Satellite TV Hacker Tells His Story

Wired is running a story about Christopher Tarnovsky, the man who was accused of working for NDS, a company owned by Rupert Murdoch's News Corp., to sabotage a competitor's satellite TV system. Wired had a chance to speak with Tarnovsky and get his description of how the smart-card hacking war developed. Quoting: "Tarnovsky, who was known online as 'Big Gun,' says Ereiser offered him $20,000 to fix cards that were killed by ECMs, and he agreed. Each time NDS created a countermeasure, Tarnovsky would analyze the code and find a way to circumvent the countermeasure. He did it while working full-time as a software engineer for a semiconductor company in Massachusetts. 'I'd be at work and I'd check the IRC (channel) to see if they'd launched their Thursday countermeasure yet,' he says. 'It was like a chess game for me. I couldn't wait for them to do a countermeasure because I would counter it in minutes.' It wasn't long before NDS came courting. Tarnovsky had a contact at the company to whom he'd begun passing information about holes in its software, even supplying patches to fix them."

He'll make teh millions

[mungmaster2000]

...hax0ring da set-top boxes for 2009 DTV sWitChover!

Re:He'll make teh millions

[mungmaster2000]

I'd pay $200 to get the spice channel for making liquid explosion.

Motivation

[sqrt(2)]

It was like a chess game for me. I couldn't wait for them to do a countermeasure... Anyone developing software designed to keep content locked down needs to realize that this is the kind of person they're up against. It's hard to beat that kind of motivation. Forcing an arms race is almost always going to be counter-productive to protecting your business, this company figured that out.

Re:Motivation

[mungmaster2000]

Thanks for a statement of the bleeding obvious. Everyone knows that locking-down content is utterly futile, in comparison to the provisions of a well-implemented digital rights management system.

Re:Motivation

[Ethanol-fueled]

This arms race deserves some indirect praise. It's like an creationist debating with an atheist on philosophical grounds, rather than the creationist just saying some crap like, "But the bible said X, therefore you are wrong and I am shutting you out." Everybody wins in a healthy pissing contest. It's a bad analogy, I took a cue from this guy.

Re:Motivation

[puck01]

Content protection sucks for us consumers and I agree that its an uphill battle for companies to do this. However, I'm not sure all is lost for the content protectors out there. Last time I check the P4 and greater smart cards used by directv have not been cracked despite a huge demand for it. If I'm wrong please correct me.

Re:Motivation

[Darkness404]

Everyone knows that locking-down content is utterly futile, in comparison to the provisions of a well-implemented digital rights management system.

Oh yes, as if DRM is unbreakable! One quote that I have heard (don't remember where) but it was "The only DRM that doesn't get cracked are the ones that no one cares about the content on them". Just about every DRM scheme known to mankind has been broken in some way or another. Honestly, the less DRM/locked-down-content we have, the less problems you have and the less people are going to be out to crack/hack it (just look at the PS3, because Sony made installing Linux on it very easy, there has been a smaller effort to crack it compared to say, the Wii)

Re:Motivation

[hxnwix]

Everyone knows that locking-down content is utterly futile, in comparison to the provisions of a well-implemented digital rights management system Your post is at 1, so I suspect I'm not the only one who wonders what you meant.

How does one "lock-down" content without some sort of DRM?

If one can't, did you really mean to point out that poorly implemented DRM fails faster than tough DRM? Sorry for the repetition, but that would be pretty bleeding obvious.

Re:Motivation

[evilviper]

However, I'm not sure all is lost for the content protectors out there.

It certainly is... DRM is an inherently untenable system.

Last time I check the P4 and greater smart cards used by directv have not been cracked despite a huge demand for it. If I'm wrong please correct me.

You're wrong about the "huge demand". Since DishNet is wide open (and they were even nice enough to use standard DVB-S protocol which any $50 tuner can receive) there isn't much reason for anyone to bother with DirecTV.

Re:Motivation

[zappepcs]

I think that you are right. One of the groups who benefits the most are the companies that want to apply DRM to their content. Some will learn up front how much the arms race will cost them. Others will learn what is probably the point at which they should stop trying, and yet other still will learn that it is a futile business tact, and that modifying their business plan is both cheaper and garners more and loyal customers.

Additionally, with the arms race comes better code, not simply for the DRM, but for the operating systems and applications that work with the content. It is indeed evolution of both content, DRM, and code in general. The arms race in this case (not that of nuclear arms) is the catalyst of evolution, and betterment for all users in the long term. I would never call such hackers bad, simply the opposite side of the DRM coin that MUST exist, as without it, the other side cannot exist either.

Try keeping all the coins in your pocket/drawer/whatever so that you only ever see the heads side sometime. It's far easier to just allow any side to show in it's turn. It kind of makes things like pockets, coin purses, piggy banks work well.

Re:Motivation

If I'm sounding like a troll, then let me say this to retort: You're batman.

I dun get it, but iz fnny.

Re:Motivation

[Ethanol-fueled]

Not to mention that it's also much cheaper than sic'ing the lawyers on each other ;)

Re:Motivation

[donweel]

Using a hacker of this caliber is a double edged sword. If you don't keep him busy and entertained he's going to start looking for something else to do.

Re:Motivation

[dgatwood]

Well, DRM on ephemeral data isn't untenable. You don't really have to make it unbreakable. You just have to make it take long enough that you can't break it on the fly. Most people aren't willing to watch TV on a five minute delay while their computer queues up the encrypted data and attempts to determine the keys....

Unless, of course, your goal for DRM on the ephemeral data is preventing people from recording it... in which case, yeah, it is just as untenable for ephemeral content as it is for any other content....

Re:Motivation

[sporkme]

Yeah, lets spend loads of money making sure nobody can crack our nut.

Then, we'll spend another load of money to make sure everyone knows we have grown an uncrackable nut.

We'll have checks at the doors, just to make sure nobody makes it in with a giant nutcracker, thus negating all traditional... HEY! WHO LET IN THE GIANT SQUIRREL? FUCK, HE IS CRACKING OUR NUTS!

Re:Motivation

[Ihmhi]

just look at the PS3, because Sony made installing Linux on it very easy, there has been a smaller effort to crack it compared to say, the Wii)

Or it could have something to do with there being twice as many Wiis sold as PS3s.

Re:Motivation

I guess one of the DRMs is the protection on DVD Audio disks.

Re:Motivation

[joolzg]

Thats why in Europe the most pirated tv channels always have pron, SkyTv has all the same movies and no port and no pirate cards. Hackers know people pay will pay extra for channels that have regular port. joolz

Re:Motivation

[Stellian]

Anyone developing software designed to keep content locked down needs to realize that this is the kind of person they're up against. I don't understand why people insist DRM is an unattainable notion. It must be all those faulty software DRM schemes that were all eventually broken. Well guess what, hardware DRM is alive and kicking - and working, when implemented correctly. Hardware hacks are orders of magnitude harder to perform than software ones.

Economically, there are two trade-offs in DRM:
1. the cost of the hardware manufacturer to implement the DRM scheme, compared to the cost of the content he's trying to distribute
2. the cost for the DRM wannabe hacker (cracks, mod chips etc.), compared to just buying a legit copy.

There's no logic fault in saying that, for a certain type of content, with a certain cost, these two tradeoffs allow a DRM system to survive. That is, to cost small enough to implement as to not increase the cost of the content significantly, and high enough to circumvent, that the users rather pay than circumvent. This is not the same as "unbreakable", especially for the types of passionate hackers like Mr. Tarnovsky, but that's irrelevant.

Note that the 2. cost can benefit tremendously from an economy of scale, if it's enough for a single user to circumvent and distribute to all others. For example when the content is in a platform independent format (distribute decrypted music), or when the DRM system is implemented in software (distribute software crack).

This is not the case with, say, live High definition TV. Maybe someone can hack his topbox and have unlimited access to live Sports coverage, but he can't feed that content to me fast enough to be useful. So I need to hack my own topbox, and that could cost much more than the subscription to the sports channel.

Also, this is not the case with a console game, where I need, again, to perform my own hardware hacks. A mod chip costs significantly today, and when the GPU, CPU, RAM and DRM chip will be integrated on a single dye, a mod chip will be impossible, and one would need to hack his own silicon.

Re:Motivation

[FormOfActionBanana]

It's a security lesson. If you want to secure something, you need to use multiple forms of the best quality security you can find -- not one poorly thought out implementation.

