I know this guy -- call him Dave -- who spent much of February and part of March searching San Diego stores for a set-top receiver compatible with the DirecTV system. He had no use for the receiver itself but wanted the card with the embedded microchip that came with it, called a smart card, so a Mexican hacker he knew could program it to illegally receive the popular satellite television service. Dave, a millionaire and retired to a gated beachfront community near Rosarito, believes that one inalienable benefit of living in Baja is being able to steal DirecTV's premium service. He's probably just one of thousands south of the border who do so. I know eight persons who pirate the signal -- mostly Americans but also some Mexican citizens -- and have heard of many others. I know of no one who now pays the company for the service, though five years ago I was acquainted with an American living in TJ who did subscribe to DirecTV, using a borrowed San Diego address and phone number. But soon he too joined the pirate crew.
On January 21, exactly one week before the Super Bowl, the El Segundo-based DirecTV company unleashed an electronic counterattack against the pirates, sending out computer code through the transmission lines intended to destroy the counterfeit smart cards. DirecTV had taken many other electronic countermeasures -- known as ECMs -- since it began service in 1994, but only in small doses that the technologically savvy hackers found a way around. These code changes are known to both the company and the hackers as "zapping" the card, but as it could be reprogrammed, they were little more than minor annoyances. This time, however, the attack was massive, effectuated over months, with the company transmitting to the receivers tiny bits of new code, until the day when DirecTV pulled the trigger to reconfigure the entire program built into the box. It didn't simply zap the cards temporarily, but rendered them incapable of ever being programmed to steal the signal.
"We fried a lot of counterfeit cards" is how Robert Mercer, an executive for the company, described it, adding that the January attack "was a different kind of countermeasure, more deadly than we ever launched before." It was, he said, "like a little neutron bomb," and acknowledged that its timing was no coincidence. "We wanted to get everyone's attention. We probably ruined a lot of Super Bowl parties." So confident was the company that they had inflicted serious damage on hacking operations that they embedded into the final piece of their destroying code the words GAME OVER.
Hacker websites and forums revealed the counterfeiters in a state of shock following what they now call Black Sunday. One wrote that the hackers had at last been bested by "a bunch of old nerds at a Satellite company." DirecTV farms their electronic security tasks out to News Digital Systems, an Israeli company owned by the Rupert Murdoch media empire (Murdoch is negotiating to buy DirecTV), but this ECM was so sophisticated that some speculated a top hacker, a Canadian facing jail time, had assisted the company. DirecTV spokesmen would say only that "There are people willing to make deals to lessen their sentences. We have made deals with some of these people who have been caught." The customers of the hackers were also in shock, suffering withdrawal symptoms from not being able to watch premium television service. While no one knows how many households pirate the DirecTV signal (the other major satellite TV company, Dish, also gets hacked but to a lesser degree), estimates run from 100,000 to double that number, in the U.S., Mexico, and Canada.
Prices for DirecTV's service range from $22 a month for basic to more than $80 for the premium service, but that's not counting the pay-per-view events, like wrestling, boxing, concerts, and recent movies, which will add to the bill. Mercer guessed that a pirate who watches the services that are normally pay-per-view could steal as much as $100,000 per year of value. The satellite that DirecTV uses for its customers in the U.S. also spills its signal a few hundred miles over the Canadian and Mexican border, using the standard small dish. (Subscribing to the American service is, in fact, prohibited by those countries.) Thus, an active hacking and marketing community has sprung up in the border areas of these two countries, and DirecTV's Signal Integrity Office, run by former FBI agents, has helped U.S. and Canadian police bring the culprits to justice. However, the company knows of no arrests for hacking ever made in Mexico. In fact, not until recently did Mexico have an anti-hacking law. A lot of the card counterfeiting is done in Canada, where the law is ambivalent: some hackers have been convicted, but at least one judge ruled that a defendant could not be found culpable of stealing a service that was not sold in the country. Many of the phony smart cards are smuggled from Canada into the U.S. and Mexico, though there is evidence of a growing community of accomplished hackers in Tijuana. One Baja customer of the hackers says that he knows of at least one American who regularly comes into Tijuana to pick up some cards, evidently for resale in the U.S. Hacked cards in the U.S. sell for around $250 to $400, and some have shown up on the eBay auction site. In Baja they're often much cheaper, sometimes going for $150 or less.
Dave, the wealthy retiree, was introduced to his hacker by a good friend, a Rosarito businessman who himself receives the illicit programming. He's had the cards for several years at a price of $150, which the hacker guarantees for six months. This means that if an ECM zaps the card within that time frame, the hacker will reprogram it gratis. Dave says that his card has gone unzapped for as long as ten months and for as short as two.