European Scrambling Systems 5 was largely written over the months between January 1996 and August 1996. In the space of that time, the Blackbox Industry had changed drastically in Europe. Against all odds, the Sky 10 card, (the 0A), had been hacked. This forced Sky and News Datacom to play dirty. But the results were also unexpected. A meltdown of security on most News Datacom designed systems over the planet followed. The security on other systems also failed.

However the beginnings of a combined legal offensive against piracy in general occurred in 1996 with the European Commission producing a Green Paper that looked for all intents and purposes to have been drafted by the channels themselves. The resolution passed by the European Parliment in May 1997 is perhaps a byproduct of the Green Paper and it makes the section on the Future Forms of Piracy a little more relevant. One of the things that the resolution seems to be in favour of banning is the Black Book. With this in mind, Chapter 1 of the book has been placed on-line and the price of the book has been reduced. You had better hurry and get your copy before the legislation goes into effect.

An Introduction To Scrambling

So Why Does Piracy Happen?

The Three Phases Of Piracy

The Channels Strike Back

Hacking: The Battle For Evolutionary Dominance

The Future Forms Of Piracy

Divergence Or Convergence?

The first law of magic is that chaos is order and order is chaos. This is a proven mathematical fact. It is also the first law of hacking. In order for the scrambled signal to be recovered, there has to be some sort of order in the scrambled signal. The more secure systems use digital techniques but despite their complexity, they are not ultimately secure.

The fun or thrill of hacking is breaking a system that cost millions to develop with a few pence worth of components. It is a common fallacy that if the subscription cost of a system was reasonable hackers would not attempt to hack that system. This argument is generally proposed by JAFAs. for those still wondering what JAFA means, it is an acronym for Just Another F*%ing Amateur.

Hacking is a game of technological chess and as with any sport nowadays there are amateurs and professionals. Luckily for the hackers the greater proportion of the system users are non- technical business people and hence by the above definition, amateurs.

The information in the book should be equally valuable to system owners and to hackers. The system owner has the most to lose and the hacker has the most to gain. It will give the system owner access to information about hacking that he or she would not otherwise be able to obtain. It should also give the reader, regardless of side, a detailed knowledge of the practice of signal security.

That was written in 1988. This is 1996. The market for satellite television piracy in Europe is huge. It is a truly multinational effort as the legal framework is just not able to cope with this form of activity. While it is often illegal to pirate a channel in the country from which it is originated, any foreign channel is fair game. The channels who are the victims often neither have the will or the legal grounds to act against this piracy. When channels do take legal action outside their home market, once the laughing dies down, the realisation of abject failure dawns upon them. The handling of the problem lies not in the lawyer's remit, but rather in the hands of those who select the system.

It is estimated that the Blackbox industry in Europe is worth at least £500 million per year in trade. Minor constraints such as national borders do not affect this industry. So for a situation like BSkyB, who only have the rights for Ireland and the UK, the pirates can market the service Europe wide. Channels like FilmNet, Rendezvous, Canal Plus and TV1000 have a translingual appeal - hardcore pornography. Therefore they are pirated in every market.

Of course there are some, primarily working for the afflicted channels, who would question the figure of £500 Million. The simplest way would be to take as an example the piracy on the BSkyB 09 card. The first fully operational pirate 09 smart card appeared in October 1994. BSkyB switched to the 10 card (0A to hackers) on 31/10/95. Therefore there was approximately a year of complete piracy on the 09 card.

The main targets on the 09 card were the Sky channels. This resulted in a subscription to the value of £287 being lost by BSkyB. Also on the same pirate card were, The Adult Channel (a UK soft porn channel) and Eurotica (the hard core version of the Adult Channel). This pushed the value of the lost subscriptions to approximately £387.

Considering there were at least 500,000 pirate devices in the UK and Ireland at the height of the 09 piracy, this would give a piracy value of £193,500,000 for that year. Of course you are not going to find the channels declaring such a loss to piracy. It would not be good for their business. Naturally since these figures can never be properly assessed, it is difficult to get any reliable answer. The problem is that the media analysts who review the stocks generally haven't a clue about piracy. The fact that only a limited amount of the stock is in play at any given time produces an artificial view of the situation.

