Slashdot Mirror

← Back to Stories (view on slashdot.org)

Murdoch's Hacker Speaks Out

Posted by kdawson on from the all-for-pay dept.

This article from a Swiss newspaper recounts the appearance of Christopher Tarnovsky at the European Black Hat conference (link is to a Google translation of the French original). Next month Tarnovsky will testify in a lawsuit brought by a maker of satellite TV encryption systems (Kudeslki) against an Israeli company (NDS), for whom Tarnovsky worked until recently. (NDS is owned by Rupert Murdoch's News Corp.) While with NDS, Tarnovsky cracked Kudeslki's crypto, but claims he didn't post the result on the open Net. His responses to audience questions are amusing, in particular when someone from Microsoft asks him about breaking the Xbox 360 console. Tarnovsky replies (in the translation): "I have been offered 100,000 dollars for the break, but I replied that it was not enough."

12 of 86 comments (clear)

  1. Reverse engineering genious by Anonymous Coward · · Score: 5, Informative

    For those interested, his companies blog is http://www.flylogic.net/blog/ Pretty interesting stuff...

    1. Re:Reverse engineering genious by dascritch · · Score: 5, Informative

      For more comprehension about the story : Canal+ (main pay-channel in France, and very big group in pay sat tv) accused Murdoch to have helped hacking its signal. It was during the commercial aggressive war between TelePiu (Canal+ in Italy), Canal+España, Premiere and other subsets agains BskyB and other Murdoch's companies

      --
      (Sorry my bad French) Je fais parler les Guignols de l'Info. Le pied, quoi.
    2. Re:Reverse engineering genious by dascritch · · Score: 3, Informative

      Oh... Just one thing : European countries are very small, and Movies/Sport rights are sold by countries. That means that if you want BskyB in France, you can't except by a portage via an UK address. Or if you are living in North Africa (french-speaking), you can't have Canal Satellite (Canal + sat tv operation), but a stripped down for Africa market... If there is a distribution system in your country (By example, Algeria during its troubled 1990s, was a big pirated viaccess "consumer").

      --
      (Sorry my bad French) Je fais parler les Guignols de l'Info. Le pied, quoi.
    3. Re:Reverse engineering genious by blowdart · · Score: 3, Informative

      Well partly satellite footprints take care of this, but no, it's not illegal because broadcasters purchase rights per country, and it would be illegal for them to allow viewing outside of that country. Indeed there's an entire directive, 93/83/EEC over this. Copyright and licensing trump the free movement of goods.

  2. Sky TV uses Linux by Anonymous Coward · · Score: 5, Informative


    in their set-top boxes in the EU/UK but they wont reveal the source code (try google'ing it or looking at their site you wont find it),
    probably because you could decrypt the encryption on the Satellite stream,
    shame that some companies (like murdochs) see Linux as free meal ticket and refuse to contribute anything back

    still a GPL violation has never bothered billion dollar companies before, "i got mine screw you" seems to be the mantra of businesss/society thesedays

    1. Re:Sky TV uses Linux by Computershack · · Score: 5, Informative

      If you can break the encryption by looking at the code, then they are doing it wrong.
      The formula is not important and a good encryption algorithm should be free.

      The key used is the protected part and should not be a part of the source code. You can't break it by looking at the source code because the key is stored on a smart card which itself is then encrypted by hardware built into the card and in addition is tied to the serial number of the Sky card and the serial number of the box. It's not as simple as being able to read a PIC 16C84 and program a homebrew card anymore. Nobody has managed to break this in several years as we're still on the same generation of smart card because Sky were renown for issuing new editions once the old one has been cracked and we've not had new ones for years. They've obviously found a very successful way of safeguarding their service. If someone has found a crack they've kept very quiet about it.
      --
      I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
    2. Re:Sky TV uses Linux by Anonymous Coward · · Score: 5, Informative

      No current BSkyB box uses Linux... they're all OS20, UCOS, Nucleus, or VxWorks.

      Some prototype work is being done on Linux boxes, but they're not available yet.

      Posting anonymously for obvious reasons...

    3. Re:Sky TV uses Linux by jrumney · · Score: 2, Informative

      I presume you are talking about the Sky Broadband boxes, which are Netgear routers, for which Sky passes on the written offer to download the source from the Netgear website that Netgear provides to comply with GPLv2. While Sky has locked down their routers beyond what the standard Netgear firmware does, it is not clear that they have modified any GPLed source to do this, most likely all they have done is changed configuration files.

      Given how strong Busybox has been in pursuing violations, I'd be surprised if Sky is violating the GPL on their boxes and getting away with it.

