[ISN] Rupert Murdoch Firm Goes on Trial for Alleged Tech Sabotage

From: InfoSec News (alerts@private)
Date: Tue Apr 22 2008 - 01:50:22 PDT


http://www.wired.com/politics/law/news/2008/04/murdoch

By Kim Zetter  
Wired.com
04.21.08

Did a Rupert Murdoch company go too far and hire hackers to sabotage 
rivals and gain the top spot in the global pay-TV war?

This is the question a jury will be facing in a spectacular 
five-year-old civil lawsuit that is finally being tried this month in 
California but which has, oddly, received little notice from U.S. media.

The case involves a colorful cast of characters that includes former 
intelligence agents, Canadian TV pirates, Bulgarian and German hackers, 
stolen e-mails and the mysterious suicide of a Berlin hacker who had 
been courted by the Murdoch company not long before his death.

On the hot spot is NDS Group, a UK-Israeli firm that makes smartcards 
for pay-TV systems like DirecTV. The company is a majority-owned 
subsidiary of Murdoch's News Corporation. The charges stem from 1997 
when NDS is accused of cracking the encryption of rival NagraStar, which 
makes access cards and systems for EchoStar's Dish Network and other 
pay-TV services. Further, it’s alleged NDS then hired hackers to 
manufacture and distribute counterfeit NagraStar cards to pirates to 
steal Dish Network's programming for free.

NagraStar and one of its parent companies, EchoStar, are seeking about 
$101 million for damages for piracy, copyright infringement, misconduct 
and unfair competition. The list of witnesses in the case includes 
EchoStar's founder and CEO Charlie Ergen; several hackers and pirates; 
and Reuven Hazak, an Israeli who heads security for NDS and is a former 
deputy head of Shabak, or Shin Bet, Israel's domestic security agency 
(the equivalent of Britain's MI5).

The case, which began April 9 in the U.S. District Court's Central 
Division in Santa Ana, California, could conceivably result in an award 
of hundreds of millions of dollars, although neither side is expected to 
emerge unscathed from testimony that threatens to expose the messy 
underbelly of the high-stakes pay-TV industry.

As if to emphasize this point, U.S. District Judge David O. Carter said 
after the proceedings began that he was concerned that the case would 
hinge on testimony from known lawbreakers like hackers and pirates, who 
have been employed by the companies on both sides of the lawsuit. The 
judge urged the plaintiffs and defendant to settle rather than face 
potentially devastating harm to their reputations.

EchoStar wouldn't comment on the case while it's ongoing, but Jim Davis, 
a senior analyst with the 451 Group, a market research firm, said the 
company isn't likely to settle.

"It gets taken very personal when your security product has been 
hacked," he said. "And to have a competitor do that through, allegedly, 
the services of a known hacker, has got to be particularly galling to 
NagraStar."

As for NDS, which currently has more than 75 million access cards on the 
market, Davis says the company probably sees the trial as an opportunity 
to defend against the image that it is "simultaneously promoting a 
product that secures networks while working with folks that work outside 
the law [to break networks]."

The company said in a statement to Wired.com: "We are confident our 
position will be upheld at a trial."

According to court documents, the scheme began to unravel in 2000 when 
law-enforcement agents in Texas seized suspicious packages containing CD 
and DVD players stuffed with more than $40,000 in cash. Parcels similar 
to this were being sent almost daily from Canada, via Texas, to a hacker 
in California named Christopher Tarnovsky, who was working for NDS as an 
engineer. The money was allegedly part of the conspiracy between 
Tarnovsky and NDS Group to sabotage NagraStar's cards.

As laid out in the allegations, NDS' hacking is said to have begun in 
1997 after its own access cards were cracked and it was at risk of 
losing clients like DirecTV, which was being hit hard from pirates who 
were selling unfettered access to its system.

But rather than deal with its security breach, NDS hired Tarnovsky and 
other pirates who had compromised its system to help the company hack 
and pirate its competitors' cards and even out the playing field, it is 
alleged.

In addition to Tarnovsky, the company also hired Oliver Kommerling, a 
hacker known for writing the primer on cracking smartcards. Kommerling 
has acknowledged in an affidavit that he helped NDS set up a research 
lab in Haifa, Israel, where NagraStar's smartcard was allegedly cracked 
by NDS engineers.

NDS didn't hire only hackers, however. According to EchoStar/NagraStar, 
it also hired a handful of other people with colorful pasts who they say 
had a role in hacking and pirating EchoStar/NagraStar. There was Reuven 
Hazak, who had been deputy head of Israel's Shin Bet during the 
notorious Bus 300 incident (when two Palestinian terrorists who hijacked 
an Israeli bus were killed in custody by a Shin Bet agent. Hazak 
eventually blew the whistle on the subsequent cover-up).

