satellite business news

Transcription

ww
w.
sa
tb
izn ew
s.c
om
SATELLITE BUSINESS NEWS
,
THE SATELLITE TV INDUSTRY S LEADING NEWS PUBLICATION
Vol. 14 No. 16
August 14, 2002
$2.95
SBCA Focuses Show on Retailers
The stage will be smaller than last year and there
will not be as many performers, but the Satellite
Broadcasting and Communications Association
(SBCA) is optimistically predicting that there will be
just as many people in the audience at its annual
trade show in Las Vegas Aug. 6-9.
While last year’s show was dominated by the talk
about who would wind up with DirecTv and the
departure of Chuck Hewitt as SBCA president, most
industry hands expect talk to turn this year to the
chance the pending DBS merger will go through.
One of the association’s most visible members,
Pegasus Communications Corp., is letting its feet do
its talking regarding the merger and the SBCA. A few
days before satellite retailers were scheduled to head
to Las Vegas, Pegasus, DirecTv Inc.’s largest rural
distributor, told the SBCA it would not renew its
membership next year as a result of the continuing
controversy over the association’s endorsement of
EchoStar Communications Corp.’s pending acquisition of its former DBS rival.
As reported, a deeply divided SBCA Executive
Committee voted to support the merger late last
year. Pegasus has been among the deal’s loudest
opponents (Satellite Business News, Dec. 31, 2001).
In a letter to SBCA President Andy Wright, Pe-
gasus President Ted Lodge specifically said that
vote was behind the resignation. The SBCA, Lodge
wrote, had “abdicated its true charter” and is “now
a captive organization” that “represents the interests of only two organizations, DirecTv and EchoStar.”
The SBCA’s decision to endorse the DBS deal,
Lodge wrote, “and the process of achieving the
result, were not authorized by the organizational
documents of the SBCA.” Pegasus, he added, feels
it has “no alternative but to resign and seek alternative means to promote the interests of our industry.”
Lodge also said a claim by the two DBS services
CONTINUED ON PAGE 22
DirecTv Slumps at Chains
Satellite TV Piracy Goes Mainstream
EchoStar Links with Wal-Mart
DirecTv, EchoStar Lose Billions
The sluggish sales DirecTv Inc. reported for the second quarter
took their toll on at least two of the largest retail chains that
distribute its systems, RadioShack Corp. and Blockbuster Inc. As
those chains were rethinking their strategies to boost sales,
EchoStar Communications Corp., as expected, added another
link to its growing distribution chain—Wal-Mart Stores Inc.
Wal-Mart, the nation’s largest retailer, started selling RCAbranded EchoStar DBS systems Aug. 1
at its 1,900 stores. EchoStar spokesman
Marc Lumpkin only confirmed as much
after Satellite Business News informed
him that field reports indicated EchoStar
units were actually seen on Wal-Mart’
sales floors prior to the company putting out a long-anticipated announcement about it (Satellite
Business News, July 31, 2002).
EchoStar’s installation network will handle all installations for
systems sold at Wal-Mart, Lumpkin said. Wal-Mart stores are
participating in EchoStar’s newest promotion that pays new
customers back for purchasing equipment.
The program awards 12 monthly credits of $12.50 to new
subscribers who pay $149 for a model 301 system. Customers
who buy two systems for $199 will receive $17 credits for 12
months, though they must pay a monthly $5 second-set fee. The
Periodical-Do Not Delay
89875p001_4_21_24r1.pm6
1
On the night of Jan. 21,
2001, hundreds of thousands
of DBS system owners in North
America sat down in front of
their TV sets for yet another
Sunday evening of stealing
DirecTv through the use of
modified security cards like they
had for so many months before. Beginning at about 5:30
p.m. EST, and much to their
amazement, waves of modified DirecTv cards began being
deactivated as a result of an
electronic signal transmitted by
DirecTv Inc. and NDS Group
P.L.C., its security vendor.
By the end of the night,
virtually every modified
DirecTv access card in North
America had been turned off.
Those with the now dead
cards immediately deluged the
Internet sites of the hackers
they had sent their cards to for
modification, or tried to reach
those who had telephone numbers. The rush of activity overloaded hacker web sites and
many crashed. Their phone
numbers buzzed busy for days.
Their customers had lost their
“free” DirecTv and were outraged. Their DirecTv access
cards were rendered useless.
Over the course of the following week, the DirecTv/NDS
electronic coutermeasure
(ECM) received widespread
media attention across the U.S.,
Canada, and Mexico. David
Letterman
even joked
about it a few
nights later.
Hackers and
their cust o m e r s
dubbed that
night “Black
Sunday.”
Two days
later, DirecTv and
NDS transmitted an- Stacks of access cards in workshop ready to be
other ECM modified. It should be noted that Satellite Business
a i m e d a t News has intentionally obscured numbers on the
DirecTv carton and other objects in this picture.
those few
cards that may not have been they had delivered a blow from
hit. That night, EchoStar Com- which hackers would never
m u n i c a t i o n s C o r p . , t h e n recover. According to comDirecTv’s arch competitor, pletely unsubstantiated hacker
launched its biggest ECM to lore, DirecTv and NDS were so
date against users of modified confident about their action that
DISH Network
they actually
access cards.
transmitted a
At DirecTv’s
two-word mesheadquarters in
sage
that
DirecTv ..................p. 6
El Segundo, Cawound up beEchoStar................p. 8
lif., and at NDS
ing written to
Internet ..................p. 10
offices in Israel
the modified
and California.,
cards
that
there was widespread jubila- hackers were able to read. The
tion over what to this day re- message simply read: “GAME
mains the single most effective OVER.”
one day anti-piracy action in
Even though no such bits of
history. After months of seeing data were ever transmitted, in
DirecTv piracy skyrocket, reality, the game had just beDirecTv and NDS finally struck gun.
back and some inside the comDirecTv and NDS had no
panies even started to believe
CONTINUED ON PAGE 3
Special Report
8/15/02, 5:22 AM
3
AUGUST 14, 2002
Piracy
CONTINUED FROM PAGE 1
way of knowing about the unintended and seminal consequence the Black Sunday ECM
would lead to.
That night, and in the days
that followed, many satellite
TV hackers came to realize they
would have to radically change
the way they conducted their
illicit business. That not only
sparked a fierce debate within
hacker circles, but forced many
hackers to come up with new
methods to make money.
As a result, and only 19
months later, far more Americans are watching DirecTv and
EchoStar without paying the
DBS services—both in total
number and in proportion to
the overall size of the satellite
market—than were stealing
DirecTv that Sunday night in
Jan. 2001. And that change has
spawned not only stunning
technical advances by hackers,
but what has become a surprisingly large wave of crime—
ranging from armed robbery,
breaking and entering, shipping theft, and simple robbery.
And all of it is aimed at acquiring DirecTv and EchoStar access cards and equipment that
are the tools of the trade of
satellite TV piracy.
Perhaps even more surprising, however, is how little is
truly known about the current
state of satellite TV piracy, how
little programmers and Hollywood studios know about the
theft, and how little DirecTv
and EchoStar are willing to discuss the matter.
Over the past four months,
Satellite Business News has
conducted an intensive investigation into the current state
of satellite TV piracy. This investigation has included interviews and communication (often via non-traceable electronic
means) with dozens of satellite
TV hackers, knowledgable industry hands, and investigative sources. In addition, some
200 hacker web sites and other
Internet-based communication
channels used by hackers and
their customers were either visited or their use was demonstrated. Moreover, Satellite
Business News has independently verified virtually all of
the hacking methods that will
be examined in this story, and
will note those it has not. But
in almost all cases, Satellite
Business News will not specifically identify the names of
hacker web sites or other hacker
89875p001_4_21_24r1.pm6
3
communication avenues in order not to provide any publicity for those involved. This story
is not designed to provide a
“how-to” on hacking or to glorify what clearly is a criminal act
that poses a long-term threat
to the viability of the satellite
TV business.
This investigation has pro-
duced some general conclusions about the current state of
satellite TV piracy. The details
that lead to these conclusions
will be outlined and explored
throughout this story. But in
sum, the most overriding conclusions are:
●Theft of DirecTv and
EchoStar DBS service is at an
all-time high in the United
States. It is now clear that the
nation’s two DBS services combined are losing no less than
$125 million in gross revenue
per month, or $1.5 billion per
year, to piracy. And those are
conservative estimates. Based
on the evidence to date, it
would appear that for every
one person stealing EchoStar’s
service in the U.S., there are as
many as four or five people
stealing DirecTv. The best available evidence suggests there
are more than 1 million people
stealing DirecTv in the U.S.,
with some saying that figure is
no less than 1.5 million and as
CONTINUED ON PAGE 6
RCA
#89828
JPI-4C
Pickup
7/31/02
page 3
8/15/02, 5:22 AM
6
Piracy
much as 2 million. The number
of people stealing EchoStar is
estimated at 500,000, though
some put the number lower
and some higher. It should also
be noted that those figures do
not include those consumers
who continue to subscribe to
the lowest-cost programming
they can from both DBS services and then attempt to steal
premium channels, pay-perview, and sports packages.
They believe this prevents
them from being detected and
affords them some legal and
technical protection.
●Hackers appear to have as
much knowledge of the DirecTv
and EchoStar security systems
as the companies themselves.
Virtually no aspect of how the
systems work seem beyond
hackers. Indeed, were they not
using their expertise in an illegal way, many of the software
and hardware products sold by
hackers would likely win awards
for their design, ease-of-use,
and innovation.
●DirecTv and EchoStar have
ended what is referred to as
the “plug-and-play” days of
piracy, during which a consumer could send an access
card to a hacker and get back a
modified card that could be
inserted into a satellite receiver
and work for six months to a
year without any interruptions.
But in response to that, the
entire nature and scope of satellite piracy has evolved in the
past two years. This development has spawned what can
only be described as an enormous subculture of American
consumers who view stealing
of DirecTv and EchoStar as
both a hobby and a path to
obtaining “free TV.”
●The supply of security
cards and receivers, particularly for DirecTv, available for
hackers and their customers is
far larger than most industry
executives have been told. In
addition, this investigation has
uncovered evidence that raises
serious questions about
whether DirecTv, and its vendors and customers, have taken
the necessary steps to secure
access cards from winding up
in hacker hands.
The Early Days
Any real understanding of
satellite TV piracy today has to
begin with a brief look at the
history of satellite TV subscription services and provide
89875p5-20r1.pm6
6
some basic information on how
such services work.
