By Richard Smith
Back in the late 1980’s, Rupert Murdoch’s latest fiendish plan for world media domination (there’s a new one every decade or so) centred on pay TV. By 1990 he had merged his Sky Television with the licensed satellite broadcaster, British Satellite Broadcasting, jointly owned by a bunch of other British TV firms. Both Sky and British Satellite Broadcasting had been losing money hand over fist: hence the merger. Over the coming years, Murdoch’s stake in the combined entity, BSkyB, proved more equal, when it came to control of the corporate strategy, than the 50% held by the other parties to the deal, or the 60% held by non-Murdoch entities after flotation. Perhaps the shareholders didn’t mind so much: by 1995 BSkyB was a FTSE constituent, with operating profits north of £150Mn a year and exclusive broadcasting rights to the UK’s Premier League Football, a lucrative monopoly. A series of other money-losing pay TV outfits then fell into Murdoch’s lap. In 2002, BSkyB’s chief UK rival, OnDigital, went bankrupt, to the tune of £1Bn, an impressive sum in the innocent days before the crisis of ’07-‘08. Murdoch was carrying all before him.
It was all about crypto. If you want to be in pay TV, you have to be good at intellectual property protection. If you don’t make it difficult for non-subscribers to rip off your content, that’s exactly what they will do, in such numbers that you won’t make any money. In practical terms that means good (robust, but scaleable) crypto. In turn, that means understanding the weaknesses of cryptosystems in order to make better ones. Cryptology and cryptography go hand in glove. Hire hackers! Hire geeks!
Murdoch did just that: in 1992 he took ownership of his video encryption supplier, NDS; alleged fraud had made NDS a soft target, so there was an opportunity.
The original hackers and geeks at NDS were quite upmarket already: amongst the founders of NDS was Adi Shamir, the S in RSA.
It all went quite well. NDS became a leading supplier of pay TV crypto. But there was a problem:
By the mid-1990s, NDS had become the glue holding Rupert Murdoch’s global pay TV empire together providing conditional access services to Foxtel, BSkyB and STAR (in Asia). It also had big contracts with other broadcasters such as GM’s DirecTV in the US. But the NDS conditional access system was also the most widely pirated and was in danger of being driven out of business.
More geeks were needed, and others. Murdoch’s new hires included Israeli spooks Reuven Hasak, who became head of an NDS department called Operational Security, and Abe Peled (still CEO of NDS, which is now tucked away neatly inside Cisco Systems, where it won’t be able to embarrass Murdoch quite so much any more).
Then there was British ex policeman Ray Adams, whose career in the UK’s Metropolitan Police had never quite got over his recruitment of Kenneth Noye as an informant. When the short-fused Noye stabbed to death a policeman investigating Noye’s possible role in the record-breaking £26Mn Brink’s Mat bullion robbery (Noye was acquitted of murder: self defence), it all went horribly wrong for Adams (not to lose track of the dead cop, who fared worse). All the Noye fallout landed on Adams. Noye meanwhile followed up his cop-killing exploit with a conviction for handling stolen goods, the very type of crime the dead policeman had been investigating. Next, Noye stabbed to death a man whose driving annoyed him (he is still in jail for that one). Noye was simply too tempting an informant for Adams, no doubt, though I’m not sure why anyone trusted the info he provided.
At NDS, Adams further burnished his reputation for building risky professional relationships by hiring a whole crew of pay TV hackers. In the name of IP protection, those hackers promptly set about hacking all the pay TV encryption cards they could find, including those of Sky (in the name of security improvements), and, more ominously, those of Sky’s commercial rivals.
It appears that at least one of those hacks somehow made its way onto the black market:
BSkyB and News had been bitterly critical of the launch of OnDigital in late 1998, after its shareholders Carlton and Grenada dropped an earlier decision to use NDS as its conditional access system (as the smartcard decryption process is termed). Instead, in February 1998 they announced they would use a French system called Seca, developed by Canal Plus.
Two months later, the NDS Black Hat team, a reverse engineering group set up by Operational Security chief Reuven Hasak in Haifa, set out to crack the Canal plus Seca card, a legal and common practice within the industry. Reverse engineering involves the microscopic deconstruction of the card, layer by layer, to reveal the embedded coding.
The team, which was led by German master hacker Oliver Koemmerling, travelled to Bristol to use a Focused Ion Beam and Scanning Electron Microscope in the university physics department.
