Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Hardware Hacking Television The Courts Build

Three Arrested For Conspiring To Violate the DMCA 335

jtcm writes "Three men have been charged with conspiring to violate the Digital Millennium Copyright Act after federal investigators found that they allegedly offered a cracker more than $250,000 to assist with breaking Dish Network's satellite TV encryption scheme: '[Jung] Kwak had two co-conspirators secure the services of a cracker and allegedly reimbursed the unidentified person about $8,500 to buy a specialized and expensive microscope used for reverse engineering smart cards. He also allegedly offered the cracker more than $250,000 if he successfully secured a Nagra card's EPROM (eraseable programmable read-only memory), the guts of the chip that is needed to reverse-engineer Dish Network's encryption.' Kwak owns a company known as Viewtech, which imports and sells Viewsat satellite receiver boxes. Dish Network's latest encryption scheme, dubbed Nagra 3, has not yet been cracked by satellite TV pirates."
This discussion has been archived. No new comments can be posted.

Three Arrested For Conspiring To Violate the DMCA

Comments Filter:
  • Is there a reason that Dish Network can't use an open algorithm and some open, established encryption 'scheme'? Wouldn't that actually be more secure? And cheaper to develop?

    • by Idiot with a gun ( 1081749 ) on Thursday July 16, 2009 @02:40PM (#28721455)
      Depends on the algorithm involved. Often one way algorithms rely on certain actions being computably inconvenient, not impossible. ElGamel and RSA basically break down to the idea that it's easier to multiply really big primes, than it is to factor the resulting really big composite. But in an embedded situation like a dish network box, they might not have the computational power to outrun a hacker with a desktop, so a bit of obscurity helps in slowing down any attacks. There's a strong chance that it'll be hacked at some point, as witnessed by the fact that they're on Nagra 3, not Nagra 1, but the hope is to hold off any attacks as possible, and make attacks prohibitively expensive.
    • Re: (Score:3, Insightful)

      by ivan256 ( 17499 )

      A satellite broadcaster has, for the most part, a one-way stream. If the encryption was completely open, all you would need to do to pirate the signal is to share a valid key with as many people as you'd like.

      Paying customers need to be able to decrypt the stream, but they are not trustworthy credential holders.

      • by geekoid ( 135745 )

        Open encryption does not equal shared key.

        • by ivan256 ( 17499 )

          Shared key doesn't have anything to do with this. It doesn't matter if the encryption is symmetric, or asymmetric. I have no idea which they use.

          The fact of the matter is that a key which needs to remain secret for the security of the data needs to be provided to the customer in order to decrypt the data. However the customer cannot be trusted to maintain the secrecy of the key. Since the key isn't secret, how the key works is obfuscated.

    • by fuzzyfuzzyfungus ( 1223518 ) on Thursday July 16, 2009 @02:54PM (#28721673) Journal
      It could be that the proprietary algorithm makes things weaker(certainly wouldn't be the first time); but it is also possible that the algorithm wasn't the issue. Any DRM system, no matter the algorithm, consists of giving the device the key(so that actual subscribers can play whatever the material is) while ordering the hardware to keep the key away from them. This is true whether the key is to some crap proprietary algorithm, or the finest in vetted standards. If you attack the hardware cleverly enough, you can get the key from a given piece of hardware. (whether or not a single key is of much use is another question, and does come back to the quality of the design)
  • Wait (Score:3, Interesting)

    by FredFredrickson ( 1177871 ) * on Thursday July 16, 2009 @02:34PM (#28721361) Homepage Journal
    I'm not a lawyer, so this confuses me. This isn't a civil case? it's a criminal case?

    Why aren't downloaders put in jail then?
    • Re: (Score:3, Informative)

      by ari_j ( 90255 )
      US copyright law provides for both civil remedies, such as a copyright holder suing infringers, and criminal remedies, where the government can fine or imprison an infringer. I don't remember in my lifetime watching a video tape that didn't include the FBI copyright warning about this, so it's definitely not a new thing. Whether right or wrong to do so, it has long been the case that federal law can lock you up for copyright infringement.
      • I don't remember in my lifetime watching a video tape that didn't include the FBI copyright warning about this

        Clearly you got your video tapes out of the trunk of a car on a different corner than my parents did.