At the time of writing, early 1996, the Sky 10 card has just been hacked and pirate devices are once more flooding into the market. This time, the hack is limited to Battery Cards and it has not been released in PIC16C84 based cards. The Battery Cards use the Dallas 5002FP which has proven to be more robust than the majority of the secure chips on the market.

Of course it should be remembered that BSkyB ran their first public Pay Per View event on March 17th, 1996. Even this was hacked as someone found a backdoor into the card that allowed the PPV event to be enabled on legitimate BSkyB cards. While this was separate from the actual Battery Card hack, it does bode ill for any future PPV event that BSkyB want to run using the 10 card. A future PPV event would be compromised by both an activator hack and by the Battery Card hack.

The advertising of pirate devices in Europe has changed little over the last two years. If you pick up some European satellite television magazines and you are likely to run across adverts for pirate smart cards or decoders before you get to any articles. Magazines published in the UK such as "Satellite TV Europe" and "What Satellite" even carried advertisements for pirate BSkyB cards. It could be argued that these magazines exploited the pirate card market for the last few years. Indeed the current European Commission green paper on the protection of encrypted services referred to this exploitation of the piracy industry. Specifically the green paper mentions that these magazines should not be hit for providing an advertising medium for pirate devices.

In September 1995, "What Satellite" apparently got moral qualms about advertising BSkyB capable pirate cards. Well it is either that or BSkyB's legal people convinced them of the error of their ways. Well for a magazines that depends on BSkyB's television schedules, they had a lot to lose by not taking any notice.

"What Satellite" issued a letter to their pirate card advertisers stating that they would not advertise pirate BSkyB cards anymore and all new card adverts would have to specify which channels were decoded. This of course was very convenient timing as the switch to the Sky 10 card happened on 31/10/95.

Over the lifetimes of the 07 and 09 hacks on BSkyB, the level of piracy was such that the legitimate channels were not able to prosecute all of the pirates even when the legislation is on their side. Sharon Southwell-Gray, the Deputy head of legal and business affairs for BSkyB even admitted that such a situation existed with the 07 piracy in an affidavit given to the UK High Court in a case against a distributor of blockers. This revelation was a surprising glint of reality based lucidity falling as it did on an industry jaded by content-free press releases.

Perhaps the reason that the Blackbox Industry thrives is stupidity. The stupidity lies mainly in the policies of the management of the channels under attack.

Of course it is a sweeping generalisation to say that all channels are similarly afflicted. Some channels take the matter of piracy seriously and have plans to deal with the eventualities. Perhaps "eventualities" is the wrong word. It doesn't convey the uncertainty of imminent doom.

In the last few years, most channels have been trying to fight piracy with varying effects. Some have handled the whole issue with such cack-handedness that it amazed nobody, except the channels, when the cases against the pirates collapsed.

Admittedly each scrambled channel is in an almost indefensible position. They cannot employ military grade security and algorithms in their scrambling systems - the military will not let them. The legislation extant in the areas where they are most pirated does not offer them protection. Their systems are based on architectures that are often five or more years out of date and the technology has advanced sufficiently to allow hacks on the aspects that were virtually unhackable five years ago.

Therefore it would be logical to design any future system so that it can recover from a hack. It is more important that a system can recover from a hack. Trying to make a system hackerproof or indeed pirateproof is a futile exercise.

As can be seen from the recent events in the Blackbox industry, the progress of electronics has a devastating effect on the security of systems. The SECAM version of the Nagra Syster scrambling system has been hacked with a hack based on an attack on the video scrambling technique. This attack, while known about for at least five years, was until recently economically and technically not viable.

The operational lifetime, or more precisely, the hack free period of a system is now less than five years. It varies with the amount of hackers going after the system. Thus for a sporadically used system, there may be very little risk of the system being hacked. Of course for a widely used system, a hack is inevitable.

There are some people who would prefer that the Black Book did not exist. In fact at one conference on piracy prevention a speaker asked how they could stop the Black Book from being published since certain sections appeared to be against UK law. The smart retort would have been to tell them to make more secure systems but the reality cuts deeper. Well, that and the fact that this book is not published in the UK.

A scrambling system is like a very high stakes poker game. If the channel is bluffing about its scrambling system then it will loose millions. Most of the systems that are coming on to the market are actually fairly secure. It is the small design flaws that allow them to be hacked.

