Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:45 AM
Connect Directly

Dish Says Hacker Hired to Break Into Its Network

Satellite TV drama unfolds in lawsuit over piracy

It could be a scene straight from a satellite TV pay-per-view movie, but it’s actually a real-life court drama currently underway in California: A hacker hired by a News Corp. unit testified yesterday that he did not use the pirating software he developed for the firm to hack Dish Network’s network, according to a Reuters report.

But Dish Network says that the hacker, Christopher Tarnovsky, was hired by News Corp.'s NDS Group to hack into its network, get its security code, and build and distribute smart cards that provide premium channels to satellite receivers. Attorneys for Dish said the pirated smart cards cost Dish $900 million in lost revenue plus repair costs.

In his testimony, Tarnovsky said he was hired to write pirating software that would better secure DirecTV’s network. In a bizarre twist, he also said for his work he initially received a $20,000 cash payment tucked in electronic devices mailed from Canada.

NDS -- which supplies security technology to a worldwide satellite network that includes DirecTV -- maintains it was only doing reverse-engineering and wasn’t involved in any hacking, and Tarnovsky says he never got paid to reprogram EchoStar cards. He admitted that he did, however, build a device called “the stinger” that can communicate with any smart card.

EchoStar Communications -- which recently spun off into Dish and EchoStar Corp. -- filed the initial lawsuit against NDS.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Dish Network Corp.
  • EchoStar Satellite LLC
  • News Corp.

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Navigating Security in the Cloud
    Diya Jolly, Chief Product Officer, Okta,  12/4/2019
    SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
    Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: Our Endpoint Protection system is a little outdated... 
    Current Issue
    Navigating the Deluge of Security Data
    In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
    Flash Poll
    Rethinking Enterprise Data Defense
    Rethinking Enterprise Data Defense
    Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2019-12-10
    JBoss KeyCloak: XSS in login-status-iframe.html
    PUBLISHED: 2019-12-10
    oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation
    PUBLISHED: 2019-12-10
    openstack-utils openstack-db has insecure password creation
    PUBLISHED: 2019-12-10
    rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection
    PUBLISHED: 2019-12-10
    marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c.