What this vendor essentially did was give a hacker training lesson to this guy.

Re:Motivation

[jamesh]

Also, this is not the case with a console game, where I need, again, to perform my own hardware hacks. A mod chip costs significantly today, and when the GPU, CPU, RAM and DRM chip will be integrated on a single dye, a mod chip will be impossible, and one would need to hack his own silicon.

I sometimes wonder if turning a bit of a blind eye to the console mod chip market is in the interests of the console makers. If they are selling their consoles at an outright loss (which they allegedly do initially) then obviously they are losing money if people are copying games rather than purchasing them, but eventually the manufacturing costs come down enough that this isn't true.

How many less people would have bought a ps/ps2 if there wasn't a mod chip available for it? We have a ps2 which isn't modded, and most of the games we have bought have been really cheap and/or included extra hardware (sing star, buzz, etc). But, we bought that after the ps3 had been out for a while so it wasn't really expensive.

I guess the question I have is, if Vendor A released a console with completely solid state unhackable DRM, and simultaneously Vendor B released a console with no DRM whatsoever, and both consoles were otherwise pretty much equal in terms of features, who would 'win'? More people might buy B because they can illegally copy the games, but the game developers might develop more for A for precisely the same reason... but if there would no good games for B then nobody would buy it, but if nobody was buying A then the developers might not bother with developing games for it... it would be an interesting race to watch :)

Re:Motivation

[Dogtanian]

Most people aren't willing to watch TV on a five minute delay while their computer queues up the encrypted data and attempts to determine the keys.... Depends what you're after; it might be annoying if you're channel-hopping or watching a live sports event. However, if you're just wanting to get vast amounts of entertainment which is already pre-recorded (and possibly years old) anyway, it might not be that big a deal- just leave it running in the background. That's not necessarily any worse than having to download it, which many people do quite happily.

Re:Motivation

[Dare+nMc]

why people insist DRM is an unattainable notion. It must be all those faulty software DRM schemes

exactly, because every DRM out their has either been broken, or is not in mass use anymore.
hardware DRM works, if 1)your distributing hardware (Not a software CD), or 2) using it for hosting software DRM with real-time updates (IE for games played online at servers you control.)

    most popular HD PPV are re-broadcast over internet feeds in near real time, sounds like your not using the the right application.

my experience says a mod chip cost about the same as a single game (but can be a pain to install) But are usually just a temporary "first crack" that a work around is usually found(except for the online game play)

Re:Motivation

[lightversusdark]

If we can keep these DVD-A products out of retail channels, no-one will be able to pirate the content..

Re:Motivation

[Stellian]

most popular HD PPV are re-broadcast over internet feeds in near real time, sounds like your not using the the right application. By all means, what application are they using ?
Just so we are on the same page, HDTV bitrates come at 20MBps upwards. This means for a smooth, uninterrupted play you need at least a 25 to 30 Mbps pipe, when you take overheads and buffers into account.
Assuming I could get that type of connection (I can't), wouldn't be still cheaper to pay for the content ? If I were to watch pirated HDTV 10 hours a day, wouldn't my ISP take offense at my 3TB monthly transfer ? BTW, who is paying for the server bandwidth to distribute that content ? I certainly could not participate in a peer to peer system given my asymmetric VDSL connection, with only 1Mbps upload.
If you understand the distinction between "near real time" (seconds to minutes delay on the live stream), and "off line" (say, a three hour bittorent download for a one hour show, available after the show ended), then please do let us know what application are these pesky pirates using.

Re:Motivation

[Jah-Wren+Ryel]

Not to mention that it's also much cheaper than sic'ing the lawyers other Not just cheaper, but geeks get hired instead of the lawyers. A win for all non-lawyers, geek or not.

Re:Motivation

[LordVader717]

Give him some Porn.

Re:Motivation

[Tacvek]

However, I'm not sure all is lost for the content protectors out there.

It certainly is... DRM is an inherently untenable system.

Last time I check the P4 and greater smart cards used by directv have not been cracked despite a huge demand for it. If I'm wrong please correct me.

You're wrong about the "huge demand". Since DishNet is wide open (and they were even nice enough to use standard DVB-S protocol which any $50 tuner can receive) there isn't much reason for anyone to bother with DirecTV. Citation Please. I am a legit E* subscriber, and to the best of my knowledge, only the anti-pirate channels and the FCC-mandated channels (like the NASA channel) are broadcast clear. Well actually, I believe the information channels are also broadcast in the clear. This is so that those information channels can be seen by unactivated E* receivers. My understanding is though that the remaining channels are indeed encrypted.

Re:Motivation

[spazdor]

OMG. OK, Paramount? I have this idea... Now it sounds a little crazy, but just hear me out. Now. The final problem with DRM is that analog hole thing, right? Eventually the media gets transformed into a human-readable format, and then all our obfuscation is blown. So her's what we do:

Stop making movies.

It was a lame idea to begin with. A business model that depends on simultaneously displaying and concealing information? Crazy! I say ditch that business like it was an American mortgage-backed investment product.

Re:Motivation

[evilviper]

to the best of my knowledge, only the anti-pirate channels and the FCC-mandated channels (like the NASA channel) are broadcast clear.

"Wide open" doesn't mean broadcast unencrypted. "Wide open" means the NagravisionII cipher used by DishNet (and some others) has long been completely cracked, and can be trivially decoded.

Re:Motivation

[nametaken]

"and that modifying their business plan is both cheaper and garners more and loyal customers."

When it comes to DRM on content and locking down devices, I don't think that's the case. I wish you were right, but... iTunes? Or DVD's, iPhones, etc?

I dream of a world where people care about DRM, vendor lock-in, closed platforms, etc., but they just don't seem to.

It seems like DRM, in most co's eyes, is good enough if it stops a reasonable percentage of their consumers. Same with platform locks. A few will always get by, like you said, and they know that. That just don't seem to care a lot... and neither do consumers.

Re:Motivation

[Viperpete]

It depends on what direction the contestants are pissing and what direction the wind is currently blowing.

OLD

This was a good story when I read it last year too.

Re:OLD

[andrewa]

This was a good story when I read it last year too. This type of comment was good when I read it 10 years ago too.

Impressive

[phasm42]

That video was pretty damn cool. I didn't know chips could be disassembled that way.

Re:Impressive

[MetaDFF]

Chipworks based in Ottawa Canada specializes in chip reverse engineering for patent litigation and technical analysis. They have reverse engineering reports ranging from the Xbox360 to CPUs to analog chips.
They also have a neat chip art gallery.

Who wants to track down which company

He did it while working full-time as a software engineer for a semiconductor company in Massachusetts. Who wants to track down which company that is? I'm surprised there's even one semiconductor company in Massachusetts (it's about as far away as you can get from the tech centers in the US), so it shouldn't be that hard to figure out.

Re:Who wants to track down which company

[az1324]

Yeah cause there's no tech schools there or anything.

Re:Who wants to track down which company

Uh Like MIT (Massachusetts Institute of Technology)
Boy there sure are some winners on /. anymore.

Re:Who wants to track down which company

[Ethanol-fueled]

There are plenty of universities located in the middle of nowhere.
Especially this one and this one.
Much(partying and aerospace) can be done in the middle of nowhere.

Re:Who wants to track down which company

Yeah, cos Massachusetts is absolutely the "middle of nowhere." Ugh, the ignorance around here sometimes is just mindnumbingly staggering...

Re:Who wants to track down which company

[jank1887]

Wow. Two AC's who know nothing! Let me think, Massachusetts: MIT Worcester Polytechnic Institute Harvard BU BC Northeastern Tufts UofM-pick one yeah, there's a few tech companies coming out of those.

Re:Who wants to track down which company

yeah, and they all move out to california with all the other tech companies

kinda like this guy the company may be whatever makes it a mass semiconductor company but he works in san diego

mass may have tech schools like the ones you list but their students all leave to go to california to find jobs

Re:Who wants to track down which company

[mangu]

I'm surprised there's even one semiconductor company in Massachusetts (it's about as far away as you can get from the tech centers in the US)

Yeah. Right. No technology at all in Massachusetts.

Re:Who wants to track down which company

Route 128, which encircles Boston, is second only to silicon valley.