By June 1998 the Black Hat team had extracted a part of the operating code for the Seca card known as the ROM binary file.
The ROM file is “like the plans of the safe, but it doesn’t give you the key to the safe”, the former chief executive of Canal Plus Technologies, Francois Carayol, told Panorama. “In fact what it did, it gave the hackers a very precise idea of where to drill to open the safe.”
Nine months later, a Canadian piracy site called DR7.com, run by a hacker called Al Menard, published a copy of the Seca ROM file. Koemmerling recognised that it had the same date and time stamp as the file created in Haifa. While time stamps can be fabricated, without knowledge of the Haifa file, the odds against creating the same time stamp in a 12-month period are 500,000 to one.
“The time stamp was like a fingerprint, I mean it’s not really a physical proof, but by statistics you can say it is an astronomically small [chance] that it is not coming from us,” Koemmerling says.
Eventually, the pay TV companies smelt something
In addition to the controversy over OnDigital and Austar, the actions of Operational Security have triggered five separate unsuccessful legal actions by pay TV companies around the world, each claiming damages of up to $US1 billion.
The maxim “no smoke without fire” isn’t 100% reliable, which is bad news for that particular maxim. But still, that is an impressive amount of smoke; and yet, the courts said, there was no fire at all.
Chenoweth is unconvinced:
A secret unit within Rupert Murdoch’s News Corporation promoted a wave of high-tech piracy in Australia that damaged Austar, Optus and Foxtel at a time when News was moving to take control of the Australian pay TV industry.
The piracy cost the Australian pay TV companies up to $50 million a year and helped cripple the finances of Austar, which Foxtel is now in the process of acquiring.
A four-year investigation by The Australian Financial Review has revealed a global trail of corporate dirty tricks directed against competitors by a secretive group of former policemen and intelligence officers within News Corp known as Operational Security.
Their actions devastated News’s competitors, and the resulting waves of high-tech piracy assisted News to bid for pay TV businesses at reduced prices – including DirecTV in the US, Telepiu in Italy and Austar.
And we get a very nice “reveal”:
The actions are documented in an archive of 14,400 emails held by former Metropolitan Police commander Ray Adams who was European chief for Operational Security between 1996 and 2002. The Financial Review is publishing thousands of the emails on its website at URL afr.com.
The email archive, which News Corp has previously sought to suppress, provides a unique insight into the secret side of Rupert Murdoch’s sprawling global empire – it reveals an operational arm that has generated multi-billion dollar windfall profits for the company.
The emails support claims by the BBC Panorama program, aired in the UK on March 26, that News sought to derail OnDigital, a UK pay TV rival to News’s BSkyB, that collapsed with losses of more than £1 billion in 2002, after it was hit by massive piracy, which added to its other commercial woes.
While News has consistently denied any role in fostering pay TV piracy, the Adams emails contradict court testimony given by Operational Security officers as well as statements by News lawyers in the past three weeks.
Those last two paragraphs, phrased with such studied flatness, are about as brutal as it gets. Since they are still online, one might infer that News International’s lawyers have concluded that the allegations they make would be quite difficult to contest. There’s a sample of those emails here.
Thus, more than 25 years after the Kenneth Noye affair sent shudders through the Metropolitan Police, it appears that Ray Adams has blown up in someone else’s face: Rupert Murdoch’s, this time.
Since Chenoweth’s story starts in 1980, and continues to the present day, it’s been convenient to tell it by way of quotations from a couple of Chenoweth’s stories in the Australian Financial Review, here and here.
But for the full dope, and the whole back story, which is a chunk of tech and business history that is well worth knowing about, and teems with lovingly investigated colour, farce, and occasional killings, read the book. Perhaps readers should read the timeline first. It is at the end of the E-book. There is a lot to take in, and the timeline will give some idea of the scope.
Equipped with all that context, you can then turn to Chenoweth’s blog and Twitter feed @NeilChenoweth for the latest, latest stuff.
As of mid 2013, the Metropolitan Police were mulling whether to investigate the AFR’s claims about OnDigital. Apparently, they are still mulling.
So, anyway…data breaches, flaky ex-cops, private investigators, wildly out of control News International minions…those are the operational signature of “The News Of the World”. They are NDS hallmarks, too, as we see. To all appearances, the same rather profitable syndrome has manifested itself twice on Murdoch’s watch, more or less at the same time.
But twice is still just a coincidence, isn’t it?