The Black Book has become the "bible" of scrambling systems. It seems that the book is often consulted to find the characteristics of a scrambling system by both channel executives and hackers. Apparently the manufacturers of the systems rarely supply interesting data sheets other than vague patents and then you have to look for the patents.

Some manufacturers adopt the "Mushroom Strategy" with users of their scrambling systems. They keep the users in the dark and feed them on the stuff that mushrooms are fed on. Some of these manufacturers would have a stunning second future in agriculture ahead of them.

This strategy is more politely referred to as "Security By Obscurity". In all cases where this approach is used, the system is hacked. The designers frequently believe that they are cleverer than the hackers and therefore the hackers could not break their system. There is no sight as pathetic as the designer who is blinded by his own brilliance. There is nothing funnier than someone who is not in possession of all the facts trying to defend this strategy. Sometimes you have got to wonder if the Mushroom Strategy is an alternative name for Catch-22.

The Mushroom Strategy also has more dangerous implications when the system is hacked. By its very nature, it is impossible to brief the counter-piracy team assigned to limit the damage. It seems the next big operation to use the Mushroom Strategy will be the Digital Video Broadcasting project.

The DVB project is meant to provide some form of common platform for digital television broadcasting in Europe. The system will use a Common Scrambling Algorithm for encryption. Each vendor can then add his access control architecture. The Common Scrambling Algorithm will not be disclosed but will be given to each member of the DVB project by a custodian after non-disclosure agreements have been signed. Yeah, right! I am not sure what genius came up with this idea. The DVB actually have a plethora of committees of all sorts of experts except one on how to make the coffee. The words "Tower Of Babel" spring to mind. They even have a committee of experts on piracy. The only thing, it seems, that these experts are expert on is developing systems that keep getting hacked!

The question now relates to whether the DVB systems will be hacked. Perhaps it is only a matter of time, but the lessons of the past may have been learned and integrated into the DVB specifications. But even if the security on the DVB is not as good as it could be, there may be some Europe-wide laws to protect this colossal folly.

The implementation of pay television legislation in Europe has been nothing short of a complete disaster for the channels. To put it bluntly, if a service is hacked - it is has no viable protection under the law. Lawyers cannot repair a breach of security but most of those in the satellite television business seem to believe that they can stop the pirates exploiting that breach.

In Europe there is no coherent Europe-wide legal framework for dealing with piracy - yet. It is generally a case of each country protecting its own channels or channels that uplink from their country.

There is legislation afoot to change the face of piracy in Europe. The European Commission published a green paper in March that seeks to deal with the legal protection of encrypted services in the EU. Of course it seems that the same crowd responsible for the fiascoes of the past have been let loose again to wreak havoc with more bungled legislation. Not exactly the Dogs Of War, more like the shi-tzus of waffle!

This new European legislation, should it follow the format outlined in the European Commission green paper, will make piracy of encrypted services illegal throughout the European Community. It seems that the channels seem to consider that legislation will, in itself, be enough to stop piracy. However this is due more to a faulty understanding of what legislation is meant to achieve than anything else. Legislation does not exist to stop crime. Specifically, anti-piracy legislation does not exist to stop piracy. It exists to provide remedies for the victims.

The problem for those who would enact such legislation is the incompetence and inabilities of the channels. It is the channels that have a duty to protect their service. Normally this is effected by using encryption and scrambling. Any government, when approached by a channel, will want to see proof that the channel is protecting the signal. It is not in the government's interest to waste taxpayers' money protecting the channel against piracy when the system was hacked because of the channel's incompetence, ignorance and ineffectiveness.

If a channel wishes to have the protection of legislation, then it should go some of the way towards actually using a scrambling system that is not easily hacked. Some form of independent certification of scrambling systems to be used in Europe would therefore be a good thing. The current trend of relying on non- disclosure, otherwise known as security by obscurity, is not viable and plainly allows the implementation of rather mediocre scrambling systems. It is not just a question of the law protecting the channels. It is a question of why the law should be used to protect a company that cannot be bothered to protect itself.

In the European Commission's green paper, there are references to the anti-piracy recommendations from the Digital Video Broadcast project. What worries me is that some of the phrasing in the legislation proposed in the DVB recommendations is, in some respects, particularly clueless and plainly ignorant of reality.