        • by ari_j ( 90255 )
          Yeah, "Grumpo" said he added the FBI warnings to his wares to make the bootlegged tapes seem more authentic. I think he may have used the wrong crayon to write the warning, though.
    • Comment removed (Score:5, Informative)

      by account_deleted ( 4530225 ) on Thursday July 16, 2009 @02:45PM (#28721525)
      Comment removed based on user account deletion
      • Re:Wait (Score:4, Insightful)

        by tsm_sf ( 545316 ) on Thursday July 16, 2009 @03:00PM (#28721793) Journal
        This statute is used to prosecute conspiracy to commit a federal crime

        I know this has been used to put serious criminals away, and is probably a great tool in preventing crime, but prosecuting for conspiracy is still a nasty idea. I think that if I had to describe the boundary between acceptable government behavior and police state, it would be right after this.
    • At least they didn't walk across the Menominee River Bridge with an empty soft drink can and try to get 10 cents from the State of Michigan for it at Angeli's. According to the sign, that can get you 5 at the Big House in Pontiac.
    • by geekoid ( 135745 )

      Becasue downloading isn't a crime, distribution is, and for good reason.

      If the company that you got your DVD player from turned out to have broken some contract law, do you want them coming after you?

  • So am I supposed to be outraged just because the DMCA was involved?

  • cracker? (Score:5, Funny)

    by martas ( 1439879 ) on Thursday July 16, 2009 @02:35PM (#28721391)
    what a racist article...
  • by DarrenBaker ( 322210 ) on Thursday July 16, 2009 @02:39PM (#28721433)

    I mean, really... That's like awarding a Nobel Prize for *Attempted* Chemistry!

  • I'm thinking... (Score:3, Informative)

    by Overzeetop ( 214511 ) on Thursday July 16, 2009 @02:40PM (#28721451) Journal

    ...that (a) this is a good thing (commercial operation) but that (b) the DMCA wasn't necessary at all. Aren't there theft of service laws already on the books for receiving private/pay TV services without paying for them? And, since this isn't actually a DMCA violation case, but rather a conspiracy to violate the DMCA, wouldn't it be just as much a conspiracy to illegally receive service?

    • Aren't there theft of service laws already on the books for receiving private/pay TV services without paying for them?

      I imagine theft of service would only allow them to go after the end users, whereas this allows them to go after the ones developing the product.

  • Oblig, (Score:4, Funny)

    by cvd6262 ( 180823 ) on Thursday July 16, 2009 @02:41PM (#28721457)

    <Sideshow_Bob>Conspiring to violate the Digital Millennium Copyright Act... Now honestly, what is that? Do they give a Nobel Prize for conspiracy chemistry?</Sideshow_Bob>

  • by oahazmatt ( 868057 ) on Thursday July 16, 2009 @02:44PM (#28721507) Journal
    I had a friend who claimed that he had found a way to pirate DirecTV's service. He only stopped doing so when he realized there was still nothing worth watching. Eventually he opened his own business. He named the company after a component that was essential to the process. I remember when I helped out we'd get about one call a week from people trying to ask not in so-many words if we could help them with their "DirecTV stuff". (It was my first call on it that caused me to mention it to my friend, who then told me what the company name actually meant.)

    He pirated the service for about two years. Funny thing was, about a year after he stopped he got hit with a lawsuit. He transferred as much stuff as he could out of his own name and braced for the inevitable. He only got away because he had a friend who knew some influential people. Incidentally, my friend his now his friend's personal no-cost 24/7 concierge tech support.

    Anyway, he'd get these calls from people and he'd try to deny that he knew what to do. If someone pressed the issue (usually it was his friends or old co-workers telling others who could help) he tried to do the "scared straight" thing. Funny thing is, some of them would get mad at him for not helping. So many people are willing to throw away financial security just so they don't have to pay for the NFL Channel.
    • He only got away because he had a friend who knew some influential people.

      So not only does he run a business based on stealing a service, he's also willing to use personal connections to get special treatment from the legal system.

      If we're ever at the same party, please don't introduce us.

      • So not only does he run a business based on stealing a service, he's also willing to use personal connections to get special treatment from the legal system.

        I do not know where you got that first part at all. No, he did not run a business based on stealing a service. He only named the service after one of the components because he liked the name. It was not implied at all that he assisted others. In fact, my story specifically states the opposite.

        As for your second point, if you were in his position, I highly doubt you would be so willing to stick to the ethical high ground and lose everything you have in exchange for a greater sense of self worth.

