A $1 billion, corporate-funded hack?

A $1 billion, corporate-funded hack?

Lawsuit claims News Corp. division cheated Vivendi pay-TV

By Bob Sullivan MSNBC


April 19 — It sounds like a script once rejected by Hollywood. The plot revolves around two of the world’s biggest multinational corporations, locked in an all-out war over the future of pay-TV, and its promised billions. The competition is so ruthless that eventually, someone cheats. One company hires hackers to break the other’s secret codes, then publishes the secret on the Internet, inviting piracy. Suddenly, the victim company’s pay-TV is free, and its only asset is worthless. Too ruthless to be true? Not according to a lawsuit filed in California last month.

• Yellow Pages

• Auctions at uBid

• Personals Channel

• Shopping

• Newsletters

• Weather

CONSIDER IT A NEW FORM of corporate espionage. Stealing your competitor’s secrets to cash in on them is as old as commerce itself. But stealing your enemy’s secrets and giving them away, thereby diluting or eliminating their value? That seems to be a new corporate weapon born of the Internet age.
Publishing the Colonel Sanders’ secret recipe online would be one thing; but publishing the keys to a pay-TV kingdom is quite another.
Hacking pay-TV systems has been sport for hundreds of thousands of video pirates around the world for more than a decade. All that stands between a TV viewer and free programming is a “smart card” inserted in a DirecTV-style set-top box. Crack the secret code in the card, make your own version, and TV is free. In fact, during a day notoriously known as “Black Sunday” in the piracy community, DirecTV effectively zapped some 200,000 piracy cards around North America by sending destructive computer code at them.
However widespread, TV piracy has always been viewed as the work of hobbyists. Until last month.
In a lawsuit filed March 11 in California by French-based Canal Plus Technologies, a division of Vivendi Universal, the company claims just such chicanery by a division of Rupert Murdoch’s News Corp., named NDS. Canal Plus says NDS hired a team of hackers who broke its smart card codes, then distributed the secret on a well-known piracy Web site. The impact on Canal Plus was staggering — sources inside the firm suggest somewhere between half and three-fourths of all Canal Plus users in Italy were pirates, for example. Canal Plus is suing for $1.1 billion in lost revenues.
The lawsuit is proceeding apace. Just yesterday, a California judge granted Vivendi’s request for an accelerated discovery schedule.

NDS said in a statement last month that the charges are baseless, and in fact were used recently as leverage for merger talks. The company declined to say more to MSNBC.com.

‘TOO FRIENDLY’ WITH PIRATES
But sources in the computer underground say NDS has at times been “too friendly” with pirates. In fact, there are accusations that NDS employs many computer hackers, including the hacker who developed the the first widely-used counterfeit smart card in the early 1990s.
NDS has reportedly admitted to partially funding another underground Web site, Thoic.com, but said it did so only for intelligence-gathering purposes.
In a deposition last week, consultant Oliver Kommerling — who has worked for both Canal Plus and NDS — directly accused NDS employee Chris Tarnovsky

of ensuring the smart card code was published on piracy Web site dr7.com in March of 1999. Kommerling’s “whistleblower” testimony carries significant credibility because NDS owns 60 percent of his security firm, ADSR. In his statement to the court, Kommerling said he feared repercussions for speaking out. He wouldn’t offer additional comments to MSNBC.com, other than to say in an e-mail, “As I said in my statement about the pressure.....In fact, this has already started.”

FEARED FOR HIS LIFE
But the stakes may be even higher. In a declaration filed with the court by Canal Plus security manager Gilles Kaehlin, Kaehlin says Tarnovsky admitted NDS was behind the smart card hack, and that he was prepared to tell the truth in court. But, the filing says, Tarnovsky refused to be the the whistle-blower on NDS’ illegal activities, “because he feared too much for his life and that of his family,” Kaehlin said.
None of Canal Plus’ allegations have been proven, and NDS has offered a plausible alternative explanation — that their rival’s smart cards were simply easy to hack, and that’s why the pirates had a field day. But the case is the first high-profile, public look inside a world many computer security experts once only talked about in hushed voices. While graffiti-style Web-page hacks and other nuisance attackers get most of the press attention, high-stakes hacking — information-age corporate espionage — has been going on silently for some time. It’s carried out by criminals too smart to get caught, with too much money and stock value at stake for corporations to come clean when victimized.

VEIL OF SECRECY
There is only a trickle of information available on digital corporate espionage. The most authoritative seems to be an annual survey conducted jointly by the Computer Security Institute and the FBI. Released April 7, the anonymous survey of 500 companies and government agencies revealed once again that cyber espionage is soaring — theft of proprietary information cost the group some $170 million.
But little is known about what kind of information was actually lost.
“People have struck up online friendships with employers and then lured them into conspiracy to commit espionage. People have put bounties on laptops of executives. People have disguised themselves as janitors to gain physical access,” said Richard Power, editorial director for the institute.
But would they steal a rival’s proprietary product and give it away, just to make it worthless?

Hacks, Viruses & Scams

•	MSN Messenger users at risk
•	Midwest Express hackers cause a stir
•	Code Red still threatens Net
•	'Melissa' virus creator gets state term
•	Best Buy closes wireless registers
•	Treasury warns of U.S. bank scam
•	'Brute force' card thieves attack