These people refer to the criminalisation of the possession of pirate digital decoders. The problem is that most of the major piracy in Europe for the last few years has been based on pirate smart cards. Of course when one of the proponents of the Council of Europe legislation was questioned on this, he was pointed out that the phrase "pirate decoders" also refers to pirate smart cards. The image of the "Blessed Are The Cheesemakers" scene from Monty Python's "The Life Of Brian" sprung to mind.

At the time of writing, the European legislation has still to be resolved. It is difficult to be optimistic about the situation given the past performances. It seems what the lawyers and bureaucrats would like is a legal framework not unlike the US model. Of course here in Europe, the US model would not be effective without a police state apparatus. No doubt some of the people advising the European Commission and the Council Of Europe would wish for such a situation.

Even in America, land of the brave and home of the fee, magazines carry adverts for the monthly codes for VideoCipher and B-MAC. Now with the collapse of the DSS smart card security, they carry adverts for pirate DSS smart cards marketed from outside the USA. With the US legal system, you've got to be insanely brave or stupid to be in the US Blackbox industry. Most DSS pirates are operating outside of US jurisdiction.

It is interesting to speculate on the future of piracy in Europe. With the imminent legislation, it will probably be illegal throughout the European Community to sell, manufacture, import or use pirate devices. But will that stop piracy? The answer has got to be a resounding no. The USA has some of the toughest anti- piracy legislation in the world and it also has one of the biggest piracy problems.

Though the channel can be received in a geographical area, the politics and legalities of the situation may prevent people from subscribing. The main problem is copyright.

The programme producers can make more money out of selling the same product to a large number of small copyright areas than to one large copyright area. This becomes more apparent when the copyright areas are multilingual. Each linguistic territory generally has its own broadcast services. For example, BSkyB covers the primary English language market and Premiere covers the primary German language market.

With analogue systems, for a service to feed more than one linguistic market would require either additional audio subcarriers or teletext subtitling. A more costly alternative is a separate service for each area.

With the emerging digital services, extra audio channels are less of a problem. All that is left is the legal problem. As the channel contracts with the programme provider to only sell in the designated area, the channel is not meant to sell outside of that area. The programme provider will probably have a contract with another channel for that area. Therefore any potential subscriber outside of the channel's designated copyright area cannot legally subscribe to the channel.

Above all, the copyright issue is the one issue that creates the necessary conditions for piracy. It is logical to say that most of the market for pirate cards and decoders would disappear if there was a unified copyright area in Europe. This is sometimes referred to as a footprint based copyright area as opposed to a linguistic or national copyright area. Whether the piracy is in the Grey Market form or Black Market depends on the legal framework and whether the demand can be supplied by Grey Market piracy.

2. Programming Not Available

In most situations, piracy on a channel moves through three distinct phases. In some respects, these follow the growth of hacking knowledge about the system.

1. Card Scams And Grey Market Operations

The hacker scene is currently reeling after a series of raids and court cases over the planet. In North America, News Datacom and DirecTv have filed a civil suit against 22 named defendants alleging that these people were part of a conspiracy to hack the DirecTv access control card and distribute the hacked versions. The suit is aimed at people in four jurisdictions; USA, Canada, Grand Cayman and Bermuda. This casting of a wide jurisdictional net may bring problems.

It is not yet known how much legality a US court action has against people living and operating in another jurisdiction. However some sources have said that the US proceedings may be transferred to Canada as part of the NAFTA trade agreement. The hackers and pirates situated in the islands may be somewhat safer unless they go to the USA. If they do go to the USA they would be classified as "fugitives from justice" and would be liable to arrest.

The fact that News Datacom and DirecTv had to resort to primarily civil law shows just how uncertain the whole legal situation surrounding DirecTv is. The law suit alleges that the named defendants were in violation of the RICO (Racketeering Influenced and Corrupt Organization) statues, the Lanham Trademark Act. The RICO statutes are more typically used against organised crime and drugs traffickers. The trademark legislation is also more typically used against people manufacturing counterfeit devices and passing them off as the real thing. The pirate cards however have not apparently been passed off as the real thing but there is a deeper worry here for DirecTv and News Datacom.