  • Good (Score:3, Insightful)

    by whisper_jeff ( 680366 ) on Thursday July 16, 2009 @02:46PM (#28721533)
    I'm (very) rarely a fan of the DMCA but, in my opinion, this is a good example of why it was set up - to stop commercial abuse of IP. These guys were knowingly circumventing copyright protection methods in an effort to make a profit. These exact situations are what needs to be stopped, not the teenager posting a mashup on youtube...
    • Re: (Score:3, Informative)

      by geekoid ( 135745 )

      I would argue that making personal receivers shouldn't be a crime, nor should breaking encryption. Making it a crime to prop up a bad business model isn't a good reason.

    • by Bigby ( 659157 )

      How can you treat the two differently? Whether it is a company or a person, both entities are looking to violate or actually violating something. If you can't treat individuals special or you introduce a loophole for companies to farm out their violations to individuals...actually quite similar to this instance.

      Also, what does cracking the encryption have to do with copyright? Cracking it doesn't mean you watched/streamed any channels. Also, to what TV channels does Dish actually own a copyright? How c

    • The guy imports satellite boxes - if his goal was to reverse engineer the cards so that his boxes could work on Dish with a legally obtained card then the DCMA safe harbor for "interoperability" kicks in and he's legally OK. On the other hand if he's trying to obtain satellite service without paying Dish for the service they should throw the book at him.

      Think of it from the O/S world - should people be allowed to reverse engineer the cards to allow MythTV to work with a paid for Dish card?

  • by Anonymous Coward

    It's fun to violate the DMCA
    It's fun to violate the DMCA

  • by Zombie Ryushu ( 803103 ) on Thursday July 16, 2009 @02:47PM (#28721551)

    I consider the DMCA to be one of the most unjust and cruel laws the USA has. I sympathize with the people doing this to the following limited extent: If you are a subscriber to a service, you should be able to use any compatible QAM enabled equipment you wish.

    This is a little different because people who violate the DMCA like this usually are doing so to secure their fair use rights. These people just wanted to outright steal the service. So thats bad. However, two things.

    Why are police involved in this sort of thing? Well, really, although in theory, violating the DMCA is a civil action, but around 2003, the government decided that all copyright infringement was criminal. Because the Intellectual property 'scam' is all that the US has against the Chinese, the US has decided to criminalize copyright infringement to create laws to fight the Chinese with.

    The DMCA needs to be repealed, but I don't see that happening unless there are large demonstrations. People are generally too stupid to care. (I really would like to see anti-DMCA slogans with people marching by the millions.)

    • Re: (Score:3, Informative)

      by jpmorgan ( 517966 )

      Insightful? Sorry, copyright infringement was made criminal more than 30 years ago. In the 70s, at least. Which if you check your history, was when China was undergoing the Cultural Revolution, persecuting the intellectuals and idolizing the peasant lifestyle.

      So yeah, I don't think it was China that inspired criminalizing copyright infringement.

      I don't know why it posted the previous comment anonymously. Here it is again, under my name...

  • by girlintraining ( 1395911 ) on Thursday July 16, 2009 @02:47PM (#28721555)

    Although it was eliminated by dubious judicial means shortly after becoming law, the DMCA allows for reverse-engineering for the purposes of interoperability. The entire market for these devices is based on non-interoperability. Because if the CAM became truly portable and emulated fully in software, it's a tiny step to a digital video recorder that is completely under user control receiving HDTV. Which is actually the main selling point here. They took our VCRs away, and now we're attacking people who want to get them back the only way possible; At this point it doesn't matter whether his intent was to sell descrambler boxes or not, or anyone's, because that's the only way you're getting that functionality. An irony, really, that you could be paying the same fees as someone with an "approved" box, accessing the same content, and yet wind up in jail because your equipment wasn't up to the provider's specifications... Namely, that you wanted to "time shift" the content.

    Damn criminals, flaunting their freedoms in front of us... They get what they deserve, eh?

    • You can still get "Tunerless" VCRs and DVD Burners. They take Component and Composite inputs and will record whatever they see onto DVD. But they really aren't able to control the box any.

      • Re: (Score:3, Interesting)

        You can still get "Tunerless" VCRs and DVD Burners. They take Component and Composite inputs and will record whatever they see onto DVD. But they really aren't able to control the box any.

