Dish has a major problem

[Scott Greczkowski]

I was not going to say anything about this, however since it is being talked about at DBSTalk I feel it is ok for us to talk about it here at SatelliteGuys.

Last night at approxamately 7pm we were notified that Dish Network's new multi million dollar smart card security system has been compromised. In other words the hackers are once again watching TV for free.

I am sure or at least hopefull that with the latest break that heads are rolling at Echostar. How can their new security system be broken before they are even finished rolling it out? Something seems odd.

I myself have met with the Nagastar folks who told me point blank that it would be at least 3 years before the new security was compromised. Boy were they wrong.

Once again the Genie is out of the bottle, and there are no signs of it being capped anytime in the future. When I heard about the break last night I laughed for a moment as I just got done reading an article in the Rockey Mountain News about how dish had fixed its hacker problem.

My question is what does Dish do now? Do they continue to switch over to the new security or just freeze things? Do they issue a newer security and if they do how safe is it will that one be cracked before it is fully rolled out?

I talked with Claude from DishStore.NET who was as upset as I was when he heard the news. With everything being switched over he was seeing an increase of new subscribers at DishStore. Now he fears with everything open again sales will go down. And if sales go down then it is bad for us as well as a portion of every sale at DishStore.NET goes to SatelliteGuys (and DBSForums)

In reading around the Internet today about this new crack, it seems that the main reason people want the crack is so they can watch porn again, they are not interested in watching HBO and most are not interested in watching PPV, they want their porn. Maybe to curb hacking Dish should consider removing the adult channels.

Hacking in a strange thing, some people do it just to see how things work, others do it because they live in another country and watch to watch American TV, and others do it because they don't want to pay to watch tv (yet have no problem buying new equipment all the time just so they can steal tv)

So without getting into hacking talk, I would like to open this up to the membership of SatelliteGuys.US to ask, if YOU were Dish Network what would you do to curb the pirarcy?

This could be a very interesting topic, yet again I want to warn of NO HACKING TALK. It's a very fine line but I believe our membership is smart enough not to cross that line. I have asked our moderators to keep a close eye on this discussion, and they can and will edit anything which they feel crosses the line.

Its a good topic, I look forward to your thoughts on the subject.

 

[jaschier]

I don't know very much about how the hacking took place, but I am under the impression that requiring a phone line connected to the receiver would help. I know that would alienate anyone with a winter cabin w/o phone service, truckers, travelers, etc and not sure how to reconcile that yet. If you have your receiver dial out more often and require that it dials in from the phone number that is the primary on account, it would ensure that it's in the proper location, and that when it dials in it pulls information from built in memory in the receiver to verify its the proper hardware. I really don't think it's a big deal to have my rec connected to a phone line. If it requires us installing phone jacks, ok. I'd rather do that to prevent rate increases and have Echostar essentially waste chunks of time and millions to roll out new smartcards and have them hacked before the upgrade was complete.

Again I'm far from an expert, but literally requiring the phone line connection makes sense to me. Looking forward to more knowledgable people's responses.

On a side note, it pisses me off that when I worked for Dish and had to take call after call after call from people who could not read the directions "take blue card out, put new yellow card in, then call this number", that this was pretty much worthless. E*'s horrible to work for, but knowing their reluctance to satisfy those who are sports fans and now they get their codes broken, gives me serious doubts about the leadership of the company and my subscription therof.

 

[CJPC]

Removing the adult channels would kill a large revenue portion I beleive, people pay pay pay for those, and there expensive, and no matter who you are, everyone is curious. And you cant issue another new smartcard just for those users, as besides alienating them, your talking even more money!

The only foolproof way to totally kill piracy is a) a 2 way sat system (fat chance) or b) a direct telephone line connection, to authorize everything that way continusouly (noone will want there phone line tied up!), or even a required nightly dialout to update the smartcard, and if it doesnt have the latest dialout, it would die

Best bet for E* is to just continue being very agressive in taking down the pirates, and mostly, those who sell the equipment for it! But its hard at the same time as many things have grey area legal uses, so it is really up to the politicians to start passing some real laws, or to find exactically how the new smartcard was compromised, and by who! I honestly doubt it was done by a hacker, but rather an internal leak, the card was too new, and was to advanced I beleive

 

[GaryPen]

In reading around the Internet today about this new crack, it seems that the main reason people want the crack is so they can watch porn again, they are not interested in watching HBO and most are not interested in watching PPV, they want their porn. Maybe to curb hacking Dish should consider removing the adult channels.

It depends on how much revenue Dish gets from porn. It also depends on whether porn really is the overwhelming driving force behind hacking.

Personally, I would have thought it was to get TV for free, which may include porn and premiums, but no one type of programming over another.

 

[goaliebob99]

I say move everyone over to mpg 4 and build the smartcards internaly.. and while your switching to mp4 move to a non dbs standard.. that would help but it would cost a whole lot of money..

 

[BFG]

Sorry but there are bigger problems right now...

They are spending way too much money trying to fight hackers that they should just let them do their thing

 

[DWS44]

I'll say this much...if phone lines become manditory, then they'll lose this customer. Have no land line, and no desire to pay $30/mo for one either.

 

[dfergie]

I'll say this much...if phone lines become manditory, then they'll lose this customer. Have no land line, and no desire to pay $30/mo for one either.

my thoughts too, I killed my landline over a year ago because all I used it for was internet... when wireless came bye bye landline... ethernet connection/phoneline combo (either one with a choice ) would be better for those of us on Cell phones and with high speed...