On Jan. 15, 1986, Home Box
Office became the first cable
programmer to scramble, or
encrypt, its C-band programming signal and offer subscriptions directly to consumers. An
analog DBS service called USCI
had failed prior to that. HBO’s
scrambling was the culmination a long and nasty battle
within cable over satellite that
took place as sales of C-band
dishes were skyrocketing. A
year earlier, more people had
attended the satellite TV
industry’s national convention
than cable’s show. The scrambling debate caused a vast rift
between cable operators—fearful about losing subscribers to
satellite since the programming
was “free”—and programmers
who, while they had concerns
about the cost and technology
to encrypt their signals, also
liked the idea of selling their
channels to consumers without
cable operators in the middle.
HBO chose the VideoCipher II
CONTINUED ON PAGE 8
Hackers Focus on DirecTv Card Programs
At the end of June, DirecTv
said it had 10.74 million authorized subscribers. Though
the number of homes with
more than one DirecTv receiver has significantly increased in the past few years.
As a total of the overall base
of DirecTv homes, those with
more than one unit is at 25
percent to 30 percent. That
puts the number of DirecTv
authorized receivers at 14
million to 15 million homes.
In the little more than eight
years since DirecTv launched,
more than 30 million receivers
have been shipped in the U.S.
The two largest receiver
manufacturers, Thomson and
DirecTv sister company
Hughes Network Systems Inc.
(HNS), account for some 25
million of those units.
Thomson holds the biggest
chunk of the market. Sony
Electronics and the handful of
other manufacturer who are
now making DirecTv boxes,
or have at points in the past
(such as Uniden, Philips,
Toshiba, and Panasonic) account for at least 5 million
boxes. In addition, sources
said, millions more access
cards have been produced as
replacement cards for those
lost, stolen, damaged, or otherwise inoperable. While it is
difficult to estimate how many
additional cards have been
made, most put it at no less
than 3 million. Some argue it
could be as many as 10 million.
There are numerous methods to steal DirecTv. But the
most common involve either
sending a card to a hacker for
modification, buying a reprogrammed card from a hacker,
purchasing an external device
to insert into a receiver, or
acquiring a card programmer
that enables users to reprogram their own cards.
The first heavy sales of programming and external devices directly to consumers
began the summer before the
Black Sunday ECM. In the
months after, those sales took
off. Many hackers now sell far
more of these units than they
ever did cards, though they
say sales of cards remain
strong.
A card programmer can be
bought from some web sites for
as little as $25 for the simplest
units to around $175 for units
with more capabilities. Prices
have fallen steadily as more
and more hacker web sites selling the devices pop up and as
the price of other consumer
electronic devices have
dropped. A handful of programmers can modify both
DirecTv and EchoStar cards.
The first step usually requires
visiting the web site of the
hacker they bought the programming from to download a
program to initialize the unit, a
process known as “flashing” the
main processor in the programmer, and program the cards.
(See separate story on the
Internet for more details on
page 10.) There are many programs that can do this, but
most hackers say the two most
popular are ExtremeHu and
WinExplorer. The programs are
free and take only a few minutes to download even with a
dial up modem.
The start-up screen for the most widely used program to modify
DirecTv access cards.
The programming device
received from a consumer has
no software installed in it. Hackers believe this protects them
legally because the programmers mostly use off-the-shelf
computer technology and an
easily obtained card reader/
programmer. As such, many
hackers easily ship the devices
into the U.S. and many have
U.S. locations to ship from. At
most, some hackers say, it costs
them $50 to $75 to manufacturer the most sophisticated of
the devices and far less for
others.
Consumers must then connect the device to a computer
through the serial port. They
then head to the Internet.
It should be noted, however, that a cardinal rule of
satellite piracy is never connect a telephone line to the
back of a receiver used to steal
satellite TV.
Many hackers prefer
WinExplorer to unloop DirecTv
cards that have been hit by an
ECM or software update, and
ExtremeHu for programming
cards.
Users then download small
files, known as scripts, to put
on their cards to steal. Again,
there are many ways to do this,
but the three most common
are:
●Cloning: Using the same
method
invented
in
VideoCipher days, the unique
8/15/02, 5:24 AM
information in a card that has
been used to legitimately buy
programming can be duplicated into an unlimited number of other access cards. But
only those channels that have
been bought on the “master
clone” are authorized in the
clones. Pay-per-view, sports
packages, adult programming, local channels, or special events that are not activated on the “master clone”
cannot be viewed. But most
pay-per-view movies, sports
packages, adult channels, and
special events than can be
ordered through the onscreen ordering process can
also be activated in the very
same way a legitimate user
can purchase them. Once $300
worth of programming is “purchased” with the card, it must
be put back in the card programmer to have its “balance”
set back to zero. That process
takes about two minutes.
●Activation scripts: These
scripts enable the user to steal
all subscription channels, but
not the pay-per-view, adult,
sports packages, special
events, and local channels.
Again, any of those available
via remote control ordering
can be added, and the card
then has to be cleaned when
it hits $300. In addition, there
is a more complicated process
which users can add a specific
bit of information to the card,
known as a tier, to steal such
things as sports packages and
adult channels. Each channel
or package has its own tier
number and updated tier lists
are widely available on web
sites. Though activation scripts
do not “light up” every channel instantly, many hackers
believe they are less likely to
be turned off.
●Three Musketeers (3Ms):
This may be the most popular
of all scripts, but many think it
is the easiest for DirecTv to
ECM. When a 3M script is
programmed on a DirecTv
card, every single channel—
including pay-per-view and
8
Piracy
system—then owned by M/ACom Inc., to scramble its signals, though there was by no
means agreement that it was
the best system. HBO had decided that the VideoCipher I
encryption system was too
expensive as a consumer product. Other programmers were
unhappy with what they perceived as HBO dictating the
choice. A group of programmers—Showtime, MTV (at the
time, owned by different companies), ESPN, and Ted Turner’s
CNN—even announced the
formation of their own group
to sell a package directly to
C-band dish owners and were
unlikely
to
use
the
VideoCipher II system. Cable
operators quickly forced them
to abandon the idea and use
the VideoCipher II.
The
heart
of
the
VideoCipher II (or VC II) system was a module component
that could be inserted into
standalone decoders and later
integrated C-band receivers.
The module contained a circuit
board and other components,
including key chips that contained the VideoCipher II software. In simple terms, there
are two elements to any system to encrypt programming
and sell it to consumers: the
first is the encryption system
itself. The other is what is known
as “conditional access,” or the
method by which individual
decoders are electronically instructed to turn on certain channels and to turn off others. The
conditional access part of the
software has proven to be the
door through which hackers can
enter. In the strictest sense,
hackers do not “break” the
encryption system but electronically fool the conditional
access system into activating
some or all channels in a particular decoder even though
they have not been legitimately
subscribed to.
Throughout 1986, other programmers threw the scrambling
switch and sales of C-band
dishes plunged. In June of that
year, M/A-Com’s talks to sell
certain assets, including the
VideoCipher product line, to
long-time cable equipment
manufacturer General Instrument Corp. (GI) were reported.
That agreement was signed on
Aug. 5, 1986. Interestingly
enough, GI had quietly contacted several satellite TV hands
that summer to ask if the
89875p5-20r1.pm6
8
VideoCipher II system had been
compromised. GI was told that
hackers had been successful in
cracking the VC II in labs and
that a method to steal programming inexpensive enough
for consumers was right around
the corner. By some accounts,
the first modification of a VC II
took place in July 1986. Nevertheless, GI moved ahead with
its acquisition.
By November 1986, less
than a year after HBO
scrambled, GI engineers in San
Diego, then home to the
VideoCipher, had confirmed a
consumer-level method for
cloning the electronic identification (or unit address) of one
VideoCipher into limitless other
VideoCipher modules existed.
By gaining physical access to
the key chips in the VC II mod-
ule, hackers were able to essentially duplicate the unit address of a VC II module that had
been used to legitimately buy
programming subscriptions into
any number of other modules
which had not been yet used to
Hackers Debate EchoStar Methods
In some ways, the techniques and technologies used
to steal EchoStar are very similar to those applied to DirecTv’s
NDS system. In some ways,
they are very different. But
many hackers agree that
EchoStar is more complicated
and harder to hack than DirecTv,
though some hackers would
dispute that.
In 1995, EchoStar turned to
the Nagra system for its conditional access. That system was
developed by Kudelski Group,
based in Switzerland. The version of the system EchoStar
uses is owned by NagraStar, a
U.S. joint venture owned
equally by EchoStar and
Kudelski. NagraStar’s offices
are housed in EchoStar’s former
headquarters in Denver, which
still remains home to many of
EchoStar’s engineering and
technical operations.
Unlike DirecTv, which has
worked with almost a dozen
different hardware manufacturers over its eight years, almost
all of EchoStar’s receivers have
been produced by a component manufacturer formerly
known as SCI Systems and
now, as a result of merger, is
called Sanmina-SCI. The company is based in Huntsville,
Ala.
Because its has kept a
tighter rein on the manufacturing of receivers, and has
ownership in the company that
provides access cards, some
argue EchoStar has more control over its technology than
DirecTv has. Only two other
hardware manufacturers, JVC
and Philips, have made receivers for EchoStar. Philips is
now back in the DirecTv camp.
As such, piecing together a
snap shot of EchoStar as it
pertains to hardware and card
production is a bit more difficult. But not impossible.
EchoStar was slated to release
its second quarter results after
this publication was printed.
At the end of the first quarter,
it had about 7.16 million
homes subscribing. If EchoStar
nets a modest 200,000 additions in the second quarter,
that would give it a total of
about 7.4 million subscribers.
EchoStar’s take rate on
homes with more than one receiver has traditionally been
higher than DirecTv’s, especially in the past few years as
EchoStar has offered lease programs. Some put that figure at
40 percent, some as high as 60
percent. Thus, the best estimate then for the total number
ference between EchoStar’s
security system and receivers
and DirecTv’s: EchoStar can
download software into the unit
that changes the basic software
in the box as well as the card
itself. This is known as “flash
upgradable” technology.
Only the latest versions of
DirecTv’s receivers are flash
upgradable. Those units, believed to total 4 million to 5
The start-up screen of a widely used program to program EchoStar
conditional access cards.
of activated EchoStar cards in
the U.S. is 11 million to 12
million.
Because of its corporate
structure and relationships,
fewer EchoStar receivers have
been produced. Most put that
number at 18 million to 20
million with about another 1
million to 2 million cards on top
of that.
EchoStar has never swapped
out its access cards. But that
does not mean there has only
been one version of EchoStar’s
card on the market. Much as GI
did with the VideoCipher,
EchoStar has distributed newer
and different software on its
cards. Four versions of the
EchoStar Nagra card—known
as “Rom 2,” “Rom 3,” “Rom
10,” and “Rom 11” have been
released.
But there is one critical dif-
million, are identifiable because
they are also the receivers that
can accept a software download via satellite to activate the
Wink interactive service.
EchoStar’s ability to download software to its box, in
addition to an arsenal of ECMs
and hashing, has proved more
of a challenge to many hackers.
For example, at least one, if
not two, iterations of EchoStar
cards have been modified via
satellite so that, in the case of
the Rom 3, hackers now refer to
two versions of that card, the
“Rom 3, Revision A” and the
“Rom3, Revision B”.
As with DirecTv, there are
many programs and devices
used to modify EchoStar cards.
As noted, a handful of the
more expensive devices can
program DirecTv and EchoStar
cards. The cost of those, such as
8/15/02, 5:24 AM
the Omega II, is now down to
$150.
According to hackers, the
most popular and easy to use
program for EchoStar cards is
called NagraEdit. There have
been several upgrades to that
program.
There are many similarities
to programming cards,
though it clearly takes longer
to master NagraEdit than most
of the DirecTv programming
packages. It requires more
steps and many, though not
all, fixes for EchoStar require
the extraction of keys from
an EchoStar box by attaching
a device and dumping the
information into a software program. NagraEdit’s ability to
repair cards hit by ECMs,
which it calls “BugBusting,”
also appears not to be as effective as WinExplorer is at
unlooping.
Many of the same programming techniques, such
as cloning and 3Ms, are also
used for EchoStar cards,
though many use a different
set of names. They often produce similiar results, such as
with local channels, though
EchoStar is using less spotbeam transponders than
DirecTv. Another EchoStar
spot-beam satellite should be
launched soon.
But many prefer to use
external devices to steal
EchoStar. The two most common are emulators and devices known as AVRs.
An EchoStar emulator
works on the same basic principal as a DirecTv emulator:
attaching a small computer
board to a computer via the
serial port and then inserting
another board into the
EchoStar receiver’s card slot.
For those who do not wish to
devote a computer, there is
the AVR, a self-contained unit
that only has to be connected
to PC for file updates via the
Internet.
Ask 50 hackers which way
they prefer to steal EchoStar
and each will offer a different
view. It appears they agree
10
Piracy
buy programming. Any channel bought with the first module could be viewed without a
paid subscription on the cloned
units.
Those first cloning methods
were expensive and cumbersome. Months after denying
what it knew—that the VC II
had been hacked—GI acknowledged the problem and said it
was working on electronic and
physical methods, such as putting epoxy cement over the
critical chips in the module so
they could not be tampered
with, to thwart hackers. But by
then, a satellite hacker underground had developed.
Almost a year to the day
after HBO scrambled, U.S. Customs detained some 120
people returning from a hacker
summit in the British West
Indies. Many of the hackers at
that meeting were Canadian.
Since the Canadian government
barred most U.S. services from
being legally sold in Canada,
many Canadians turned to piracy, or in some cases using
fake U.S. addresses to buy programming (the so-called gray
market). The same held true in
Mexico and the Caribbean. To
this day, Canada, Mexico, and
the Caribbean (places such as
the Caymen Islands, the Bahamas, and the Turks and Caicos
Islands) remain hotbeds of satellite piracy.
Other first generation satellite encryption systems,
such as Scientific-Atlanta
Inc.’s B-MAC, used mostly in
commercial markets, and the
Oak-Orion system, used in
Canada, suffered similar fates
as the VideoCipher.
GI employed various methods to crack down on satellite
piracy. In March 1987, it spearheaded the first civil lawsuit
filed against alleged satellite
hackers. It developed different
versions of the VC II software
that were released in new modules as they were manufactured. In August 1987, it
launched the first widespread
ECM against modified modules. An ECM involves the
transmission in regular programming signals of specific
software, commands, and other
information intended to identify hacked decoders, deactivate them, and, in many cases,
render them useless to hackers
for future use.
In 1987, GI began an amnesty program under which
89875p5-20r1.pm6
10
consumers could turn in their
“chipped” modules, no questions asked. GI had fired two
employees at its Hickory, N.C.,
plant, where the modules were
being sent, after it was discovered they were selling the
modified modules.
The “cat and mouse” game
was in full swing. But the hackers had the upper hand. In
November 1987, it was first
reported that GI was developing a successor to the
VideoCipher II system, dubbed
the VC II Plus, in an effort to
stop piracy. At various points,
GI discussed how the VC II Plus
system would employ new anti-
piracy technology and software. They included a credit
card-sized “smart card” that
would contain many of the crucial encryption and conditional
access software in chips and be
inserted into the module. Later,
GI said it would use a cartridge
and not a card to house those
chips and software. Like many,
GI had come to believe that a
relatively inexpensive method
for changing out the decoders
software had to be devised
that would not entail a massive
and expensive change out of
modules.
This idea became known as
“renewable security” and was
based on the premise that hackers could compromise any system given enough time and
the only way to stay ahead of
them was to upgrade the core
security system used to protect programming quickly and
inexpensively.
The rollout of the VC II Plus
system was delayed several
times, mostly by technological
setbacks. There was also a realization that the VC II modules
in the field, some 1.9 million by
then, would have to be replaced. How that would be
done, and who would pay for
it, became topics of much
heated discussion.
GI finally manufactured the
first VC II Plus modules for consumers in January 1990. The
first VC II modules were selfcontained, because GI had
abandoned the idea of a card
or cartridge for renewal security. The company had decided
that such a card or cartridge
would provide hackers too easy
an access point to the software
and chips that made up the
heart of the security system.
But by then, the satellite
world was on the verge of
major changes. Six months
earlier, the first digital video
compression systems were
Internet Plays Key Role in Piracy
It is virtually impossible to
understate the Internet’s impact on satellite TV piracy in
the U.S.
It would be equally difficult
to estimate the number of
hacker web sites in operation
today. Entering the words “satellite” into any search engine
often returns more hacker web
sites than legitimate Internet
retailers. Some hacker web
sites seem to be sponsored
site listings on search engines.
Saying there are at least
500 hacker web sites is a guess.
There may be far, far more.
There are so many hacker web
sites that there are hacker web
sites that list and rate other
hacker web sites, often a hundred at a time.
Some of the sites have a
basic design, intended to sell
their wares and little else. Some
begin with multimedia audio
and video introductions that
could easily stack up to the
site of any major corporation.
Many of the better known
sites try to become one-stop
shops for their customers. They
not only sell a variety of hardware devices, such as card
programmers and emulators,
but also have file sections for
customers to download the
programs to modify cards,
operate emulators and the like,
and various unlooping and
utility programs. Perhaps taking a cue from Ebay, some
hacker sites have even begun
auction sections.
Many of the sites also have
news sections, some centered
on hacking information and
some on general industry
news. Not surprisingly, much
of the “news” stories on these
sites are stories that have appeared in trade publications
and on other legitimate sites,
often times barely rewritten to
conceal their source.
A number of hacker web
sites also have what is called an
“ECM watch” icon on their
home page to alert users to
any ECM that may be in
progress using a classification
system based on the
Pentagon’s famous five level
“def con” (meaning defense
condition) system. A handful
of hacker sites have even
popped up that try to present
real-time information on what
specific hacking scripts for
EchoStar and DirecTv are up
and running at the moment as
opposed to those that have
been discovered and ECMed.
A file to program onto a
DirecTv or EchoStar card can
take about two or three minutes to download since they
are zipped. The names of the
files also reflect the tone of the
hacker world. In hacker circles,
DirecTv is widely called
“DAVE.” There are many explanations as to why and what
the acronym may stand for.
EchoStar is often referred to as
“E*” and often as “Charlie,” in
reference to its chairman and
co-founder, Charlie Ergen.
Numerous file names contain profanity. Most do not,
such as “BYG HU3M 3.2.”
Some come close, like “Dave
Likes Sheep HU3M.” In both of
these, the HU stands for the
DirecTv P3 card, the 3M denotes a “Three Musketeer” file.
Many EchoStar files have similar type names, though they
often have a variation on “Sorry
Charlie” theme, including those
with profanity.
Almost all of the larger
hacker sites have forum sections that enable users to ask
questions of each other or the
web site operator, share information, and download “howto” step-by-step instructions on
using various programs and
hacking hardware. One of the
most popular stops on many of
these forums is the area for new
users, often called “newbies.”
The number of individuals visiting that part of many sites is a
very real indicator of how fast
piracy continues to spread.
To participate in the forums,
users must register and provide an e-mail address to receive confirmation. Nicknames
and alias are almost always used.
Many sites are completely
free. Some are not, however,
highlighting the rift that still
remains in the hacker underground about what should be
paid for and what should be
free. There are dozens of free
hacker web sites that each boast
20,000 to 30,000 members. A
handful claim more. And there
are some paid sites that say
they have paid membership
rosters that are almost hard to
comprehend. The owner of one
such well-known site has told
colleagues that his site recently
surpassed 150,000 paid members. At $70 per year.
For that money, users gain
access to private forums and
what are known as private hacking scripts. Private scripts,
which can cost $25 to $300,
based on how long the hacker
site “guarantees” it will work or
be revised, are often sold as
separate options on many sites.
Many consumers opt for free
scripts (called “freeware”) and
many hackers are content to
sell hardware to program cards
and the free scripts to program
them. Of course, many wonder
why if any consumer can down-
8/15/02, 5:24 AM
load a 3M script for free from
an easily located web site,
why DirecTv and EchoStar
cannot do the same.
Each script has unique identification embedded that is
tied to a card number or subscription that can be read
after the file is downloaded
(Note:Satellite Business News
is deliberately not providing
extensive information on this
subject). At that point, the
DBS services can alter their
data authorization stream to
turn off that script or card. But
many hackers say that some
publicly available scripts can
often run for a month or more
before DirecTv hits them. Once
that happens, after a day, a
week, or more, the hacker site
notes the script is “dead” and
lists new ones to be downloaded. Most DirecTv cards
have to be unlooped at the
beginning of each cycle.
Why it sometimes takes
DirecTv so long to turn off
freeware scripts, often far
longer than EchoStar, is the
subject of much debate in
hacker circles.
There are two other main
Internet-based communications vehicles for the hacker
underground. One is the various
and
well-known
“newsgroups” that seem to
have sections devoted to virtually every subject, group,
and topic in life. There are
about a dozen newsgroups
devoted to satellite TV in the
U.S., not all to hacking. One,
“rec.video.satellite.tvro,” is
for C-band system owners.
But there are several centered on hacking. The most
well known, the name of which
will not be printed, can have
11
AUGUST 14, 2002
Piracy
shown and GI finally acknowledged it was working on its
own digital compression system, called DigiCipher in December 1989. In England, the
Sky TV DBS service—the predecessor to today’s BSkyB—
launched in February 1989 and
included a smart card element in its units. That same
month, NBC, Rupert Murdoch’s
News Corp., Hughes, and
Cablevision Corp. announced
their ill-fated SkyCable venture. Like Sky and the short
lived BSB service in Britain
(which merged with Sky in
November 1990), Sky Cable
service planned to be the first
true U.S. DBS service and
would employ digital compression and high-power Kuband satellites to deliver hundreds to channels to cheap,
small dishes. And on Nov. 12,
1990, a group of cable companies launched the medium
power Primestar DBS service
using a Scientific-Atlanta B-MAC
analog receiver/decoder to deliver seven superstations and
three pay-per-view channels.
Yet C-band continued to
flourish. Along with piracy.
While C-band system sales
were strong, and large numbers of new decoders were
activated each month, hackers
were claiming their share of
the market. By Feb. 1991, the
number of people turning off
VideoCipher decoders was for
the first time larger than the
number activating modules for
programming. And almost all
the deactivations were the result of piracy. The number of
modified VideoCiphers topped
1 million and some say approached 1.5 million.
During those years, C-band’s
efforts to combat piracy and
the growing hostility toward
GI, became something of a
soap opera. There were task
forces, promotions, and other
attempts to stop hackers. But it
was not until January 1992 that
real progress was made, when
major programmers agreed to
help fund the swap out of all
legitimate VC II modules to a
new module called the VCRS.
Some 250,000 VC IIs were
eventually changed out with a
VC II Plus module that included
a smart card slot in the back.
Most major programmers
stopped authorizing any more
VC II decoder modules on
March 31, 1992, more than
five years after the VC II was
89875p5-20r1.pm6
11
first compromised. Though the
VC RS module has a card slot
similar to those on DBS receivers, GI never developed plans
to a distribute a card.
That period also saw the real
emergence of what is now
called the hacker underground.
Hackers quickly figured out
other more sophisticated
w a y s to compromise the
VideoCipher. They developed
the “Three Musketeer” software, also known as a “3M,”
that stole all other channels
after one inexpensive channel
was legally subscribed to
(hence the “one for all, all for
one”). Later, they released socalled “Wizard” breaks, which
repeatedly crunched their own
authorization. There multiple
variations and names for each
hack that appeared. When GI
8/15/02, 5:24 AM
tried to switch the codes it
used to activate programming
on a more regular basis, the
hackers began releasing new
codes that users could enter into
their modified VideoCiphers via
the remote control.
14
Piracy
Though the Internet was in
its infancy, personal computers
were becoming commonplace.
Many hackers set up their own
bulletin boards (known as a
BBS) where their customers
could log on to get updates
and hackers could share information. Hackers also figured
out a way to connect a small
modem (at 300 baud) to
VideoCipher circuit boards so
they would automatically dial
into hacker bulletin boards for
software updates. Some hackers used fax machines to disseminate information. Ways to
modify VideoCiphers to steal
C-band programming were
openly advertised in magazines and in hacker newsletters. Numerous “how to” videotapes were produced, albeit
not with Hollywood productions standards, to show people
how to remove the epoxy from
their VideoCiphers and modify
them to steal. As they are today, Canada, Mexico, and the
Caribbean were hotbeds of
hacking, because the laws in
those countries were ambiguous and there was no legal way
to subscribe to U.S. services.
But the U.S. had its share of
hackers, mostly in the South
and Midwest.
Every module had to be
physically modified. Thus, there
were widespread reports at the
time regarding allegations that
some satellite retailers and distributors were involved in piracy. GI even cut off and sued
its largest Canadian satellite
equipment distributor, TeeComm Electronics, over allegations one of its branches
was “chipping modules.” But
some also pointed the finger at
GI itself, claiming it leaked certain information to hackers to
stoke the sales of VideoCipher
modules. Unlike DirecTv and
EchoStar, GI solely derived its
satellite revenue from hardware
sales. GI labeled such charges
preposterous, though there is
some evidence to support
them. In 1989, the names of
two GI employees appeared
on an investigative report detailing a meeting of hackers
and how they obtained technical information on the
VideoCipher. One of the names
was a well-known GI executive. Several GI hands believed
those two individuals were not
operating on their own. Why
the FBI never acted on the
information remains unclear.
By the end of 1992, VC II
Plus/RS authorizations were up
sharply. A year later, the FBI
and other law enforcement
agencies lured hackers to a
meeting in New Orleans to
show a purported break of the
new VideoCipher system.
Though publicity about the
looming launch of highpower DBS increased, so, too,
did C-band sales. On March
22, 1994, Primestar began its
transition to digital signals, using a GI DigiCipher receiver.
And on June 17, 1994, DirecTv
and U.S. Satellite Broadcasting
Inc. (USSB) launched their services. EchoStar launched it service on March 4, 1996.
C-band sales continued to
be strong for a while, largely
because there were limited supplies of DBS systems. But all
that came to an end, and hackers began losing interest in trying to hack the VC II Plus/RS. GI
was also bought and sold several times, including to buyout
specialist Forstmann Little and
Co., and later to its current
owner Motorola Corp.
EchoStar
far more on how to hack DirecTv.
That may, in part, be attributed to
how EchoStar and DirecTv combat piracy. EchoStar relies almost entirely on
technical measures and control over its
boxes and cards. It is not believed that
EchoStar and Nagra have ever filed a
civil lawsuit against an alleged hacker.
That surprises many considering
EchoStar’s reputation for being a rather
litigious outfit.
In contrast, DirecTv and NDS, sometimes working together (though more
often not in recent history) have filed
dozens and dozens of civil lawsuits
89875p5-20r1.pm6
14
At the end of last month, DirecTv and USSB were taking
there were 685,795 remaining place in Canada, Mexico, and
VideoCipher decoders autho- the Caribbean, hackers in Eastrized. At its high
ern Europe and
point Video Ciwhat are now
pher authorizaformer Soviet
tions were about
states were also
2.4 million.
involved.
To date, no
Though opinion
compromise of
differs on this
the VC II Plus/
point, some
VCRS system has
hackers say the
ever been pubfirst real progress
licly demonto break the Sky
strated or conand DirecTv/
firmed.
USSB security
Ironically,
systems took
General Instruplace in those
ment was the runregions.
ner up in the
But security
sweepstakes to
cards were in
provide the conshort supply, esditional access
pecially in the
system to DirecTv
U.S. The initial
and USSB. But in
price for a
early
1992,
DirecTv/USSB
DirecTv chose Battery Card, the first
system
was
Thomson Con- known hack of DirecTv.
$699. (It was not
sumer Electronics
lowered until
Inc., the U.S. unit of the giant June 1996 when EchoStar
French conglomerate, as its lead dropped its system price to
hardware vendor. Among other $199.) And Thomson was sellthings, Thomson owned the ing every DirecTv it could build,
well-known RCA brand. For its taking only 10 months to ship
conditional access, DirecTv its 1 millionth unit. DirecTv
turned to what is now known as would authorize its 1 millionth
NDS, a company founded in unit in April 1995.
1987 by Israeli engineers and
By the summer of 1995, talk
cryptologists in which News about a possible break of the
Corp. later bought a control- DirecTv/USSB security system
ling interest. That same com- intensified, fueled in hacker
pany was also the principal circles by the appearance of
security vendor for the Sky DBS devices to steal the Sky DBS
service in England, which service. DirecTv, which made
Murdoch also controls.
all of its own security deciShortly after DirecTv and sions, denied the system has
USSB launched, many of the compromised and said it was
same hackers who had made not using the same technology
millions in VideoCipher piracy as its British counterpart. By
targeted the start-up DBS firms. the fall and early winter, the
By now, the Internet and glo- rumblings about a compromise
bal communications were com- were loud and persistent, and
ing into their own. So while some hackers began selling
much of the efforts to steal devices they said could steal
against alleged hackers in the U.S. and
Canada. DirecTv, as reported, is also in
the process of sending out threatening
letters to thousands of consumers whose
names appeared on customer lists of
hackers who have been raided by authorities or been exposed through civil
suits. EchoStar also works with law enforcement. But EchoStar and Nagra do
not appear to have as many people
interacting with authorities as DirecTv
and NDS do.
Many hackers also say that EchoStar
has been far, far more aggressive over
the years in transmitting ECMs and
other software updates to foil piracy
than DirecTv and NDS have. Some argue that EchoStar’s system has more
extensive ECM capabilities.
The theft of DirecTv’s service has
gotten immeasurably more publicity in
North America than has EchoStar piracy. Many hackers say they have not
focused as much on EchoStar because it
is less popular in the U.S. among their
customers. They say DirecTv is perceived to have “more to steal,” such as
sports and pay-per-view.
In contrast, some argue that EchoStar
is more popular among hackers and
their customers in Canada because of
the much larger roster of foreign programming it offers and the big immigrant population north of the border.
Moreover, since the Canadian
ExpressVu DBS service uses EchoStar
reception and Nagra security technology, many hackers say they can use the
8/15/02, 5:24 AM
DirecTv and USSB. DirecTv
continued to refute any and all
such claims.
But all that changed around
Thanksgiving, when U.S. Customs detained a main trying to
enter the U.S. from Canada in
Blaine, Washington. Among
other things, Customs confiscated DirecTv/USSB security
cards and about 100 other small
devices that looked like small
computer cards. The individual
detained was Troy Stewart,
whose father was a well-known
VideoCipher hacker who had
been convicted of piracy.
Customs had confirmed the
existence of the first products
to steal DirecTv and USSB, devices which were soon dubbed
“battery cards.”
Those devices were computer boards designed to fit
exactly into the card reader of
a DirecTv/USSB receiver like a
legitimate card. They had a
chip on the end, in the exact
same place a security card did.
At the end of the computer
boards was a small battery to
power the chip. Those battery
cards, much as with early
VideoCipher breaks, could be
used to clone the information
from a legitimately subscribed
card into an unlimited number
of battery cards. The battery
cards were expensive, selling
for as much as $800. And only
a few hackers had the knowledge to build and program
them.
