[mili]

C&P from another site, relevant stuff only:

"The FCC and CRTC should take note: both of these broadcasters are in violation of their responsibilities to secure their signals and compete fairly with other broadcasters for new business. ...the CRTC even threatened to revoke the broadcast license of ExpressVu if piracy was not eliminated.

...neither Echostar or ExpressVu has shown any willingness or due diligence to secure their recently compromised broadcast signals.
...[Either the CEOs of these organizations are incompetent bungling fools or shrewd men of business.] Securing the Nagravision Encrypted signal, at least partially, is trivial and a technical method for doing so will be recommended.

In the interim, competing satellite broadcasters and cable companies should know that the North American market is now being flooded by cheap Chinese exported Free-to-Air (FTA) receivers that can decode both Echostar and ExpressVu signals without any monthly fees. Some of these FTA receivers are selling for as little as $50 and are being sold in electronics outlets throughout North America. A competing broadcaster, who has suffered damages and continues to suffer damages, has estimated that over 500,000 of these units have entered the US market alone since September of 2005. ...from affidavits requested from major [FTA] manufacturers.

..the response from Echostar and ExpressVu so far has been silence. Neither broadcaster has attempted any serious electronic counter
measures. Both broadcasters have periodically changed their public keys but the majority of FTA models have not been affected. Ergen would not respond to their complaints. Neither would Kudelski.

A team of engineers at our broadcasting facility were asked to study Echostar's security problem and advise us on whether this problem could be countered with software upgrades or whether a complete card swap would be required.

Technical research obtained, written by Mr.X.Y, Lead Electrical Engineer (Communications Group)


Excerpt

Echostar/ExpressVu Piracy Problem - Complaints to FCC and CRTC
Respectively

RE: Memo to communications staff - March 12, 2006
RE: FTA Piracy rampant - March 12, 2006
RE: Counter Measure Proposals - March 13, 2006
RE: Nagravision Signal Integrity: Study - March 14, 2006
RE: Complaints to FCC and CRTC - Pending Approval


Report Findings:


1. "101 ROM" cams compromised February 2005. Invasive attack from Spain most likely source for this compromise. Cam-IRD session handshaking protocol intact.
2. IDEA Broadcaster keys for Echostar start to circulate on public forums in August 2005. FTA piracy starts.
3. Public non-invasive attack compromises "102 ROM" cams in October 2005. ExpressVu is now also compromised. Modifications of receiver
firmware to counter Cam-IRD session handshaking protocol are widespread. Numerous pirate cams, cards and other electronics to facilitate piracy are being sold.
4. Echostar swapping out "101 ROM" cams by June 2006. No other card swap is planned.

Report Recommendations:

Although the Nagravision Encryption for certain cams is publically compromised, it will be proposed to Echostar and ExpressVu via the FCC and CRTC respectively, that the following counter measures be implemented immediately:

1. Restoration of CAM-IRD handshake protocol and counter measures against firmware modifications. It will be proposed that the CONTROL
WORDS be ciphered with the 64 byte Primary RSA key in IRD firmware in a convoluted manner difficult to reverse-engineer from firmware
disassemblies. Any modifications to the Primary RSA key will result in incorrect CONTROL WORDS. Without knowledge of the convolution process, FTA and DVB piracy will be eliminated.

2. Increase the length of the RSA exponent used for public key decryption to 512 bits. This will render atmel based piracy devices and
older generation ROM cards useless.

3. Traditional electronic counter measures against compromised "102 ROM"
cams."

mili

[skinerd]

Another thought.
DTV not hacked...subs down.....
DN hacked......subs up......

[Pyotr]

Who are these guys that are filing the complaints?

i lost same chaneals since i did the new soft wear 2.02 liek 646,647,648.and more any ideia pleas

[Pyotr]

Quote:

Originally Posted by aydking2005

i lost same chaneals since i did the new soft wear 2.02 liek 646,647,648.and more any ideia pleas

This is not the place to post this question.

[spanky macdouga]

Quote:

Originally Posted by mili

C&P from another site, relevant stuff only:

"The FCC and CRTC should take note: both of these broadcasters are in violation of their responsibilities to secure their signals and compete fairly with other broadcasters for new business. ...the CRTC even threatened to revoke the broadcast license of ExpressVu if piracy was not eliminated.

mili

Why would the FCC care if piracy isn't eliminated? I mean dish pays a fee of somekind to them (I imagine), so the FCC is still making their money. Could be because of the porn?

[seaboard18]

Quote:

Originally Posted by spanky macdouga

Why would the FCC care if piracy isn't eliminated? I mean dish pays a fee of somekind to them (I imagine), so the FCC is still making their money. Could be because of the porn?

You need to do some reading.

The FCC acknowledged it had never before tried to impose regulations affecting television broadcasts after such programs are beamed into households. But it maintained that it was permitted to do so under the 1934 Federal Communications Act since Congress didn't explicitly tell the commission not to do it.

[spanky macdouga]

Quote:

Originally Posted by seaboard18

You need to do some reading.

