from the corporate-spy-vs-corporate-spy dept
Back in 2008, News Corp (owners of satellite providers DirecTV) was sued by DISH Networks for allegedly hacking their competitors satellite smartcards and flooding the market with them. News Corp (sort of) lost that lawsuit. Following News Corp's more recent high-profile hacking scandal related to News Of The World, more accusations of satellite hacking emerged, this time in the UK.
But amidst all the lawsuits and accusations, it turns out there are some other fascinating stories to be found in News Corp's world of competitive corporate hacking and private security. A new book by Neil Chenoweth, Murdoch's Pirates, digs into that world and turns up some pretty fascinating results. From an excerpt published in the Sydney Morning Herald, we get the story of some befuddled inter-agency espionage between News Corp and its own subsidiary, complete with aliases, informants, moles and a cross-border escape gambit by a spy on the run.
The story is complex, but I'll attempt to summarize. In the late 90s, NDS (the branch of News Corp that deals with private security and anti-piracy activities) sent top hacker Oliver Kömmerling undercover to Toronto, under the pseudonym Alex, with a mission: pose as a satellite pirate and infiltrate the rings selling hacked DirecTV smartcards. Oliver was also one of the hackers directly involved in the hacking of competitors' smart cards, but in this case he was being put to work defending News Corp's own satellite operation. But NDS made one big mistake: they never told DirecTV, which had its own security/anti-hacking division led by a former FBI agent, and they believed Oliver was still a bonafide satellite pirate at large. They had no idea he was now working for NDS—and one of the Canadian hackers Oliver met with turned out to be working for DirecTV, and ratted him out to them. Moreover, no matter NDS or Oliver's intentions, he was breaking the law by hacking and selling smart cards to track down the "real" hackers—so he ended up facing potential arrest or detainment at the border.
As a result, the two security divisions (both ultimately owned by News Corp) played spy-games with each other, and for the details you really should just read the whole story. It's fascinating, and quite funny—and it also raises some interesting questions about how big corporations should approach this kind of security. In one way, I actually think some of the principles here are the right way to approach things—investigate the biggest commercial pirates until you have enough evidence to either bring a lawsuit against them or pass the case along to a criminal prosecutor. That's better than having the government act as corporate police. However, big problems arise when companies start breaking the law in the course of their investigation—as much as they might want to play spy, they don't get the exemptions that law enforcement and intelligence agencies do. It's also highly troubling when their investigations are intertwined with law enforcement, such as when FACT in the UK joined the police raid on the SurfTheChannel offices—that's crossing a line between private interests and government. But then, on top of all that, you have the potential for a comedy of errors like this one: News Corp spending lots of resources to put a man in significant danger in a foreign country, for the sake of hacking its own products, and spurring its own property to put more resources into tracking down a hacker that was supposed on be on their side. At some point you have to ask: what is security worth? And how likely is it to be effective against hackers if it is disorganized to the point of farce?