DirecTv continued to deny
that it and USSB could be stolen. It did announce it had
reached the 1 million home
mark, some 16 months after
launching.
Though the battery cards
paved the way for many of the
hacking devices used today,
they were problematic for
same technology to steal both.
Many hackers say they have concentrated less on EchoStar than on
DirecTv for a variety of reasons, though
they have intensified their EchoStar
activities during those periods in which
DirecTv and NDS were aggressive on
the ECM front.
They also say that EchoStar’s pending purchase of DirecTv has caused
them to spend far more time in recent
months working on refining hacks for
EchoStar. There is widespread agreement among hackers that there has
been a spurt of activity on the EchoStar
piracy front since the planned DBS
merger was announced last fall, something that EchoStar and Nagra may not
be entirely aware of.n
16
Piracy
hackers. For several reasons,
they often needed to be
brought back in for re-programming. By then, hackers had
begun getting their hands on
more actual DirecTv/USSB security cards. Those cards were
dubbed “F cards,” because of
the printed letter that appeared
before the card’s number. They
were also known as “P1” cards,
for period or phase one.
Depending on which
hacker takes credit, the first
widespread re-programming
of F cards began in the winter
or spring of 1996. Again, however, few had the equipment
and software to program the
cards. Those who wish to buy
the hacking software and
hardware had to spend tens
of thousand of dollars. Some
hackers also began selling devices to steal the DBS services
that, like the first battery cards,
did not need a real security
card to work.
At the same time, the
Internet began to flourish. And
with it, various other methods,
such as chat rooms, for people
to communicate with computers also emerged. The foundation of what is today’s hacker
underground and infrastructure
was being built, and hackers
could not keep up with demand. In order to steal programming, consumers generally had to take or send the
DirecTv/USSB security card
that came with their system to
someone for reprogramming.
Hackers also set up mail order
businesses in Canada and the
Caribbean and enticed thousands of people to send in their
cards for reprogramming.
Prices ranged from $300 to
$500. For the first time, hackers
also has a small supply of access cards to sell.
In May 1996, with piracy in
full swing, DirecTv announced
it would swap out the P1/F
card. There were 1.6 million
authorized DirecTv/USSB receivers in use. A month later,
DirecTv for the first time publicly acknowledged piracy
when it filed a civil lawsuit
against 11 alleged hackers.
In June 1997, DirecTv and
NDS deactivated the data authorization stream that was being used to activate the first
generation of cards. A few
weeks later, DirecTv proudly
announced it had completed
the swap out of all P1/F cards.
There were 2.7 million receivers activated at that point. The
new cards were called “P2s” or
“H” cards.
But because it had taken
DirecTv more than a year to
complete the switch, hackers
had more than enough time to
work on a P2/H card modification. Some argue the P2/H card
hacks appeared immediately
after the P1/F card data stream
was turned off. Others say that
it was a month or two after that.
The evidence suggests that piracy never stopped between
the first two generations of cards.
In late 1998 and early
1999, the first hacks of
DirecTv
special events—can be viewed. Indeed, until last year when DirecTv
launched its first spot-beam satellite
for local channels, a 3M script allowed
the user to watch every local channel
DirecTv was uplinking from around the
nation. For the most part, 3Ms can now
only decode those broadcast channels
in the spot-beam aimed at a particular
area, as well as the national distant
stations from New York and Los Angeles DirecTv sells to dish owners in socalled white areas. Most newer DirecTv
receivers, including those that place
local channels on the same number as
their broadcast counterpart, can only
receive one set of local channels at a
time regardless of how cards are
hacked.
There are now versions of those
scripts available that also enable the
use of the recording function of the
Ultimate TV and TiVo digital VCRs with-
89875p5-20r1.pm6
16
EchoStar’s DBS service were
introduced. Theft of DirecTv
and USSB was sprouting like
fungus.
By March 1999, Satellite
Business News confirmed that
DirecTv and NDS were preparing to unveil a third access
card. The card, the “P3” or
“Hu” card, also had a new
graphic design. While DirecTv
declined public comment, it
also put out word that it intended to swap out all second
generation cards for the new
one. At that point, 6 million P2
cards were authorized in 4.7
million homes.
But DirecTv never completed that card swap. In March
2002, when the first of
DirecTv’s fourth generation
access cards began to be distributed, 2.5 million to 3 million P2 cards—which had been
introduced some six years earlier—were still authorized for
use.
Hackers successfully compromised the P3/Hu card in
late fall 2000. Hackers now had
a menu of products to offer.
They could modify P2 and P3
cards. They also began to sell a
variety of other devices to
steal DirecTv and EchoStar,
many of which did not involve
insertion of a modified genuine access card. Totally bootlegged cards, dubbed “plastic
cards,” were being sold by
hackers.
Theft of DirecTv with cards
was reaching immense proportion. At various points, DirecTv
and NDS transmitted ECMs and
software updates, the most well
out paying the monthly $10 recording
charge. A 3M script, for example, inserted into a digital VCR can record all
pay-per-view movies DirecTv is selling.
The best analogy to how programmers are employed to modify cards is
to compare the devices to floppy disk
drives and the cards to floppy disks. In
essence, programs such as ExtremeHu
have become so sophisticated and easy
to use that individuals can master the
programs much as they learn how to
navigate a new word processing,
spreadsheet, or other software program.
In some ways, the hacking programs
are even easier. And upgrades are free.
There have been several versions of
ExtremeHu released that can be downloaded. One of the recent versions
added audio effects to sound when
certain functions were completed.
Hackers also scored a major victory
last spring when a new file was released
that unlooped many cards that had
been ECMed and can continually unloop
cards even if DirecTv does manage to
known of which is called
“hashing,” to deactivate modified access cards. The most successful ECMs also destroy
enough of the chip in the access card so that it cannot be
again modified. In hacker
circles, this is known as “99ing”
the card, or more widely,
“looping” the card.
The Internet had afforded
hackers a ubiquitous method
to hawk their wares and communicate with customers. The
number of hacker web sites
seemed to double each month.
Still, however, few had the
hardware and software required
to modify cards. Most consumers sent their access cards to
hackers to be re-programmed
or found someone in their communities who had programming equipment. Hackers offered numerous deals. For
example, some hackers asked
consumers to send them two
access cards and in return they
sent one modified back for no
charge. Others sold modified
cards. For a brief period, one
hacker offered to program P3
cards sent to him for $20.
These offers also signaled a
change in the way many hackers conducted their business,
and set the stage for how they
steal DirecTv and EchoStar today. Many hackers also turned
on each other, charging that
some were selling programs
and modification services too
cheaply. Many hackers wanted
to keep the software and hardware to modify cards in the
hands of a select few. Not surprisingly, since they were en-
temporarily render them useless. The
first four letters of that file are U-L-F-S,
which stand for “unloop for sure.” The
unlooping procedure—(being described here in intentionally vague
terms) which repairs the most basic
information on a card’s chip and enables a file to be added in preparation
for re-hacking—can often be the most
time consuming part of the process for
end users. It can take 10 minutes, a
hour, or even longer for a card to be
unlooped depending on how badly it
was electronically damaged.
But once that operation is successful,
it can literally take a dish owner a few
minutes to log onto a hacker web site,
download a new script, write it to a
card, and resume the theft of programming.
The other principal way to steal
DirecTv is through an external device.
Again, there are far more types and
names of these devices than can be
listed. The generic name for them is an
“emulator,” because the small computer board that either is the device or
8/15/02, 5:24 AM
gaging in an illegal practice to
begin with, some of the hackers tried to make quick money
by “stealing” software from
other hackers and selling it.
Hackers also offered various
“guarantees” and “customer
service” plans to their customers. Since DirecTv and NDS
had stepped up their ECM campaign, some hackers said that
for a fee they would continually
re-program ECMed cards for a
year. Some hackers lived up to
their offers. Many did not.
In fall and winter of 2000,
hackers, their customers, and
DirecTv/NDS settled into a pattern. The hacking business was
surging beyond any hacker expectations. And there were
long periods during which
DirecTv only transmitted software updates and not fullblown ECMS.
The stage was set for Black
Sunday.
Hundreds of thousands of
DirecTv access cards, if not
more, had been turned off and
looped that Sunday in January.
Two days later, perhaps not
coincidentally, EchoStar
launched its most effective
ECM ever. Theft of EchoStar’s
system had been growing, too,
but was in aggregate terms not
as big as DirecTv piracy.
For the next few weeks, there
were few people in North
America stealing DirecTv and
EchoStar. Those who were had
invested in external devices,
mostly connecting to computers, that did not require the
insertion of a modified access
is attached to the device and in inserted into the DirecTv receiver’s card
slot to “emulate” or replace the card.
The first emulators were released
during DirecTv’s P2 card phase and
many continue to operate today. The
cost of emulators can vary, but has
come down as much as the price of
card programmers have and often can
be bought for no more than $100.
Some offshoots of emulators often
work in conjunction with cards. In
most cases, the emulators must be
connected to a computer to work, as
the PC becomes the processor feeding into the emulator with the use of
yet another downloadable program.
They can also be more complicated for
those only with the most basic computer skills to use.
Many hackers believe emulators are
more reliable, can be continually updated, and are more advanced technically. Most interested in stealing
DirecTv opt for card programmers.
The opposite, detailed in a story on
page 8, is true for EchoStar.n
18
Piracy
card into a DirecTv or EchoStar
receiver. A few weeks later,
hackers began selling devices
that were inserted into a DirecTv
unit with its card placed on the
device.
But in the broadest terms,
DirecTv and EchoStar had
turned back the clock. Their
battle with hackers was largely
starting from scratch.
The 19 months that have
passed since Black Sunday have
seen the hacking underground
virtually re-invent itself.
Average consumers can
now log onto hacker web sites
and for as little as $75 or $100
order a device to program their
own satellite access cards in
much the same way that hackers using devices that cost
them tens of thousand of dollars did just a few years ago.
In the wake of Black Sunday, many hackers decided
that it was no longer practical,
logistically or legally, to keep
up with ECMs and the growing
attention of law enforcement
and use of civil law suits by
having their customers send in
cards for programming or reprogramming. Moreover,
many of the cards looped during the ECMs could not be
modified again and could only
be used to steal DirecTv and
EchoStar in conjunction with
another device.
Card Supply
Satellite Business News’ estimates presented for the number of Americans stealing
DirecTv and EchoStar were
based on a variety of elements.
No doubt the companies involved will loudly protest the
projections as being too high,
while hackers will claim the
numbers are too low. And it is
always difficult ascribing a
specific quantity to a behavior
that because of its illegality
attempts to operate underground.