        Component and composite outputs on the back of every descrambler out there will spit it out in standard definition. You can't record HD signals out of them -- many won't even downgrade the signal, it'll just be dead. Getting high definition on any of those requires an HDMI hookup, which is encrypted, and therefore "tunerless" VCRs and DVD burners can't be used. Even getting signals OTA (not scrambled) doesn't do you much good because the tuners are usually integrated into the television. I haven't tuners be

        • by Skye16 ( 685048 )

          That's not true in all cases - I get high def out of my components just fine, and for one of my TVs, it has less artifacts than the HDMI does (likely because of a bad connector on the TV).

          It really depends on how locked down your boxes are. The ones our cable company provides are Scientific Atlanta(ic?). They really are atrocious in all other ways, but at least they spit out high def on component!

        • by tlhIngan ( 30335 ) <slashdot AT worf DOT net> on Thursday July 16, 2009 @03:37PM (#28722351)

          Component and composite outputs on the back of every descrambler out there will spit it out in standard definition. You can't record HD signals out of them -- many won't even downgrade the signal, it'll just be dead. Getting high definition on any of those requires an HDMI hookup, which is encrypted, and therefore "tunerless" VCRs and DVD burners can't be used. Even getting signals OTA (not scrambled) doesn't do you much good because the tuners are usually integrated into the television. I haven't tuners being sold separately with HD outputs that can be sent to any COTS recording equipment. This is intentional, purposeful, and frankly conspiratorial on the part of the manufacturers.

          Piracy is the only way the market for HD video recordings will survive.

          Funny thing is, you can record high-def quite easily, you just need to purchase two legal products.

          First, you buy a Hauppage HD-PVR [hauppage.com], about the only consumer-level high-def recording box that handles up to 1080i via component inputs. Hey look, Myth supports it!

          Now, for pesky HDMI... you buy a HD Fury 2 [hdfury2.com], which takes HDMI (including HDCP!) and converts it to either RGB or Component outputs, and while it handles 1080p, the HD-PVR only has 1080i.

          Now you have a high-def PVR solution, MythTV compatible.

          Alternate methods is if your cablebox supports Firewire, and can output the high-def content over it (I've seen 'em where the SD content is output over Firewire, but the HD content isn't), but most satellite boxes don't have this, unfortunately.

        • by blueg3 ( 192743 )

          May not work for satellite, but it works fine for cable. Component video outputs HD.

      • You can still get "Tunerless" VCRs and DVD Burners. They take Component and Composite inputs and will record whatever they see onto DVD. But they really aren't able to control the box any.

        And they will obey macrovision - which all the satellite/set-top boxes output on their component/s-video/composite outputs. Thus requiring one to buy a macrovision stripper aka a copy-control circumvention device - pretty much exactly the same type of thing that these guys were hiring someone else to build for them.

    • by DaveV1.0 ( 203135 ) on Thursday July 16, 2009 @03:23PM (#28722115) Journal

      This is not for interoperability. The goal of this operation was to create smart cards that allowed people to view channels they did not pay for and to allow people who do not have an account to view the channels. The goal was to facilitate theft of service, not interoperability.

  • by nweaver ( 113078 ) on Thursday July 16, 2009 @02:51PM (#28721623) Homepage

    These days, the model is very much based on some really funky group keying and key revocation, which allows the sattelite provider to revoke individual keys because each receiver has a unique key rather than a group sharing a common key.

    Among other things, this makes piracy MUCH harder, because the sattelite providers can buy pirated receivers, take them to the lab, find out the key used, and revoke it, disabling that entire batch of pirated receivers without affecting normal customers.

    • by jamstar7 ( 694492 ) on Thursday July 16, 2009 @03:57PM (#28722631)

      Among other things, this makes piracy MUCH harder, because the sattelite providers can buy pirated receivers, take them to the lab, find out the key used, and revoke it, disabling that entire batch of pirated receivers without affecting normal customers.

      Ah, but isn't said reverse engineering a violation of the DMCA itself? The pirate recievers are electronic gadgets, built by proprietary companies. If the law doesn't cut both ways, it's a bad law and needs to go.

  • by gillbates ( 106458 ) on Thursday July 16, 2009 @03:12PM (#28721957) Homepage Journal

    I'm thinking that if a security researcher had done the same thing, he would not be in jail. Nor would a large corporation.

    But a set top box importer does it, and suddenly it's a federal crime.

