Re: November Linux Security Lab Hacks DOCSIS 2.0/3.0

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Brandon Hoffman
Date:  
To: Main PLUG discussion list
New-Topics: USB Broadband Connection script
Subject: Re: November Linux Security Lab Hacks DOCSIS 2.0/3.0
I think it is what the intended and/or advertised use is for. People sell
marijuana because it gets you high, not because it has any medicinal
purposes (even though it *could*). The drug dealers break laws.

On the flip side, people sell guns for self defense and hunting. Not for
violent crimes, even though they *can*. Gun sellers follow the laws
provided.

If the company this guy started sold the modems to ISP's saying, "use this
to test/upgrade your security" then its legitimate, his intentions are pure
and he doesn't deserve to be punished.

But if he sold the software with a nice big sticker saying "Get free
internet from this", than he's guilty for selling it as much as the people
are who buy it.

Just my two sense.
(And yes, sense, I don't carry change in my head.)
Brandon

On Fri, Oct 29, 2010 at 10:50 AM, Benjamin Francom <>wrote:

> Related article:
>
> http://boston.fbi.gov/dojpressrel/pressrel09/bs110209.htm
>
> From the article:
> The guy started a company that sold & promoted tools to hack modems,
> and was was "charged in a six-count Indictment with conspiracy,
> computer intrusion, and wire fraud.
> According to the Indictment, from 2003 through 2009, TCNISO, under
> HARRIS’s direction, developed and distributed hardware and software
> tools that allowed its customers to modify their cable modems so that
> they could disguise themselves as legitimate, paying subscribers in
> order to access internet service providers’ networks without
> authorization and get premium high-speed access without paying for it.
> The Indictment also charges that TCNISO and HARRIS offered ongoing
> customer support, primarily through forums that it hosted on the
> TCNISO website, to assist customers in their cable modem hacking
> activities."
>
> If a tool gives you the ability to commit a crime, does distributing
> said tools make you an alleged criminal? Shouldn't the customers be
> the ones the feds should go after since they are *applying* the hacks
> and connecting to the ISP (regardless of how the tools are marketed)?
>
> JTAG adapters and Linux aren't specific to cable modems, but can be
> leveraged to gain unauthorized access to greater bandwidth.  If this
> guy sold similar tools as security tools as way to learn about DOCSIS,
> would he still have been indicted?    Shouldn't the ISP be able to
> control/throttle from their CO/side?

>
> Similarly, if I found a way to reprogram a smartphone to achieve
> greater (GSM) bandwidth, would that be criminal? Even if I just
> distributed the tools for research? Say something like disabling the
> bluetooth radio and increasing power to the GSM radio. (Just an idea,
> I doubt that would do anything...Or if its even if its possible. I'm
> no a radio or legal expert)
>
> At what point is it criminal? If you get > .01% increase in speed? It
> must be in the EULA somewhere I'm sure.
>
> Are these some of the legal issues that will be covered during the meeting?
>
> (I do not condone stealing bandwidth, far from it actually. I am just
> interested in the subject.)
>
> Fascinating stuff!!!
> -Ben
>
>
> On Wed, Oct 27, 2010 at 12:43 PM, Lisa Kachold <>
> wrote:
> > NOVEMBER 6, [On Honor of Day of the Dead], we will be hacking DOCSIS.
> >
> > Bring your cable modems (and corresponding firmware [see reference list
> > below] or just come to watch us build a Linux cable modem test distro
> right
> > on a Motorola SB5101!
> >
> > NOTE:
> > I only have 1 JTAG programming adapter, which is not USB (slow) so be
> sure
> > to bring any programming adapter equipment that you might have. [USB
> > Available on EBAY for $30.00 or so..]
> >
> > We will follow up this hackfest on the following Tuesday PLUG Security
> Team
> > Discussion at JCL Cowden Center with a deeper analysis and evaluation of
> the
> > diagnostic device we created out of the Motorola SB5101 at
> Gangplankhq.com
> > to include current Cox equipment utilizations for DOCSIS standards 2.0
> and
> > 3.0 (channel bonding), speeds, and security that effects us all, however
> > hidden behind a management interface for a cable modem, that we
> purchased,
> > but for which we do not have password or general access....(scratch
> > head.....wait, where is the ownership??).
> >
> > This is a great opportunity to learn about telecommunications (TDM, TCM)
> > standards for DSL, telecommunications legalities verses internet data
> laws,
> > privacy the FCC way, and your legal rights with regards to equipment you
> > own, and finally the Cox Cable Acceptable Use Agreement.
> >
> > It's all just a wonderful excuse to hack a perfectly useless (hobbled and
> > crippled by design) DSL "modem" with a sweet little Linux stack firmware
> > that morphs it into a nice "router" that can blow the top off all
> previous
> > conceived network performance.
> >
> > DOCSIS 2.0 HOW FAST....??? We will let you know after our build at
> > Gangplankhq.com on Saturday November 6, 2010 Noon to 3PM.
> > DOCSIS 3.0 4 down 3 up bonded channels which equates to: 160 MB down;
> 120
> > up (see Broadcom and TI Competition for these chips/modems (on Linux Open
> > Source)
> >
> > Motorola's SBG6580 3.0 has both a serial port and a USB port, but
> removed
> > from shelves due to firmware bugs.
> >
> > Finally, we will demonstrate how to return the Motorola to it's former
> state
> > in order to sell it on Ebay, Craigslist, or return it to Fry's
> Electronics
> > </joke>.
> >
> > References:
> > DefCon 18 Video Presentation:
> > http://www.youtube.com/watch?v=jBieFU2dkDA&feature=player_embedded#at=16
> > --
> > Skype: 6022393392
> > ATT:     5037544452
> > GV:      6236883392

> >
> > http://www.it-clowns.com
> >
> > I am free because I know that I alone am morally responsible for
> everything
> > I do. -Heinlein
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list -
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
>
>
>
> --
> Benjamin Francom
> Information Technology Executive
> http://www.benjaminfran.com
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss