DirecTV's Secret War On Hackers
from the not-as-think-as-you-dumb-we-were dept.
"Allow me to give you some background.
"One of the original smart cards, entitled 'H' cards for Hughes, had design flaws which were discovered by the hacking community. These flaws enabled the extremely bright hacking community to reverse engineer their design, and to create smart card writers. The writers enabled the hackers to read and write to the smart card, and allowed them to change their subscription model to receive all the channels. Since the technology of satellite television is broadcast only, meaning you cannot send information TO the satellite, the system requires a phone line to communicate with DirecTV. The hackers could re-write their smart cards and receive all the channels, and unplug their phone lines leaving no way for DirecTV to track the abuse. DirecTV had built a mechanism into their system that allowed the updating of these smart cards through the satellite stream. Every receiver was designed to 'apply' these updates when it received them to the cards. DirecTV applied updates that looked for hacked cards, and then attempted to destroy the cards by writing updates that disabled them. The hacking community replied with yet another piece of hardware, an 'unlooper,' that repaired the damage. The hacker community then designed software that trojanized the card, and removed the capability of the receivers to update the card. DirecTV could only send updates to the cards, and then require the updates be present in order to receive video. Each month or so, DirecTV would send an update. 10 or 15 minutes later, the hacking community would update the software to work around the latest fixes. This was the status quo for almost two years. 'H' cards regularly sold on eBay for over $400.00. It was apparent that DirecTV had lost this battle, relegating DirecTV to hunting down Web sites that discussed their product and using their legal team to sue and intimidate them into submission.
"Four months ago, however, DirecTV began sending several updates at a time, breaking their pattern. While the hacking community was able to bypass these batches, they did not understand the reasoning behind them. Never before had DirecTV sent 4 and 5 updates at a time, yet alone send these batches every week. Many postulated they were simply trying to annoy the community into submission. The updates contained useless pieces of computer code that were then required to be present on the card in order to receive the transmission. The hacking community accommodated this in their software, applying these updates in their hacking software. Not until the final batch of updates were sent through the stream did the hacking community understand DirecTV. Like a final piece of a puzzle allowing the entire picture, the final updates made all the useless bits of computer code join into a dynamic program, existing on the card itself. This dynamic program changed the entire way the older technology worked. In a masterful, planned, and orchestrated manner, DirecTV had updated the old and ailing technology. The hacking community responded, but cautiously, understanding that this new ability for DirecTV to apply more advanced logic in the receiver was a dangerous new weapon. It was still possible to bypass the protections and receive the programming, but DirecTV had not pulled the trigger of this new weapon.
"Last Sunday night, at 8:30 pm est, DirecTV fired their new gun. One week before the Super Bowl, DirecTV launched a series of attacks against the hackers of their product. DirecTV sent programmatic code in the stream, using their new dynamic code ally, that hunted down hacked smart cards and destroyed them. The IRC DirecTV channels overflowed with thousands of people who had lost the ability to watch their stolen TV. The hacking community by and large lost not only their ability to watch TV, but the cards themselves were likely permanently destroyed. Some estimate that in one evening, 100,000 smart cards were destroyed, removing 98% of the hacking communities' ability to steal their signal. To add a little pizzazz to the operation, DirecTV personally "signed" the anti-hacker attack. The first 8 computer bytes of all hacked cards were rewritten to read "GAME OVER".
"For more information, visit http://www.hackhu.com."
Re:finally (Score:3)
but stealing tv is wrong
I am so sick of this attitude! It is not "stealing TV". When you steal something, the person that you stole it from no longer possesses it. An example of stealing TV would be smashing a shop window, grabbing a television set under your arm, and running. This is by no means the same thing.
