The Skeleton in Rupert’s Closet

April 26, 2008

by Debs is Dead

I thought this had been swept under the carpet, but apparently not:

Hacker testifies News Corp unit hired him

SANTA ANA, California (Reuters) – A computer hacker testified on Wednesday that a News Corp (NWSa.N: Quote, Profile, Research) unit hired him to develop pirating software, but denied using it to penetrate the security system of a rival satellite television service.

Christopher Tarnovsky — who said his first payment was $20,000 in cash hidden in electronic devices mailed from Canada — testified in a corporate-spying lawsuit brought against News Corp’s NDS Group (NNDS.O: Quote, Profile, Research) by DISH Network Corp (DISH.O: Quote, Profile, Research).

The trial could result in hundreds of millions of dollars in damage awards.

I know I have posted about this scurvy scandal at MoA previously but since the best account of what happened has disappeared down the black hole of a ‘site under construction interweb error message, I thought I might recap a little.

Firstly for the benefit of our amerikan readers I had better explain that Fox was not Murdoch and News Corp’s first foray into TV broadcasting. As well as holdings in some Oz TV markets which pre-dated Rupert’s massive global expansion, back in the 80’s News Corp (or News Ltd as it was then) invested in Sky TV a satellite pay TV service in england.

Using some of the cutthroat execs that Murdoch and OZ rival and occasional partner Kerry Packer employed to dominate Australian TV, Murdoch’s team quickly ate up their nearest brit rival BSkyB whose english execs had been raised on the weird duality of english TV with the state owned but commercial free BBC and very controlled private regional TV which had commercials but few competitors.

Back in the 80’s and most of the 90’s the pay TV signal carried by a mixture of satellite and ground station transmission, chiefly used analogue signals over the final hop to the consumer. Analogue encryption tends to be not very difficult to crack as News Corp found out when some german hackers got to the bottom of his the VideoCrypt system utilised by BSkyB.

This was quite soon after NewsCorp bought BSkyB and although Murdoch managed to get the use of Ho Lee Fook hack (say it aloud and hear what most brits said when they discovered the existence of this hack) declared illegal in england when used on signals originating in england, that didn’t stop the hacked cards from proliferating.

The major producer of the hacked cards was eventually caught and sentenced to a couple of years low security incarceration. (He escaped and moved to NZ but News Corp hired private detectives to track him and the few hundred grand he had stashed away down. He was eventually arrested in NZ and sent back to england penniless to face a longer sentence in a tougher jail – message to all don’t try and rip off Rupert).

Eventually the Ho Lee Fook hack was replaced by the Omigod hack which was available free to anyone with a decent TV aerial and a PC – no set top box needed.

At some stage News Corp appears to have decided that if you can’t beat em join em. News Corp approached a number of the german hackers who had until then been working for free, the english entrepreneur had grabbed their work off the net and like so many others before and since decided to commoditize work already in the public domain. At least one, Boris Floricic, who travelled under the handle Tron agreed to work for the pricks.

As you can see from the link, signal security was a matter of some contention between the pay TV operators in the late 90’s. Aside from VideoCrypt manufactured by News Corp subsidiary NDS the other major player was a swiss product Nagra which was used by CanalPlus.

There are many many differing accounts of what came next, the first mainstream publication of this saga is credited to the Grauniad:

How codebreakers cracked the secrets of the smart card

The process was complex, time-consuming, and very expensive. This was not about a lone hacker sitting at a computer screen trying to guess passwords. Instead, it was an attempt to split the foundation stone supporting an entire industry – the technology protecting pay TV.

The challenge handed in the autumn of 1997 to a team of scientists working quietly at a laboratory in Haifa, northern Israel, was to crack the encryption technique used to unscramble TV signals delivered to many paying customers through cable and satellite across Europe and the US.

The so-called "smart" or "conditional access" cards used to access Sky, ITV Digital, and other premium channels contain wafer-thin computer chips holding complex codes to make sure viewers see only what they have paid to see.

The Haifa team knew all about this. They worked for NDS, a Murdoch company which had begun life as a start-up firm, News Datacom, in Israel eight years earlier. Rupert Murdoch’s News Corporation had backed the venture in the belief that the coming digital age required a quantum leap in areas such as data security and the encryption of communications. . . "

So Murdoch decided- prolly the no-longer employed Lachlan rather than Rupert himself. (Both Murdoch ‘boys’ appear to be implicated in this and it is worth considering whether that contributed to their separate but similar NewsCorp downfalls)- decided to locate an arm of NDS in Haifa. Apparently because Israel is free of laws barring reverse engineering.