The FCC acknowledged it had never before tried to impose regulations affecting television broadcasts after such programs are beamed into households. But it maintained that it was permitted to do so under the 1934 Federal Communications Act since Congress didn't explicitly tell the commission not to do it.

that explains the lagality of the FCC being able to impose their regulations. My questions is why would they care if dish eliminates hacking or not?

For some reason every time I read about the fcc I feel like I am in China, or Cuba. These are whacked out control freaks.

[alsouthster]

Interesting "memo" but obviously of dubious authenticity

[mili]

What is interesting is whether the proposed ECM methods would work or not. I am no coder and cannot comment on their validity one way or another. Anyone in the position to address the issue?

mili

[alsouthster]

Certainly not I.

But my close reading of the proposed counter-measure #2 would seem to indicate that they might increase the length of the RSA exponent to 512, which could conceivably render the Atmega useless!

say it ain't so!

[Homer J. Simpson]

i wouldnt be surprised if the fcc and other regulatory agencies are having a problem with it becuase maybe they get paid by satelite companies per subscribing customer. i could swear i read somewhere they pay a charge on each subscription.

[Twostep]

Look at the wording in this release/excerpt closely. While I may be overly suspicious in some cases, both the first part written by the "broadcast facility" and the excerpt by "Mr. XY, Lead Electrical Engineer" - to me, appear to have been written by the same dude.

A tester/coder.

Perhaps one trying to get a better feel for what Echostar/Bell is REALLY up to, or one putting out a 'red herring' (a diversion), hoping someone from Echostar/Bell is reading his/her work.

I smell bullshit. Perhaps done for our benefit, but bullshit nonetheless.

[seaboard18]

Quote:

Originally Posted by Twostep

Look at the wording in this release/excerpt closely. While I may be overly suspicious in some cases, both the first part written by the "broadcast facility" and the excerpt by "Mr. XY, Lead Electrical Engineer" - to me, appear to have been written by the same dude.

A tester/coder.

Perhaps one trying to get a better feel for what Echostar/Bell is REALLY up to, or one putting out a 'red herring' (a diversion), hoping someone from Echostar/Bell is reading his/her work.

I smell bullshit. Perhaps done for our benefit, but bullshit nonetheless.

Don't think its all BS. BTW- many testers don't know where this is being tested. So as not to disturb the paying subscribers very much, he is using the music channels. For those who have the ability to do a stream log, you can see for yourself, generally late at night in the A.M. I know, this is chilling news.

[Twostep]

I agree, Seaboard, it's feasable this report is on the level. I've seen so much of this April foolery over the years, I suppose I'm leery of any such report - but who knows.

Unfortunately, not being a coder, I probably won't factor in a solution should any of this come to bear...just an interested spectator.

As always, time will tell....

[Bandit5906]

Another C & P:


Big news? no it is old news // 2006-03-17
Signal thieves have broken into new encryption system
Print By Joyzelle Davis, Rocky Mountain News
March 17, 2006
EchoStar Communications acknowledged hackers have penetrated its security system, less than six months after the company thought it had finally thwarted thieves of its Dish Network satellite-TV signal.
Dish last year took extraordinary steps to protect its system, swapping out all of the credit card-sized "smart cards" that its 12 million subscribers use to access programming with a new version thought impervious to pirates. Signal thieves are able to watch Dish programming without paying the subscription fee.

The company disclosed this week in a regulatory filing that those cards have been "compromised" and it's employing software patches and other security measures in an effort to fix the damage.

"However, there can be no assurance that our security measures will be effective in reducing theft of our programming signals," EchoStar said in the U.S. Securities and Exchange Commission filing. "If we are required to replace existing smart cards, the cost of card replacements could have a material adverse effect on our financial condition, profitability and cash flows."

EchoStar spokeswoman Kathie Gonzales declined to comment beyond the filing.

Kudelski SA, the Swiss security software firm that manufacturers EchoStar's smart cards, downplayed EchoStar's remarks. The company's chief finance officer told Reuters that only some families of cards have hacks and none of the new cards has been compromised.

EchoStar has become a prime target of signal pirates since larger rival DirecTV changed out its smart cards in 2004, which have remained unhacked since.

Satellite broadcasters send encrypted signals that determine what level of programming a customer receives. The signals are decoded by the smart card, which is plugged into a customer's set-top receiver.

The news came as EchoStar announced the settlement of lawsuits it filed against three people who allegedly sold pirated Dish equipment on the Internet auction site eBay.

Terms of the cash settlements with defendants from Washington, Texas and Ohio weren't disclosed. The unnamed individuals had advertised, received payment for and delivered equipment to Dish employees working undercover.

The move to the courts marks a potential tactical shift by EchoStar, which hasn't sued or publicized its litigation to the degree DirecTV did at the height of its signal-theft troubles in 2003.

At the time, El Segundo, Calif.- based DirecTV undertook a campaign of suing individuals whose names turned up on invoices taken during law enforcement raids of manufacturers and sellers of equipment designed to pirate signals.