DirecTV are broadcasting their signal over satellite. Whether you pay for their service or not, it gets beamed into your property. If you have a dish, you will pick up the signal. If you happen to have the means of decoding this signal, you can watch their TV shows. How is this stealing? This is no more stealing that watching the Superbowl at a friend's place because he has DirecTV and you don't. Are you "stealing TV is wrong" advocates suggesting that DirecTV should send agents round to their subscribers houses to issue them with an extra pay-per-view bill for any of their friends who happen to be parked on the couch with a bag of doritos watching the game?
No, this is an outrageous abuse. If DirecTV don't have a business model which can earn them a profit as they beam their signal into EVERYONE'S airspace, then they shouldn't be in business, end of story. Or, as they would say, "game over".
not stealing (Score:3)
Please consider this for a moment: Hughes is bombarding us with their electromagnetic emissions... why shouldn't we be allowed to receive and decrypt them?
I really don't see how this is much different than DeCSS, which seems to enjoy the support of the Slashdot community.
So... stealing motion picture studios' work is OK, but it's wrong to intercept and decrypt electromagnetic signals broadcast through the air? Signals that are being absorbed by our bodies, with still unknown effects.
I'll buy the idea that people shouldn't 'steal' DirecTV's signal when DirecTV allows me a way to opt out of being hit with their sattelite beams. (Please don't suggest that I wear a tinfoil hat. ;)
LASTLY, I haven't seen any mention of how these counter measures have affected paying customers. I know several legit DirecTV subscribers who had their cards stop working after Black Sunday. How does anyone feel about that?
Is it OK for DirecTV to inconvenience paying customers in the course of their battle with the hackers? How many 'civilian casualties' will be tolerated? And is DirecTV going to be giving these people refunds? Probably... if they spend an hour or two on the phone. The customer's time isn't important anyways, right? As long as they're paying their bill...
NorthSat and DTV (Score:4)
Well, That may not be how it actually went down.
In October the guy who ran Northsat in Canada got raided. There was a consent decreee, and as part of his plea bargain he agreed to act as a consultant to DirecTV.
Although DTV had already been busy implementing the dynamic code, many old timers claim that they see dean's hand in the 4 (that's right 4, not one) ECM's that came down starting last sunday.
So it would seem that the legal system allowed DTV to force a hacker to destroy part of his own creation. Not a clear cut case of DTV defeating pirates with their own engineers. Guess he shouldn't have have a bunch drugs and cash in his house when they raided him hehe.
http://www.legal-rights.org/northsat.html
http://www.legal-rights.org/newspapers/northsat
Agree - Re:It's not wrong to figure it out... (Score:5)
In fact since most of us DONT get DirectTV and are STILL constantly bathed in its RF emissions Hughes is in the wrong, if anyone is. Mind you, I don't have a problem with them sending the bits to their own subscribers. The fact they they chose a CHEAPER method of distribution to increase their own profits opens them up to this.
Anything being broadcast non-interactively(not two-way like say, a cordless phone), whether tv, radio, or otherwise, is like air as far as I'm concerned. i.e. Not any company's but the peoples.
If the company doesn't like that, make their own customers use over priced less effective measures, like cable, spread spectrum, or other methods.
If the cost of that makes it unprofitable, so be it. The Constitution (Sorry, US centric) gives the right to the PURSUIT of happiness, not the right to it. THere is a difference. Similarly, Hughes can try to make money by giving a service worth paying for. They're not entitled to just because they spent a lot of money.
Think about it. If I fire radiation at your home 24/7 without you asking for it (paying subscribing whatever, and that IS what radio/broadcast energy is) you should have the ability to do whatever you want with it.
They are NOT STEALING. Stealing implies taking something away from someone else. As in they no longer have an object they previously did. These peeople went out and bought their own satellites, smartcards and gizmos. They can fdo anything they want with them.
Xerox did not have to pay all the scribes who were put out of work by copiers, nor did the guy who came up with carbon paper. Just because you used to be able to make money doing something once does not mean you are entitled to keep making money off it forever.
Oooo. (Score:5)
Riiiiiiight....