Re:Who wants to track down which company

[ChrisMaple]

Many semiconductor companies are fabless, so a semiconductor company doesn't need to be much more than a room with a few computers, people to run the design software, and a pile of money to pay for expenses until the product starts to sell. Massachusetts has MIT, whose graduates often want to be in the semiconductor industry. In fact, the Boston area generally is a big tech center. There are also fabs in the area, although I can't recall any in Massachusetts right now, Fairchild has a fab in Maine. Linear Tech, TI, and many others have design centers in New Hampshire.

Other uses for his techniques?

[Doppler00]

Wow, can we get this guy to decode some of the Bluray keys used? Break HDCP? His method is pretty straight forward, easy to follow, and looks fool proof. Expose layers in the chip and read the data directly. I don't see how manufactures can stop this. As long as the key is physically somewhere in the hardware, it should be possible to access it. I guess the reason this isn't done more often is because of the expense of the high powered microscope, toxic chemicals, and fume hood.

Re:Other uses for his techniques?

[Dachannien]

How about cracking CableCARD? I don't really need free digital cable - I can afford to just pay for it - but I wouldn't mind being able to record digital cable on my MythTV box without needing a set-top box and an IR link.

Re:Other uses for his techniques?

[Sycraft-fu]

I don't believe there is anything left in HDCP to be broken. As far as I know you can buy boxes that'll remove it (or rather, the speak the necessary HDCP exchange out of one end but don't require it on the other). As for Blu-Ray, not sure it is worth it. It sounds like AnyDVD does a fine job getting by the protections. I don't know how it works, but if you can get what you need in software, why bother with hardware? As a practical matter, if you were to do this the idea would be to wait until there have been a lot of Blu-ray players sold, then get the keys out of popular models. As it stands, it might be feasible for them to invalidate the keys and recall the players for new one since there have been few players sold. Hard to do if you are instead talking 50 million players or something.

Re:Other uses for his techniques?

[Rich0]

I think I've heard that after a certain number of keys are cracked there is an opening for an attack on the master key. However, as you indicate if you pick some very popular players (preferably one without good support for firmware updates) you're going to make the studios look very bad if they revoke them.

Re:Other uses for his techniques?

[ChrisMaple]

Examining the chip with a microscope is close to becoming impossible. Today's finest geometry cannot be resolved with an optical microscope. Using EPROM or similar programmable techniques, the function of the chip is determined by stored charges. Whether a transistor is N-type or P-type is determined by doping concentrations, which is also more difficult to determine as the device becomes smaller.

A chip designed with the intent to make it difficult to reverse-engineer can be made economically infeasible to reverse-engineer.

Re:Other uses for his techniques?

There is an encryption method already in use by the Swiss (IIRC) this basically encrypts the data and if anyone "hears" the data (other than the one authorized to "hear it" it is scrambled forever. IIRC the Swiss use this to report their elections from the Cantons. I have forgotten the "name" of this encryption method but if the Swiss think its good enough, its good enough for me.

Re:Other uses for his techniques?

[NateTech]

And pass the costs of DRM in such a "super-chip" along to the consumer! Yay!

(Because we're all excited to pay to protect our provider's content!)

A "DRM/encryption/reverse-engineering cold-war" amongst the DTV businesses only hurts the people paying for the product in the long-term. Great.

Now we need the max headroom video Pirate to tell

[Joe+The+Dragon]

Now we need the max headroom video Pirate to tell his story.

That aint nothing.

[emj]

The guys at Flylogic really make some high quality micro chip reverse engineering (I was going to say porn).

Interns?

[vvaduva]

Is he taking interns? I'll go clean his house for free in exchange for knowledge.

Re:Interns?

[ResidntGeek]

He's not a scientist, you know; he didn't discover all these things himself. Just learn chemistry and electronics (from books or classes), then go work at a semiconductor manufacturing plant on the assembly line for a while to find out how the chips are assembled and what chemicals are used. You should be well able to figure out what solvents to use at each stage to get a chip apart, and you'll be able to recognize the components on the chip from your electronics knowledge. It's not a simple matter, but that's why there's only a few like him. It's well within your reach if you really want it.

Re:Interns?

I read somewhere he worked for Ulvac technology in Mass.

Accountability?

[joocemann]

So, when does Murdoch go on trial?

Re:Accountability?

[arazor]

Never. Because crimes are only for the poor.

Re:Accountability?

[icegreentea]

Why would Murdoch go on trial? NDS (the Murdoch company) was found guilty only of theft of satellite signals and fined like 1500 dollars. There was no proof for piracy or the like. If you want to put Murdoch on trial for something like that, that one of his many many companies did, then you're expecting the sky. No one is dumb enough to try that. There's zero chance of Murdoch actually being found guilty of anything related to this. Hell, I'm willing to wager that Murdoch himself might have actually been ignorant of this.

Re:Accountability?

[clang_jangle]

Silly rabbit -- It's criminal charges which are only for the poor.

Re:Accountability?

[Opportunist]

So claiming I don't know what's going on in my company cleans me of any guilt when my company breaks the law?

Re:Accountability?

[Free+the+Cowards]

That's pretty much the whole idea of having a corporation.

Re:Accountability?

[joocemann]

I have to reply to myself to clarify things. I was not trolling, I was asking a question. I am interested, since he is a man of questionable character with questionable intent. Thank the Slashdot Admins for poor labeling. Then a guy who says "Never. Because crimes are only for the poor." as INSIGHTFUL, as if low socioeconomic status is where criminals are found. Far from truth, and far from insightful.

Re:Accountability?

[evil_aar0n]

> Then a guy who says "Never. Because crimes are only for the poor." as INSIGHTFUL, as if low socioeconomic status is where criminals are found. Far from truth, and far from insightful.

No, he's saying that only poor people get either a) busted, or b) prosecuted. The rich manage to skate. Witness the laughable "punishment" Paris Hilton suffered. An ordinary person would've actually had to do the time, with no special treatment. Need I mention OJ? (oops, just did...)

Re:Accountability?

[Half+a+dent]

That's pretty much the whole idea of having a corporation. A good reason why the corporation shouldn't enjoy the same rights as the individual. Punishments can only realistically be financial and this can be easily swallowed by large corporations. There is no threat of serious jail time (with the associated beatings and unwanted "dates" in the shower room) or indeed any risk of death row - how many large corporations have been closed down or broken up by the government recently?

Re:Accountability?

[TheLink]

As far as i know Paris Hilton did actually end up in jail for about 20 days. I don't know the typical sentences, is 20 days jail too short for what she did?

Anyway why bother so much about Paris Hilton?

How about George Bush - anyone actually remember the WMD claims? There are lots of people dead because of him.
Or Diebold - anyone remember those voting machines? The best democracy money can buy :)..

Now that's what I call getting away with it.

Re:Accountability?

[Free+the+Cowards]

Well, the government did basically nuke and pave Arthur Andersen as part of the Enron fallout, so it can happen. You're right that penalties are frequently too light, though.

My point is that agitating for direct consequences to the top officers is generally a bad idea. If they have personally committed crimes then of course they should answer for them, but they shouldn't be forced to be personally responsible for the whole organization. Many slashdotters may find this difficult to believe (not including you, I think, but lots of others), but the limitation of liability is a hugely beneficial aspect of corporations which has greatly enriched humanity and sped human progress. I'd definitely agree with harsher penalties or reduced rights, but making top officers personally responsible for the actions of the corporation will just destroy incentives to take risk and innovate legally.

Re:Accountability?

[Half+a+dent]

I would agree largely regarding personal responcibility (try as you might you will never know every single thing that happens in a large corporation) except in cases of personal involvement. What I was observing was that corporations get the benefits of being a "person" while not always being held accountable to the same standards (or so it seems). There is perhaps no easy answer - while some greater form of oversight may be fairer can we take yet more levels of expensive government bureaucracy?

Re:Accountability?

[Moridin42]

Well.. Arthur Andersen is a LLP, not a corporation. And the government didnt really nuke and pave it either. Yes, there was a conviction for obstruction of justice. However, that conviction was overturned. As far as I know, penalties assessed by government in that case: not a thing. the company surrendered their licenses to practice voluntarily, and no one wants to hire them anyway.

Re:Accountability?

[Opportunist]

Hold it right there. How should I interpret making top officers personally responsible for the actions of the corporation will just destroy incentives to take risk?

I dunno about you, but in my opinion, the risk of getting tried and convicted is the whole basic idea behind the law, and why people follow it. If there is no risk of this happening, hell, why should I give a rat's ass about legal or illegal? Yes, it's illegal, yes, I can't be prosecuted, hell, why care about it at all?