  3. NDS sounds like a nasty company by BadAnalogyGuy · · Score: 3, Informative

    http://osdir.com/ml/encryption.general/2002-06/msg00009.html

    Tarnovsky was in cahoots with another pair of hackers and when they turned state's evidence, one of them had a very unfortunate accident that left him dead.

    Tarnovsky no doubt wants to get his profile as high as possible to make it more difficult to have an unfortunate accident himself.

    Not for nothing, NDS comes from the same country that developed Kra Maga, a very vicious martial art based wholly on Cobra Kai's slogan.

  4. Kudeslki?! by comm2k · · Score: 2, Informative

    Kudelski not Kudeslki.. :|

  5. Manual translation from french - FWIW by Apogee · · Score: 5, Informative

    "Kudelski will lose their case", states the man who pirated their chip cards

    Image legend:
    Christopher Tarnovsky: "Why would I have published these codes on the net for free? I am not stupid, and I never had the intention of taking that risk."

    Main text:
    PAID ACCESS SYSTEMS. A key witness in the court case opposing the Swiss group against the media giant News Corporation was passing by in Amsterdam, attending a conference on computer piracy. We met him.

    François Pilet, Amsterdam
    Saturday, March 29 2008

    The audience is glued to the lips of Christopher Tarnovsky. In front of a podium of hackers and security specialists - with an average age of 25 - the self-taught electronics specialist revealed the techniques that allow him to break open chip cards that block access to pay TV chains in the whole world.

    The scene takes place in the Mövenpick hotel in Amsterdam, where the European edition of the Black Hat conference was held Thursday and Friday last week. This is one of the prime professional meetings dedicated to computer piracy. Among the twenty or so speakers invited to this big get-together, Christoper Tarnovsky talked for more than one and a half hour in the "Lausanne" room - a sign of destiny (Tr. note: Lausanne is a Swiss city close to the headquarters of the Kudelski Group).

    Employed by NDS

    The 39 year old American is accused of having been recruited in 1999 by the Israeli company NDS, a competitor of Kudelski, to break the security codes of Canal+ (French Pay TV) and publish them on the Internet, and to have repeated the operation, to the detriment of the Swiss group and its clients. The publication of these codes allowed hundreds of thousands of savvy users to access encrypted TV channels without paying the subscription fees.

    The American satellite TV company Echostar also uses Kudelski cards to protect their content. They confirmed having lost hundreds of millions of US dollars due to these pirate activities and demand one billion US$ of damages from NDS, a subsidiary of the media group News Corp.

    This April, Christopher Tarnovsky will take the witness stand in a California court in defense of NDS, his employer for ten years following 1997. According to him, Kudelski and Echostar have wholly invented the conspiracy they claim having been victim of in order to mask the weakness of their encryption.

    In his eyes, the case against NDS is nothing short of an extortion attempt. "Sure, I've broken the cards of Kudelski", he annoyedly states. "I was paid by NDS to do it. This is an activity that all companies in the trade do. But why would I have published these codes on the Net for free? I am not stupid, and I never had the intention of taking that risk."

    Having become an awkward asset, Tarnowsky is no longer employed by the group since a year. He started his own company, Flylogic, through which he offers his know-how to electronics manufacturers, to test the resistance of new products to pirate attacks before they are launched.

    Christoper Tarnovsky details the general weakness of systems based on certain chips designed by a handful of companies like Motorola and Infinenon (sic), systems used in products as divers as garage door remotes, car alarm systems and TV decoders.

    "Unbreakable? That's wrong!"

    "The manufacturers of semiconductors claim that their chips are unbreakable. The companies integrating them into their products trust the specifications they obtain. They believe that their secrets will be well kept. That is wrong, of course."
    He showed pictures of his laboratory, set up with second-hand equipment worth a couple of thousand dollars. The centerpiece is a powerful Zeiss microscope to access the heart of the chip, where the precious codes are hidden. Successive layers of silicone are peeled away, using acids and lasers.

    The engineer then explains how he takes over control of the card by short-circuiting one by one its protections with long microscopic needles. It takes a few minutes fo

  6. Kudelski's technology is used by DISH Network. by kriston · · Score: 2, Informative

    Please note: Kudelski is the company that developed Nagravision (and please spell it correctly).
    Nagravision is what "secures" DISH Network, Bell Open Vu, and a large number of smaller satellite-delivered television properties.
    NDS is owned by the same company that owned DirecTV at the time of the Nagravision breach.
    The story is predictable.

    --

    Kriston