The latest attack on the DirecTv system is the Phoenix program. Normally the Phoenix is the first hack on a smart card based system and is a precursor to a general collapse of security. However the DirecTv situation is different to the European one. The DirecTv hack is still in its first generation and the main profits were to be made from pirate battery cards. This is the path that the hack has followed. Now with the Battery cards becoming commonplace, the Phoenix hack seems to be the next major attack.

DirecTv have, in a press statement issued covering the court action, stated that they will be changing their smartcards over to the new issue beginning in August. This ties in nicely with an October switchover though given the geographical and logistical expanse that is the United States, the actual switchover may be delayed until November or December.

In Europe, there have been some raids of varying success and of similar effect. The main European pirate company Benedex was raided by France Telecom and Canal Plus on the basis that the company was behind the D2-MAC EuroCrypt piracy. While the company was a major player, it soon turned out that it was not exactly responsible for the piracy. TV1000 and FilmNet upgraded their keys in an attempt to hit the pirates. The upgrade has become known as the "Natural Born Idiots" upgrade. FilmNet and TV1000 were about to show the Natural Born Killers movie and had decided to hit the pirate viewers in Ireland and the UK by changing keys. The movie is banned in Ireland courtesy of the somewhat stupid and anachronistic film censors. As a writer, I would like to regard censors and critics in the same light, preferably that of a laser targeting 'scope. In the UK, the movie has not been given a video release yet. The new keys were available within hours proving that the move by FilmNet and TV1000 was exactly that of a bunch of idiots - the only thing that they succeeded in doing was swelling the bank accounts of the pirate card manufacturers.

Sky, News Datacom, and apparently their security consultancy Network Security, were busy as well. This time they were operating way out of their jurisdiction in Germany. They had tried to set up some German hackers and pirates. In an effort to entrap them they tried to purchase the software for activating the Sky 10 cards. Then they got the German police to raid the hackers and pirates the next day. Of course the German prosecutor was, allegedly, less than happy when he found out that Sky had no right to collect subscriptions in Germany.

Sky have been busy elsewhere as well. In Ireland, it seems that they have taken the Megatek operation out of the game. The got an Irish High Court judge to grant an order against Megatek preventing them from trading and also a Mareva order preventing Megatek from reducing its assets in the jurisdiction below £200000. In the UK, the Federation Against Copyright Theft, FACT, moved against Chris Cary's operation. The warrant was executed by the police and apparently News Datacom people were in attendance. The move was, however, questionable. Further enquiries made by a journalist to the FACT received some strange responses. FACT, it transpired were almost clueless on the issue of satellite television piracy and were generally more inclined to be pursuing video tape piracy. The move to satellite television piracy was a strange one. However if you examine the terms under which an Anton Piller order is granted in the UK, things begin to make sense.

One of the things that an Anton Piller order cannot be used for is a search of premises to see what charges can be laid against the defendant in the future. In other words it cannot be used as permission for a fishing expedition. The legal reference is [Lawton L.J; Hytrac Conveyors Ltd Vs Conveyors International Ltd. 1983. F.S.R 63, page 70.]

This matter has yet to be settled and it appears that Chris Cary will fight the action in court. The Megatek situation also has to be resolved. In terms of piracy on VideoCrypt, the main players it seemed were Benedex and Megatek. With these companies out of the scene, Sky and News Datacom could claim that they have achieved a measure of success against Sky 10 pirate cards. However the best is, perhaps, yet to come. It could force matters into a situation where the information to build a pirate Sky 10 card is dumped on to the open market.

Sky and News Datacom were too stupid to realise that the situation regarding piracy was actually under control. There was no SEASON hack on Sky 10. There was no PIC16C84 hack on Sky 10. There was only the Battery card hack and that was in the region of L200. As such it was too expensive for most of the would-be pirate viewers in the UK. It was effectively catering for viewers outside the copyright area. Of course it was all relatively high profile.

Had these people any understating of counter-piracy, they would have realised that having an acceptable low level of piracy is preferable to a situation where there is widescale piracy. It is like the thought processes of those involved operate in black and white - a thing is either right or wrong. The real world is a series of compromises. Rather than the clarity of black and white things exist in levels of grey.