Re:Accountability?

It doesn't clean you of any guilt, but it does grant you an assumption of innocence.

Like it or not, if you want to indict Murdoch, you've got to have some *proof* that he did something wrong; just saying "he hasn't proven his innocence" isn't enough.

Re:Accountability?

[conureman]

"Making top officers personally responsible for the actions of the corporation will just create incentives to take risk and innovate legally."

Fixed that.
  With a level,legal, and ethical playing field, the players just have to follow the rules and everything will work out. It's called free enterprise, but at this time it's rigged by the cheaters. Will banning steroids ruin professional baseball? I think not.

Re:Accountability?

[Free+the+Cowards]

Please don't do that. "Fixing" people's words while leaving them in quotes just makes you look like a jerk.

In any case, no organization can be completely controlled. If you force personal risk as a consequence for the actions of the organization as a whole you will completely destroy the ability of large organizations to properly function. Large companies will either cease to exist or will be captained by psychopaths, neither of which is particularly good for anybody.

Re:Accountability?

[Free+the+Cowards]

Top officers should be responsible for their own actions, but not the actions of the corporation. In other words, if a top officer gives an order to perform something illegal then they should be held responsible for that order. But if the company does something illegal but their involvement cannot be proven then they should not be held legally responsible merely because they run the place. The consequences should be placed upon the company itself, not the people in charge.

As to why this should be done, consider what would happen in the opposite case, where the top company officers can be held legally, personally responsible for illegal actions of the company they run. Consider a company like General Motors. Merely because of their size, they probably break the law in many ways constantly; any group of human beings that size will, it's just how humans are. If the top officers can be held accountable for this then no sane person will want to run the company, because it's practically a guaranteed ticket to jail. You'll only have two kinds of person willing to take over the top jobs. One kind will be absolutely risk averse. He believes the company can be run properly but will do anything and everything necessary to make sure there is no chance whatsoever that any of his underlings break the law. This will come at the expense of actually accomplishing things and making money, and thus the company will come to a halt. The other kind is even worse; you'll attract psychopaths who think that the law can't catch them, that they can maneuver the company to avoid it, or whatever. In other words, the stereotypical amoral CEO will become the actual common truth. Not a good thing.

The threat of punishment rests upon the corporation itself, and that is where it should rest. The only problem is that the threat is currently too small to really keep things in line. The answer to this is to increase the punishment, not to put the leaders in jail for things they didn't instigate.

Re:Accountability?

[Free+the+Cowards]

I agree, that's why I mentioned the bit about personally committing crimes. If they break the law in the course of their jobs then they definitely should be put in jail. But they shouldn't be put in jail if they didn't personally break the law just because their company did.

I'm sure you're right that there is no easy answer. Generally there never is, because if there were an easy answer then somebody would have tried it already. Increasing penalties seems like a good idea. Most people's lives are effectively ruined if they are convicted of a serious crime, but a large company can shrug such a thing off without too much trouble. Seems like this is the key thing to change.

Re:Accountability?

[Free+the+Cowards]

The conviction which was overturned resulted in them losing their ability to perform the audits which were their bread and butter. It's true that they turned it over voluntarily, just like Nixon resigned voluntarily; it was only done because it was better than being forced. The how and why isn't too important, the ultimate fact is that Andersen was basically destroyed directly as a result of government prosecution.

You're right that an LLP isn't quite the same thing as a corporation but the differences are not all that important for the case at hand. Andersen's status as an LLP served basically the same purposes as a regular corporation in terms of shielding its owners from liability.

Re:Accountability?

[DarkOx]

True but the corporations do need to be held accountable more then they are. Lots of them do all sorts of things that could not have been effected by one person and are illegal.

Take Sony and their little CD root kit for example. Someone had code it. Someone else had to master the disk image, others must have tested it, some other IT worker must have set up the servers for it to call home to etc, etc, someone besides them had to approve the time of both of those employees. My point is there was a collective agreement with the organization to take that action. It could not have been the action of one rogue employee acting outside the corporate structure.

Now if I made a root kit and distributed it as Trojan, which is exactly what the CDs were in that case, my ass would be criminally prosecuted and I would get jail time, lots of it if it got spread anywhere near the scale Sony's CDs were. Think each infection as a distinct 'count'. What happened to Sony, well some good citizens took them to civil court and got some class action money out of them but there was never any criminal charges I am aware of.

They should have been prosecuted just like an individual. Just as when an individual is sent to prison, the punishment is incapacitation, they can't conduct their life, now you can't send a corporation to prison but you can incapacitate it. They should have been sentenced time wise just like an individual. Serving it would entail having their assets, IP and ALL, (at least all those in reach of the US gov) frozen and their being barded from conducting any business until that time is up.

Now I know some people are going to ask what happens to all the employees who had nothing to do with it then? Yea it kinda sucks for them but this is the only way folks large companies are ever really going to be held to the same rules as smaller ones and individuals. The LAW has got to have teeth. Maybe individuals should be looking at the integrity(in the ethical sense) of an organization before they decide to work there just for that reason. That way the market would make it harder for companies not regarded as having integrity to attract talent. I am small government guy I really and but I think the laws we do have ought to be enforced and applied equally. If those two things are not true the law should be removed from the books.

Re:Accountability?

[DarkOx]

Excuse me but I have to point out Sadam more then likely expected the typical US police action, we would bloody his nose a bit and then move on, as long as nothing was found anyway. We wasted tons of time fooling around with the stupid UN, when would should have been sealing off his boarders. He had lots of time to move stuff to Syria and Iran lots of time.

Meanwhile several years latter it just so happens the Syria comes up with a nuclear reactor, that the Israelites are forced to destroy on their own. Our Bush hating media never even bothers to ask where that technology came from. Syria lacking the economic engine to to do it. It had to have come from Iran, Iraq, North Korea, the soviets, or possibly the French again.

If not the nuclear material itself there is a good chance the equipment came form Iraq.

Even if you don't think Bush is a good president and I don't I don't think he is liar, and I do think both the media and Democratic party as a whole is very guilty of giving aide an comfort to our enemies. Suggesting to them that we will pull out if they can just survive the bush presidency is TREASONOUS. It directly interferes with military operation, however misguided, designed to project our national security. The SCOTUS ruled during WWI advocating soldiers desert or doge the drat was not protected speech and was criminal. I don't see how this is any different. There are lots of arguments you could have made before the war, and still plenty you could make after without saying you were going to pull out. The debate could have continued in a way that did not hinder are war efforts. Frankly I think a number of our Congress persons and Senators alike should be on death row.

Re:Accountability?

[Opportunist]

Well, since the case is at hand currently in Germany, concerning a large international corporation the name of which starts with a big S and the allegations that they used monetary persuasion to sell their overpriced power plants and other crap, we have a first hand example of how things run.

I had my time at S. As a team leader you also had the responsibility to get contracts. And those contracts had a predetermined profit margin. To make a long story short you could NOT sell your service, you were so high above market price that it's ridiculous to think you could. But not selling means you get axed pretty soon.

What do you do?

It's one of those things where top management certainly didn't tell you "go bribe people so they buy our stuff". But that was pretty much the only venue they left open for you. You had no arguing power over price. Quality was ... erhm... let's not go there, when you MUST hire people from temp agencies because you MUST NOT hire people the normal way, well, you get what you buy. So how do you sell crappy stuff overpriced? When you don't have a monopoly, that is.

Of course now, the top management tries to shift all blame downwards. WE didn't tell them to bribe people! No way! THEY did it themselves!

You needn't outright give orders to do something illegal, it's enough when you give your workers no other option but to either commit a crime or to get laid off because the guy next to him has no qualms. The key question is, does that make you liable or not?

Fortunately, our attorney thinks, it does. Yes, I was very surprised, too.

Re:Accountability?

[TheLink]

A nuclear reactor is not WMD. There is a very big difference between a reactor and a bomb. A certain sort of nuclear reactor can be used to make bombs, but you don't use bombs to make a reactor, you might use bomb material to _fuel_ a reactor but that is a _disarmament_ process - that's one of the things you can do when you want to reduce the number of bombs! It is also claimed by the US Gov that Syria was going to use that reactor to make WMD.

In short:
You do not ship WMD across borders to build a nuclear reactor.
You do not ship WMD across borders to build nuclear reactor to make WMD. Doh.

There is plenty of evidence that Bush was lying.