Re:Stealing? No. (Score:5)
You wouldn't care if I set up a listening post to hear any wireless stuff going on in your house, right? You probably don't care about Echelon and various Internet-based listening posts monitoring your e-mail and where you surf, right?
After all, you are sending your data out over shared space, and if I feel like manipulating it *however I want*, that should be my right.
It's not whether you win or lose... (Score:3)
Nice! Enthralling, Well-written, Engaging Story (Score:5)
Congratualations on a well-written, engaging news story. Clear, concise, interesting with thrilling narrative, factually informative. This entry is a model for all good Slashdot entries.
Thanks.
Re:"Hackers"? (Score:3)
As others have pointed out Hughes is sending the signal to hackers. In fact, they want to send it to nearly everyone, ideally. Furthermore they're sending it as a broadcast radio signal, and that's a public resource.
If you proceed with your logic, you imply that it would be illegal to read billboards on the side of the road (ideally for this argument in the state-owned right of way) if the whim of the owner was that you weren't allowed.
Just as there is a right to free speech, there MUST be in order to actually have such a right function, an equally absolute right to listen. Otherwise you're supporting the opinion that you have a right to free speech, but if the government finds it inconvenient, people who listen can be arrested. (despite the speaker going free) This is a nonsensical propisition you're making, I think we'll all agree.
If a communication is privileged or there is an expectation of privacy (e.g. whispering, talking in a way that cannot reasonably be intercepted outside your home, lawyer-client discussions) I can see making that a minor crime. Generally one that's worse for the government (e.g. tapping w/o a warrant) than individuals.
But sending data across a public medium to virtually the entire continent does not strike me as private. Even the Internet is not private - it's a network of other, smaller networks, and it's hardly possible to believe that communications across it are automatically private. Certainly the most esteemed privacy/encryption experts on the net don't think so.
Once someone recieves such a stream - particularly if it was sent so that they, their neighbors and their countrymen could recieve it - I don't see how it's Hughes' business what's done with it. If they wish to prevent people from seeing it, the best way is to not send it to them at all. The second best way is to heavily encrypt it, but encryption is not a guarantee. It also means that Hughes' business is not TV but decryption software. If someone manages to put out an RE'd version w/o infringing on patents, then that's their right too. We rely on that right to have microcomputers that aren't all sold by IBM.
And furthermore, in Canada, which is what we're discussing, the people there explicitly DO have the right to watch broadcast signals. There's just no two ways about it there. If the law in Pottsylvania were that TV broadcasters had to give out free TV sets to people in order to have a license to broadcast then Hughes would have to either stop broadcasting to them, or start handing out the sets; it doesn't matter if the law is different than US law, sovereign states have the right to have different laws.
This story is very incomplete.... (Score:5)
Re:finally (Score:3)
But taking DirecTV's own receiver, only made for the purpose of viewing their service by subscription, and then modifying it for free service is theft, plain and simple. By your standard, there should only be free broadcast service (over-the-air commecial TV), because anything else is and should be open for the taking to anyone who can hack a receiver or get their hands on a modded card.
If that's the case, forget pay-per-view (what - life without Wrestlemania?), forget all the premium commercial-free services like HBO - and forget pretty much any reception at all anywhere other than in and near urban areas.
There's a big difference between fair use and theft of service. I should be able to record off my DTV, time-shift as I like with my VCR or Tivo, and not rely on analog streams to do so if everything I have is digital. But there's nothing inherently wrong with paying to get that signal into my house to begin with, so long as I can re-use what I paid for. A different point entirely.
- -Josh Turiel
You know, I think I'm with DirecTV on this (Score:5)
On the other side, you have a company that sells a dish and programming, at pretty reasonable prices compared to cable rates, and wants to get paid for their goods.