NDS also hired a former U.S. Navy intelligence officer named John Norris 
and a former Scotland Yard commander named Ray Adams. Finally, it hired 
a former would-be terrorist, Yossi Tsuria, who became chief technical 
officer of its lab in Israel. Tsuria was part of a radical group of 
Jewish Israelis in the 1980s that plotted to bomb the Dome of the Rock 
-- a shrine that sits on the Temple Mount in Jerusalem, a holy site for 
both Jews and Muslims.

NDS has maintained in public statements that Hazak, Norris and its other 
security officers were hired to help it track down hackers and pirates 
and get them arrested. But EchoStar and NagraStar allege that Hazak and 
Norris played central roles in committing hacking and piracy as well.

In late 1997, NDS researchers in Israel reportedly cracked the NagraStar 
card after about six months of effort, using an electron microscope.

NagraStar became aware its card was hacked in late 1998 when meeting 
with DirecTV to discuss the pay-TV company's desire to switch from the 
hacked NDS cards to NagraStar's cards. But DirecTV employees surprised 
NagraStar at the meeting when they informed NagraStar that its cards had 
also been hacked.

EchoStar/NagraStar claim that NDS, aware that DirecTV was about to 
abandon its cards in favor of NagraStar cards, cracked NagraStar's card 
to discourage DirecTV from making the switch.

After NDS cracked its rival's card, Tarnovsky and his associates 
allegedly created and sold counterfeit NagraStar cards through a piracy 
site based in Canada, among others, that allowed pirates to access Dish 
Network programs for free. Tarnovsky is also accused of later posting on 
the Canadian site the code, secret keys and instructions for hacking the 
microprocessor on EchoStar's access cards, allowing pirates to flood the 
market with even more cards. He has denied the allegations. Hazak and 
Norris are accused of providing Tarnovsky with the code so he could post 
it online, but NDS maintains this didn't happen.

According to court documents, the sabotage scheme worked remarkably well 
throughout 1998 and 1999 as counterfeit NagraStar cards flooded the 
market.

It was around this time, however, that a German hacker in Berlin known 
as Boris Floricic, aka Tron, disappeared while walking home from his 
parents' home one day. He was found several days later hanging from a 
belt in a park.

Among his possessions, authorities found correspondence from NDS. NDS 
later said it had offered Boris a job, which he had rejected. Prior to 
his death, Boris had obtained source code and information about hacking 
access cards that were being used in a German satellite TV system. His 
friends in the German hacker group, Chaos Computer Club, were convinced 
that he'd met with foul play.

Although his death was officially ruled a suicide, there were enough 
details around it to create suspicion. Floricic's feet were on the 
ground when he was found hanging, for example, and other evidence 
suggested that his body might have been placed in the park after he 
died.

During this time, NagraStar wasn't the only alleged victim of NDS 
hacking and piracy. In 2002, the French pay-TV service Canal Plus filed 
a damages suit against NDS, from which the EchoStar/NagraStar case 
emerged. In an affidavit from that case, Kommerling disclosed that NDS 
had cracked the Canal Plus cards using a method he had taught its 
engineers in Israel. Then, he revealed, the company instructed Tarnovsky 
to post the Canal Plus code on the internet.

The Canal Plus suit fizzled after its parent company, Vivendi Universal, 
struck a business deal with News Corporation that included a condition 
that Canal Plus would drop its suit against NDS. This is when EchoStar 
joined the litigation.

Before Canal Plus's case against NDS died, Tarnovsky indicated to the 
company that Reuven Hazak had given him the Canal Plus code to post it 
on the internet. He reportedly told the French firm he would testify in 
the case, but later backed out, citing fear for his life and his family.

In May 2002, two months after Canal Plus filed its suit, someone broke 
into the car of one of NDS' British employees and stole the hard drive 
from his laptop, making off with thousands of NDS documents and e-mails. 
EchoStar/NagraStar say the e-mails provide proof of NDS' hacking and 
piracy activities. NDS has suggested that the e-mails might be 
fabricated and has battled to keep them out of the court proceedings.

NDS has denied the lawsuit allegations. The company maintains that it 
was simply engaging in reverse-engineering, as any company would do to 
understand rivals and compete in the marketplace, but that it did not 
distribute cards or information about hacking NagraStar's encryption to 
pirates.

In an e-mail statement to Wired.com, the company took a dig at its 
competitor's competence and touted its superior skills.

"The hacking of EchoStar was the result of inferior technology arising 
from inadequate investment in research and development by [NagraStar]," 
said the statement. "NDS, on the other hand, invests heavily in research 
and development ... we reinvested over 30 percent of our revenues into 
R&D -- and the result is that we have zero piracy and the platforms of 
our customers are completely secure."

The trial is expected to last at least two more weeks.



_______________________________________________      
Subscribe to the InfoSec News RSS Feed
http://www.infosecnews.org/isn.rss



This archive was generated by hypermail 2.1.3 : Tue Apr 22 2008 - 02:10:13 PDT