As for your real enemies. Believe me - your enemies are Diebold (what kind of democracy can you have with those sort of voting machines?), the people who proposed Diebolded elections, and last but not least the ones in the US Gov who are stomping all over your precious Constitution.

Face the facts, Iraq posed very little military threat to the USA. Iraq had no missiles capable of reaching the USA. Same goes for Iran and the rest of the current bogeymen the US Gov tries to frighten their people with. Only China has the capability to hit USA with WMD. But why would China do that? China is doing well in the economic war.

The US Gov can do a lot more damage to the USA than Iraq ever could, and the US Gov has most certainly damaged the USA a lot. Go look at your recent history with your eyes open and brain engaged.

That said, Iraq did hurt the USA by switching from selling oil in Dollars to selling oil in Euros. As long as the rest of the world holds billions of US Dollars just to buy oil and other commodities, the US Gov can print tons of US Dollars (directly or by bonds) and _instantly_ tax the rest of the world - and make them poorer. Normally when a country prints more money, it devalues its own currency, however when the USA prints more money, it gets a free ride - since the rest of the world holds more US dollars than the USA itself.

Iran has started to sell oil in Euros, so go figure. But don't ever forget Iran had a democracy, before the USA and UK decided to make them a dictatorship. Guess how many Iranians who know their history feel about the USA's talk of "democracy".

In contrast, the Saudis are good friends of the USA, so as long as they don't get "uppity", it does not matter how repressive and undemocratic the Saudi regime is (and they really are), the USA will continue to help keep them in power.

The 9/11 hijackers were not from Iraq, or Iran. Most of them were from Saudi Arabia. But Bush kept going on about 9/11 and Iraq in the same breath.

I don't blame you for not knowing what really is going on, since you are probably living in the USA and only have access to controlled media (aka the best free press money can buy ;) ).

You don't have to believe me. Feel free to look up my claims.

Re:Accountability?

[joocemann]

Your speculation is meaningless without any facts. Syria would have been a much better target than Iraq in the first place, not because they would develop nuclear capabilities, but because they actually have state-sponsorship histories of terrorism. Look up Prescott Bush, and his involvement in an attempt to overthrow FDR and instill a corporate-controlled dictatorship. His whole family has been involved in undermining our very country for nearly a century now and you think he's not a liar? Do some reading before you start blaming media and the democratic party for things that are going wrong.

Re:Accountability?

[conureman]

"The consequences should be placed upon the company itself, not the people in charge."
Excuse me for being a jerk, but this statement is simply incorrect. The lowly henchman taking the fall should absolutely not absolve the corporation. The CEO must be responsible, or the liability goes back to the owners, or shareholders, and your fictions do not change reality.
Or perhaps for the public good LLCs should be outlawed.
I certainly don't represent the fine logical mind that is slashdot, but I can't follow your assumptions to any semblance of correctness.

Re:Accountability?

[Free+the+Cowards]

If GM is convicted of some heinous environmental crime, should the CEO go to jail for it? Even if he was not involved in any way and only became aware of what was going on when he got dragged into court?

If they personally do something wrong then they should go to jail. But if their company does something wrong without their involvement then putting them in jail is simply evil. Beyond the morality of it, you will attract only pathological leadership, destroying the ability of any large company to function

Re:Accountability?

[Free+the+Cowards]

I tend to agree. I think that freezing the entire corporation may be somewhat excessive, depending on exactly what the crime is, but that's the direction I think things ought to go.

Re:Accountability?

[Free+the+Cowards]

That is a really interesting case, and I imagine a lot will depend on the exact details of how it was all handled. If there's a lot of wink-wink-nudge-nudge going on then it seems that they ought to be liable even if they did not explicitly give such orders. On the other hand if they were just clueless morons then they should not. I suppose it will all turn on whether you can find evidence to support the idea that this was their ultimate intent or not.

If that's how the law sees it then this pretty much lines up with my theory. Intentionally getting underlings to commit crimes is a crime in itself, not by the corporation but by the person, so that person should be personally responsible. But if the top people weren't involved then they shouldn't be personally responsible, since the whole idea of a corporation is that it takes the hits for its own actions.

Re:Accountability?

[Opportunist]

Intent to bribe? Hell no, that costs money! All they did was giving impossible requirements and guidelines. Did they know that they cannot be met legally? Well, either they did and actually knew they gave their underlings no choice but to break the law, or they have no idea how to run a company. Either's not looking too good for a manager if you ask me...

But if you absolve them under the premise that it can't be proven they knew the only way to meet their insane requirements is to break the law, you're opening a whole new can of worms. What if Sony's managers required their techs to develop a tool to ensure they have control over what their customers do with the stuff they sell (which by itself isn't a crime), and logically the only solution is to take control of a customer's computer by installing a rootkit? What if oil tanker captains get too little money for cleaning so the only way they can clean their hulks is by dumping their waste in the ocean? What if some fast food employee sells you spoiled food that's been on the shelf for way too long because his standing order is to waste no more than one burger a day?

All those requirements and orders are by themselves not illegal. But the only way to fulfill them is by breaking the law. Now, few people today have the luxury to say no when their job and their family's sustainance is at stake.

Actually, that's the main reason why low level employees break the laws for their company's benefit. I doubt many people are really so interested in their company's well being to risk their life savings and even freedom just to save their company a few bucks.

Re:Accountability?

[Free+the+Cowards]

I'm sure I'll catch some flack for this but... why not hold the employees who committed the illegal acts responsible?

If your choice is between breaking the law and losing your job, it should be pretty obvious that you should lose your job. If I command my employees to bring me ten million dollars by closing time, should I be liable if they then go rob a bank?

Re:Accountability?

[Opportunist]

I do assume you have neither a family nor a job that you have to keep to make ends meet. But that's not even the point now.

As a good manager, you should know what's possible and what's not. Furthermore, you should know what happens with your money. It's not like an employee can spend a few grand to bribe some contractor from his own pockets. When you demand something that's impossible to do within the law from your employees, you should be liable for it. Not knowing that it's not possible within the law is no excuse, it's your job as a manager to know that, for crying out loud!

Re:Accountability?

[Free+the+Cowards]

Your assumption is false. Just because I place a higher importance on obeying the law than on keeping my job doesn't mean I don't need a job to live or that I don't support anyone else with it.

Yes, being placed in a position where I have to break the law to keep my job would suck. But that doesn't mean that I'll choose my job. Because when the shit hits the fan (and you know it will eventually), then I'll go to jail, which is much worse for that whole support-the-family thing than merely getting fired. Meanwhile, the government has no particular mandate to protect you from situations which suck.

As for your talk about the manager asking the impossible, being a bad manager is not, and should not be, a legal offense.

Re:Accountability?

[Opportunist]

Requiring your workers to choose between a criminal action and losing their job should be a crime. There are a lot of other examples where it's a crime to abuse a position of power or the situation of a person to incite them to commit a crime. And we're living in a world where it's quite easy to replace a worker that doesn't "comply".

And while being a bad manager should not be an offense, you should be responsible for the results of your requirements. If it can be objectively determined that the employee had no other choice than either break the law or lose his job, the manager should at the very least be partly responsible if the employee decides for the former. It is pretty much putting undue pressure on the employee, because the alternative to breaking the law is unfavorable enough. It's like a teacher demanding sex for good grades. You don't sleep with me, you fail the class. Yes, the pupil could decide to fail instead, but how many would, and how many would give in? There is a very good reason why this kind of abuse of power is punishable.

Re:Accountability?

[Free+the+Cowards]

Thus why the intent is so important. If the prosecutor or plaintiff can prove deliberate intent to force the employees into this position then the people in question should be held responsible. But if they were just fools, they should not be. You seem to think that the simple fact of putting their employees in an impossible position is enough to prove intent, but I think that underestimates the power of stupidity.

Re:Accountability?

[Opportunist]

In my economy books (the ones that deal with free market and such), payment should reflect scarcity, quality and risk of work. If you have a high risk job that only a handful of people can do, and it has to be done well or people die, you should be paid handsomly. Now, while I know that's not the case all the time, I do think it should be true. Managers tend to get really insane amounts of money, and that money should be justified somehow. Asking that they know their job, that they can do it well and that they have to bear the risk of not doing it well, is asking the bare minimum, IMO.

Shocking!

[neokushan]

I was shocked when I read TFA and found that it didn't easily summarise as "I spent ages hacking the system, then got bored because there was nothing worth watching".

Re:Shocking!

[thalassinos]

You probably meant it as a joke, but the most important thing that motivates a true geek itâ(TM)s the challenge (and the bragging rights). /n Most of us do not do it for the money, we do it because (a) we have an innate curiosity, (b) we want to be in control of our machines and (c) because itâ(TM)s there. For example, more than a decade ago I was obsessed with cracking a local broadcasterâ(TM)s encrypted TV signal. They used a (now seriously obsolete) analog irdeto scheme. It took me almost a month and I had to start learning about excrypted analog transmissions from scratch. The net had precious little information on the subject and most of it was obsolete. Funnily enough, cracking/decoding the sound was more difficult than decoding the video. I watched the decrypted signal for maybe a full day, gloated for my accomplishment to a couple of like-minded friends, and then packed everything up and put it on storage. I still have that irdeto decoder somewhere. Last Xmas, I set up a cardserver at my house. I share my Pay TV card through my home network. I use my Debian server at the basement and a 20 Euro card reader. I do not do anything illegal --- I pay for the card and I watch the decrypted TV only in my residence. I can share my card through the internet with friends and family but I _will_not_do_it_. I simply do not care to save a buck, I am rich enough to pay the subscription price, but I am NOT going to pay their extra 9 Euro per month for the right to use a second decoder because I consider it extorion. I like my Dreambox 7025 (Linux/MIPS processor) and my Dreambox 500 (Linux/PowerPC) (See http://en.wikipedia.org/wiki/Dreambox) and I will not accept my providers closed source decoder which they can brick remotely or the fact that they expect that the decoder that I have paid will be bricked if I cancel my subscription. Why the above setup? I want to be able watch TV to ALL rooms of my house without having to lug the decoder from room to room or paying extra (extortion money) for a second decoder. Plus I run a Bittorrent client inside my Sat TV decoder. Plus I stream video through VLC from my PCs to my TV. The kicker? I simply do not watch TV (with the exception of Battlestar Galactica); I average maybe 70-90 minutes per week. During my early twenties I spend almost 4½ years without watching TV. Why do I pay for TV when I do not watch it? My wife nagged me into it. But I managed to convert something of no value to me to something fun. I started writing and cross compiling software for my dreambox for fun. I have changed the software to exactly suite my needs and quirks. What I am getting at, is that for us geeks, accomplishing something that few others can, and satisfying our inane curiosity, is a much stronger motivation than watching the Sunday game for free. Give us a box and tell us that we cannot run Linux on it and you have just made our day.

Re:Shocking!

[thalassinos]

I am sorry for the formatting nightmare of my previous post. I clicked on [Submit] instead of [Preview]. The persons responsible for this have been executed.

The Video Shows the Holy Grail of Sat Hacking

I spent years hacking satellite television, from the early days, the glory days of the H and HU cards and then left the scene when DTV killed with the P4 card and lawsuits. I've written my own 3Ms and emulators. What Chris has done in this video really is the ultimate holy grail of smart card hacking. The security layer he is referring to, at least on NDS cards, is sort of a sticky layer that when you attempt to pull off the coating to access the bus, it simply rips up many of the thin wires on the chip and you're SOL. This is enough to discourage casual hackers and those without good resources. It also, as he mentions late in the video, eliminates the need for using "glitching", which was accomplished using a specially programmed Atmel chip and some software, to attempt to oscillate the voltage in such a manner that allows you to read/write to the card without having a properly signed packet. Dumping ROMs is exceptionally difficult to do, even with the thoroughly hacked HU cards, and he can just casually do it with his setup. Makes me think he could also dump the ASIC, something even in the heyday of DTV hacking, was never accomplished. This would eliminate the need for an access card at all- once you've dumped the ROMs, got a valid EEPROM, all you need to do is emulate the ASIC and opcodes for the processor (which on the HU card was a Texas Instruments TMS370 chip with a modified instruction set).

Re:The Video Shows the Holy Grail of Sat Hacking

[liquidf]

don't forget about the flux capacitor, you insensitive clod!

Re:The Video Shows the Holy Grail of Sat Hacking

[Dun+Malg]

Makes me think he could also dump the ASIC, something even in the heyday of DTV hacking, was never accomplished. You can't dump an ASIC--- that's the very reason they exist in this application. It's not code, it's an Application Specific Integrated Circuit. It's essentially an unknown array of logic gates. The best you can do it try to reverse engineer it, and short of an electron microscope, you probably couldn't.

Re:The Video Shows the Holy Grail of Sat Hacking

[TubeSteak]

The best you can do it try to reverse engineer it, and short of an electron microscope, you probably couldn't. This guy is hacking smart cards with a hood, some off the shelf chemicals, a very precise scratching tool and a pile of computer & electronics gear.

Now realize that one of these days, resources like electron microscopes will be within the grasp of entities that are not a Government, University, or Corporation. It only takes one rich misanthrope...

Re:The Video Shows the Holy Grail of Sat Hacking

[Forbman]

I forget the company, but at the OMSI (Oregon Museum of Science & Industry), they had a table top electron microscope there 3 or 4 months ago. It's a Netherlands company that makes it. I wish I remembered more about it, but the pricing on it was probably in the $10-50K region for the one they had there.

Kind of "google earth" in reverse was its software interface for looking at stuff. Slicker than snot.

Re:The Video Shows the Holy Grail of Sat Hacking

The ASIC could be 'logic probed' in the same way the ATMEL 2313 was with the lock bits set on the WT2, and the creation of the SU/SU2, once completed, an emulator coded.

Re:The Video Shows the Holy Grail of Sat Hacking

Why don't you come back and help again, http://dvbn.happysat.org/ drop by the linux section. We could always use more coders. We like to use DVB cards to record directly to HDD in full mpeg2 or mpeg4 TS.

Re:The Video Shows the Holy Grail of Sat Hacking

I think the people hacking dishnetwork right now can prove you wrong. Is fun watching how they come out with the fix by just looking at the communication between the card and the IRD, then they emulate those logic gates(MAPS).

Re:The Video Shows the Holy Grail of Sat Hacking

[hairykrishna]

One of these days' has been here for a while. Buy one 2nd hand, 6 grand: http://www.labx.com/v2/adsearch/detail3.cfm?adnumb=356848 That one's possibly broken but you can get a fully functional one for ~20 grand, second hand, these days.

Re:The Video Shows the Holy Grail of Sat Hacking

a Netherlands company Dutch is the word you are looking for; a Dutch company. The word Dutch has noting to do with Germans by the way.

Re:The Video Shows the Holy Grail of Sat Hacking

[Dun+Malg]

I think the people hacking dishnetwork right now can prove you wrong. Is fun watching how they come out with the fix by just looking at the communication between the card and the IRD, then they emulate those logic gates(MAPS). None of the Nagra or Nagra2 cards used by Dish contain an ASIC. My assertion stands.

Re:The Video Shows the Holy Grail of Sat Hacking

[Dun+Malg]

The ASIC could be 'logic probed' in the same way the ATMEL 2313 was with the lock bits set on the WT2, and the creation of the SU/SU2, once completed, an emulator coded. Nope. The fab process for the Atmel 2313 lends itself to logic probing. The way they make ASICs does not. They use multiple interconnect layers to arbitrarily link a fixed grid of logic gates. You can't reach any of the interconnect layers but the "top" one, and removing that layer to reach the underlying layers disconnects part of the logic you're trying to probe.

Re:The Video Shows the Holy Grail of Sat Hacking

[Crazy+Brian]

And if a guy DID have an electron microscope...where would he go to learn more about reverse engineering the ASIC? (And the GF keeps telling me that buying an old electron microscope was stupid)

Some lawyer - what's the theory on airwaves?

Can someone give a brief summary as to why it is NOT ok to use radio waves permeating my property however I see fit? (Even if that means decrypting commercial programing?)

Re:Some lawyer - what's the theory on airwaves?

[NotQuiteReal]

Heh, I would use a scientific argument...

Well, your honor, I thought I was working on a SETI project, you know, searching for ET. Damn if I didn't discover it was just HBO, not aliens, after all.

Re:Some lawyer - what's the theory on airwaves?

[jeiler]

'Cause it's piracy, matey. Signed, L. J. Silver, Esq.

Re:Some lawyer - what's the theory on airwaves?

