Slashdot Mirror
Murdoch's Hacker Speaks Out
This article from a Swiss newspaper recounts the appearance of Christopher Tarnovsky at the European Black Hat conference (link is to a Google translation of the French original). Next month Tarnovsky will testify in a lawsuit brought by a maker of satellite TV encryption systems (Kudeslki) against an Israeli company (NDS), for whom Tarnovsky worked until recently. (NDS is owned by Rupert Murdoch's News Corp.) While with NDS, Tarnovsky cracked Kudeslki's crypto, but claims he didn't post the result on the open Net. His responses to audience questions are amusing, in particular when someone from Microsoft asks him about breaking the Xbox 360 console. Tarnovsky replies (in the translation): "I have been offered 100,000 dollars for the break, but I replied that it was not enough."
For those interested, his companies blog is http://www.flylogic.net/blog/ Pretty interesting stuff...
Damn... no comment yet. Now i really have to actually read the article.
in their set-top boxes in the EU/UK but they wont reveal the source code (try google'ing it or looking at their site you wont find it),
probably because you could decrypt the encryption on the Satellite stream,
shame that some companies (like murdochs) see Linux as free meal ticket and refuse to contribute anything back
still a GPL violation has never bothered billion dollar companies before, "i got mine screw you" seems to be the mantra of businesss/society thesedays
http://osdir.com/ml/encryption.general/2002-06/msg00009.html
Tarnovsky was in cahoots with another pair of hackers and when they turned state's evidence, one of them had a very unfortunate accident that left him dead.
Tarnovsky no doubt wants to get his profile as high as possible to make it more difficult to have an unfortunate accident himself.
Not for nothing, NDS comes from the same country that developed Kra Maga, a very vicious martial art based wholly on Cobra Kai's slogan.
I can break any door with a sledgehammer and an ax. Because I exercise regularly. But I does not mean I should or would.
Kudelski not Kudeslki.. :|
Who needs this guy to break an Xbox, from what I've experienced, they're quite capable of breaking themselves.
Hell is other people - Jean-Paul Sartre
even a lolcat wouldn't rely on security by obscurity
[site]
.. this was an interview with mr. Tartakovsky instead
Interesting.. so AIUI all the CA (conditional access) vendors routinely break each others' systems. That's not surprising in itself (I'll admit to having learned a fair bit from reverse engineering other peoples' code). It does seem a tad unethical though, especially the alleged release of the code. I wonder if the code release was a decision made by upper management at NDS / News Corp (and it wouldn't surprise me in the least if that turned out to be the case). From the outside, this looks a lot like a protection racket... "Buy our system, because it would be an awful shame if your revenue stream were to be... terminated"
The trial begins April 8 2008 , details on Pacer 8:2003cv00950
Most info on this trials documents has been sealed or blacked out like a UFO conspiracy
mostly to protect the outlandish claims of Echostar and their consultants from public
embarassment
Its all lies and soon the trial will reveal everything, this lawsuit loss and the 100 million or so they
owe Tivo after losing that lawsuit will be the final nail in Echostar's coffin.
JJ Gee enjoy your retirement.
All of these boutique conditional access companies (NDS, Nagra/Kudelski, Irdeto, Conax, etc.) have a big stake in developing their own unique flavors of crypto and security to avoid payment of royalties to various providers of security IP. Some examples are Certicom for elliptic curve public key and digital signature, Cryptographic Research Inc. for smart card differential power analysis. The truth is that there are only so many ways to accomplish what they're tasked to do, and the trade secret route is used as much as the patent route where they would not disclose key secrets. Yeah, security by obscurity is wrong, but they even have ways to fight this type of reverse engineering. Custom secure execution environments as found in Irdeto Secure Silicon, Nagra On-Chip Security, and NDS Trusted Secure Kernel are probably running very customized code and OS. Most of the non-secure part of the code is still Linux, but I doubt they even want that released just because the hooks may provide hints at attack vectors.
These conditional access companies are also going through extensive background and security checks of anyone working with the implementation of their systems, as well as hiding multiple root keys/certs in obscenely secure environments such as mountain vaults. Frankly, I don't blame them on this part since inside jobs have killed these guys in the past (AVR anyone?), but they'll also go through the trouble of de-capping and de-layering chips to find the secrets.
Ultimately, I have a strong feeling that the code may provide hints to either their proprietary system of security or what crypto they're using that would open them up to legal action. Consider that these guys would rather go up against a non-profit entity like the FSF as opposed to a more well-funded commercial company and will continue to take the risk. Then again, even the well-funded companies need tens of millions to reverse engineer these solutions, so why bother helping them out?
"Kudelski will lose their case", states the man who pirated their chip cards
Image legend:
Christopher Tarnovsky: "Why would I have published these codes on the net for free? I am not stupid, and I never had the intention of taking that risk."
Main text:
PAID ACCESS SYSTEMS. A key witness in the court case opposing the Swiss group against the media giant News Corporation was passing by in Amsterdam, attending a conference on computer piracy. We met him.
