[iwar] [fc:Sabotage.in.a.Few.Clicks]

From: Fred Cohen (fc@all.net)
Date: 2002-08-29 23:25:22


Return-Path: <sentto-279987-5280-1030688681-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 29 Aug 2002 23:26:08 -0700 (PDT)
Received: (qmail 3860 invoked by uid 510); 30 Aug 2002 06:22:48 -0000
Received: from n17.grp.scd.yahoo.com (66.218.66.72) by all.net with SMTP; 30 Aug 2002 06:22:48 -0000
X-eGroups-Return: sentto-279987-5280-1030688681-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.67.198] by n17.grp.scd.yahoo.com with NNFMP; 30 Aug 2002 06:24:41 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_1_0_1); 30 Aug 2002 06:24:40 -0000
Received: (qmail 66808 invoked from network); 30 Aug 2002 06:24:40 -0000
Received: from unknown (66.218.66.217) by m5.grp.scd.yahoo.com with QMQP; 30 Aug 2002 06:24:40 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta2.grp.scd.yahoo.com with SMTP; 30 Aug 2002 06:24:39 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g7U6PMC26508 for iwar@onelist.com; Thu, 29 Aug 2002 23:25:22 -0700
Message-Id: <200208300625.g7U6PMC26508@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 29 Aug 2002 23:25:22 -0700 (PDT)
Subject: [iwar] [fc:Sabotage.in.a.Few.Clicks]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Sabotage in a Few Clicks
Date:  Thursday, 29 August 2002
<a href="http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8852">http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8852>

Source:  Los Angeles Times

Story:  In what may be a case of corporate computer hacking, Canal Plus
alleges a rival firm broke its secret code, then gave it to
counterfeiters.

In the popular imagination, a computer hacker is on the fringes of
society--either a brilliant but misguided teenager or a solitary,
disaffected adult. He's more interested in showing off his skills than
benefiting from them. He values havoc over money.

Canal Plus Technologies, a leading maker of the smart cards that control
satellite television signals in people's homes, went searching three
years ago for just such a troublemaker.

Millions of Europeans were buying counterfeit Canal Plus smart cards on
the black market and inserting them in their set-top boxes, instantly
getting free access to premium channels that carry soccer games and
adult movies. In Italy, there were as many as three freeloaders for
every legitimate customer. Canal Plus, a division of French
entertainment conglomerate Vivendi Universal, learned that the code
controlling the cards had been posted on a Canadian Web site
specializing in the secrets of digital technology. Using the code as a
blueprint, it was relatively simple for counterfeiters to make cards.

But who had actually cracked the code that Canal Plus had spent $35
million developing in total secrecy? The firm's investigation ultimately
led not to some maladjusted youth or embittered ex-employee but to an
entire company.

Not just any company, either. Behind the hack, Canal Plus says, it was
shocked to find NDS Group, a competing smart-card developer largely
owned by Rupert Murdoch's global entertainment conglomerate, News Corp.

According to a lawsuit Canal Plus filed in U.S. District Court in San
Francisco in March, NDS sought to dominate the smart-card market by
driving a wedge between Canal Plus and its customers. Canal Plus claims
a billion dollars in damages.

NDS, which was co-founded in Israel and run for several years by a
fugitive from U.S. law enforcement, has denied the charges, calling the
suit "an attempt by an inept competitor to shift the blame for its
incompetence."

The hacking has altered the global media industry. The counterfeit cards
may have played a role in the downfall of Vivendi former Chief Executive
Jean-Marie Messier. They also brought about the near-ruination of
Vivendi's prized Italian satellite system, propelling it to the auction
block in early June. News Corp. promptly struck a deal to buy it.

The case marks the biggest and most sensational accusation yet of
corporate cybercrime, a shadowy, unsavory and increasingly popular
activity, experts say.

Corporations and organizations looking for an edge find hacking
irresistible and all too easy.

"It's possible to wreak havoc on a competitor today in a way that it
wasn't before," said high-tech consultant Sean Badding. "It's only a few
clicks of the mouse from legal to illegal."

A long-running Silicon Valley case illustrates how "a few clicks" can
undermine and even potentially destroy a company.

Seven years ago, Cadence Design Systems, a maker of design software for
integrated circuits, sued Avant Corp., claiming it had stolen its
programs. A subsequent criminal case, brought by a determined San Jose
prosecutor, led to verdicts last year against seven current and former
Avant employees, including the chief executive and three founders. Five
received jail sentences.

