DirecTV attacks hacked smart cards

Electronic warfare for the private sector


Satellite television behemoth DirecTV struck a decisive blow against signal pirates Sunday night, when it transmitted a carefully-crafted electronic signal from its orbiting satellites and destroyed thousands of hacked smart cards, which for the last four years allowed pirates to gain free access to hundreds of channels of programming.

According to sources in the satellite TV underground, the vast majority of illicitly reprogrammed DirecTV access cards, which once had a street value of several hundred dollars each, were wiped out on what hackers are calling "Black Sunday."

"It turned all these cards into ice scrapers," says a California pirate.

A spokesman for California-based DirecTV says company policy prevents him from confirming a specific cyber-strike. "But I will tell you that we do, from time to time, use electronic countermeasures," says spokesman Robert Mercer. "Obviously, we want only authorized people to receive our service."

DirecTV has been grist for pirates almost since inception, primarily due to well-funded research efforts in Canada, where the company is not licensed to provide service, and selling hacked access cards and equipment is not a crime.

"It's certainly a problem," says Mercer. "But we have an Office of Signal Integrity, a group of former FBI agents, dedicated to this issue."

The company reportedly acquired the ability to launch the electronic countermeasure (ECM) against pirates in November of last year, but held off on using it until Sunday. The massive counter-hack comes amid negotiations between DirecTV's parent company, General Motors, and media mogul Rupert Murdoch, who's considered acquiring DirecTV for an estimated $40 billion.

Logic Bomb

DirecTV controls access to their signal through smart cards shipped with every system. Each plastic card resembles a credit card, but is in fact a completely self contained microcomputer with its own embedded software and memory. In normal operation, a subscriber inserts the card into a slot in the DirectTV receiver, and a satellite signal from the company tells the receiver which channels, if any, the subscriber is allowed to watch, based on the unique identification number coded into each card.

Sunday's ECM was aimed at hacked 'H' series smart cards. The H cards were shipped with receivers sold from late 1996 to early 1999, and later became valuable commodities among TV pirates as the technology to hack them plummeted in price, and the techniques became publicly known online. Card programming devices were sold through Canadian dealers, and hacker-authored software for the H card that allowed complete access to all programming -- including movie channels, sports and pay-per-view events -- was easily found on the Internet.

By most estimates, thousands of hacked H cards are circulating in the US alone. They all became useless Sunday night, when DirecTV detonated a devilishly clever logic bomb the company planted in the access cards last year.

According to sources in the TV piracy underground, the counter strike was the capstone to four years of electronic warfare over the H card.

DirecTV's system gives them the ability to reprogram smart cards remotely, through the set top receivers. In the 90's, the company used that capability in their initial response to the proliferation of hacked cards by broadcasting a search-and-destroy program to all the H cards that would look for hacked code, and damage the software in any cards that had it.

To counter that technique, hackers developed a method of making the cards "read only" after hacking them, so that DirecTV could no longer put their search-and-destroy programs onto the cards.

But DirecTV reacted to that wrinkle over a year ago, by taking advantage of their ability to remotely reprogram the set top satellite receivers, as well as the cards. The company sent a few specific bytes of data to all the H cards, while simultaneously reprogramming the satellite receivers to reject cards that didn't reflect the change. This forced hackers to update the cards manually with the new data, or to make the cards writable again.

Through the following months, DirecTV continued to add more data using this tactic. By the time they stopped in November, the company had made a total of sixty-three updates to the H cards.

By then, the hackers realized that the data was not arbitrarily chosen: DirecTV was actually sending a computer program to the H cards, a few bytes at a time. After analysis, the hackers predicted that the program would make it possible for the company to permanently disable the pirated cards on command.

DirecTV finally issued that command on Sunday, and used it to inject an endless loop into a "write once" section of the H cards' memory, which cannot be modified a second time, according to an analysis on one satellite TV hacking site.

"Why they didn't do it back in November is a big mystery," says the California pirate.

While "Black Sunday" was a devastating blow to pirates, it's not likely to end the electronic arms race between DirecTV and hackers.

The company's current generation of smart cards, the so-called 'HU' card, has proven more resistant to tampering than its predecessor, but hacked versions are now turning up on the commercial grey market. Another technique, in which a pirate uses a PC to emulate an access card, was reportedly unaffected by the Sunday blast.

Smart cards are used for a variety of applications, including electronic customer identification for wireless GSM phones in Europe, and as new credit card offerings from Visa and American Express. "Smart cards are considered highly tamper resistant," says Don Davis, editor of Card Technology magazine. "There have been incidents where people have been able to attack them and tamper with them, but not very many that have proven to have commercial impact, like the problem DirectTV has had."

