Where piracy and profits converge

/ Source: msnbc.com

It’s just a thin slice of plastic that’s stuck into your satellite TV set-top box when you first bring it home. To viewers, the card is the key that unlocks pay-TV. To corporations, smart cards are much more — 80 million of them currently unlock one of the world’s most influential and lucrative industries. But now, the plastic cards are at the center of a global conspiracy theory — a cutthroat corporate battle, some say, to control the world’s living rooms through deception, cheating, and intimidation.

THE STORY COMES COMPLETE with alleged corporate-sponsored hacking, a $1 billion lawsuit, mysterious cash payoffs shipped in hollowed-out VCRs, and even a suspicious death.

The cloak-and-dagger world of pay-TV piracy is a fountain of rumor and innuendo that befits a Michael Crichton book or a James Bond movie. But it was all just that — a dramatic story line — until March, when a French firm filed a lawsuit that shined a harsh public light on this secretive world. Public filings in the case have, for the first time, pierced its veil of secrecy, linking real-world programmers, executives and companies to the murky nicknames and alter egos of piracy.


And at least at the moment, the controversy swirls around a small British company owned by one of the world’s most powerful media magnates.

That company, NDS, makes smart cards which unlock 28 million of the world’s satellite set-top boxes. Owned by News Corp. and its flamboyant owner Rupert Murdoch, NDS now finds itself on the receiving end of a $1.1 billion lawsuit filed in March by French rival Canal Plus Technologies. Canal Plus comes with its own heavyweights attached — Vivendi Universal, and its now embattled CEO Jean-Marie Messier.

The Canal Plus lawsuit claims NDS paid hackers to break the code in Canal Plus smart cards, then gave the information away on the Internet, all to undermine Canal Plus business. It’s probably the largest computer hacking lawsuit ever, and one of the biggest accusations of corporate espionage.

An NDS motion to dismiss the case was heard by a federal court in San Francisco Thursday, although the judge did not immediately issue a ruling — that could come in the coming days or weeks. Meanwhile, depositions are set to begin next month. With Canal Plus lawyers vowing to wage a very public court battle, the next few weeks will likely raise the curtain on a 5-year drama, unraveling a complicated world where the interests of small time TV-pirates and moguls bent on dominating the world’s media have at times overlapped rather neatly.


Back in 1997, Murdoch’s News Corp. was in negotiations to acquire EchoStar Communications Corp., operator of the DISH Network in the U.S. EchoStar would be a perfect puzzle piece for Murdoch, whose powerful portfolio of TV firms was missing a distribution channel in the lucrative U.S. market. EchoStar was a distant second to DirecTV in the U.S. market, but a rising star that appeared to have staying power.

The deal stalled, however, and a dispute over smart cards was part of the problem, says one source familiar with the talks.

News Corp.’s NDS had only one real competitor in the global smart card market — a Swiss company named Kudelski Group which makes cards under the “Nagra” name. Nagra cards protected EchoStar systems, but News Corp. expected EchoStar to switch to NDS after any deal. NDS already had DirecTV under contract, so a pact with EchoStar would give the firm a stranglehold on smart cards across the U.S. But EchoStar resisted, according to a source, insisting that it keep the option to use Nagra cards after the deal.

Not long after, the deal was scrapped, in part because EchoStar CEO Charles Ergen insisted on staying with whatever the best security technology happened to be, the source said. EchoStar later sued for breach of contract and settled out of court.


The following year, in 1998, NDS went looking for more smart card expertise and contacted brilliant German hacker Boris Floricic. Known as “Tron” in the computer underground, Floricic had gained a reputation for cracking pay-TV systems.

A few weeks later, in October of 1998, Floricic was found dead, hanging from a tree in a Berlin park. The death was ruled a suicide by authorities — a ruling many hackers reject.

There has never been any assertion that NDS was somehow involved in the death. But the fact that Floricic’s father found a letter from NDS in his son’s belongings indicated the company’s willingness to consult the computer underground for security expertise. The incident also shocked the hacker community, which wondered if computer curiosity could now have deadly consequences.


Nagra cards and security issues continued to nag NDS the next year, as the firm’s most important contract — with DirecTV — came up for renewal. NDS was planning an initial public offering to raise $150 million later in the year, so a renewal of its pact with DirecTV was critical. The only real NDS competitor: the Swiss firm, and Nagra cards.

It’s at this critical moment that the story heads underground. At the height of the DirecTV-NDS renegotiations, a now-infamous computer file named Secarom.zip appeared on a pirate Web site DR7.com on March 26, 1999.

Secarom.zip was the master key to European satellite provider Canal Plus, a slice of code that allowed pirates to create fake smart cards that foiled the security measures built into those systems. At the time, Canal Plus was chief rival to BskyB, Murdoch’s European satellite broadcast system. In no time, a cottage industry for Canal Plus pirate cards formed and at one point, nearly three million of four millions users in Italy were pirates, according to Canal Plus.