By now Bill Clinton’s oppressive but corporation friendly DMCA (Digital Millennium Copyright Act) was in full swing in amerika, making any work such as this totally illegal. NDS also benefited from the protection of Israel’s state security institutions. One of the first on the payroll at NDS Haifa was Reuven Hazak, who had been deputy head of Israel’s Shin Bet during the notorious Bus 300 incident (when two Palestinian terrorists who hijacked an Israeli bus were killed in custody by a Shin Bet agent).

Other Haifa employees reportedly included a former U.S. Navy intelligence officer named John Norris and a former Scotland Yard commander named Ray Adams. Finally, it hired a former would-be terrorist, Yossi Tsuria, who became chief technical officer of its lab in Israel. Tsuria was part of a radical group of Jewish Israelis in the 1980s that plotted to bomb the Dome of the Rock — a shrine that sits on the Temple Mount in Jerusalem, a holy site for both Jews and Muslims. (ibid) .

These hackers and thugs got together (ever noticed how corporate assholes ruin everything by bringing along the nasties? Drugs was good fun in the 60’s until it became ‘drugs n thugs’ thanks to weak little greedheads who had failed at legit businesses and who then decided to have a crack at something ‘easier’ selling pot or trips).

The original plan, or so they claim, was to make their encryption for digital pay TV ‘uncrackable’. But somehow they ended up reverse engineering the French encryption system used by BSkYB’s major competitor in england, ITV, and CanalPlus, which was Newscorp’s major european competitor. CanalPlus, a wholly owned subsidiary of Vivendi a french corporation was competing with News Corp in new tech publishing. old tech publishing, movie making, video game manufacturing and distribution, virtually the entire areas NewsCorp saw itself in at the start of the 21st Century.

From the Guardian once more:

"But NDS had one important rival, an encryption technology developed in France by the local broadcaster Canal Plus which had been adopted by just about all News Corporation’s rival broadcasters.

The NDS team in Haifa, according to a lawsuit filed in the US district court for the Northern District of California, set out to "sabotage Canal Plus technological security measures engineered into its smart cards."

Breaking the encryption alone would cost up to $5m. The process demanded the use of ultra-expensive electron-scanning microscopes, with the team probing wafer-thin chips no bigger than a thumbnail. Each chip contained up to 50 layers, with each layer in turn carrying up to 1,000 transistors, every one of which had to be pulled apart and analysed.

Unlimited funding

Even with access to the most sophisticated equipment and seemingly unlimited funding, it took the Haifa team six months to unravel a code which was supposed to be impossible to decipher.

From there, according to Canal Plus’s $1bn claim for damages, it was a relatively straightforward matter of releasing the information and then waiting for the world’s counterfeiters to undermine every rival broadcaster using the French encryption system.

In early 1999, the NDS team isolated a piece of the encryption software known as the UserROM, a portion of computer memory on a smart card which controls access to the rest of the digital data. This information was dropped into a downloadable internet file called Secarom.zip, which, according to the Canal Plus claim, was then sent to the Haifa team’s colleagues in California at NDS Americas with instructions that it be published on the internet so that anyone wanting to produce pirate Canal Plus cards could do so.

Canal Plus claims that the file was then transferred to a web operator called Al Menart, who ran a website known as DR7.com, a geekish internet service which promptly published the Canal Plus code for all to see.

By late 1999 the first counterfeit cards had begun to appear and, according to Canal Plus, by September 2000 the Italian market was flooded. Proliferation across Europe was in full swing.

The cards have become commonplace in Britain, with ITV Digital complaining recently that more than 100,000 pirate cards are in circulation here.

Executives at ITV Digital, which has struggled to build a strong base of subscribers and which continues to hemorrhage cash, were apparently appalled recently by comments made by Sky’s chief executive, Tony Ball, during an address to the company’s US investors. "ITV Digital/DTT is completely pirated, a joke. For $7 you can buy a card for all channels," he is reported to have said.

Canal Plus faces the exhaustive process of renewing the technology in the 12 million cards issued worldwide. ITV Digital customers can expect completely new plastic by the end of the year.

Stories at the time claimed that for every legit CanalPlus subscription sold in the european market, 8 hacked cards were sold by crooks.

By 2002 Vivendi was on the verge of corporate collapse and to add insult to injury they were forced to go cap in hand to Rupert Murdoch.

Vivendi never recovered. No longer a major player in new technology, a much restructured Vivendi is still existant courtesy of the french taxpayer.

There are all sorts of irritations and hypocrisies exposed in this story. Murdoch who ruthlessly pursues anyone who ‘gets fresh’ with News Corp I.P. (intellectual property) has greatly benefited from his own corporation’s indulgence in piracy. Israel the recipient of much taxpayer largesse from guilty white folks in europe and amerika has once again been caught harbouring those who commit crimes against Israel’s benefactors (from Meyer Lansky onwards).