 

[Van]

Well instead of replacing a customers 3800 with a reman one when it goes down they could swap it with a 311 reman for starters. Reman 322's could replace 4700/4900 units as well or any legacy that uses a uhf remote, offer 522 reman's at a more reduced upgrade offer or free to anyone thats still using the jvc vhs units. Or just start replacing all of the legacy units over the next two years and disable them at the end of that time, Im not sure about the cost but wich is bigger, hacks allowing people to steal hundreds of dollars each month times how ever many are doing it or doing a two year equipment upgrade program.

I was thinking to that if this is the hack I think your talking about then its been around since late last year early this year, send me a pm scott and I will tell you want I know about it.

 

[ZandarKoad]

So what if someone, somewhere has done it. The real question is, how DIFFFICULT/EXPENSIVE is it for the average user to get free Dish TV using the discovered methods? And since that can't be discussed here, I guess we'll never know.... Heh.

If you have to spend $695 on a software radio peripherial motherboard, then have several college degrees in radio frequency processing.... who's going to go to the trouble when they could just pay $50 a month and never pick up a soldering iron?

Then again, if all the have to do is hold down the Dish On Demand button on the remote, and hit up up, down down, left right, left right, B A Select: Poof! free TV... Maybe Dishnetwork DOES have a problem on their hands.

It seems like it's to hard to get free TV to be worth the bother to me. Even if it CAN be done.

 

[goaliebob99]

Allright this is WAY gonna cross the line im closeing this thread!!!! If other mods feel that im taking this way to serious the can re open it!!!! I can allready see where this is gonna lead to!!

 

[Scott Greczkowski]

Ok I have slept on this issue last night and had a couple ideas which would help out which could curb pirarcy.

I would love to see all new Dish Receivers have Ethernet ports and built in WIFI. Dish would require the box be hooked up to a phone line or an internet connection, every so often you receiver would conect to a secure server and download new activation for your receiver. If you receiver does not connect for a few days you would get a warning message that the receiver could not connect to the authorization server, if the user takes no action then the receiver would shut itself off.

To encourage subscribers to hook their receivers up to the internet they could offer on screen email and web browsing as well as instant messaging and special channels made available only to those on the internet (the channels would be streamed on the Internet)

The could actually open a exciting new oportunity for Dish Network, they could offer new programming without using valuable transponder space, plug they could offer additional items such as additional VOD offerings, plug think about Interactive TV that they could offer.

Again this thread is not about HOW thse guys are stealing Satellite, but instead what can be done about it.

 

[stone phillips420]

apparently dish and i presume bev in huge trouble, maybe they should redevelop their cards and issue new ones, then maybe go after everybody using hack equipment, like directtv did a few years back

 

[sampatterson]

I am not a pessimist but I am a assembler and C++ programmer. I specialized a while back in writing licensing / security code. Unfortunately, everything can be hacked. It is a challenge to the hackers and they stand to make big money if they can hack something (although most hackers don't do it for the money). It doesn't matter if you hook to a phone line, internet, etc. Eventually it will be hacked. You know that when that first yellow card (or internal card) was released, the hackers started disassembling the code, watching the streams, etc. Even with an authorization server as Scott suggests it is completely hackable. It is just the time that it takes to either hack/spoof ip/spoof serial #s, etc.

 

[RandallA]

I completely agree with the post above. Any type of encryption will eventually be hacked. Unless they find a way to change the encryption every so often without having to replace equipment then it's a cat and mouse game.

 

[Scott Greczkowski]

Do you think Dish should continue its rollout of Yellow Cards? Or should they stop and get ready to rollout the next level of security.

 

[TJ_77]

I knew it would happen but I just didn't think this quick.I really feel it will take months before N2 is "freeware" right now its more like "shareware" Both Dish and Bell should be really worried.Maybe they will develop a new ECM that fries the board.Just a thought.

 

[chevyN8]

A nightly (or weekly or just random) connect from the reciever to E* would probably help. If the numbers on the receiver don't match a legit number at E* the receiver is disabled. However, they must allow the use of broadband via ethernet or wireless to contact E*. I know many people around here that don't have a land-line...I'm one of them. Anytime you have a one-way signal broadcast it's going to be very difficult to stop people from stealing it.

 

[stone phillips420]

maybe they should develop an encription scheme similar to *choice

 

[ocnier]

Ok I have slept on this issue last night and had a couple ideas which would help out which could curb pirarcy.

I would love to see all new Dish Receivers have Ethernet ports and built in WIFI. Dish would require the box be hooked up to a phone line or an internet connection, every so often you receiver would conect to a secure server and download new activation for your receiver. If you receiver does not connect for a few days you would get a warning message that the receiver could not connect to the authorization server, if the user takes no action then the receiver would shut itself off.

To encourage subscribers to hook their receivers up to the internet they could offer on screen email and web browsing as well as instant messaging and special channels made available only to those on the internet (the channels would be streamed on the Internet)

The could actually open a exciting new oportunity for Dish Network, they could offer new programming without using valuable transponder space, plug they could offer additional items such as additional VOD offerings, plug think about Interactive TV that they could offer.

Again this thread is not about HOW thse guys are stealing Satellite, but instead what can be done about it.

Yes Scott, that would be great in my opinion as well, but it would require dish to actually relinquish some power in terms of customer controls as to how they copy programming and most importantly it would absolutely require them to create high functioning equipment with less than a 5% failure rate (a feat that considering this company's history is a long way off). IMO the only you will get the stuff you suggest to come true is with a change in leadership/command climate which right now is also a long way off. Heck Dish is fanatical about laying the smackdown to people who just want to mod the equipment for LEGITIMATE PURPOSES (ie.add larger hard drives to dvrs). They are not about to allow users much leyway in terms ture programming/dvr controls at this time. The company is just simply too neurotic towards its customers.