In its lawsuit, Canal Plus alleged NDS was ultimately behind the hacking of its system, and the cottage industry that formed later, costing Canal Plus over $1 billion in lost business.

According to the lawsuit, an NDS lab in Israel cracked the Canal Plus cards, which Canal Plus had developed in-house. Then, the company made sure the crack was published on the Internet in a place where pirates were sure to find it. NDS denies Canal Plus’ the claims.


But there were other accusations flying around in the hacker community, too.

Around the same time the code to Canal Plus’ smart cards appeared on the DR7.com Web site, so did the a master key to pirating EchoStar television and their Nagra smart cards, according to a former administrator of the site. In fact, the code was published by the same cast of characters who released the Canal Plus code, suggesting a link between the two acts of piracy. If, as Canal Plus suggests, NDS was behind the Canal Plus card piracy, it was behind the EchoStar piracy too, the administrator says.

E-mails to the administrator of the current DR7.com Web site went unreturned.

At any rate, with the secret codes to both NDS and Nagra smart now public, the playing field in the smart card business was level. By August of 1999, NDS had a new four-year contract with DirecTV. However, the contract contained an important escape clause — that DirecTV could develop its own in-house smart card technology and dump NDS at any time.

NDS declined to comment on the accusation that it was somehow connected to the EchoStar hack. NDS spokesperson Margot Field said the company “does not respond to rumors or supposition.”

Nagra card maker Kudelski Group and EchoStar also declined comment.

But a spokesperson for Canal Plus said the company had talked with EchoStar about the incident, and EchoStar had expressed interest in joining its $1.1 billion lawsuit against NDS.

“We have been contacted by many entities that have been harmed by NDS activities, seeking to either assist us or to join in the lawsuits, and that would include EchoStar,” said the spokesperson, who requested anonymity.


The months following March of 1999 were the glory days for TV pirates, with trade in pirate cards clipping along at a multi-million dollar pace. A “fresh hack” could be worth up to $5 million, according to one estimate. Pirate dealers in Canada could sell the cards with relative immunity, since a quirk of law made piracy legal north of the United States. But money flowed back into the U.S., too, evidenced by a series of high-ticket lawsuits NDS and DirecTV brought against individual dealers. In one case alone, DirecTV won a $19 million judgment against Quebec residents Reginald Scullion and his wife, Frances Callan for selling pirate equipment to a set of 80 dealers inside the U.S. during the late 1990s

Rumors about the thriving pirate smart card trade abound. The most popular involves the discovery later that year of a VCR stuffed with $50,000 cash that was stopped at the Canadian border by U.S. Customs officials.

The payment is now legend — never proven publicly — in the TV pirate community. The money was one installment of cash headed from Canada to the U.S., allegedly sent by the operator of DR7.com. It was headed for a hacker named “Von,” payment for supplying the code to hack a major pay-TV system.

But the VCR caught the attention of customs officials, who began investigating. No arrests were made in connection with the incident, and there are no public records indicating it ever happened. But soon after, things got dicey in the pirate-TV world.


At almost the same time, lawyers from Canal Plus Technologies began their own investigation. Why were Canal Plus smart cards hacked so fast? Who would have the technological know-how to crack the cards, and the incentive to see their technology exposed? The answer, according to Canal Plus lawyers: NDS. Giving away Canal Plus smart card secrets was the same as giving away their pay-TV for free. It would ruin the company, and clear the way for Rupert Murdoch’s competitive offering BSkyB.

In filings connected to its lawsuit, Canal Plus identifies Von as Chris Tarnovsky, the NDS employee. Von, also known as “Big Gun” to pirates, was a bit of a legend in the underground, having worked extensively with so-called “battery card” in the early 90s — the first technology used to steal direct broadcast satellite signals. Tarnovsky, like Floricic, was an expert in smart card technology who lived in Germany. But like many hackers, he spent considerable time researching in the hacking underground, and now many accusations say he spent a good deal of time on the wrong side. And apparently, Tarnovsky’s murky background didn’t scare off his future employer.


While Canal Plus lawyers researched the possible unholy alliance — and according to some sources, while EchoStar did its own fruitless investigation into NDS — piracy against DirecTV ramped up. According to one informed source, piracy rates nearly doubled as the year 2000 drew to a close.

Drastic measures were necessary: NDS and DirecTV planned a massive electronic counter-measure designed to zap pirate cards sitting in set-top boxes. The “code bomb” exploded on what pirates know as “Black Sunday,” just before the 2001 Super Bowl. Some 300,000 pirates were zapped. But within months, according to the source, most were back stealing signals, and DirecTV’s frustration with NDS grew. But at the same time, NDS’ parent was about to make a bid to buy DirecTV.