François Pilet, Amsterdam
Saturday, March 29 2008
The audience is glued to the lips of Christopher Tarnovsky. In front of a podium of hackers and security specialists - with an average age of 25 - the self-taught electronics specialist revealed the techniques that allow him to break open chip cards that block access to pay TV chains in the whole world.
The scene takes place in the Mövenpick hotel in Amsterdam, where the European edition of the Black Hat conference was held Thursday and Friday last week. This is one of the prime professional meetings dedicated to computer piracy. Among the twenty or so speakers invited to this big get-together, Christoper Tarnovsky talked for more than one and a half hour in the "Lausanne" room - a sign of destiny (Tr. note: Lausanne is a Swiss city close to the headquarters of the Kudelski Group).
Employed by NDS
The 39 year old American is accused of having been recruited in 1999 by the Israeli company NDS, a competitor of Kudelski, to break the security codes of Canal+ (French Pay TV) and publish them on the Internet, and to have repeated the operation, to the detriment of the Swiss group and its clients. The publication of these codes allowed hundreds of thousands of savvy users to access encrypted TV channels without paying the subscription fees.
The American satellite TV company Echostar also uses Kudelski cards to protect their content. They confirmed having lost hundreds of millions of US dollars due to these pirate activities and demand one billion US$ of damages from NDS, a subsidiary of the media group News Corp.
This April, Christopher Tarnovsky will take the witness stand in a California court in defense of NDS, his employer for ten years following 1997. According to him, Kudelski and Echostar have wholly invented the conspiracy they claim having been victim of in order to mask the weakness of their encryption.
In his eyes, the case against NDS is nothing short of an extortion attempt. "Sure, I've broken the cards of Kudelski", he annoyedly states. "I was paid by NDS to do it. This is an activity that all companies in the trade do. But why would I have published these codes on the Net for free? I am not stupid, and I never had the intention of taking that risk."
Having become an awkward asset, Tarnowsky is no longer employed by the group since a year. He started his own company, Flylogic, through which he offers his know-how to electronics manufacturers, to test the resistance of new products to pirate attacks before they are launched.
Christoper Tarnovsky details the general weakness of systems based on certain chips designed by a handful of companies like Motorola and Infinenon (sic), systems used in products as divers as garage door remotes, car alarm systems and TV decoders.
"Unbreakable? That's wrong!"
"The manufacturers of semiconductors claim that their chips are unbreakable. The companies integrating them into their products trust the specifications they obtain. They believe that their secrets will be well kept. That is wrong, of course."
He showed pictures of his laboratory, set up with second-hand equipment worth a couple of thousand dollars. The centerpiece is a powerful Zeiss microscope to access the heart of the chip, where the precious codes are hidden. Successive layers of silicone are peeled away, using acids and lasers.
The engineer then explains how he takes over control of the card by short-circuiting one by one its protections with long microscopic needles. It takes a few minutes fo
http://www.kudelski.com/
What a bunch of illiterate slashbots.
Doesnt sound so absurd if you playa thizzay Googles algorithm is based solely on stochastic measures, witout applyn too much linguistics n shit. Like, dictionizzles like old skoo` shiznit . One, two three and to tha four. They sure as hizzy hizzy one, but its probably only anotha weight in a complex system.
:-P (beware of bizzle sarcasm) . Death row 187 4 life.
Unfortunatizzles thats tha only link I could find regardn thiznat 2005 contest which Google won . Yizouse a flea n Im tha big dogg. Theyre probably still tha best... http://www.astahost.com/googles-translatizzles [astahost.com]
Thizzles a problem wit tha linguistics in computatizzles linguistics:
"Every tizzle I fire a linguist, tha recognizzle rate goes up!" -- Jelinek, IBM 1988
Unfortunatizzles still true.
Of course, tha linguist wizzle tizzle you "theres a problem wit tha computatizzles in computatizzle linguistics". Nevermind thizzat linguist in tha hood . Keep'n it gangsta dogg. Hes probably wriznong
Tonka trucks are made of plastic nowadays.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Please note: Kudelski is the company that developed Nagravision (and please spell it correctly).
Nagravision is what "secures" DISH Network, Bell Open Vu, and a large number of smaller satellite-delivered television properties.
NDS is owned by the same company that owned DirecTV at the time of the Nagravision breach.
The story is predictable.
Kriston
Well figuring that there are 17 million xbox 360's in the world (give or take I believe) lets say 1% of them install a modchip, assuming it costs 50$ to manufacture them (this is most likely ridiculously high) I bet you can charge 100$ for the chip that runs the program he writes if it lets you play on live guaranteed forever (current chips run 60$ and you have a solid chance of being banned).
Which is what I assume this quote is referring to. Additionally keep in mind that every app pen test researcher out there working for a consulting company gets 200-250$/hr even if they are 1 week out of college. So that 100k only pays for 10 weeks of work, nothing on a project of this scope.
Ok so for the 100k the company gets a cheap they can sell at a profit margin of 50$ for 170k customers. Which gets them 8.5 million dollars (I think this is a conservative number but what do I know.).
I would agree with his decision.
At this site you can read some more in-dept info about the recent Nagravision hacks. http://ufs910.hdtvinfo.eu/content/view/77/1/