© 2001 SecurityFocus.com, all rights reserved.


Other stories you might like

  • Employers in denial over success of digital skills training, say exasperated staffers

    Large disparities in views from bosses vs workers on 'talent transformation initiatives,' says survey

    Digital transformation projects are being held back by a lack of skills, according to a new survey, which finds that while many employers believe they are doing well at training up existing staff to meet the requirements, their employees beg to differ.

    Skills shortages are nothing new, but the Talent Transformation Global Impact report from research firm Ipsos on behalf of online learning provider Udacity indicates that although digital transformation initiatives are stalling due to a lack of digital talent, enterprises are becoming increasingly out of touch with what their employees need to fill the skills gap.

    The report is the result of two surveys taking in over 2,000 managers and more than 4,000 employees across the US, UK, France, and Germany. It found that 59 per cent of employers state that not having enough skilled employees is having a major or moderate impact on their business.

    Continue reading
  • Saved by the Bill: What if... Microsoft had killed Windows 95?

    Now this looks like a job for me, 'cos we need a little, controversy... 'Cos it feels so NT, without me

    Former Microsoft veep Brad Silverberg has paid tribute to Bill Gates for saving Windows 95.

    Silverberg posted his comment in a Twitter exchange started by Fast co-founder Allison Barr Allen regarding somebody who'd changed your life. Silverberg responded "Bill Gates" and, in response to a question from Microsoft cybersecurity pro Ashanka Iddya, explained Gates's role in Windows 95's survival.

    Continue reading
  • UK government opens consultation on medic-style register for Brit infosec pros

    Are you competent? Ethical? Welcome to UKCSC's new list

    Frustrated at lack of activity from the "standard setting" UK Cyber Security Council, the government wants to pass new laws making it into the statutory regulator of the UK infosec trade.

    Government plans, quietly announced in a consultation document issued last week, include a formal register of infosec practitioners – meaning security specialists could be struck off or barred from working if they don't meet "competence and ethical requirements."

    The proposed setup sounds very similar to the General Medical Council and its register of doctors allowed to practice medicine in the UK.

    Continue reading
  • Microsoft's do-it-all IDE Visual Studio 2022 came out late last year. How good is it really?

    Top request from devs? A Linux version

    Review Visual Studio goes back a long way. Microsoft always had its own programming languages and tools, beginning with Microsoft Basic in 1975 and Microsoft C 1.0 in 1983.

    The Visual Studio idea came from two main sources. In the early days, Windows applications were coded and compiled using MS-DOS, and there was a MS-DOS IDE called Programmer's Workbench (PWB, first released 1989). The company also came up Visual Basic (VB, first released 1991), which unlike Microsoft C++ had a Windows IDE. Perhaps inspired by VB, Microsoft delivered Visual C++ 1.0 in 1993, replacing the little-used PWB. Visual Studio itself was introduced in 1997, though it was more of a bundle of different Windows development tools initially. The first Visual Studio to integrate C++ and Visual Basic (in .NET guise) development into the same IDE was Visual Studio .NET in 2002, 20 years ago, and this perhaps is the true ancestor of today's IDE.

    A big change in VS 2022, released November, is that it is the first version where the IDE itself runs as a 64-bit process. The advantage is that it has access to more than 4GB memory in the devenv process, this being the shell of the IDE, though of course it is still possible to compile 32-bit applications. The main benefit is for large solutions comprising hundreds of projects. Although a substantial change, it is transparent to developers and from what we can tell, has been a beneficial change.

    Continue reading
  • James Webb Space Telescope has arrived at its new home – an orbit almost a million miles from Earth

    Funnily enough, that's where we want to be right now, too

    The James Webb Space Telescope, the largest and most complex space observatory built by NASA, has reached its final destination: L2, the second Sun-Earth Lagrange point, an orbit located about a million miles away.

    Mission control sent instructions to fire the telescope's thrusters at 1400 EST (1900 UTC) on Monday. The small boost increased its speed by about 3.6 miles per hour to send it to L2, where it will orbit the Sun in line with Earth for the foreseeable future. It takes about 180 days to complete an L2 orbit, Amber Straughn, deputy project scientist for Webb Science Communications at NASA's Goddard Space Flight Center, said during a live briefing.

    "Webb, welcome home!" blurted NASA's Administrator Bill Nelson. "Congratulations to the team for all of their hard work ensuring Webb's safe arrival at L2 today. We're one step closer to uncovering the mysteries of the universe. And I can't wait to see Webb's first new views of the universe this summer."

    Continue reading

Biting the hand that feeds IT © 1998–2022