PDA

View Full Version : Hardware Hacker Charged With Selling Cable Modems That Get Free Broadband



Marc
01-12-09, 08:20 PM
http://blog.wired.com/27bstroke6/2009/01/hardware-hacker.html

Hardware Hacker Charged With Selling Cable Modems That Get Free
Broadband -- Update
By Kevin Poulsen January 12, 2009 2:59:32 PM

Categories: Hacks and Cracks

In the first case of its kind, a Pennsylvania man faces federal criminal
charges for allegedly selling hacked cable modems capable of stealing
free, anonymous internet service from broadband providers.

Thomas Swingler was charged Thursday in federal court in New York with
trafficking in unlawful access devices for his online business
cablehack.net. The site, still in operation, sells "pre-modded" Motorola
Surfboard modems for between $38 and $58 that can be customized by the
owner without a cable company's knowledge. Among other things, the user
can set their own upload and download rates, and change the MAC
address - the unique identifier normally hard-coded into a modem.

"If you decide to use one of these modems to get free internet, then
you're committing theft of service and we will take no responsibility
for what may happen to you if you're caught," the site cautions in its
FAQ.

The prosecution treads on a gray area largely avoided by federal law
enforcement until now. Modified modems and detailed hacking tutorials
have long been available over the internet, with much of the hacking
aimed at "uncapping" modems to get higher speeds than offered by
providers. The hacking is effective because, unlike old-fashioned
telephone service, in which the phone company exerts independent control
of every line, cable modem systems hang an entire neighborhood off a
common backbone in the field. To bill customers and set individual
bandwidth limits, they rely on their ability to track and control the
modems attached to their network.

Customizable modems can also have legitimate uses. But despite his
public disclaimer, Swingler knew exactly why people were buying his
hacked modems, according to the FBI, which set an informant on Swingler
last June. "The modem steals the internet," he allegedly said in an
online chat with the snitch. He described his business as "modem
modification where you can get free cable internet."

"It's 100 percent legal," he boasted. "What the end user does is
theft-of-service. Not my problem."

Using a cloned or fictitious MAC address could not only provide free
broadband, it would frustrate law enforcement efforts to track down an
internet user committing other crimes online. "You could do mad fraud
off it," Swingler allegedly explained in another chat session. Swingler
declined to comment for this story.

It's not clear how many modems Swingler has sold, but the online forum
attached to his site boasts over 4,000 users, and the FBI's review of
Swingler's PayPal account showed "numerous sales of modems to
individuals around the world."

In July, FBI agent Milan Patel ordered a modem (.pdf) from Swingler and
sent it to Motorola for analysis. The company verified for the FBI that
the device had been hacked to allow users to change their MAC address.

Because the hacked modems have legitimate uses, Swingler's statements to
the informant could make all the difference in the case, says Mark
Rasch, a former Justice Department cybercrime prosecutor.

"I think the law is pretty clear that if you can convincingly say that
you didn't know it was going to be used illegally, you shouldn't be
prosecuted," says Rasch. "I don't think that argument will fly here."

The author of Hacking the Cable Modem: What Cable Companies Don't Want
You to Know, who goes by the name DerEngel, says he's familiar with
cablehack.net. Last year the site licensed DerEngel's custom cable-modem
firmware, called Sigma, for a flat $150 fee. "They used to just steal
it," he says.

Like cablehack.net, DerEngel's website sells pre-modded modems loaded
with Sigma, which allows users to reconfigure the modem through a
built-in web interface. Among other things, the custom interface lets
users to change their MAC address. But DerEngel says he doesn't support
fraud, and that MAC address tinkering has legitimate uses, and is just
one step in the complicated process that allows a modem to get free,
untraceable internet.

"I think that's morally wrong and probably illegal," DerEngel says.
"There's a gray area there, but theft-of-service is a crime no matter
where you're at."

According to the FBI, Swingler took up modem-modding after retiring from
a career managing botnets - fleets of hacked computers used to steal
consumer information and launch denial-of-service attacks.