could run the BBC.
Software sucks. Open Source sucks less.
No becuase NDS is owned by NewsCorp which is a US-based corporation. That's why they are suing in the US.
Well, more accurately they are suing in the United States because their web of interlocking companies in their conglomerate gives them the choice of pretty much any venue and the United States, as a company run (mostly) by lawyers, who pass and sign legislation designed to employ and empower more lawyers, which are in turn reviewed and interpreted by still more lawyers, is the most friendly nation to litigation of any sort on the entire planet.
Which of course means it comes as no surprise that we not only are the most litigious society on the planet, but everyone else in the world who wants to sue seems to prefer doing it here as well.
The Future of Human Evolution: Autonomy
The lawsuit was filed in California court.
This case underscores the global nature of society now, an issue further underscored by the Internet itself.
Really and truly, the idea of "jurisdiction" when it comes to "e-anything" is almost incomprehensible. I publish a web page here in California about barbecues and possibly break Indian law. I publish a (perfectly legal in the US) pro-nazi page with swastikas and break German law if Germans ever (god forbid) look at it.
In this kind of environment, "legal" falls to the least common denominator, whatever's left when everything illegal everywhere is removed. Not much of an argument for "free speech" since anything on the 'net is merely communication, after all.
Remember Dimitri?
At issue is that there is no international law (that the US will respect, anyway) and as a result of this deficiency, we see all kinds of craziness.
It's going to get worse before it gets better.(sigh)
I have no problem with your religion until you decide it's reason to deprive others of the truth.
The DMCA is so valuable that companies are now moving their lawsuits into US jurisdictions so it can be applied. Now we just have to set up enough concession stands around the court houses so we can actually profit from all the lawyers that flock to our judicial system to escape the injustices of individual rights found overseas.
Not that I condone this sort of activity. As my cable provider regularly reminds me: Theft of Cable Service is a Crime.
What do you mean they cut the power? How can they cut the power, man? They're animals!
Now that people have had the time to read the article and find that it claims California copyright violations, yes, the DMCA might very well be involved.
Spank you very much, crack smoking moderators.
Newscorp's actually an Australian company & a relatively old one at that.
Mind you Murdoch got US citizenship to buy Fox
And the suit is being pressed in a California court where the DMCA definitely applies. Read the article. And watch your mouth. Do you think using words like "asswipe" really helps make your point? Or do you think it just makes you look immature?
Have you noticed that people who use "immature" in this way are rarely over the age of 21?
Really. That's quite an astute observation. Would you care to enlighten me as to how you know the age of people who call others immature? It also in no way invalidates my point, which is that you talk in a way which makes you look immature. Very few adults I know use the word 'asswipe'. Quite a few use the word immature. Also note that I in no way implied that I knew how old you were, since of course there is no way for me to tell. I simply stated that you conduct yourself in a manner which makes you look immature. Which is true irrespective of your true age. Are you going to deny that you talk like a child? If you do so, are you going to call me names at the same time? If you do all that, could you please try to use the names "boogerhead" or "snotnose" to demonstrate your mental superiority?
For those interested "ECM" stands for Entitlement Control Message, it contains the control word (encryption key) used to unlock TV services.
The ECM itself is encrypted, which is where the smart card comes in, it decrypts the ECM and passes the control word it contains to the mpeg-2 decoder.
Australian? Join EFA
actually the truth is probably closer to some smart crypto expert working for NDS decided to see what he could do to crack the competitors encryption. He found that it was laughably (to him) easy and posted the results online. No conspiracy needed, just a geek scratching an itch and posting his findings =)
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I'm waiting for the RIAA to sue AOL/TW for DMCA violations.
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
Hey, whos squinting... come over here and sit on my lap, baby!
There is a website that has been set up by Canal+ here: http://www.actiononecanalplus.com/
Among other things it has a copy of the papers which show that C+ have filed under:
Complaint for Unfair Competition, Copyright Infringement, Violation of the Digital Millenium Copyright Act, Tortious Interference, Conspiracy and Violation of the Racketeer Influenced and Corrupt Organizations Act.
They are demanding a jury trial.