Given that's it's at an interesting intellectual game at best to figure out how to hack a DTV smart card system, and theft of service at worst, it just appears that DirecTV has figured out how to win the cat and mouse game once and for all. Good for them. If DirecTV was the only form of television service available (ie., a monopoly), I'd look on theft of service a little more tolerantly, but there's all sorts of TV alternatives out there - broadcast, cable, and other satelite providers.
This is different from, say, the i-Opener hack because the i-Opener hack was fundamentally about hardware. Buying the box did not incur an obligation to use the service (due to a mistake on Netpliance's part), and the hack didn't allow you to steal their service - it allowed you to re-purpose the hardware. That would be like hacking a DirecTV box to work with Dish Network instead. A cool, "because it's there" hack.
So if DirecTV won the war, more power to them. There may be a fine line between hacking and theft at times, but hacking a DTV smart card for free service is definitely on the wrong side of that line.
Besides, stuff like descramblers and smartcards are usually what spammers are filling my emailbox with, and I hate spammers!
- -Josh Turiel
Re:Three Cheers for Hughes! (Score:3)
I have zero respect for these pirates. They could be applying their skills to the next piece of free software, while instead they're just trying to get free TV. What a waste.
Nice to see, for a change (Score:5)
Say what you may about the real and supposed sins of DirecTV and its crackers, they were fighting the war on its technical merits rather than with hordes of lawyers. That's good stuff. It's nice to see a company with the integrity to defend itself within its market and its product rather than look for protection from above.
--G
If this is true... (Score:5)
[someone should forward this article to the "Beautiful code" guy!]
Three Cheers for Hughes! (Score:5)
Good job, but we're still pissed about HDTV-CP! (Score:4)
Yesterday, we were discussing how we can hack new DirecTV tuners to allow HDTV resolution on analog ports.
Does anyone else appreciate the irony of both events happening in the same week?
Re:For hackers its just a game (Score:3)
Taking out the hackers in only one of Hughes goals with these ECMS. The other was to destroy ALL H-cards, thus forcing their paying customers into upgrading to the HU cards.
But I'm sure they're _real_ sorry for whatever inconvenience they've caused people.
I don't know where you get your information, but they did not destroy all H cards last Sunday. My trusty old Sony SAT-B2 receiver came with an H card, and it still works fine. But I'm a legitimate paying DirecTV customer. Are you sure your friends were really legit?
As soon as I can convince my wife to allow it, I'm gonna upgrade to the Sony SAT-T60 receiver with TiVo -- recording the MPEG streams straight off the satellite is very cool, and I'm dying for that 14-day advance program guide. (I was very annoyed with DirecTV for cutting the guide from 3 days to under 2!) Maybe I'll sell the old Sony receiver after that; the remote codes may conflict with the new Sony, plus the SAT-T60 actually has two DirecTV tuners in it! (But the second one won't work until TiVo gets their act together and updates their software to handle it...)
Re:"Hackers"? (Score:3)
You're not
I don't see this as 'theft' in any way - denying *potential* profits, yes, but not theft.
IMO, Hughes did the Right Thing.
The crackers cracked their signal, so they cracked the crackers cracks. I think that's pretty nifty.
--K
Re:It's not wrong to figure it out... (Score:3)
It's true that DirecTV doesn't have as much money as they otherwise would; but it does not necessarily follow that anything has been stolen from them. Many other events could result in them not getting as much money - an economic slowdown, a competitor with a better product, or even a nasty rumor that their satellites are really being used to track people for the sinister purposes of Major League Baseball. Just the fact that they don't have as much money doesn't make it stealing.
In the normal understanding of a "theft of service", somebody is still out of some physical quantity that they would otherwise have charged for and that they do not just hand out to all and sundry. Theft of cable TV service, for example (and according to the TV industry at least) steals from your neighbors by degrading their picture quality (a measurable, quantifiable thing). Spam is a theft of network resources and hardware resources on a mail server that your ISP charges you to maintain. Trojans or worms are thefts of service in almost the same way, by consuming network bandwidth and host processing power which somebody paid for and somebody else is getting charged for.