Perhaps it is a case of sheer desperation on the part of News Datacom and Sky. They have resorted to the use of civil law as opposed to criminal law to attack people. Their move against the DSS hackers and pirates mirrors the moves they have made in the UK and Ireland. Will they be successful? It is too early to tell. They have made some inroads against the distribution of the pirate devices in North America and Europe. But the problem of piracy on the services still remains. If anything they have moved the pirate industry a step closer to the next generation of SEASON hacks. If this type of hack appears then it is going to cripple any service that is attacked. It seems that like sharks with the scent of blood from a wounded prey, hackers and pirates will be going after News Datacom protected services first.

Hacking seems to be a form of evolution where the technically proficient are trying to, beginning to take over. The previously dominant group in modern society, the lawyers and politicians, have in general been slow to grasp the ramifications of technology. Hackers have not. Indeed it could be argued that hackers are the biological embodiment of the process of evolution. Some of the lawyers and politicians on the other hand are living fossils. Their evolution moves at the same pace as light trying to escape from a black hole. The immediate response from the lawyers and the politicians is that they try to reign in the hackers with the tools and chains that they know best - legislation.

Some legal philosopher once described America as a society of laws. This of course could be applied to any democracy where there is a constitution and bill of rights. But more importantly, the description is wrong. A society is essentially a set of people with some shared objectives. In that set of people there will always be some group scrabbling for dominance.

For the last few hundred years, the group that had dominance over the society were the lawyers and politicians. They had, on the surface, the best interests of the society in mind when drafting the legislation and rules. The reality was that their real motives had degraded in the cold light of day to the perpetuation of their position and control of society.

Such a hierarchy was effective in a pre-industrial and industrial society. These were societies where things like capital punishment were common. That perhaps is a key to the understanding of this hierarchy. The purpose of capital punishment is not to exact some retribution but to terrify. It was intended to terrify the other members of the society by showing them just how nasty and terrible the law can be. Fear, here, is the key.

When people started to lose their fear of lawyers and politicians, the society changed. The common images of the drink sodden senile judges, the slimy ambulance chasing lawyers, the pervert politicians demonstrate how far modern society has come. Some would argue that these images have always existed.

The old saying that whom the gods would destroy the first make crazy could be upgraded for today. The new saying would be those who have to be destroyed are first made into figures of hate and distrust. It is of course made easier by the fact that the perception is that lawyers and politicians have become detached from society as a whole. They have become isolated.

This lack of fear coupled with the move from an industrial society to an information society has amplified the problem for the politicians and lawyers. Their powerbase has been, and continues to be eroded.

Of course some of these lawyers and politicians will not go quietly into this brave new interconnected world. The best example of the politician's death rattle, in the United States, was the Communication Decency Act. It is the product of minds ignorant and incapable of the task. It is meant to impose a specific set of moral standards on the internet. The internet is far beyond their little minds and far beyond the confines of any one country. It is a construct of the mind and, in some respects a global image of the mind. However the people who came up with the CDA are lacking in one major respect - they cannot understand that which they are trying to legislate for. And you probably thought I was going to say that they lacked minds.

The problem that the politicians and lawyers now face is a society where power is becoming redistributed. It is something that they are not used to and they do not seem to know how to react. The first stage of this change in the structure of society was the proliferation of the personal computer. The second stage was the internet. With the internet, there are no national boundaries and paper laws are frequently ignored.

To a hacker, it is difficult to respect a politician or a lawyer. These people are paid to lie. Hacking, at the most basic is dealing with truth. An equation is either true or false; a bit is either one or zero. Such simplicity, however, rarely translates to the realm of the politicians and lawyers, or indeed to the real world.

Perhaps the most terrifying thing in all of this is that the modern society, with the constitution and bill of rights is an illusion. It never really was a democracy. Democracy died a long time ago. It did not collapse howling in a sea of blood and flame. It died so slowly and silently that few noticed. It was strangled by rules, regulation and legislation.

So what has wrecked this status quo? For the answer, we have to look at the history of printing. Prior to Gutenburg's invention of movable print, books were rare. The Church had a virtual monopoly on the production of books and therefore by default, on the production and dissemination of information. As the Church must have known, when you control the flow of information, you control what people think. Gutenburg's movable typeface smashed that monopoly to such an extent that the Church never again re- established control. The personal computer is the modern equivalent of the invention of movable type. With the personal computer and the internet, man is no longer an island - he is a virtual media emperor.