Mostly though this story re-inforces the reality that the egalitarian state which my forebears just like others throughout amerika and australia, sought to establish in the ‘new world’. What they were attempting to create, is truly dead. All the old injustices of the rich and powerful living outside the law with impunity have migrated to that ‘new world’.

The ‘rakes’ of 18th century imperial england considered any woman who wasn’t an aristocrat ‘fair game’ for rape. They would go out at night and hunt in packs raping and bashing any woman they ‘fancied’. A complaint to the police would guarantee a prostitution charge against the poor plaintiff.

How long before amerikan and australian women live in fear of lust soaked, arrogant and power crazed Microsoft shareholders when they go outside their door? This case isn’t just a question of corporations committing buggery upon each other; it is a test to ascertain the public tolerance of corporate impunity. Impunity or maybe just plain impudence.

The trio of the desperate, that clutch of unscrupulous assholes currently clawing at each others’ eyes to get a crack at prez of all amerika, will be lining up at Murdoch’s door eye’s dutifully and respectfully downcast, each vying for the right to throw Vivendi’s case outta court in exchange for NewsCorp support in the election.

Posted by b on April 26, 2008 at 16:06 UTC | Permalink

Comments

Thanks Debs.
In the late 1990s I was working for a Bertelsmann company. Bertelsmann is a huge media conglomerat in Germany with many worldwide publishing (papers, magazines, books, music, TV), bookshops, TV, online stakes.
They were looking into joint-venturing with Vivendi and I was asked to look into their much lauded and other folks encryption schemes. It was only a general assessment, but in the end I said “it will be cracked like any other encryption scheme”. There were several issues I suggested as possible weakness – so I wonder what took the Israelis so long.
Unless a content delivery system is sealed end-to-end someone will break it. Murdoch’s NDS VideoGuard does end-to-end by marrying the access card to the access box and it is yet unbroken but will eventually go down too.
The behaviour of Murdoch you point out is nothing really unusual but for two points.
The one unusual thing is that this became public knowledge. There is a lot of dirty fighting going on in nearly any industry (finance, pharma and ‘defense’ seem to be the worst), but usually the bad stuff is kept within the wider family. But such methods usually don’t kill a company because few companies depend on only one thing.
Vivendi did depend very much on the validity of its encryption and was attacked exactly at this point of weakness. Not something a Gentleman would do, but Murdoch isn’t a candiate for that status anyway. The Vivendi folks ain’t either.
Murdoch is simply ruthless, clever and brutal.
/excursion/
To extend a bit on the encryption stuff and the usual publishing business model:
At the time of my assessment my advice to the Bertelsmann content business was to endorse the new digital technology as a delivery mechanism, but to change the traditional businessmodel so that it didn’t depend on “owning” the content, only on delivering it.
The CEO got it (and bought Napster which was then ruined by other record companies. Years later Apple used the Napster model and the record companies were so beaten down by then that they had to agree to it). The heads of the content business units didn’t want to understand. The guy leading the “Lexikon” unit (it publishes something like the encyclopedia britannica in German) believed he owned “superior content”. Hehe – last week Bertelsmann announced it would publish 50,000 Wikipedia pieces as a book … seems like the “superior content” model doesn’t work anymore.
The same will happen to TV and other conetnt businesses unless they manage to somehow shut down and restrict the internets. For the moment they seem to lose that fight.
/end-excursion/
The rape is taking place in front of our eyes. Greed never cares for morals. Bear Stearns was killed just like Vivendi was killed – with the cost put to the small taxpayers.

Posted by: b | Apr 26 2008 18:24 utc | 1

Thanks for another great post, Debs is dead. As a frog slowly cooking in water, I hope you’ll let me know when I’m ready to be eaten.

Posted by: Lizard | Apr 26 2008 23:50 utc | 2

Working in the smart card industry, I can testify that the cards for pay TV access are a joke. They were back in the 90s, and they still are.
If someone really paid Milions of Dollars to analyze them, he has been ripped off.
They have lots of weaknesses, beginning with proprietary encryption mechanisms. Using secure cryptoalgorithms is easy, but they managed to get even this part wrong. The worst part is the system design – it is possible to use one legit card to supply an unlimited number of viewers, and if one card is broken, then you do not need even that. (Thats what B meant when he wrote “sealed end ot end”).
I believe that the current system has only one purpose: Making it possible to sue non-paying viewers.

Posted by: ICC | Apr 27 2008 6:36 utc | 3

Back to Main