But receiving unauthorized satellite broadcasts doesn't deprive anyone of something they are being charged for. Your neighbor's signal is not any more degraded, DirecTV doesn't have to spend any more money than they would have otherwise to achieve national coverage, and the producers of the TV content are already getting paid by DirecTV under terms that were mutually agreeable to both of them. From all of these people's perspective, things are just the same as if you didn't have a DirecTV at all.
This doesn't mean that I disapprove of Hughes' actions in this case - I think they are entirely within their rights to police their hardware under any means that are permissible under the contracts they have with DirecTV subscribers, assuming that they have such contracts (although I don't think they have the right to modify the customer's lawfully purchased software or hardware without the customer's permission in the absence of a contract allowing it). I just don't think Hughes should be surprised when other individuals make use of the bits that DirecTV is flinging around so profligately, considering that those bits would just "go to waste" anyway.
I have to add, though, that it's nice to see a company whose initial response was not "send in the lawyers". Duking it out hacker a hacker is the way to go on this, and so much more entertaining for the rest of us without DirecTV or the inclination to hack one.
Re:It's not wrong to figure it out... (Score:5)
I'm curious as to how this is really a theft of service. When that term is applied to spam, for instance, the theft occurs when spammers use up the bandwidth of their relays and the time and hardware of the targeted ISPs. In that case you can point to the extra costs that were required based on the actions of the thieves.
However, this satellite broadcast is streaming through all of us all the time. Does just possessing the knowledge to decode these ambient bits somehow make a person a thief? I'll agree that it's unfair to the legit DirecTV subscribers to have to pay for a service that some are getting for free, but I don't agree that decoding bits that are normally present in the environment is theft.
Re:If this is true... (Score:3)
Re:"Hackers"? (Score:4)
You have no right to make a profit.
Nobody can steal that which you have given them for free.
Just because you came up with some "clever" business model that involves charging people money for services, that does not entitle you to compensation from people who figure out how to provide this service for themselves.
I am deeply disturbed to see this bullshit perpetuated by someone outside the US. Previously, I had been operating on the assumption (obviously false) that "the right of a business to make money" was confined to the US.
Once again, for the slow ones: you do not have a right to make a profit, no matter how clever you may think you are, and no matter how long you've been making a profit in the past. If someone out there catches on to your scheme and bypasses it, you lose.
(With all that said, I have to applaud the hackers who work for DirecTV. Unlike certain other industries, they didn't resort to dirty tricks or underhanded legislation -- they simply used what they had, and ingeniously too. I'm not ranting against DirecTV here -- I'm ranting against all those who thought that the H-card hackers were "stealing".)
"Hackers"? (Score:5)
Actually, I *can* do most of those things perfectl (Score:3)
YES.
1) yes. Actually, I am 100% allowed by law, in Canada, to listen to your analog cellular calls. Cellphone companies tried to change this, but the crtc was firm: you have no reasonable expectation of privacy by transmitting on public airwaves using standard modulation.
Now.. with Digital phones, and specifically, with Encryption this changes. Under Canadian law, encryption wrapping the conversation indicates that you have a reasonable expectation of privacy, and someone violating that woudl be violating your rights.
Note that the only reason it's protected is because it is encrypted AND because it is a conversation. Satellite broadcast is not the same thing.
Taking photographs, again. If what I see is visible from somewhere I'm legally allowed to be, I'm allowed to take photographs of it. I can photograph anything that can be seen from somewhere I'm allowed to be, especially a public street or my own property.
And regarding 'shotgun' mikes, it depends. If I can hear the conversation of you yelling at your wife, and I'm simply using the mike to amplify it, then I am within my rights to record it. If I can't hear you at all, and use the mike to snoop on you, then that's illegal, because you have a reasonable expectation of privacy.
Stealing? No. (Score:5)
I respect that they put up the satellite, and started the TV service.. however....