    The most troublesome part about this is that engineers routinely reverse engineer the work of others for the sake of creating compatible products - an exemption the DMCA explicitly allows. Perhaps the company wanted to offer a cheaper STB to Dish, and undercut the competition. Or perhaps they planned to sell directly to the black market, engaging in fraud. The act of reverse engineering a component tells us nothing about the company's intentions.

    I mention this because this very thing was done to Lexmark printers a few years ago. Instead of getting arrested, the manufacturer of competing cartridges was sued under the DMCA; the case went all the way to the SCOTUS, and Lexmark lost. It would appear this would set precedent regarding the legality of reverse engineering for the sake of creating interoperable products, but strangely, the FBI seems not to follow precedent. I find it odd that an activity which was legal and sanctioned by the DMCA - and even supported by the Supreme Court, is now interpreted as being illegal according to the very same law.

    If anything, this shows the illegality of an action depends more upon who you are than what you do. Best not to offend our corporate overlords, lest they have the FBI arrest you.

    • A) A large corporation would be charged with the same thing.
      B) The goal of a security researcher is research. The goal of the people involved in this scheme was to clone desktop boxes and security access cards for profit.

      C) The Lexmark case has almost nothing in common with this case. The Lexmark case was about people reverse engineering to compete with an end product. This case is about people reverse engineering to allow access to someone else's end product and information, possibly without paying for the

    • Re: (Score:3, Informative)

      I'm thinking that if a security researcher had done the same thing, he would not be in jail. Nor would a large corporation.

      But a set top box importer does it, and suddenly it's a federal crime.

      Welcome to the police state. This definition, right here, is perfect example of MOST of the laws currently on the books.

      We have so many laws on the books, that it is probably virtually impossible to go through a day without violating some law, some where. I call it the IBMing of the Legal System.

      This refers to the ol

  • by swb ( 14022 ) on Thursday July 16, 2009 @03:14PM (#28721977)

    I know they are generally poor countries and the military advantage of nukes must seem appealing, but they could create WAY, WAY more nuisance for Americans if they would devote those resources to basically Pirate Bay-ing everything copy protected. It'd be hilarious if within hours of a new you-can't-copy-it scheme came out if pirated versions were available along with free tools and FAQs for making your own copies or subversion devices.

    IIRC, this idea was also (better?) expressed in some science fiction novel I can't remember -- although it was China that basically ruined IP protections.

  • FTA (Score:3, Interesting)

    by Ponga ( 934481 ) on Thursday July 16, 2009 @04:00PM (#28722679)
    There are rumors out there that Nagra3 has already been hacked, though not confirmed to my knowledge. Back in the Nagra2 days, N2 had been hacked for years and it was a boon for pirates. Dish recently switched all it's channels to Nagra3 and pretty much overnight, all the pirates TV's went blank. Currently, the only 'solution' that exists for the pirates is via card sharing schemes where an actual subscriber(s) shares their card keys via an Internet Key Sharing (IKS) service. Though not technically a hack, IKS allows for the same capability. And so the cat and mouse continues.... Don't ask me how I know all this.
  • by Tetsujin ( 103070 ) on Thursday July 16, 2009 @06:32PM (#28724489) Homepage Journal

    The implications of this arrest on the numerical system as it applies to mathematics, physics, and other scientific and engineering disciplines cannot be overstated - especially in light of the recent arrest of seven, for the murder and subsequent cannibalization of nine...

    For instance, even prior to this arrest, the speed of light (as measured in meters per second) couldn't be represented comfortably in decimal, but it could be rounded up with relatively little precision loss... That is now not possible... The gravitational constant was already problematic due to the arrest of seven - now with the arrest of three, the use of cubic meters is no longer viable, so the gravitational constant is at best represented as 6.66 (rounding down, here) * 10^-8 L / (kg * s^2).

    Prior to the arrest of three, pi could still be represented to six digits (in decimal) - but now decimal representations of pi, pi/2, and pi/4 are all compromised... The natural exponent (e), of course, has suffered greatly from the loss of seven - and other numbers such as the Elementary Electric Charge (in Coulombs) and Avogadro's Constant have had to be changed to unconventional representations in scientific notation...

    All of this has really made mathematics of any sort a real problem. The scientific community is trying to address this by advocating the use of different numerical bases and a new system of units: but adoption has been slow and difficult. So far, a clear solution has not yet emerged.

One good suit is worth a thousand resumes.

Working...