For years, however, Avant was on the offensive, asserting that Cadence
was merely a lame competitor. It was an argument that proved
surprisingly effective. "We had a lot of pressure from people in the
electronics industry saying, 'Get over it, crybaby,' " said Cadence
general counsel Smith McKeithen.

Fears of being labeled a loser lead a lot of companies to hush up about
sabotage. And even when they're willing to go public, the prosecution
record is "disappointing," said Bill Boni, coauthor of a forthcoming
report from the American Society for Industrial Security on "trends in
proprietary information loss."

"From information theft to manipulating and destabilizing competitors,
espionage and sabotage are getting worse," said Boni, chief information
security officer at Motorola Inc. "But catching the culprits is hard. If
the FBI didn't catch [former agent and admitted spy] Robert Hanssen
stealing counterintelligence documents, how do you think corporations
are going to find someone digitally plundering their crown jewels?"

At its most basic, corporate espionage is a search for competitive
information. At Princeton University, the director of admissions
recently was caught hacking into a Yale University Web site that let
prospective students know whether they had been admitted.

In 1999, Internet bookseller Alibris paid $250,000 to resolve federal
charges that it had unlawfully intercepted thousands of e-mail messages
to its customers from online bookseller Amazon.com. Many of Alibris'
customers were booksellers themselves; knowing what they were buying
from Amazon could provide Alibris a better understanding of the market.

Although companies can put some rudimentary defenses in place, for the
most part they are helpless against the type of hacking in these cases.
As for corporate sabotage, which is what Canal Plus is alleging, there's
literally no defense.

"A lot of people look at computer security and say, 'Give me the answer.
Tell me what will make these problems go away,' " said consultant Bruce
Schneier. "And I say, 'Nothing.' "

Lauren Weinstein, co-founder of People for Internet Responsibility, an
advocacy group, said it is a mistake to look for a technological
solution to sabotage.

"It seems to me to be purely an ethical question," he said. "We're going
to have to rely on the better part of human nature."

Noting that newspapers are overflowing with stories about corporate
executives who lied and looted, Weinstein acknowledged, "Unfortunately,
that's not always a lot to count on."

A Colorful History

A smart card, about the size of a credit card, has an embedded chip with
a central processing unit and memory cells. Basically, it is a tiny
portable computer. That makes it perfect for controlling access to
digital television, which is beamed encrypted from satellites.

The smart card slips into the set-top box that converts the digital
signal, unscrambling it and acting as a sort of gatekeeper for the
programming content. A smart card, for instance, will record what
pay-per-view program a subscriber watches and transmit that information
over a phone line to the billing office.

About 80 million TVs worldwide use smart-card technology. A third of the
cards come from NDS Group, a company with a colorful history.

"NDS is all about the business of keeping secrets," said Neil Chenoweth,
author of a biography of Rupert Murdoch that will be published this
fall. "For most of its history it has existed in a legal and tax sense
somewhere between Hong Kong, London, Jerusalem and Grand Cayman. But
what happens if the secret side of an organization gets out of control?"

News Corp. funded the Israeli start-up in 1988 with vague hopes of
profiting from its encryption technology. When Murdoch realized that his
new British satellite television service would be endlessly pirated
without adequate safeguards, NDS, then called News Datacom, proved its
worth almost immediately.

NDS was run by a young English-born entrepreneur named Michael Clinger,
a onetime bank credit analyst in New York who became chief executive of
a small medical laser company. The Securities and Exchange Commission
brought fraud charges against that firm, which Clinger settled in 1986.
He then decided to emigrate to Israel. In 1990, a U.S. grand jury
indicted Clinger on 51 counts of fraud, conspiracy and insider trading,
all relating to the laser company.

Whether Murdoch knew that one of his crucial divisions was being run by
an international fugitive remains unclear. Even after relations between
Clinger and News Corp. soured, Chenoweth writes in his book, "It wasn't
in News Corp.'s interest for Clinger to be arrested." An NDS spokeswoman
declined to discuss the issue, calling it "ancient history."

In 1992, Murdoch bought out Clinger's interest in NDS and got rid of
him. Or thought he did. Clinger still secretly controlled the
manufacturing company that made the smart cards for NDS, which gave him
a direct pipeline into his former company.