The key ingredients in determining these estimates are:
The number of people on the
Internet involved in the pursuit
of piracy; the number of devices, both cards and otherwise, hackers have sold to dish
owners; the number of DirecTv
and EchoStar subscribers who
deactivate service each month
(known as churn); and the number of DirecTv boxes and security cards available for nefarious
use.
One of the most important
89875p5-20r1.pm6
18
but least publicized aspects of
piracy in the U.S. is the almost
staggering volume of security
cards, more DirecTv than
EchoStar, that wind up in hackers’ hands.
When it comes to explaining why, the finger pointing
among the companies begins
in earnest.
But based on this investigation, there are four main avenues for cards to travel from
legitimacy to piracy: Outright
theft of cards by criminals, and
in some cases, individuals
working for the companies;
Loss of cards through the transportation and shipping process;
actual purchase of low-cost
receivers simply to acquire
cards; and churn, after which
individuals sell or hack their
cards.
A closer look at each follows.
●Theft of satellite security
cards has reached almost epidemic proportion in the U.S.,
even though
it has received very
little attention
(See Satellite
Business
News, F e b .
27, 2002, for
one of the
few, if not the
only, reports
in the legitimate press.)
Satellite TV
access cards
have become
o n e o f t h e An emulator used
most widely stolen contraband
in the U.S. in the last few years,
according to a number of
sources. Though they would
probably not admit it, virtually
every major satellite distributor
and large retailer has had an
office, warehouse, or similar
facility burglarized in an attempt to steal cards. Ironically,
at least some of the theft,
sources said, may been orchestrated by the surprising number of prison guards, sheriffs
deputies, and other law enforcement officers in at least
four states who have been
charged in conjunction with satellite piracy. In addition, there
appear to be several organized
rings of professional burglaries
who have traveled from state
to state breaking into places
where they could find satellite
access cards.
These thieves very often
show no interest in satellite
receivers, just the access cards
in them. They know exactly
where to cut a slit in cartons so
the access cards can be quickly
removed without opening the
cardboard box. According to
several sources, law enforcement authorities have apprehended or identified at least
two small groups of professional thieves who were driving from state to state to steal
cards. But there are far more
people trying to steal cards.
Satellite TV cards are extremely attractive targets for
thieves, several sources said,
because they can be sold for a
very high return, can be easily
transported in large numbers
without drawing much attention, and involve far less danger than, of course, drug trafficking does. As several
investigative sources noted, law
enforcement does not train
dogs to sniff out DirecTv and
EchoStar access cards.
●The transportation and shipping of cards and satellite receivers has also produced a
major rash of card theft. Where
for the EchoStar system.
this type of theft occurs is hotly
debated. Every company who
handles cards vehemently
maintains it has had few, if any,
security lapses.
What is clear is that a massive amount of cards has been
lost when satellite receivers and
complete systems are shipped
to satellite distributors and
large consumer electronics
chains, and from satellite distributors to independent satellite retailers. Several sources
said that entire truckloads of
satellite receivers, perhaps 500
to 700 at a time, have disappeared in recent years. In several instances, distributors have
opened the back of trucks expecting to find full loads of
satellite systems and found
none.
The trucking business, which
has always had its share of security concerns, is also a major
thoroughfare for card theft.
According to numerous
sources, most manufacturers
and distributors use what are
known as shipping
aggregators to reduce
their costs when they
are transporting loads
that fill up less than a
full truck. These
aggregators move
freight much like an airline uses a hub to move
people. Smaller shipments are sent to a central location and then
combined with other
shipments destined for
the same area.
One of the chief focal points for shipping
aggregators is Chicago.
That is why, several
sources said, thousands, if not more, sat- A widely used emulator for DirecTv.
ellite TV access cards have en- as any trucking company.
Even when the correct numtered the Chicago area never
to reach their intended desti- ber of satellite systems and renation and customer. Interest- ceivers wind up at, for exingly enough, several of the ample, a satellite distributor, it
biggest hacker web sites ship does not mean there will be an
their products from the Chi- access card in each box. Numerous sources said thieves can
cago area.
Several sources open a carton, remove the sea l s o d e s c r i b e d curity card, and then so exFederal Express, pertly reseal the carton that it is
and its main hub difficult to tell the box has been
in
M e m p h i s , opened without close inspecTenn., in similar tion. In other cases, distribut e r m s . O t h e r s tors and large retailers have
strongly defended received pallets of satellite sysFedex and said it tems and receivers to find that
had some of the only those units on the outside
best physical se- of the pallets have not been
curity of any ship- opened and had their security
cards removed. In other words,
ping company.
Likewise, it is every box on the inside that is
difficult to gauge obscured had its access card
how much of a role stolen.
●Almost every company acUnited Parcel Service (UPS) shipments play in tive in the satellite TV business
satellite cards being stolen. has had its own security probMany distributors use UPS to lems. Just a few weeks ago, a
ship smaller numbers of satel- security manager for Thomson
lite reception systems to inde- Consumer Electronics in Texas
pendent satellite dealers. Sev- and Mexico was arrested by
eral industry hands described the FBI in conjunction with the
the same scenario: In order to theft of 52,000 DirecTv P3 cards
save the dealer money, they (See “DBS Notebook,” p. 1).
About three or four years
put a number of satellite receiver cartons into one larger ago, a Thomson employee in
Indianapolis was arrested for
carton.
When UPS drivers deliver selling security cards. At the
the carton, they require the time, Thomson was providing
recipient to sign for the ship- logistical services for DirecTv.
HNS’ manufacturing plant in
ment before it is opened. But is
it not until after the driver is Shady Grove, Md., where the
long gone that the retailer ex- company often produces initial
amines the packing slip, opens runs of its receivers, had a sethe larger carton, and realizes curity problem and was forced
that he or she has a signed for to restructure how it processed
a shipment that does not con- cards. An HNS security mantain the same number of satel- ager, sources said, actually relite receivers listed on the pack- signed in a dispute over how
to secure cards. A similar probing slip.
Opinion varied on how lem happened to Philips, when
widespread this problem is, and it manufactured receivers for
whether UPS employees are EchoStar in 1999 and 2000,
directly involved. Some argued with some sources saying they
UPS is as much a victim of theft
8/15/02, 5:24 AM
20
Piracy
believed that may have been
one the largest supplies of
EchoStar cards to wind up in
hacker hands.
EchoStar also lost major quantities of cards through Sears
retail outlets. A large number
of EchoStar access cards were
stolen right out of display units
at Sears, though some apparently from stock as well.
Then there is Mexico.
Many consumer electronics
companies, including HNS,
Thomson, and Sanimina-SCI,
have manufacturing plants in
Mexico. The companies often
try to locate the plants as close
to the U.S. border as possible,
and thus such places as Juarez,
Mexico, right over the border
from El Paso, Texas, are home
to several plants—including
Thomson and Sanmina-SCI facilities. HNS has plants in
Tiajuana and Chihuahua,
Mexico. GI made VideoCiphers
at a plant in Juarez.
Several hackers claim that
they have made repeated trips
over the years to Mexico and
bought volumes of both
EchoStar and DirecTv security
cards. The hackers refused to
identity which plants were involved or how many cards they
bought. Several also said they
had visited the region in the
VideoCipher days as well.
Several
investigative
sources confirmed that security
of many high-tech products
made in Mexico for U.S. companies has been a problem, as
evidenced by the recent arrest. But the hackers’ specific
claims could not be independently verified.
●In many cases, hackers do
not have to venture to Mexico
to illegally purchase satellite
access cards.
They have been legally able
to cheaply purchase them in
bulk by walking right into the
front door of some the best
known retailers in America.
Strictly in terms of security,
DirecTv’s campaign to maintain distribution exclusively at
major consumer electronics
stores has actually helped
EchoStar.
For years, hackers could walk
into numerous retail chains—
such as Best Buy, Circuit City,
Radio Shack, and Wal-Mart—
and buy all the inexpensive
DirecTv systems they wanted.
In reality, even if they removed
the access cards and threw the
antenna and receiver in a
dumpster, hackers could sell
the cards and still make a tidy
profit.
In June 2000, DirecTv implemented new procedures that
required even those buying
systems with cash at the chains
to put down a credit card. If the
system was not authorized for
service within nine days, the
credit card was charged $200.
DirecTv had years earlier established a program, tied to
commissions and charge backs,
for independent satellite dealers that made if very costly for
a dealer, and the distributor
who provided the unit, to sell a
system that was not authorized.
Even after DirecTv’s new
security measures went into
effect, there were many local
chain outlets lax on adhearing
to the rules. Even today, field
reports indicate there are some
Best Buy and Circuit City stores
that occasionally sell DirecTv
systems for cash, no questions
asked.
Wal-Mart continued to sell
DirecTv systems for cash. Often for as little as $49. Inasmuch, hackers say, for about
two years, ending last fall, WalMart, became one of the largest suppliers of DirecTv security cards ever. Many Canadian
hackers or their associates drove
Internet
more than 350,000 messages posted
spanning a few months—and growing
daily. Each message can contain only
specific message (known as a “thread”)
or many.
Another less widely known method
of communication is the “Internet Relay Chat,” or simply the “IRC.” To use
the IRC, consumers must download a
small “client” program, have any type
of Internet connection, and know which
“chat room” to enter. Registration is
not required, and nicknames and
89875p5-20r1.pm6
20
from Wal-Mart to Wal-Mart buying up entire stocks of DirecTv
systems and paying cash.
Though they were required
to provide a name to complete
the sale many used false ones
and fake driver’s licenses. They
immediately removed the cards
from the systems. Sometimes
they shipped the units back to
Canada using such places as
“Mail Boxes Etc.” But there are
also numerous first-hand reports of garbage bins full of
DirecTv systems behind or near
Wal-Marts.
A year ago, DirecTv publicly proclaimed it was going
to remove the security cards
from systems shipped to major
chains, including Wal-Mart,
and began sending the cards
directly to consumers once a
credit card was verified and a
subscription ordered. However, DirecTv scrapped the program, or by some accounts,
never really implemented it, at
Best Buy and Circuit City.
This past May, Wal-Mart decided to stop maintaining inventory of DirecTv systems,
instead offering certificates that
could be redeemed for a system sent by DirecTv. Blockbuster, which recently said it
was no longer pushing DirecTv,
also operates under the certificate program. Best Buy may
follow on some basis.
