Still More on News Corp. Hacking Charges

← Back to Stories (view on slashdot.org)

Still More on News Corp. Hacking Charges

Posted by michael on Wednesday October 9, 2002 @01:12AM from the as-the-world-turns dept.

Spike and others wrote in about this ongoing saga: subsidiary of Vivendi claims that a subsidiary of News Corporation cracked their satellite TV smart cards and posted for public download. (See our previous stories.) Two new stories from the Associated Press and Yahoo note that although the two companies are apparently dropping the original lawsuit (since News Corp. is making a large investment in Vivendi), Echostar is now claiming they were hacked too and the U.S. Justice Department is investigating possible criminal charges.

12 of 78 comments (clear)

Min score:

Reason:

Sort:

So they claim... by viper21 · 2002-10-09 01:19 · Score: 4, Insightful

But I can't see any reference to a shred of proof in these articles.

So why did I read them?

-S

--

We Apprentice Developers and Designers
1. Re:So they claim... by Angry+White+Guy · 2002-10-09 01:27 · Score: 5, Interesting
  
  The evidence that they are citing is the $40,000 stuffed in electrical equipment.
  Although this is pure speculation, having your technology leaked to the hackers, forcing an industry-wide upgrade to new technology which is leaked to the hackers, forcing... makes an interesting business model.
  
  --
  You think that I'm crazy, you should see this guy!
Isn't this breaking the DMCA? by suman28 · 2002-10-09 01:28 · Score: 4, Insightful

I am sure there are copyright issues here. So how come a large corporation is able to get away but Dmitri Skylarov is still in jail? It always seems to be one rule for corporations and another rule for everyone else and yet another rule for the government.
"Security" by phil+reed · 2002-10-09 01:30 · Score: 5, Interesting

It's interesting to note that DirecTV is in the process of sending out new smart cards for all of their satellite receivers nationwide. The letter announcing that fact cites "security", but it doesn't say whose security they are worried about. Unsophisticated DirecTV users will, of course, assume it's the user's security that's at stake.

--

...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
1. Re:"Security" by Angry+White+Guy · 2002-10-09 01:51 · Score: 5, Interesting
  
  Actually, it is for the users security. Not that someone is going to get their personal information or be able to track what they watch, but security of their investment. If anyone remembers the old pay-tv programs ON and IT, they remember that they went out of business because everyone was pirating their signal. Canada was a haven for home-brew on boxes. They filtered accross the border, everyone had them, and nobody was paying for them. Because it was a complete hardware solution, the company had to strike a balance between acceptable levels of piracy, cash flow, and cost to change the boxes of their subscribers.
  
  This is exactly what is going to happen to DirectTV, but they only have to send out new cards, not entire receivers. When piracy gets too high, they ship another card. It's much easier to ship a card, to have the user install it, and coordinate the effort. But once the piracy becomes rampant, then the legitimate subscribers will have lost their initial hardware investment.
  
  --
  You think that I'm crazy, you should see this guy!
2. Re:"Security" by elvum · 2002-10-09 02:00 · Score: 5, Insightful
  
  They're still twisting the English language to their own ends. They need to explain why users have to install their new cards, but "security" sounds so much friendlier than "to protect our revenue stream", despite the two being far from synonymous...
Corporate hacking by killmenow · 2002-10-09 01:57 · Score: 5, Funny

Frankly, I don't care if companies hack each other...so long as I benefit.
Interesting timing . by AftanGustur · 2002-10-09 01:59 · Score: 4, Insightful

It was only yesterday (*not kidding*) that one of the bigger Vivendi owned satellite TV (Canalsat) upgraded it's encryption system to "Seca2".
But I'm afraid the Seca2 system is DOA as it has already been cracked by Italian Crackers.

--
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Continuous update by Zeinfeld · 2002-10-09 02:14 · Score: 5, Interesting

An interesting feature of the satelite smartcard scene is that the protection schemes are designed with the knowledge they can be craked.
Ultimately no security scheme based on commodity hardware is secure against a determined attack. Even the clipper chip was broken. If the adversary has a scanning electron microscope available they are going to be able to reverse engineer the chip. Ross Andersson did a paper on this a while back.
The strategy the satellite companies use today is economic rather than purely technical. What they do is to design smart cards which are subject to progressive security flaws. They then send out different variations on the smart card to different customers.
The trick is that the pirate does not know which of the flaws matter and which do not. So if the pirate clones a particular card perfectly the satellite company can respond cheaply and effectively by just replacing the small number of cards that have been compromised.
If the pirate makes a more general attack the satelite co looks for any small difference between the cloned card and the genuine cards and programs a deactivation code to take advantage.
Most cloned cards are not perfect since the pirates are in competition with each other. It is better to get a cloned card out in 3 weeks than to wait a n extra couple of months and allow a competitor to steal the market.
The satelite cos generally wait until the pirates have sold a significant number of cards before sending out the deactivation codes. This discredits the pirates with more customers. If the customers learn that using a pirate card ends up costing them more than being honest in addition to being inconvenient they are more likely to turn honest. Another trick is to disable the cards right before big events.

--
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
dismay, delight, dismay by gosand · 2002-10-09 03:09 · Score: 5, Insightful

dismay: The title of the article says "hacking" when it means "cracking".
delight: The text of the article gets the term right, saying that their smart cards were "cracked".
dismay: The text then misuses the term again, saying Echostar was hacked.
Come on folks, if a site that supposedly is "news for nerds" can't get the term right, how is anyone else expected to?
(and don't give me the BS that hacking and cracking are the same thing)

--

My beliefs do not require that you agree with them.
1. Re:dismay, delight, dismay by trb · 2002-10-09 04:28 · Score: 4, Insightful
  
  The set of hackers and the set of crackers intersect. A person who breaks into a system is a cracker, but the act of breaking in, especially if it involves figuring out how to break in, is a hack as well as a crack. Hackers have been figuring out how to subvert security mechanisms for a long time, it's an interesting pursuit.
  I think of it this way - solving a crossword puzzle is like hacking. Copying someone else's solution to a crossword puzzle is like cracking.
ahh simpsons by Jonny+Ringo · 2002-10-09 03:49 · Score: 5, Funny

Homer:Well I just bought some shares of News Corp.
Lisa: Dad that's fox!
Homer: Sell! Sell!