Matters spiraled out of control, according to several news accounts,
when Clinger's ex-wife, a former swimsuit model, got involved with NDS'
former chief financial officer. Apparently for revenge, Clinger turned
him in for alleged evasion of personal income taxes. Apparently for
revenge, the chief financial officer told News Corp. officials that
Clinger hadn't gone away as they thought.

News Corp. sued Clinger for fraud in 1996, saying he was inflating the
costs of each card he sold to NDS. Clinger fought back by telling the
Israeli tax authorities that they should check NDS' books. Seventy-five
inspectors raided the NDS offices. Eventually, News Corp. paid $3
million to the Israeli tax authorities, saying it wanted to "terminate
the uncertainties and the exaggerated rumors" that the case had been
spawning.

In an NDS safe, the tax inspectors found something not so simply dealt
with: numerous tapes of conversations between Clinger and his lawyers
long after he had left NDS. News Corp. denied that it had done any
wiretapping of its former executive and asserted that the tapes had been
planted by Clinger to frame NDS.

The fraud case, argued in an English court, went badly for Clinger,
ending in 1998 with a judgment that he was "a skillful liar" who owed
News Corp. and NDS nearly $50 million--a judgment that has not been
paid.

By the late 1990s, as the world moved toward digital entertainment,
investors figured that a company selling encryption devices would be a
big winner. Late in 1999, News Corp. sold 20% of NDS to the public.
Within a few months, the value of the company exceeded $5 billion. Among
NDS' big clients were News Corp.'s British Sky Broadcasting Group and
DirecTV, a leading U.S. satellite TV operator.

As NDS' stock was peaking, Vivendi was having massive problems with
piracy. The smart cards made by its Canal Plus division powered 12
million set-top boxes, mostly for European television systems owned by
its parent.

In Italy, for instance, Canal Plus technology was used by Telepiu, a
digital system controlled by Vivendi. News Corp. controlled the
competing platform, Stream.

As the companies fought for a commanding lead, their losses mounted. The
biggest financial drain for Telepiu was freeloaders. When a new
subscriber was buying a satellite dish and set-top box, the vendor would
often sweeten the deal by telling the subscriber whom to call for a
cheap counterfeit card.

Telepiu canceled its contracts with a quarter of its vendors, but that
did little to stem the tide of piracy.

Frustrated, Canal Plus began to track the problem to its source. There
were so many counterfeit cards, not only in Italy but elsewhere, that
the company was facing claims from its clients for compensation.
Competitors were pointing out that Canal Plus couldn't guarantee the
integrity of its system, an alarming charge to make against a security
company. Full-scale disaster loomed.

Canal Plus' investigation ultimately yielded a date, March 26, 1999, and
a Canadian Web site, DR7.com. It was then and there, Canal Plus says,
that its secret code was revealed for the world's counterfeiters to see
and exploit.

But someone had to crack the code in the first place. Canal Plus
maintains that this would have been very difficult. In the first three
years it sold the cards, it says, they were never successfully hacked on
a widespread basis.

Further investigation, Canal Plus says in its suit, led to Haifa,
Israel, and the NDS lab. There, Canal Plus alleges, NDS engineers spent
part of 1997 and all of 1998 in a $5-million effort to crack the cards
and extract the software code, using such techniques as microprobing,
laser cutting and focused ion-beam manipulation.

Allegations that the Haifa lab had extracted the code came from Oliver
Kommerling, a consultant whose company, Advanced Digital Security
Research, was partly owned by NDS.

"These efforts and the results were put into a written document and
circulated among some NDS employees," Kommerling stated in a court
declaration, adding that he also had a copy of it.

Canal Plus even believed it had found an NDS employee who posted the
code on the Internet.

The director of security for Canal Plus Technologies, Gilles Kaehlin,
said in a court filing that he had met with Christopher Tarnovsky, an
NDS employee at its U.S. headquarters in Newport Beach whom he
identified as "a well-known 'pirate' within the hacker community." Using
a "nonverbal method of communication," Tarnovsky admitted sending the
code to the DR7 Web site, Kaehlin alleged.

Why Tarnovsky should so readily incriminate himself is unclear, but
Kaehlin added that the hacker indicated he might switch sides.

"He promised me that he would tell the truth to the court if he were
called to testify but that he would not be the 'whistle-blower' on NDS'
illegal activities, because he ... feared too much for his life and that
of his family," Kaehlin said in the declaration.

