Updated Friday, April 25 at 7:28 p.m. EST
A software engineer well known for his hacking skills has testified that he was hired by a unit of News Corp. to develop software that could reverse engineer the code on satellite receiver smart cards, but denies using it to hack into the security system used by competitor Dish Network.
Dish Network parent EchoStar Communications, which claims the hacking cost it about $900 million in lost revenue, has brought a corporate-spying lawsuit against News Corp.'s NDS Group, according to published reports. In the lawsuit, Dish Network claims the hacker, Christopher Tarnovsky, was hired by NDS to hack into Dish's satellite network, steal the security code for the smart cards used to deliver television signals to subscribers, and then develop pirated smart cards.
Dish claims the hack cost it $900 million in lost revenue and system-repair costs. The trial could result in millions of dollars in damage awards, according to reports.
NDS, which provides satellite-based security technology to DirecTV, denies EchoStar's claims. The company said saying it engaged in reverse engineering -- looking at a technology product to determine how it works, a standard in the electronics industry -- then building a version of its own, reports said.
During the trial, Tarnovsky admitted that he developed what he called "the stinger," a device that could communicate with any smart card. Tarnovsky testified that he was paid on a regular basis by Harper Collins, one of News Corp.'s subsidiaries, for 10 years. He admitted to receiving $20,000 hidden in electronic devices mailed from Canada.
He said he developed a pirating program to make DirecTV more secure, as one of his early projects. He denied, however, receiving payment for reprogramming the Nagrastar smart cards used by EchoStar's Dish Network satellite TV service.
Tarnovsky, a frequent presenter at the Black Hat conferences and once known as "Big Gun," reportedly helped pirates decode the satellite signal of DirecTV in the 1990s. In March 2002, Vivendi Universal SA's Canal Plus, a satellite-TV operator in Europe, filed a lawsuit claiming that Tarnovsky helped pirates hack Canal Plus signals after joining NDS in 1997. He left NDS to start his own company, FlyLogic Engineering, in April 2007.
Tarnovsky's testimony focuses attention on the value of an enterprise's intellectual property and the importance of protecting it, Amena Ali, chief marketing officer at application security vendor Arxan, told SCMagazineUS.com.
"A company like Nagrastar undoubtedly deployed some security mechanism to make sure paying customers had access to the smart card, but they were not in-depth enough to defend against a reverse-engineering attack," she said.
"Nagrastar did not anticipate the hacker," Mike Dager, Arxan's chief executive officer and president, told SCMagazineUS.com. "You have to anticipate what a hacker will do, anticipate the techniques a hacker will use, and come up with a technology solution to thwart those types of attacks and techniques."
Application hardening tools such as encryption, binary source-code obfuscators, binary wrappers and the company's proprietary binary-code protection technology offer varying degrees of defense against hacking and reverse engineering, Dager said.
The NDS/Dish trial, being heard in southern California because Tarnovsky and NDS are located there, is expected to continue for several weeks.
EchoStar told SCMagazineUS.com that it was not commenting on the lawsuit.
"The EchoStar litigation dates back to 2002 and involves allegations which NDS has vigorously denied,” the spokesperson said. “Our position remains the same. There is no validity to these allegations. A significant proportion of the claims have already been dismissed over the years."