The hackers altered the balance of power a long time ago. While lawyers were wasting their time in law school, hackers were laying the foundations of the modern interconnected society. Above all, hackers were involved in establishing new ways of distributing and using information.

One of the most vulnerable sections of society to a change in the way information is distributed and processed is, not surprisingly, the law. It is a system of rules based inference and carefully structured bureaucracy. The people in this structured bureaucracy have such wonderful rituals designed to enforce the whole concept of hierarchy.

In an information based society, those who control the information have the power. The reason that law appears to be so complex is because it is simply made to appear that way. The rather arcane method of speech where lawyers use phraseology more at home in the seventeenth century is meant to impress with pompous verbosity. The particular strength of good lawyers is that they can take a case and know the relevant rules applicable and other cases where these rules were applied similarly. Now how much faster would a properly programmed computer derive the same information?

Of course in any society, there is an even more vulnerable part of the dominant group - the financial sector. It is improbable that the triumvirate of politicians, lawyers and financiers could really exist without each other. All of these sections are vulnerable to the hacker but, more importantly, the damage that hackers can wreak in an information society is astounding.

With the move towards electronic cash and electronic funds transfer, there are more opportunities for those who would subvert the system. And who knows better how to subvert a system than a hacker? Of course the quick retort would be the system designer.

A central element of the cashless society will be the smart card or electronic purse. There are, believe it or not, some people who still consider smart cards as being secure enough for this type of application. Now the same arguments were used to promote the use of smart cards on satellite television scrambling systems and where has it got these systems? This is the point at which things become grey, hidden in the twilight zone between satellite television piracy and real crime. Admittedly there are some who would find no difference between the two.

The fact that smart cards are not secure means that a cash or funds transfer system that is based on smart cards is exceedingly vulnerable to hackers and commercial pirates. The expertise is there to hack the cards. Now of course it is only a matter of time before there is some hack on the newer generation of electronic cash cards. The stored token types as used for telephone call cards and other trivial applications are totally compromised at this time. The types I am referring to are the Mondex type applications where each card can store a number of credits that are effectively cash and can be used as such.

There is a big difference between the electronic version of cash and real cash. Real cash is a tangible element. Electronic cash is not so tangible but the smart card is.

There are basically two types of electronic cash schemes; blind and auditable. In the blind scheme there is a finite amount of electronic cash credits in circulation regulated by the service provider. However the service provider can validate each transaction as being authentic without knowing the identities of the parties.

The auditable scheme is more reliable in that the service provider can authenticate each transaction and will have an audit trail which can be used to identify the parties involved.

All of the above depends on security. The algorithms and keys have to be secure. The smart card has to be secure. A house of cards is just too bad a pun for this edifice.

Now if satellite television piracy and hacking is made so illegal that there is no clear differentiation between hacking and real crime, what is to stop a hacker from going for the electronic cash cards? If there is no real differentiation, what is to stop a hacker from selling his discoveries to organised crime interests?

The architecture of the Blackbox industry is hierarchical. A few main companies at the top generally fund the research. The then either manufacture the pirate devices or sell the information on down the line. However this has changed over the last few years and the industry is becoming more diversified.

The most recent innovation in the industry has been the Battery Card. This is a pirate smart card that is based on the Dallas 5002FP microcontroller. This chip has proven to be one of the more resilient chips on the market. Perhaps if channels paid more attention to what hackers and pirates use, they would be in a better position. Of course not even the Dallas is immune to hacking.

The Battery Cards have a touch sensitive keypad. In the event of an ECM by a channel, the card's manufacturer issues a set of numbers or letters which the card user then types into the card. After this the card works again. It cuts the effective lifetime of an ECM from a few days to a few hours.

Of course this innovation was improved upon by a modem module. This module allowed the Battery Card user to connect his card to the phoneline and have it updated automatically. The effective lifetime of an ECM was further reduced as a result.

The whole concept of having an updatable pirate device is not new. Indeed it has been in operation with VideoCipher II piracy in the USA for almost ten years now. The on-board modems were also largely an American innovation. But the main question facing the current services and prospective Digital Television services is the form of future piracy.

There are two possible forms of piracy on existing services and Digital Television services. Both of them have already been tested experimentally with the existing scrambling systems and have been found to work. It is not so much a question of if these hacks will be implemented as when.