In its lawsuit, Canal Plus accuses NDS of unfair competition, flouting
copyright, racketeering and violating the Digital Millennium Copyright
Act, which criminalizes the cracking of encryption devices in order to
circumvent them.

The case was filed as the satellite TV companies, if not winning against
hackers, at least seemed to be fighting them to a draw. But the Canal
Plus suit undermined any notion of progress against pirates.

"If you have one of the largest media companies in the world actively
working against the copyright holders, the digital future doesn't have a
prayer," said Chenoweth, the Murdoch biographer. "This suit is really
about the future shape of the media industry."

NDS not only denied any involvement in the hack, it offered to the court
some theories about what really happened. Canal Plus cards were hacked
long before any code was posted to DR7.com, NDS said. They were
vulnerable because they were junk, it added.

Here is what really transpired, NDS says: Four months before the suit
was filed, Canal Plus approached NDS about a merger. At the same time,
it privately accused NDS of compromising Canal Plus' smart cards.

The accusation, NDS says, was an extortion attempt: Canal Plus would go
public with the charge unless NDS paid an "outrageous" acquisition
price. Now that the merger negotiations had fallen apart, Canal Plus was
merely doing what it threatened. NDS was the victim here, not the
villain.

Almost as an aside, NDS wondered on what grounds it was being sued. Why,
it asked, does "United States law govern the actions of engineers in
Israel employed by an English company to reverse-engineer the [code] in
a smart card created by and for a French company"? It asked the judge to
drop the case.

Court Skirmishes

NDS might have said the Canal Plus suit was without merit, but its
stockholders fled. On March 12, the day the suit was filed, NDS shares
plunged 25%. It closed Wednesday at $9.87, up 57 cents, on Nasdaq.

In early court skirmishes, Canal Plus maintained that the case was so
"clear-cut and shocking" that it warranted the unusual legal step of
expedited discovery.

Then, at the beginning of the summer, Vivendi, Canal Plus' debt-laden
parent, began to fall apart. To raise money, it had to shed assets.
First on the block was its Italian pay-TV division, Telepiu.

If the need for a sale wasn't a surprise, the prospective buyer was one
that Canal Plus executives must have found galling: their hated foe,
News Corp.

One condition was attached to the purchase: Drop the suit.

After Vivendi CEO Messier was forced out on July 1, the company also
sought a buyer for Canal Plus Technologies. At one point, NDS Chief
Executive Abraham Peled told a British newspaper that he was interested.
"It's all a question of the right price," he said.

The ending might almost have been foretold from the beginning. First
pirates had destroyed Canal Plus and Telepiu. Now News Corp. had a
chance to pick up the pieces on the cheap. When the deals were done, it
would have no satellite competition in Italy and only one remaining
smart-card rival, the Swiss Kudelski Group.

If Vivendi had fewer counterfeiters, one observer said, Messier might
have avoided seeing the dismemberment of his company, the loss of his
job and the triumph of Murdoch.

"When you make a [revenue] forecast and it's not reached because you
have a piracy rate of 35% instead of 10%, it means you're not reliable,"
said Davide Rossi, secretary general of the European Assn. for the
Protection of Encrypted Works and Services, a trade group that both
Canal Plus and NDS belong to. "Your partners may not be willing to
support your other provisions."

The Telepiu sale has not gone through. Neither has any deal been
announced for Canal Plus. As a result, the lawsuit has come back to
life. On Aug. 15, U.S. District Judge Vaughn Walker slightly narrowed
the case but declined to either move it or drop it, as NDS wanted.

Despite Canal Plus' assertions about how "no person or company is above
the law," legal experts and industry sources close to the case say its
interest is more tactical than ethical. When the suit's utility as a
bargaining chip is over, they expect it to disappear.

Meanwhile, Kommerling, the consultant whose company is partly owned by
NDS, has paid a price for coming forward with allegations against NDS.

Within hours after NDS saw his critical declaration, Kommerling was
locked out of his offices, which adjoin the NDS headquarters in an outer
London suburb. He is suing NDS for wrongful interference, but at the
moment has little recourse except to walk away from his own company.

"I don't regret it," said Kommerling. "Given the circumstances, it was
the only way to go. When I have spent all of my money in legal costs,
I'll still have my integrity and skills and that's the important thing."

Asked about Kommerling, NDS declined to comment.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
4 DVDs Free +s&p Join Now
http://us.click.yahoo.com/pt6YBB/NXiEAA/MVfIAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:32 PDT