[westlake]

Can someone give a brief summary as to why it is NOT ok to use radio waves permeating my property however I see fit? Even if that means decrypting commercial programing?

The law defines where your rights end and others begin.

The content is protected. You can use the energy of the carrier wave for any purpose you damn well please.

What an arrogant douchebag

[Serapth]

I mean...

Since NDS fired him he's been consulting for two semiconductor companies and a manufacturer of dongle tokens, but he misses his life in electronic warfare. If NDS doesn't want him, he says he'd be happy to work for Nagrastar -- jumping sides once again. "I could design a whole entire chip for them like I did for NDS," he says. "NDS thinks today that their technology is superior to everybody else's and it probably is, because they're 17 years ahead of Nagra technologically. But Nagra could catch up overnight if they used my services. "I'm a very valuable asset as far as smart-card technology goes," he adds. "I know everything about (NDS) as far as their intellectual property models go."

Then again, its Wired magazine. They exist purely to create arrogant douchebags, dont they?

Re:What an arrogant douchebag

[jeiler]

Is it actually arrogance if he's that good?

Re:What an arrogant douchebag

[sporkme]

He's already cleared a major legal inquisition, and he considers himself untouchable in the short term, and he is. This is not an application to Nagra, who hould never hire him. This is an application to everyone else. If I had interest in his special skills, I would contract him as a "consultant."

I would also contract an expert in the field of security threat mitigation, and have Bruce Willis detained. /US Govt

Re:What an arrogant douchebag

[sporkme]

It is actually arrogance, and he is that good, and he wants a new benefactor. He does not intend for the benefactor to be either of these companies. Again... he is arrogant, but to me it looks like he has earned it.

Re:What an arrogant douchebag

[Just+because+I'm+an]

"It ain't bragging if you can back it up" - Dizzy Dean

Re:What an arrogant douchebag

Do you have any clue what you are talking about? No, the stfu.
Nagrastar's technology is easily hackable these days, even by somewhat savy consumers. This isn't soldering 101, it's download, savefile, transfer file to device, bing, bang boom.
NDS's tech apparently hasn't been hacked because it's on an order of a 100 times more complex. It's Nagrastar's fault (kinda) for continuing to use such old tech. Because Tarnovsky is so involved in the tech, he alone could help them catch up.
But that isn't the problem. Nagrastar (aka Dish) doesn't want to have to pay for a costly upgrade to their technology. They are trying to sue NDS/DirectTV to hopefully recoup money to pay for this upgrade.
So, Tarnovsky is correct, but he's probably not needed. What is needed is free money.

$1500 Fine

[Evets]

Wait a minute here. Wasn't DirecTV trying to get people to settle for upwards of $3K for stealing signals, and suing them for absurd amounts over 6 figures.

Is the end result of all that litigation a $1500 fine? Or is this somehow different?

Tarnovsky would analyze the code ...

for(i=0, inumCountermeasures, i++)
  decompile()
  analyze()
  deployreverseattack()

Elegant, yet simple!

Re:Tarnovsky would analyze the code ...

[sporkme]

1) (^script)
2) itsatrap =>(be Christopher Tarnovsky) + (publicity)
3) ??? = (Christopher Tarnovsky's plan)
4) Profit

/he has figured out "???"
/else go fail

Those are techniques used in failure analysis

[ciscoguy01]

The techniques Tarnovski used to burn the top off with acid is failure analysis stuff.
I knew a guy who worked at a chip manufacturer and that's what he did. Failure analysis.
Burn the top of the chip off with what he called "formic acid" (I think, this was over 20 years ago) which "didn't hurt the chip".
They would then look at it under a microscope and try to determine what had failed.
The second microscope Tarnovsky was using looked to be a wire bonder.
It welds wires on by hand, with a pantograph type positioner.
So you can connect the chip to the leads, for example in the package, common for eproms. You can see the little leads in the window of older eproms.
But hackers can also use those to reconnect the last link of a programmable chip like a PAL that has had the security fuses blown after programming. Then you can just read the program out of the chip. OOPS, there goes that programmable security.
I had a chance to get one of those once, but it was a big one. Too big for me.
The little tabletop one in the video would be neat. I would grab one of those if it ever presented itself.
Tarnovski used that wire bonder to grab the signals off the chip internally, where they are actually running.
Those smartcards are likely a serial device, but if you can get back to where the data bus is parallel maybe that is before the inherent security.
The guy is obviously good. Wonder if he has a college degree?

Re:Those are techniques used in failure analysis

Nope he doesn't have a college degree, self taught

uh, this is a PR fluff piece

There's nothing unusual, given sufficiently powerful microscopes and positioners (and that is really the only reason why thousands of people aren't doing this already - any satellite TV hacker knows the process), about being able to attach a probe to the inside of a chip to read from it in vivo.

What makes this guy unique is a complete lack of loyalty - he works for the highest bidder, and even then is ready to stab them in the back when his contract is complete. He's analogous to a lawyer- knowing that both sides are equally corrupt, he can take advantage by selling his services to both sides, so that no-one ends up any better off at the end. Except Tarnovsky.

The one application-specific challenge here is removing the "security layer" without ripping apart the layer underneath. But given that this guy's outstanding skill appears to be social engineering, I'd say it's more likely he had access to insiders who developed the chips and could advise him on what they used in failure analysis.

The only moral of the story here is that an arrogant, ethics-free mercenary with access to any tool he pleases is given way too much admiration in the twenty first century.

Re:uh, this is a PR fluff piece

[Arimus]

The only moral of the story here is that an arrogant, ethics-free mercenary with access to any tool he pleases is given way too much admiration in the twenty first century.

Just like a lawyer or a politician then (though in the case of the Which Blair Project he meets both lawyer and politician requirements, and depending on your politicial views probably ethics free, and certainly arrogant.

Re:uh, this is a PR fluff piece

[justinlee37]

The only moral of the story here is that an arrogant, ethics-free mercenary with access to any tool he pleases is given way too much admiration in the twenty first century.

Says who? You? You're just a pompous, self-righteous, moralist dickweed. Don't impose your anachronistic opinions on the rest of us. We don't agree with you.

Re:uh, this is a PR fluff piece

Says who? You? You're just a pompous, self-righteous, moralist dickweed. Don't impose your anachronistic opinions on the rest of us. We don't agree with you. Easy, tiger, no-one was imposing their opinions on you; though it's precisely what you've done in writing "rest of us/we" for "me/I".

Now, if you have no problem working with a community, then be paid by one organisation to use the information obtained from that community to break their work, while using a contact in another organisation to harm that other organisation, and then when you're done offer yourself to work against the initial organisation, then I hope you are never given a position of substantial responsibility - or, hell, even find a partner, when your moral code will allow you to walk away without remorse the moment you find something "better".

On the other hand, your angrily labelling me "pompous, self-righteous, moralist" sounds to me like an attempt to repress your feelings of guilt at your unscrupulous lifestyle - so there may be hope for you.

And even though I'm atheist, I wanted to type that as "the Lord has not given up on you yet" just to watch you get that little bit more wound up, but then you'd write off a sense of morality (something you already consider reserved for "dickweeds") to religious fervor.

Re:uh, this is a PR fluff piece

[justinlee37]

You imposed your opinions on the entirety of humanity when you stated in absolutist terms that nihilists are given "way too much admiration in the 20th century." I was actually less imposing by identifying myself with a group of like-minded people ("we") instead of just stating opinions as self-evident fact.

"An attempt to repress your feelings of guilt ..." man, your smugness never ends, does it? That armchair pop-psychology just shows that you really, really want to get under my skin and you'll grasp at straws to do it.

I think the only part you've gotten right here is that you should be afraid -- very, very afraid. The tide of modernism is eroding everything you hold dear.

Re:uh, this is a PR fluff piece

[justinlee37]

P.S. Everyone should walk away from their partner when they find something "better." Let's say I marry someone, and they turn out to be physically abusive ... should I stay with them out of blind commitment?

What you fail to realize is that most people walk away when they find something "better" -- some people are just more aware of the fact that a healthy relationship is something you cultivate over time, and that the hot blonde strutting down the street is probably not "better" than your 5-year marriage, even if she's prettier than your spouse (or richer, or got better SAT scores, or whatever tickles your fancy).

