24 comments

[ 3.1 ms ] story [ 59.3 ms ] thread
> Nagrastar says Tarnovsky used the code to create a device for reprogramming Nagrastar cards into pirate cards, and gave the cards to pirates eager to steal Dish Network's programming. Tarnovsky was also accused of posting to the internet a detailed road map for hacking Nagrastar's cards.

> Nagrastar says NDS had an obvious motive for these antics: Their own chip, the so-called P1 or "F Card," had already been thoroughly cracked by pirates, and the company wanted to level the playing field with its competitors.

How does increasing piracy of your competitor help you?

My guess is that it makes it harder to acquire content. That is, if we are two competing providers, and my network is compromised, then I no longer can give an exact number of users for whom the content is being licensed and I will be made to pay a premium for the unknown.
It's going to be near the top priority when buying a copy protection system. If there are two options and one has been cracked, you choose the one that hasn't been cracked. If on the other hand both have been cracked, the first system now has a chance since it's not totally outclassed.
> How does increasing piracy of your competitor help you?

Pretty easy. Assume I'm an end consumer of the competitor's client stations... and my contract is up for renewal while at the same time I can get a cracked cardfor a hundred dollars, I'd be a fool to renew the contract.

Also, the competitor's client stations may decide to drop the competitor (and come to your company), especially if there is a fundamental unfixable flaw in the system.

Or more obviously; I'm a purchaser of your product, I tell you I'm going to switch because your cards are hacked, my response is "see, so is the competition" and you don't bother switching.
TV networks want to buy the smart card system that's best at preventing piracy, in order to get the lowest piracy.

If your competitor's system has lower piracy than yours, TV networks will choose their system over yours.

(comment deleted)
I remember these from the 90's, we knew someone who dealt them. There was a little card/PCB type hybrid thing and every now and then they'd change something about the encryption and you'd have to go back and get the card re flashed. Eventually they got killed off altogether iirc.
The 'CableCard' system where I lived was pretty big during the TiVO era before cable companies started providing their own DVR systems.

You had to get 2 cards one for each tuner card in the TiVO and they would constantly fail and had endless issues. I was a Cablevision (a New York cable company) technician at the time.

M cards seem reasonably reliable. I've had them in some 4 and 6 tuner Tivos for several years now.
I had a TiVo HD with an M-Card on Armstrong Cable from 2008 through when I got rid of cable altogether. I don't recall ever having any issues with it, so if I did they weren't all that memorable. Certainly nothing like the piece of shit Motorola box they gave me to start.

The parts that sucked about CableCard mostly sucked because a lot of cable companies wanted them to suck, but the suckage was not mandatory.

That's also what I'd read. For a while I used a Hauppauge PCI card to get legit/paid cable into my HTPC. It actually still works for OTA digital TV but back then it was a godsend.

Even the built-in Windows Media Center gave me a better interface and tons of storage versus the junky old cable boxes for rent, but then they used confusion over the switch to broadcast digital to stop providing Clear QAM channels and move everyone over to digital encrypted cable boxes.

For a while I really wanted to buy one of those fancy Ceton cards that took a CableCard like a TiVo, but between the cost of the tuner card and the horror stories I read about getting $CableCo to support anything but a TiVo I just said screw it and stopped buying cable at all.

(comment deleted)
So in the early 2000's, I worked for a firm that was hired by a major satellite TV provider to investigate Smart Card hacking.

It was a very eye opening experience for a recent grad and would be happy to write up some of my experiences if people are interested.

I would love to read this write up.
I would be interested in reading about this.

Around that time (or maybe slightly before) I was asked by my friends dad to figure this out. He and a group of his friends payed for the equipment and gave it to me. I figured it out, but when they found out that the "hack" would be reset at least every month and before any major event they all found it too problematic to deal with. Worked out great for me as I got free satellite TV for a while when I was going to school.

Does anybody remember back in the late 80s when we had those BIG satellite dishes that you had to aim from one satellite to another for different stations? We had a chipped card and got some physical mailing every month with a huge code we had to type into the receiver from the remote to receive encrypted signals for that month. A huge pain, but as a bored kid in Nebraska I gladly did it! Anybody know more about that newsletter and how they did it?
>> DirecTV periodically deployed electronic countermeasures, or ECMs, in the satellite stream that killed the cards in their set-top boxes. Ereiser needed someone to fix the cards.

I worked for a home theater company from 2000-2002 following the dot com crash. Every single one of our customers had pirated DirecTV cards. I still remember getting calls on a regular basis, "Yeah, I think the card got fried again" and would have one of our techs go out and get their fried cards replaced.

I was pretty shocked how common it was and how a legit business was profiting from giving away satellite tv for free which was obviously illegal. Every time DTV fried the cards, we would charge a card replacement fee and a service charge which was around $30. Nobody ever complained about paying it - as long as their pirated tv continued to work.

The card sharing scene was alive for many years and it took a long time for the industry to fight back and have some control over it.
I attended a talk at Defcon in 2007 or 2006 which was given by Chris Tarnovsky, in which he alluded to some of details covered in this article. It was definitely one of my formative tech career experiences, I don't remember much of the other talks then, but I think I could almost recount his presentation word for word, and I stayed after for an informal demo after the talk was "over". Mingling in that crowd I ran into a person who I vaguely remembered from college, who I would never have thought to show up in that environment.

I think it was that experience, along with a later experience at "Do it with Drupal" in New Orleans, that lead to me completely re-evaluating how I valued and approached conferences and other "community" type events. Prior to that I put them in the same class as picking the right powerpoint template and buying obnoxious people drinks at the hotel bar, i.e., complete sales / business fluff to my nerdy point of view. After Defcon and that presentation in particular, I tried to never miss any of the "community run" tech events, such as Defcon, Linux Fests, Drupal camps, etc.