Only a few weeks before that Super Bowl Sunday, Murdoch indicated he was ready to make another aggressive move to acquire a U.S. satellite broadcaster. This time, Murdoch’s News Corp. launched a $30 billion bid to pluck DirecTV from Hughes Electronics in January. The deal would have made Murdoch’s SkyGlobal — already with assets in Europe, Asia, and Latin America — the largest television platform in the world.

As the technology stock market began its southern migration, the purchase price for U.S. market leader DirecTV became more reasonable, and negotiations heated up between the two firms. Once again, Murdoch was on the brink of a deal, and once again, it was snatched away — and once again, smart cards could be blamed.

Nine months after word leaked out of Murdoch’s bid, U.S. rival EchoStar swooped in with a last-minute offer that trumped News Corp. The pot had been sweetened by a $1 billion kick-in from Kudelski Group, the Nagra card maker. The kick-in made sense; if Nagra could wrestle DirecTV’s business away from NDS, it would add some 40 cents per share to the company’s bottom line.

The deal was approved by the two companies in October 2001, but it faces an uncertain regulatory future — because it would create one firm that overwhelmingly controls the U.S. direct broadcast market, the Federal Trade Commission is reviewing the deal.


But already, there is apparently fallout for NDS. In April, DirecTV announced it would sever ties with Murdoch’s smart cards, saying it would exercise the “out” included in their 1999, four-year pact. DirecTV will develop its own smart cards, the announcement indicated. It would also immediately act to replace all current customer smart cards, a swap-out that’s expensive and time-consuming.

The news trounced NDS stock, coming hardly two weeks after Canal Plus filed its lawsuit against NDS.

DirecTV spokesperson Bob Marsocci said the timing of the announcement had nothing to do with the Canal Plus lawsuit; and NDS spokesperson Margot Field, in an e-mail, said “NDS continues to have a good relationship with DirecTV,” and noted that NDS will continue to earn revenue from its DirecTV relationship through August 2003.

However, a source familiar with the situation told MSNBC.com that DirecTV has been frustrated with NDS for some time, and that NDS employees were barred last year from working on any DirecTV conditional access systems related to smart card production. Another source confirmed that DirecTV’s relationship with NDS had grown increasingly rocky over recent years, as DirecTV became more frustrated with NDS’ apparently inability to keep hackers from stealing signals.


Back to the present, where pirates, TV companies, and journalists are closely watching developments in the Canal Plus case. More answers, and more entanglements are bound to emerge as discovery proceeds in the Canal Plus lawsuit. But one thing seems clear — in this high-stakes story, fear has kept many potential sources hidden behind nicknames or away from the lawyers and journalists altogether.

Oliver Kommerling, another German smart card expert, has emerged as a whistleblower and key witness so far. Kommerling, who runs a firm half-owned by NDS, has filed papers in support of Canal Plus’ lawsuit, directly accusing Tarnovsky of publishing the rogue code on DR7.com. Kommerling and Floricic have a common friend, Marcus Kuhn — both have written papers with Kuhn on reverse engineering smart cards. Floricic is now dead, and Kommerling has told MSNBC.com he has felt “pressure,” since filing his assertions with the court.

And if Canal Plus security manager Gilles Kaehlin is to be believed, Tarnovsky is scared, too. In a written statement to the court, Kaehlin says Tarnovsky admitted to him NDS was behind the smart card hack, and that he was prepared to tell the truth in court. But, the filing says, Tarnovsky refused to be the the whistleblower on NDS’ illegal activities, “because he feared too much for his life and that of his family,” Kaehlin said.


There are still many questions surrounding the current allegations against NDS. Why would such a successful security firm take such as incredible risk, in fact risking its entire reputation, to interfere with competitors?

In the computer underground, conspiracy theories are rampant. Unlike most hobbyist computer hacking, pirated pay-TV cards are a lucrative business, cards can sell for hundreds of dollars each. Complicating matters further, the legality of sales in this “gray market” is somewhat murky in Canada, and there’s suspicion that satellite dealerships, distributors, and even company insiders profited from aiding Canadian “gray market” dealers. There’s also a long-standing notion that piracy is good for the business. In an odd twist, tacitly allowing people to watch pirated TV is a way to gain market share, since many pirates eventually give in and convert to paying customers.

TV pirates generally can’t make new smart cards — they have to use real, corporate-issued smart cards, which are then altered via software. Millions of extra smart cards seem to have somehow gotten into pirates’ hands over the years. Who made all those extra piece of plastic — and how did they get out of the hands of manufacturers or legitimate dealers?

In fact, some say, firms like DirecTV and Canal Plus have gotten what they deserve — tacitly allowing piracy was a mistake that got out of hand. Now, all these firms must have security departments that cozy up to hackers to keep up with the pirates, and employees who have less-than-perfect backgrounds. NDS’ troubles, they say, are just the first to see the harsh light of a courtroom.