Re:uh, this is a PR fluff piece

You imposed your opinions on the entirety of humanity when you stated in absolutist terms When you leave (enter?) college you'll probably learn some basic skills on interpreting writing. If someone says "strawberry icecream tastes great" they aren't imposing an opinion on the entirety of humanity by stating in absolutist terms, or whatever you're on about - it's implied that it's an opinion of the writer. On the other hand, when you say "we", you're explicitly referencing some group of people - so the reader must ask "which group?" Obviously you're not just talking about those who agree with you, because then "we" is redundant - you might as well use "I". Without further information, I can only assume you're talking about Slashdot readers. But clearly not everyone reading Slashdot is an immoral mercenary, so I can't go further than concluding you're arrogantly assuming otherwise, and call you on it.

that nihilists are given "way too much admiration in the 20th century." 21st. Remember to use quote marks only when you're quoting people, not when you're rephrasing. It can be especially embarrassing when you get the message wrong.

That basic lesson in reading comprehension, logic and writing skill out of the way, I'll do my best to search for some new content to your post. You say something about "nihilism" and the "tide of modernism" eroding everything I "hold dear". I guess this is your way of saying "I'm an angry young man who has been betrayed in life and feel that the way forward in the world is to treat others the same - fuck you for disagreeing".

Really, I'm sorry that you feel the need to take such a depressing attitude toward life, but there are some wonderful humans out there, and if you really didn't care you'd be far more apathetic than your two posts suggest. Perhaps, if you're able, take a walk this afternoon, enjoy the breeze, admire the works of man and nature, and be grateful for what you do have and the few who helped you get there.

you really, really want to get under my skin No - I already indicated that I was tempted to do so (hence my aborted tongue-in-cheek comment about the Lord not giving up on you). But I'd prefer to just shake your hand and tell you that you can be happier in life if you feel positive about yourself and your fellow man rather than hating and getting the urge to use and destroy.

Re:uh, this is a PR fluff piece

P.S. Everyone should walk away from their partner when they find something "better." Let's say I marry someone, and they turn out to be physically abusive ... should I stay with them out of blind commitment? Hm, immediate over-simplification of the problem...

What you fail to realize is that most people walk away when they find something "better" ...assumes humans all behave according to some ideal of enlightened self-interest...

prettier than your spouse (or richer, or got better SAT scores, or whatever tickles your fancy). ...and reduce everything to metrics...

Oh OK, I'll do the pop-psychology thing if you insist: I'll put $20 on your being a freshman (sophomore? you're carefully avoiding over-use of jargon while analysing the problem like a fledgling economist) economics student with some sort of social development disorder. As mentioned in previous post, you've probably been betrayed at some point in the past and you find refuge in the cold underbelly of the Internet - you're probably a regular at 4chan or similar.

And I stick by my implication that you put way too much passion in even your three posts I've read so far to come even close to being nihilist.

Re:uh, this is a PR fluff piece

[couchslug]

"The only moral of the story here is that an arrogant, ethics-free mercenary with access to any tool he pleases is given way too much admiration in the twenty first century."

Having that level of ability and the power it gives you would be wonderful, so why not admire it?

As for "mercenary", being one forfeits the usual (illogical) "ideology exemption" for certain conduct.
So what? Why should we buy into that?

Re:uh, this is a PR fluff piece

Having that level of ability and the power it gives you would be wonderful, so why not admire it? If you mean having that number of toys on your workstation would be wonderful, err, if I wanted to go into chip fab I'd have all that equipment and a lot more. If you mean the level of intellectual ability, see OP - the guy's not doing much new: he's just not allowing moral considerations to get in the way of what he perceives as achievement. He's an engineer with the right tools, not a scientist.

Anyway, I don't admire raw ability any more than I admire skin colour - I care only about what people do with the talents they're "given".

Re:uh, this is a PR fluff piece

I've never seen anyone lay a mask in nail polish to selectively etch certain areas with HF. This kids is of genius level.

Do you really think he's going to show you everything he knows? This video/interview was post lawsuit and the chip was the same chip NDS was accused of hacking through use of SEMs

Re:uh, this is a PR fluff piece

I've never seen anyone lay a mask in nail polish to selectively etch certain areas with HF. Read up on photogravure...

Do you really think he's going to show you everything he knows? ...assuming, as you might be hinting, he was even telling the truth about the methods he uses.

Revealing just enough to sound worthwhile while saying almost nothing at all: the essence of PR. Though essentially you're agreeing with me, after the false start of implying that "being able to name a substance used as a mask for etching" implies genius.

Re:uh, this is a PR fluff piece

What part of "most people" means "all humans?"

You just witch you were a smartass.

Re:uh, this is a PR fluff piece

[justinlee37]

Okay, I've gotta hand it to you, that was pretty slick. I've never been to a shrink to get diagnosed with any "social development disorder," but potential candidates might be narcissism or sociopathy. Other than that you won your $20.

Nihilists can have passion, they just have to realize that their passions are products of their biology and that everything that's important to them, including their own lives, is insignificant in the scheme of the universe. Of course, as an agnostic nihilist, I'd have to further qualify that it's probably insignificant.

Anyway, regarding your other reply, you're right, passions moved me to take gross liberties with my knee-jerk comprehension of your statements. Sorry about that.

Don't worry about me though, I'm genuinely happy and have meaningful friendships. Try not to forget about our race's centuries-long history of tribalism and feudalism ... preying on some while nurturing others isn't an incompatible set of behaviors.

Re:uh, this is a PR fluff piece

[justinlee37]

P.S. in hindsight, I'll never know if you're really a talented shrink, or just a moderately good private eye. P.P.S. psychology is my minor.

Re:uh, this is a PR fluff piece

This guy is incredible. He broke through the top metal making a hole and showed us traffic on the bus.

Watch the video again.

photogravure has nothing to do with HF.

No one has ever used nailpolish to wet-etch glass. I always thought HF would destroy the object under test?

Tarnovsky == Flylogic

[kju]

Christopher Tarnovsky, the guy portrayed in the article, IS Flylogic. Yes, this is slashdot and nobody reads the article, but it even links to flylogic.net.

Just a correction

[tonijcosta]

"to fix cards that were killed by ECMs"

The cards are not attacked by ECM's but by the EMM's . The ECM's just contain the operational keys to open the stream on the fly.

http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci331380,00.html

Re:Just a correction

I believe the ECM used here is different from the one used in that article. Here ECM is Electronic Counter Measures. Specifically, he is referring to the signals sent out that are designed to scramble the key material in pirated cards, or otherwise disable pirated access cards.

Re:Just a correction

The NDS term is, and always has been, DDT (dirty digital tricks). Anyone who doesn't know that probably has very few connections...

Re:Just a correction

In the hacker terminology, ECM means Electronic Counter Measure and not Entitlement Control Message

Fuck this asshole

The idiot uses Windows. How stupid is this guy? Didn't he know that what he was doing was wrong? Fuck him.

Glass.

Re:Fuck this asshole

He runs Linux too idiot boy.

Someday DRM will be so good...

[ibsteve2u]

Someday DRM will be so good that anybody with sufficent access and/or power and the motivation will be able to embed code that you can't read and analyze on the games and dvds that you buy in order to do whatever they want to on your electronic systems...

Re: Chuck Peddle

[Douglas+Goodall]

Oh Yea... Chuck is the one who decided that the assembler and linker shouldn't be distributed with CP/M because users don't need to write programs. Luckily Apple doesn't agree and they do distribute the software development with the operating system. Of course now days Microsoft gives away development software too. Too bad I lost my taste for Windows development before the software was free. I paid for thousands of dollars of buggy Windows compilers before I saw the light.

Re:The first smart card, I think

[Douglas+Goodall]

Thirty years ago I designed the hardware and wrote the software for the first smart card. It was a card for a Savin copier that contained the number of authorized copies an individual could make. I guess I am just too simple minded. It never occurred to me to play both sides on that game. Although there probably wasn't much market for pirate copy cards. It was an interesting project though with an 8085 based controller and the first bit looping hardware I had heard of. The fun part was learning no normalize the loop if the card got pulled unexpectedly.

Re: Depending on who he works for...

[Douglas+Goodall]

I guess he should be careful though that he doesn't work for someone who is happy to knock him off after he does the work so he doesn't turn on them later. I am sure there are organized crime and government agencies that wouldn't have any more problem sanctioning him than he has breaking people's security measures. He needs to be careful that he is not worth more money dead than alive :-)

Re: Chuck Peddle

[lightversusdark]

I didn't know this.
This absolutely invalidates all other viewpoints he may have had about any topic whatsoever.