THey are broadcasting signals over PUBLIC airspace, including INTO MY YARD. If I feel like putting up a dish to capture that signal and manipulate it *however I want* within my own property, that should be my absolute right (though the law may not agree). If they don't want me to receive the signal, don't broadcast it into my yard. PERIOD.
THe airwaves are PUBLIC.
Re:Stealing? No. (Score:5)
I firmly believe that if you broadcast something on public airwaves, then you have no right to expect privacy. I *know* when I use my cordless phone that anyone who wants can listen in.
I also know that when I transmit cleartext data over the internet (like this slashdot post), it is going into a network that I have *no control* over, because I don't own it. I *assume* that someone is listening in. If I want nobody to listen to my conversations, I use encryption, hoping that deters them somewhat, though I'm still aware someone could be intercepting it and decrypting it if they are capable.
As for manipulation...
If I'm broadcasting through your network, and you want to sniff my info and manipulate/decrypt it, and there is no standing agreement that you won't ever do this... go right ahead. If you *DO* anything with that information outside your own brain/house.. THEN I'll have a problem with it, but not because you intercepted it.
Re:"Hackers"? (Score:4)
In Canadian law however, it is legal to decrypt a satelite signal provided that it cannot be legally paid for. We cannot legally purchase and pay for the DirecTV stream and thus we are legally and morally entitled to decrypt and watch the DirecTV stream.
So whereas Americans who attempt to decrypt the signal can indeed be considered "crackers", the Canadians that have been victimized by the Canadian government and Hughes are "Hackers". We have done nothing wrong and are being punished for it.
-
DirecTV is very cool about this whole situation. (Score:5)
To show you how cool things have become... The latest trend in DSS is using emulation software on a PC to intercept the signal and then sending it to your reciever. It truly is an innovative solution!
I swear, words like ECMs (Electronic Counter Measures) that literally destroy cards, and Unloopers (thinks that fix "looped" or destroyed cards") really make this feel like some hollywood hacker movie. But it's not. It's for real! Damn, that is just too cool!
-Nick
So the hackers got hacked. (Score:5)
Direct TV sells a service. They make money from
the sale of this service, and they provide the
infrastructure, the broadcast, the hardware, etc.
Then, a bunch of kids decide that they want what
DirectTV has, but not at their terms. So they steal
the service. Yes, they stole it. Hell, they
admit it in the article.
So what does DirectTV do? They beat the hackers at their
own game. They outplay, outsmart, and outfox them.
Bravo. They protected themselves and their market
share in the best way possible. In the end, we
can all appreciate the beauty of this particular hack.
Re:finally (Score:3)
So if they increase thier profits by having more subscribers, you *are* stealing from them, in a very real sense.
Dirk
And so it begins. (Score:3)
Re:So the hackers got hacked. (Score:3)
Re:For hackers its just a game (Score:5)
Recent Law has Changed (Score:5)
This is why the old C-band dishes never had prosecutions for descrambling, or why you could listen in to Cellular Telephone conversations. And this would apply to DirecTV too, except it didn't exist when this law did.
Sometime in the mid 90's, a new Radio Telecommunications Act was passed which banned the eavesdropping on cellular telephones and any other signal entering your property that needed to be decoded. Thus, now the old C-Band hackers had become pirates, and the new DirecTV decoding was illegal.
The question is this - do you have the right to translate signals that are travelling onto your property - signals which you did not request?
The old law said yes. The new one says no.
Poetry in code (Score:3)
Someone said that they're within their rights to "illegally" descramble DirecTV's content, because it's broadcast over public airwaves. True, but then, isn't DirecTV also entitled to broadcast whatever they want? If you just happen to be foolish/1337 enough to be running a hacked card, well, thanks for coming out, better luck next time. DirecTV didn't physically destroy the cards, so I don't think the hackers have any grievance in that respect...
Nicely done, on both sides. I think this deserves an entry into the hacker hall of fame.