Just this month, Wal-Mart
stores started stocking Thomson
built RCA brand EchoStar systems with cards. But EchoStar
is going to charge no less than
$149 for a single receiver system and then rebate most or all
of that back via programming
credits over a year. Many will
be closely monitoring
EchoStar’s Wal-Mart experience.
●Churn is another major
source of cards and DBS equipment for hackers and their customers. Churn has been among
the biggest problems both ser-
aliases abound. Many of the bigger
hacker web sites also sponsor their own
IRC “channels.” There are also hundreds of IRC channels devoted to endless subjects and topics.
Perhaps the best way to describe an
IRC chat channel is to compare it to AOL
or Yahoo instant messaging. Only in the
case of the IRC, an unlimited number of
people can instantly communicate with
other users simultaneously while everyone else sees each and every message being sent back and forth. Many
hackers and their customers like the IRC
because messages are not archived or
wind up on any server.
It is not unusual to log onto a IRC
vices have faced. For example,
in its most recently reported
quarter, DirecTv reported gross
activations of 654,000 but net
sales of 202,000. That means
some 452,000 DirecTv homes
deactivated service. EchoStar
has reported similar results over
the years.
Churn is always a factor in
any subscription service, including cable. But cable customers who turn off service cannot sell their equipment to
hackers.
It would be impossible to
estimate the number of classified ads, in newspapers, in local weeklies, in supermarket
shoppers, employed by individual trying to sell DirecTv
and EchoStar systems.
But the Internet auction site
eBay, a national marketplace,
illustrates the situation.
When the names of the DBS
services were entered into the
site’s search engine, it returned
“998 items found for DirecTv”
and “957 items found for DISH
Network.”
Though not all of the items
were satellite receivers, and it
appeared that at least some of
the products were being sold
by retailers and not individual
consumers, the vast majority
items being put up for auction
appeared to be satellite receivers and systems that individuals were trying to unload.
Indeed, the way the items
were listed for auction also
served to underscore how satellite piracy has become so
commonplace in the U.S. Little
pretense was offered on why
the systems were being sold.
In the DirecTv section, the
type of security card was almost always the first part of the
description of the item, followed by the receiver model.
Examples included, “VIRGIN
HU CARD/Hughes E1 New
DirecTv Receiver” and “Virgin
DirecTv DSS P4 Access Card/
pirate channel and find 25 people chatting. And there can often be 50 or
more. So many people are “chatting”
with each other at one time that it can
be difficult to follow any one ongoing
exchange.
The IRC is where many newcomers
to hacking head for help. The channels
allow hackers to provide “real-time”
help to “newbies” and very often a
number of experienced programmers
will collectively chat with an individual
to help him or her solve their piracy
problem. Users can also instantly send
files to each other, such as when experienced hackers send instructions or
hacking utility files to others. IRC chat
8/15/02, 5:24 AM
Receiver.” Separate DirecTv
access cards, including the P4,
were also being auctioned.
In the EchoStar section, the
type of security card often was
not listed. The focus was far
more often on the receiver. It
appeared the only reason that
the card type was listed was to
entice those who wanted to
steal EchoStar. Examples of this
included: “Dish Network 3700,
288-02 card and Box Keys”
and “DISH NETWORK 4000
RECEIVER W/OPEN ROM 3
CARD.”
Other Issues
There are a number of other
issues to be briefly explored to
round out the discussion of satellite TV piracy. They are:
●Every major player in the
satellite TV business that impacts piracy was asked to comment for this story. EchoStar,
NagraStar, Thomson, and HNS
declined comment. In the three
weeks before this story went to
press, Satellite Business News
repeatedly asked DirecTv for
comments and to interview
Larry Rissler, vice president in
charge of its signal integrity
office, and Dave Baylor,
DirecTv’s executive vice president of technology and operations. No such interview
or comment was forthcoming.
The only company to publicly comment was NDS Americas, DirecTv’s security vendor.
As reported, the relationship
between NDS and DirecTv has
soured, and DirecTv sued NDS
in December over their contractual relationship and other
issues. The lawsuit was quickly
settled, but DirecTv has publicly stated it is going to sever
its ties to NDS.
NDS America’s Vice President and General Manager Dov
Rubin disputed any suggestion that no less than 1 million
are stealing DirecTv. “It’s not
rooms also have their own rules, etiquette, jargon, and acronyms.
Indeed, the amount of time some
dish owners spend communicating
with each other on how to steal DirecTv
and EchoStar raises one fundamental
question: How much time do they
have to actually watch the TV they are
stealing.
The web site forums and IRC channels also provide the best evidence of
how piracy has developed into its
own sub-culture, sometimes appearing to be a social activity as much as a
hacking endeavor. Many exchanges
have nothing to do with satellite or
piracy.n
21
AUGUST 14, 2002
Piracy
as high as people would believe,” he said. He declined to
offer an alternative figure.
Rubin argued the relationship between DirecTv and NDS
is not having a negative impact on security. He repeatedly said that decisions regarding security were “totally their
call,” in reference to DirecTv.
Yet he also argued that NDS
would be taking a different approach to fighting piracy than
DirecTv is. Security, he said,
“needs to be a multi-prong
approach” using operational,
legal, ECM, and technological
means in addition to regular
card swaps.
“I don’t think they are doing
all of those aspects,” Rubin said
of DirecTv. “I think they could
do more.” Asked how NDS
would act differently, Rubin
pointed to the fact that there
are millions of P2 cards that
have never been changed.
DirecTv’s security program is
“certainly different than the way
we would have done it,” he
said.
Rubin also bristled at the
suggestion, often voiced in private by DirecTv executives,
that NDS’ security system was
so inferior and inadequate that
it does not make sense to waste
money on card swaps. In the
past, many DirecTv executives
have, for example, also said
they did not transmit more
ECMs because NDS engineered ECMs were imprecise
and sometimes deactivated legitimate cards. Given DirecTv’s
customer service problems, it
said it did not want go generate any additional calls to its
telemarketing backrooms as a
result of wayward ECMs.
Rubin claimed that NDS access cards are being used by
satellite services in more than a
dozen countries and that with
the exception of some older
cards now being changed out
in Brazil, DirecTv’s card is the
only compromised NDS card
in use globally. There have
been 13 versions of BSkyB cards
over the years, including its
migration from analog to digital signals. According to Rubin,
the current BSkyB card is “absolutely secure.” At various
points, BSkyB’s piracy problem easily rivaled DirecTv’s and
some hackers claim a hack of
the current P1 digital card is
imminent.
Rubin also maintained that
NDS has “absolutely never” lost
a security card in transit and
“zero information” has ever
found its way into hacker hands
from inside NDS. Indeed, he
argued NDS has become a
“very convenient whipping
boy for other problems” at
DirecTv.
Rubin confirmed that DirecTv
has a license to continue to use
the NDS system once the existing contract between the two
companies expires next August. NDS has no idea what will
happen at that point, he said,
because of EchoStar’s pending
acquisition of Hughes Electronics Corp. and DirecTv.
●The proposed merger of
the nation’s DBS services has
been a hot topic in the hacker
underground for months. Hack-
Merger
the lawmakers wrote.
In a response, EchoStar contended
there were “many factual errors” in
the letter and said the merger “can
provide more Hispanic programming.”
Independent satellite TV dealers
also spoke up against the merger.
DBSinstall.com, a Washington statebased association representing DBS
installers, along with more than 20
independent satellite TV dealers, registered opposition to the merger with
the FCC late last month.
Congressional supporters of the
merger, who are far fewer in number,
also continued to argue their case.
Rep. Rick Boucher (D-Va.), along with
Reps. William Clay (D-Mo.), Dave
Hobson (R-Ohio), and Bennie Thompson (D-Miss.) signed their names to a
89875p001_4_21_24r1.pm6
21
ers make no bones about it:
They never want to see the
DirecTv NDS system vanish.
But many hackers believe the
NDS system will be scrapped
one day, even though it may
take as long as five years because, they argue, DirecTv
would have to a change out all
security cards and some 10
million older DirecTv receivers. Given that, many hope if
the merger takes place,
EchoStar would continue to use
the Nagra system it now does.
While many hackers concede
the EchoStar security system is
more complicated for them to
compromise, they have been
devoting more time and resources to it since the merger
was announced.
The worst-case scenario for
hackers is that DirecTv and
EchoStar remain apart and both
upgrade to new security systems. That would require the
expenditure of money to hack
two new systems and that
double investment would have
to be recouped over two customer bases—something they
do not like because progress
on two systems can proceed at
different rates. In that sense,
many hackers say that if they
are going to have to start from
scratch at some juncture, they
support the merger for three
reasons: the aforementioned
cost to hack one new system
versus two; the mammoth customer base a combined DBS
service would present to hackers to hawk their wares; and
the fact they do not believe
any U.S. DBS service with 15
million or more homes, and
even more cards, could com-
letter sent to Attorney General John
Ashcroft and FCC Chairman Michael
Powell July 25 urging that the agencies
approve the combination of the nation’s
two main DBS services.
“We believe that this merger will
improve Americans’ lives,” they
wrote. “The merger will enable the
combined entity to provide greater
programming options, more local
channels, and high-speed Internet
access at a competitive price to even
the remotest area of the United States.
Those benefits to rural America are
too great to ignore.”
An EchoStar call center is one of the
largest employers in Boucher’s congressional district.
As the political posturing continued,
one representative kept shifting his
views. Rep. Sam Graves (R-Mo.)
switched his position on the merger
again. Graves initially voiced concerns
about the merger, but in June changed
his position, and said he supported the
plete a total change out of it
cards before hackers were able
to crack the newer card.
●As for the newest DirecTv
card, the P4, many hackers say
its compromise is complete and
should become available for sale
next month. Satellite Business
News is unable to verify that
claim. In addition, as reported,
many question how a P4 can be
confirmed as long as the P2
and P3 data authorization
streams are deactivated. Methods to electronically or physically “revert” new cards to older
software versions have often
been used to claim a hack of
the newer card.
When the P2 data stream, in
use for some six years, will be
turned off, remains unclear.
There has been some indication DirecTv hoped to this
month, but that has been
pushed back until next month.
Hackers do seem to be getting their hands on ample supplies of P4 cards, even though
DirecTv began its conversion in
March. By late May, hackers
said they were offered the first
small batches of P4 cards for
about $200 each. That price
has dropped sharply as the
supply increased, with some
hackers now saying the cost to
buy them is down to around
$100 for larger lots and a bit
higher for smaller numbers. The
going rate on the Internet for a
unmodified P4 card varies, but
is generally around $150 to
$200. P3 cards go for $75 to
$100. P2s and EchoStar cards
run about $100 to $200.