DirecTV has sued more than 25,000 people, including ex-football player O.J. Simpson. The company last year won $25,000 in damages in a case stemming from the recovery of devices in Simpson's Florida home that allowed viewers to tap into the company's signal without paying. Simpson's attorney has said he plans to appeal.

EchoStar spokesman Mark Cicero declined to say whether the company is stepping up its litigation campaign.

In a statement, EchoStar said it "continues to combat those individuals who try to circumvent EchoStar's security system by manufacturing, importing, or offering to the public any device that may be used to receive unauthorized programming from EchoStar's satellites."

[The Baron]

A couple of things for concideration,

The reason that the FCC and CRTC want piracy eliminated is it is providing and unfair advantage for BEV and DISH to gain customers. Speculation around these providers allowing Piracy to contiune to weaken competitors market share is rampent. The CRTC suspects that BEV is attempting to steal competitors clients by first allowing them to set up pirate gear and then after a while tighten the security to force these people to buy subs.

It is really smart business. When you get someone started on satellite there are alot of upfront expences like the equipment. But once a user has it they are more likely to stick with it. So if they start out as Free TV'ers, if free tv is eliminated then they will more then likely just buy a sub.

It is belived that this was what N2 was going to do. And for a short time it did provide just that.

The only problem is now they are being hit with stiff fines and are facing litigation from competitors.

Just something to think about.

[fubr]

Quote:

Originally Posted by The Baron

A couple of things for concideration,

The reason that the FCC and CRTC want piracy eliminated is it is providing and unfair advantage for BEV and DISH to gain customers. Speculation around these providers allowing Piracy to contiune to weaken competitors market share is rampent. The CRTC suspects that BEV is attempting to steal competitors clients by first allowing them to set up pirate gear and then after a while tighten the security to force these people to buy subs.

It is really smart business. When you get someone started on satellite there are alot of upfront expences like the equipment. But once a user has it they are more likely to stick with it. So if they start out as Free TV'ers, if free tv is eliminated then they will more then likely just buy a sub.

It is belived that this was what N2 was going to do. And for a short time it did provide just that.

The only problem is now they are being hit with stiff fines and are facing litigation from competitors.

Just something to think about.

Not going to say NEVER but when Dave got secured I let sub dropped and did not sub back. When Charlie had his few months of security I did not sub.I have not subbed to either in awhile although before I went totally to local channels that I can hardly pick up in the sticks I would consider subbing.
If I pay $$ It will be to Dave though.
Hell I would pay a basic sub if they left us alone to test as a hobby

[Bandit5906]

I didn't think BEV had any competition in the Great White?

Prior to Dave securing his system I had a sub for both DN and DTV. When Dave changed I cancelled. I moved and then re-subbed for Charlie, but when testing became a viable option I cut it back to just under $50.00 a month.

Personally I don't really care much for the programming on either system, but I refuse to go cable. Supposedly Verizon has some competition for cable, but it has been blocked in my area.

BTW: How is it that everyone gets to encrypt their signal, charge us and then run commercials, too? I call that double dipping and as far as
I know they were given permission to do one or the other, but not both!

[The Baron]

Quote:

Originally Posted by Bandit5906

I didn't think BEV had any competition in the Great White?

They don't have competition from other Sat providers but from Local Cable companies and Telcos. A lot of ppl still have cable or are now moving to IPTV. Both are very secure and since they facilitate 2 way communication aren't a good place to look for free TV. The thing is once you get Sat you most likely wont go back to either of those competitors. So even if you dont get a sub after testing is blocked you probably wont go back to BEV's competitors. This just shrinks competitors market share.

It's very smart business, make sure that if they aren't with you they aren't with your competitor either.

And it doesn't cost BEV anything for you to decode the signal because it is out there anyways. Where as with wireline providers they have to pay for that extra bandwidth you are using up. IPTV alone requires approximatly 2M of bandwidth to provide just one set-top receiver with programing.

[gleeben]

i think you guys are just givin charlie/bev brilliant ideas to do their business, talk about hacks, not about how to stop them. i would like to see dave public hack, just to let them know nothing is unhackable. btw i like charlie better.

[alsouthster]

actually there is a sat competitor in Canada, Star Choice, unhackable I believe

[tobyguy]

Quote:

Originally Posted by The Baron

A couple of things for concideration,

The reason that the FCC and CRTC want piracy eliminated is it is providing and unfair advantage for BEV and DISH to gain customers. Speculation around these providers allowing Piracy to contiune to weaken competitors market share is rampent. The CRTC suspects that BEV is attempting to steal competitors clients by first allowing them to set up pirate gear and then after a while tighten the security to force these people to buy subs.

It is really smart business. When you get someone started on satellite there are alot of upfront expences like the equipment. But once a user has it they are more likely to stick with it. So if they start out as Free TV'ers, if free tv is eliminated then they will more then likely just buy a sub.

It is belived that this was what N2 was going to do. And for a short time it did provide just that.

The only problem is now they are being hit with stiff fines and are facing litigation from competitors.

Just something to think about.

Good points.

Also, if they hit you at the right time, they also know there's a good chance that one will end up subscribing to just the minimum (to remain up when they hit you on that big game weekend).

Tobyguy