The US Customs undercover op that came unstuck: NewsCorp/NDS’s discreet silence

The 1998-99 undercover operation that followed NewsCorp/NDS’s success with Operation Johnny Walker in North America remains shrouded in mystery.

It’s almost as if there were two separate undercover operations. One was a huge success, a coup for US Custom and the FBI that triggered headlines across the United States. The other operation, as described in NDS internal emails, careered out of control.

John Norris’s email of August 24 1999 reads like a classic example of an operational stuff-up, the carefully controlled phrases covering what must be close to panic and despair: “The skills of the hackers in the field continue to impress me unfortunately . . . The Eurocard must somehow die and stay dead….”

Norris’s great rival, Ray Adams in London, could hardly restrain his satisfaction at Norris’s plight. “This is what you said all along,” he wrote to Oliver Koemmerling.

The public and private descriptions of what happened are very different. And yet they seem to refer to the same operation. There are three sets of accounts of what happened. The first is what Chris Tarnovsky, the hacker who worked as an undercover agent for NDS Operational Security out of California, and his boss John Norris, testified in the 2008 EchoStar trial.

Tarnovsky was asked about Operation Smartcard.

“I worked with U.S. Customs out of Blaine, Washington, on an operation where they were selling counterfeit DirecTV.”

It was a sting where Customs officers actually sold pirate cards for DirecTV, which were based closely on the pirate cards developed by Ron Ereiser’s dealer group.

“So the same ECM [Electronic Counter Measure] that I already designed would knock both Ron out and the Customs operation out when this was finished, when it was determined to pull the plug on the operation.,”

John Norris, the US head of NDS Operational Security, also testified about Operaton Smartcard:

“It was approximately a year-long operation headed by United States Customs out of Washington State.  At the time I read a Customs document, it was the largest fraud investigation in United States Customs not related to drugs . . . Operation Smart Card was focused on identifying and prosecuting large distributors of pirated DirecTV, NDS technology within the borders of the United States. NDS provided intelligence and assistance on this operation in addition to technology that we provided to U.S. Customs.

Norris was asked how NDS handled concerns that pirates would be able to keep using the pirate cards after the operation finished. He said,

“An effort was made to write software that could be downloaded from the satellite to the footprint on — in the   United States that would deactivate or disable those specific Smart Cards….

Q    Do you believe that Operation Smart Card was a success?

A    Yes.

Version 2 of Operation Smartcard is the string of media reports about it on August 9 2000. Martin Crutsinger of Associated Press described Operation Smartcard as a 22-month undercover sting that kicked off in September 1998, in which

“undercover agents sold counterfeit access cards they called ‘Eurocards’ through an Internet business created by Customs agents. By the time the Customs Service terminated the undercover portion of the operation in June 1999, agents had sold 3,195 illegal cards to dealers and 382 cards to individuals, generating more than $516,000, which was turned over to the U.S. Treasury, officials said.

“In July 1999, DirecTV used electronic countermeasures to shut down all of the pirated cards sold through the governments Web site.”

Four people had pleaded guilty to felony charges and another seven people had been charged, Crutsinger reported.

It was a joint Customs and Treasury anti-counterfeiting operation. The key term is counterfeiting, which puts it in the province of the US Secret Service out of Treasury.

A DirecTV spokesman was quoted in the new reports as praising the investigation.

Version 3 of Operation Smartcard emerges from NDS internal emails which were on the hard drive of Ray Adams, European chief for NDS Operational Security.

Tarnovsky had designed the Electronic Counter Measure (ECM) broadcast by DirecTV on July 6 1998 that killed the Eurocards sold by Customs. Four days later with all of the pirate cards out of commission, Tarnovsky was gloating over an email from Ron Ereiser to Bulgarian hacker Plamen Donev, in which Ereiser suggested the ECM offered a theory of what had gone wrong with the cards.

Negative houston! They just don’t have a clue… The jumps were just a bluff actually and they bought if and totally missed the real reason the kill is not revivable! Heheheheheheh I love it when a plan comes together!

But six weeks later on August 23, NDS online researcher Ted Rose reported that several Canadian sites claimed that they could repair the Eurocards.

Norris replied the following day confirming that this was correct. He summarised the position. NDS had prepared two versions of a pirate software called Montana for the Customs operation. But there had been a second piece of pirate programming called Van, prepared for an undercover operative called Myron.

Within six months Tarnovsky had discovered that the Van pirate cards had been ripped off by another pirate, who then began reselling his own version of the Van program  called Ring of Steel. At this point then, which would have been around March 1999, the Van program had escaped NDs control and was in the wild.

NDS had believed that hackers would not be able to crack their pirate products but neither the Van nor the two Montana cards turned out to be safe:

“The hackers were eventually able to dump the technology and sell it as their own…. It took 6-7 weeks after the July 6 ecm but now, the hackers have discovered how to repair the Eurocards 😦 This is confirmed – not rumors.

Norris said the RCMP was moving slowly but would eventually ask NDS for an ECM to kill the pirate cards off, this time for good.

We must remember however, that when they tell us to shut off the Eurocards, we must be able to respond accordingly (there will be no problem with DTV assuming the moratorium is over explained that there were two parts to the operation.

Whatever this countermeasure is going to be, I hope and trust it will be the mother of all countermeasures. The Eurocard must somehow die and stay dead…

In short, Norris was saying, NDS had to find a way to kill these cards, but six weesk down the track he knew of no way to do so; and he thought DirecTV would not “assuming the moratorium” is over.

That was the moratorium under which NDs had promised not to run any undercover operations in North America without DirecTV’s approval. Norris seems to be saying DirecTV had not been consulted.

NDS appears to have taken the view that if they were assisting law enforcement, there was no need for DirecTV approval. In fact, Norris did not seem to know when the moratorium would expire.

At that point then, US Customs had been involved in selling pirate cards which were still functioning, without DirecTV’s knowledge. It appeared many more had been pirated from the cards sold by Customs. Court cases at that time had put the cost to DirecTV of piracy at $10,000 for every card sold. The 3,577 cards sold by US Customs would have cost DirecTV $35.77 million, and millions more from the re-pirated cards.

All apparently without DirecTV’s knowledge.

What was the outcome? At some NDS must have found a way to kill its pirate cards though the Ray Adams emails shed no further light on this. A year after Norris’s email, US Customs went public, reporting the 11 people charged. The announcement was paired with new of another series of piracy arrests organised by DirecTV. It was common cause that it was all a major coup.

Reported earlier in The Australian Financial Review here and more generally here

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s