Hackers refuse to say where
they are obtaining P4s, though
they point to past sources of P2
merger.
Now, Graves has again switched back
to opposing the merger, according to a
letter he sent to the FCC late last month.
The FCC is wrapping up its review of
the merger, Media Bureau Chief Ken
Ferree said. Ferree hopes to be able to
send a recommendation about the
merger to the commissioners in four to
six weeks, according to FCC spokeswoman Maureen Peratino’s account of
remarks Ferree made at a cable conference Aug. 1.
Even after Ferree submits the Media
Bureau’s recommendation, it is expected the FCC commissioners could
take several weeks to issue their final
decision.
Though letters of opposition from
various lawmakers continue to come in
opposing it, EchoStar continues to be
optimistic that the government will
approve its proposed purchase of
Hughes and DirecTv.
“Things are moving ahead...Every-
8/15/02, 5:22 AM
The Omega II, one of the few
devices that can program
DirecTv and EchoStar cards.
and P3 cards. DirecTv is sending cards to consumers from
two main points: a mail house
in San Diego which primarily
using Federal Express to ship
cards, and a company called
Metaca Corp.
Metaca provides, among
other things, smart management
services to various industries.
thing is green as far as we’re concerned,” EchoStar Executive Vice
President Jim DeFranco said during a
recent uplink with retailers. “We are
moving forward as a very good pace.
I won’t go into the details, but we’re
more optimistic than we’ve ever been
that this will go through.”
DeFranco also again made a pitch
for retailers to send letters to Congress
and the FCC urging approval of the
merger.
Meanwhile, the National Rural
Telecommunications Cooperative
(NRTC) continued its lobbying effort
against the planned merger. “For 25
million rural American households,
the merger would replace a thriving, competitive [multichannel
video] marketplace with a monopoly
that would eliminate choice, reduce
service quality and chill innovation,”
the NRTC told FCC Commissioner
Kathleen Abernathy (R) in a meeting
last month.n
23
AUGUST 14, 2002
month in responses to the FCC’s annual request for comments for its assessment of the status of cable competition.
In separate filings, DirecTv and
EchoStar contended their proposed
merger would increase the ability of
DBS to compete with cable.
DirecTv also asked the FCC to “proceed with care” in processing nongeostationary satellite orbit fixed satellite service applications to ensure
they do not cause interference with
DBS services.
The DBS company also asked the
FCC to expand rules on installing satellites in apartment buildings to include areas in which renters and owners do not have exclusive use of areas
suitable for antenna installation.
EchoStar reiterated its opposition
to the terrestrial loophole in the program access rules and asked the FCC to
close the loophole through regulation,
or ask Congress to close the loophole
through legislation.
“The refusal by certain cable operators to sell their terrestrially delivered
Piracy
But what truly stunned hackers
is where Metaca is located,
and thus where DirecTv is shipping large quantities of P4 cards
to: Ontario, Canada.
Hackers were equally surprised and exalted as word
that big shipments of P4 cards
were heading into Canada.
Many did say that even they
had a hard time understanding
why DirecTv, even under the
best intentioned security,
would risk sending large volumes of P4 cards to the worldwide capital of DirecTv hacking.
Some hackers cracked that
they had not been so amazed
or happy about a DirecTv move
since they learned, just a
couple of months ago, that the
DBS company is not requiring
consumers to return P2 and P3
cards as a part of the P4 change
out.
Metaca is sending cards to
consumers via regular U.S. mail
using return addresses in
Canada and Buffalo, New York.
But reports are increasing that
significant amounts of P4 cards
are being damaged in the mail
89875p001_4_21_24r1.pm6
23
programming to DBS operators is a
textbook example of a firm using its
market power to diminish competition,”
EchoStar said. “The terrestrial delivery of programming is bound to increase, while at the same time, local
and regional programming such as
home team sports and local events
becomes ever more valued by consumers.”
The SBCA also asked the FCC to close
the loophole and said cable still has
more than 75 percent of the market
which gives it a “powerful advantage”
over any “potential competition.”
The National Cable and Telecommunications Association (NCTA) bemoaned
the competition its members received
from DBS, a “strong nationwide competitor whose market share continues
to grow,” adding, “DBS has proven to
be an enduring and inventive competitor to cable.”
Meanwhile, the state of Hawaii said
the most significant development for its
consumers in the past year was the June
order by the FCC reinforcing DBS services rules to the state. Hawaii also said
it was an “encouraging development”
that EchoStar offers local channels in
Honolulu.
Hawaii was not as happy with
DirecTv’s service.
“The state has yet to receive any
indication that DirecTv is taking steps to
come into compliance with the
commission’s geographic service
because they are being sent
with no special packaging and
in a large paper envelope.
Automated post office processing machines may be damaging some cards. There also
seems to be several grades of
plastic being used to make P4
cards, some of that are considerably thinner than the earlier
cards. That is contributing to
the damage, by some accounts.
DirecTv has said the failure
rate of P4s is very small.
●Hackers also offered their
views on whether the Canadian Supreme Court ruling in
April barring the use of U.S.
DBS systems in Canada was
going to put them out of business. That ruling is now being
appealed. Many hackers admitted that those who were
openly advertising hacked U.S.
DBS cards in Canada, and some
with retail locations that were
doing so, are taking a more low
key approach. But many hackers said they expected the ruling and had been preparing for
some time to move their web
sites out of Canada.
Many have shifted their businesses to the Caribbean, to
places like the Caymen Islands,
the Bahamas, and the Turks
and Caicos, to name a few. But
rules...and will contact DBS licensees
about their efforts towards compliance. If the state’s inquiries identify a
potential lack of compliance, the state
will bring the situation to the attention
of the commission.”
Hawaii reiterated its objection to
SES’ planned U.S. DBS service because SES has not committed to offering service to it or to Alaska.
HSatellite TV has failed to keep
cable prices or quality in check, Consumers Union contended in a report
issued July 24.
“Cross-technology competition
from satellite is weak,” Consumers
Union said in the report. “Unfortunately, because of its cost and characteristics, satellite has fallen far short of
providing widespread, vigorous competition.”
Consumers Union argued that the
government should take more action
to promote competition to cable.
Among other things, Congress and
the FCC should grant Northpoint a
free, national exclusive license to use
the DBS spectrum to offer a terrestrially delivered multichannel video service.
Congress should also close the terrestrial loophole that allows cable operators who own programming to bypass the program access rules by
delivering their channels terrestrially,
rather than by satellite, Consumers
Union said.n
some say those islands have
received too much publicity as
hacker havens and point to the
FBI’s recent move to seize
funds from banks accounts in
the islands of an alleged hacker
as proof of that. Many hackers
say they plan on moving their
web site servers to Eastern Europe and Hong Kong, where
they believe they will be much
tougher to track down. Some
also think that the enormous
financial infrastructure of a place
like Hong Kong is an ideal location for hackers to base their
finances.
●Finally, a note on cable TV
piracy in the U.S. DBS Services
have often argued that their
security problem is relatively
small in terms of dollars lost as
compared to cable theft. That
may be accurate. The cable
industry estimates it loses $6
billion per year to piracy,
though a number of cable industry sources said that figure
is inflated for political purposes.
Cable conspiracy has slowed
somewhat, as satellite theft
grows.
In the 1980s and early
1990s, cable piracy was booming. That pirate underground
was in many way similar to
today’s satellite underground
VideoCipher Module
Deauthorizations Fall Slightly
The number of C-band dish owners deauthorizing VideoCipher modules dropped by more than 1,000 last
month, after rising slightly in June.
According to Motorola’s Access Control Center, 15,081 C-band dish owners turned off their modules, offset a
bit by the 105 who authorized them.
After accounting for the net loss of
14,976 deauthorizations, the total
number of authorized modules now
stands at 685,795. The number of
authorized modules has not gone
below 700,000 since the early 1990s.
At its high point in the middle 1990s,
there were more than 2.4 million
authorized VideoCipher modules.
Since February, the monthly net total
of deauthorizations has stayed within
the 15,000 to 18,600 range.n
2002 Net VideoCipher
Deauthorizations
January .......................... 56,433
February ........................ 17,376
March ............................. 16,931
April.................................18,699
May..................................15,990
June................................16,266
July..................................14,976
Total Net Deauthorizations
156,671
Remaining Authorized Modules
658,795
but smaller and somewhat less
sophisticated. Interesting
enough, one of the main sources
for cable pirates to buy converters to be modified was what
was then called the Jerrold Division of none other than General Instrument.
There are key differences
between cable and satellite piracy. For one thing, a very small
number of people “climb the
pole” to connect a cable to
their home to steal it. It is also
very detectable, except in
multiple dwelling units, where
residents sometimes “share” a
cable feed.
Almost all cable theft involves a legitimate subscription to a small basic package
and then the use of a bootleg
cable converter to steal pay
channels, pay-per-view, sports
packages, and big events. In
that regard, cable piracy is
vastly different than satellite
theft, though, as noted, some
consumers do steal satellite the
same way.
In addition, because cable is
a series of local operations,
cable pirates have to maintain
a database of which cable boxes
work for each local system. And
as more cable systems switch
to digital signals, they can more
8/15/02, 5:22 AM
readily, because of cable’s twoway nature, use technical
means to identity cable pirates.
As much as cable as done to
combat piracy, it, too, may face
a new threat. The far reaching
1996 Telecommunications Act
required cable to make its set
top boxes available for sale at
retail, a move cable loudly
opposed. Some members of
Congress, angered over high
cable rates, believed forcing
cable to sell set top boxes at
retail would lead to more competition and lower prices.
But that would also involved
cable separating the security
function of its set top boxes in
much the same way satellite
receivers now work. The FCC
proceeding on the issue continues and there was some indication cable operators would
have to begin implement the
new regime this year. But perhaps because of satellite piracy, some now sense there is
no rush to force cable boxes
into Circuit City and Best Buy.
If that does happen, however, digital cable boxes may
soon resemble satellite receivers even more than they now
do.
For they would likely employ an access card.n

satellite business news

Transcription

Similar documents

directv® hd receiver

Layout 1 (Page 1)

follow your favorite team no matter where you live. only

DIRECTV C61K Genie - Solid Signal Blog

NEW DIRECTV® SUBSCRIBERS

channel lineup networks

DIRECTV HR54 Genie - Solid Signal Blog

Installation Guide DIRECTV Approved Indoor/ Outdoor

UNIVERSAL REMOTE