My time at News Corporation
Not a lot of people know this, but in 1997 I reverse engineered the current Sky card of the time and let the code leak out via other pirates. I’m very familiar with piracy, it’s a multi-billion dollar industry. It was the first dual-processor smartcard ever manufactured and I was 17. It took me about 8 months to crack it. As with the GeoHot farce, this led to months of cat-and-mouse between myself and Sky as they issued updates to the genuine smartcards over the satellite and I had to produce countermeasures to keep the pirate cards working. And as with the GeoHot farce, it was in the newspapers and led to a flood of worshipping fans; however I remained anonymous and used tons of pseudo-aliases.
I did it, not for the fame, or for money, or for free TV, or to please my fans. Indeed, several pirate card companies took the designs and software I had published, copied them and sold them for hundreds of pounds a pop. They made millions of pounds from my work. On my part, that was completely expected. If I had been out for the money, I could have done that myself. But I didn’t, because I did it for the challenge of proving it could be done. There is nothing like a company claiming a product is unbreakable to give inquisitive minds the momentum to break it.
What happened as a result of that? I gained an exquisite knowledge of cryptography, security, set top box and smart card design. I learned several new programming languages, new techniques and new algorithms which can be applied in every day work.
One day, NDS (a branch of News Corporation) – the designers of Sky cards – caught up with me. They tested me on my knowledge to make sure I was the real hacker, and then hired me to improve their cards. The next card released was the result of a £21 million redesign and redistribution, to which I put forward some of the design concepts and highlighted what was wrong with the existing card. The replacement was never reverse-engineered publicly. I privately reported several vulnerabilities in the new card including how to dump 1k of memory which contained the addresses of all the main over-the-air data processing routines, and they were patched via satellite before anyone else figured out how to take advantage.
Among other things, the new cards also had the two processors glued together top-to-bottom, so you could no longer melt the card in acid and extract the two processors and probe them separately. Separating the processors in the new card destroys them both. I raise this point because it demonstrates that to be a successful security expert, you need knowledge of both software and hardware exploits, and the best way to gain that knowledge is to hone your skills by hacking something that hasn’t been publicly hacked before. This is exactly what GeoHot has accomplished with the iPhone and PS3.
A real hacker will never bother to get into someone’s Facebook account. It is boring and there is no challenge in it, and it’s been done over and over already. These are not the people I am talking about. They are parasites to the industry. The real hackers are future assets and should be treated as such.
Did all of my mischief make me a bad person? No, actually it put me at the top of my field. It was a well paid job, Google wanted to hire me without interview but I said no because I didn’t want to move to California. I would not have the skills I have now if I hadn’t been allowed to carry out that hacking exercise, and because it had never been done before, it is the sort of thing that earns you a lot of respect among your peers. Sky also saved a lot of money on piracy in the long run into the bargain.
What did NDS actually employ me to do? Sit in my University dorm and hack their products. A few weeks after SkyDigital was launched (1st October 1998) I presented them with the first firmware dump of the set-top box. That was quite the vulnerability for them, not least because the box could record upto 25 PPV purchases before phoning home, among other reasons. Future set-top boxes were modified to make it harder to dump the firmware. If someone else had got there first, they could have made a complete farce of the pay-per-view system – which ultimately, as the bankruptcy of other European satellite networks due to piracy such as FilmNet shows, will affect the quality of programming legitimate customers receive eventually. Satellite networks facing massive piracy turned to NDS and became their customers, because they had ultimately designed the most secure system – and a high proportion of the developers were former hackers. The result? We now have a better satellite TV delivery network.
There is nothing wrong with hacking for the sake of hacking. People need to understand that it leads to the output of some of the most skilled people in our industry. Don’t knock it. Hacking requires skill and dedication, and most hackers stop hacking when they get out of school and learn that the real world places too many demands on their time. I have seen this over and over again. Then they get good jobs and produce products that benefit and entertain you and me.