Someone once said that the best way to predict the future is to invent it. While things I write about have a habit of coming true this is not to say that the hacks outlined below will. But I have the utmost confidence in the competence of committees.

The following section requires a bit of a leap of imagination. It is set in the not too distant future. Think of the movie "Bladerunner" and you will get some of the atmosphere.

Imagine, if you will, a European Community where the half-baked recommendations in the Green Paper have come to fruition. The legislation to cover up the mistakes in poorly designed systems has been implemented. It is now illegal to sell, buy or use a pirate device in the EU. For hackers, Europe has become a technological tyranny.

To paraphrase Thomas Jefferson, the tree of liberty must be refreshed from time to time with the blood of patriots and tyrants. Those believers in liberty, the hackers, are getting caught on a regular basis. The court actions against hackers and pirates are now little more than production-line criminal convictions. Piracy on Digital Television systems is falling to an almost acceptable level. Then some hackers decide that it is time for some gardening.

1. A SEASON Type Program

Pirate hardware has become more difficult to transport in Europe. Hardware based hacks are fading out of use. Importing pirate devices from outside the EU has also become more difficult. The European Customs have been forced by Directive to devote time to this problem instead of the spending it on more serious problems like drugs.

But the problems of hackers and pirates are often similar to those faced by the channels under attack. The key issue is payment. After all, for a pirate to finance and attack on a service, there must be some guarantee of revenue. This is the rock upon which many a venture has been dashed.

The solution to the problem is a software based hack. Among the many attractions of such a hack is one fundamental aspect. It is unstoppable. Since it is essentially a stream of bits, it can be transmitted by telephone line, by dial-up bulletin board (BBS), by internet. There is not a thing that the anti-piracy enforcement can do about it.

Of course at this stage, you are probably wondering how the pirates can stop a SEASON type program from being spread all over the place without payment. With the SEASON emulator programs, anyone could get them of the internet and the BBSes and run them. The temporary solution that some pirates came up with was a dongle. The problem is that hardware distribution is difficult in this situation.

The hacker solution to the problem is clever. It relies on the fact that each pirate program has been made unique. And for the user to redistribute his program would result in his conviction. After all, it would include his name, address, telephone number, e-mail and credit card details.

Naturally such a program would have to be encrypted for transport over the internet and BBSes. The Pretty Good Privacy cryptography may be used for this. Hackers and pirates do not pay any attention to the morons in the European Commission who want to introduce a common cryptography standard. The result is that the encryption on the pirate software is too hard for the channels to crack.

In the event of an ECM, an upgrade would be available via the internet and the BBSes. This would be patched into this SEASON type program.

The SEASON program has been modified considerably since Markus Kuhn wrote the initial SEASON7 hack in 1994. The new SEASON program has been taken over by pirates and takes full advantage of the technology.

The updates are based on light. The update patch for the SEASON program is distributed by means of a JAVA applet. It is a flickering light applet that just, well, flickers. The timing of the flickering transmits the update. This can be used with the newer generation of battery cards or interfaces that have a phototransistor update facility. It is simply a case of putting the battery card or interface up to the television screen or computer monitor to have it updated.

The interface for the computer to decoder also includes such a light based interface. Let's call it "Firelyte". In this manner, the security of the situation is improved. There is no update patch as such (as an EXE or ZIP file) to be transmitted over the internet. The "Firelyte" applet will be hidden in many sites over the internet. Anyone could find them with their WWW browser. The beautiful part about all of this is that the new Digital IRDs actually distribute the patch over their internet connection option.

Some commentators have said that the Digital Television IRDs will be used for internet delivery. What better way for the hackers and pirates to deliver the pirate SEASON program and the patches?

The proposals to have the ownership of pirate devices and pirate digital television IRDs made a criminal offence and to have the devices subject to seizure are really insane when taken with the above hack. Since the digital IRD downloads the JAVA applet and runs in, it would hypothetically become a pirate device and therefore subject to seizure. It would follow, hypothetically speaking, that all IRDs that run this applet become pirate devices. Therefore it might be possible to wipe out a market.

If one service decides that another service is becoming too difficult to compete with, it may develop a virus that would open all channels on the opposing service's IRD. By downloading this virus they would render all the opposing service's IRD's liable to seizure.

2. The McCormac Hack - The Digital Version