Federal judge in Boston sentences hacker to three years in prison An Oregon man who helped people steal Internet access was sentenced on Wednesday to three years in prison by a federal judge in Boston, as authorities step up a crackdown nationwide on computer fraud. “I think you committed a very serious crime,” US District Judge Mark L. Wolf told Ryan Harris, 28, in federal court in Boston. Wolf said he hopes other hackers get the message that cybercrime has consequences, after the prosecution by the US attorney’s office in Boston. Harris earned between $400,000 and $1 million over several years from the sale of products that allowed users to pirate Internet access from cable companies by cloning modem addresses, authorities said. He also wrote a how-to book on the topic. Hacking the Cable Modem: What Cable Companies Don't Want You to Know Written for people at all skill levels, the book features step-by-step tutorials with easy to follow diagrams, source code examples, hardware schematics, links to software (exclusive to this book!), and previously unreleased cable modem hacks. WARNING: The practice of modifying a cable modem violates service agreements, and hackers risk being banned by service providers for life. This book is not intended to be used for stealing Internet service or any other illegal activity. How "The Angel" helped 15,000 people steal broadband Hacking modems DerEngel was really Ryan Harris, a young Oregon resident. Harris had dropped out of high school at 15, like many disenfranchised geeks. He got his GED instead and attended college for a year, but his computer hacking skills were largely self-taught. Around 2003, he set up TCNiSO.net, a Web-based company devoted to creating "diagnostic" tools for cable modems. The tools came in two basic varieties: a packet sniffer dubbed "CoaxThief" and a MAC address/config file changer for select cable modems. Together, the tools enabled some fairly clever Internet fraud. To understand how it worked, consider how cable modems function. Cable networks generally use a shared line connecting many homes in a single neighborhood, as opposed to DSL, where each home's line runs all the way back to a central phone office. That posed a problem for cable operators when they began offering Internet access: how do you tell which traffic on the wire is being paid for by customers, and how do you limit them to their subscribed speed tier? The basic mechanism involved MAC controls. Each cable modem had a unique MAC address linked to a subscriber's account, so the cable headend could simply block all traffic that didn't originate from a MAC address linked to a paid-up account. Problem solved! But not completely, because computers are notoriously flexible. Intrepid hackers quickly figured out tricks to rewrite their MAC addresses, using ones associated with paying customers. Bam—free Internet. Of course, there was a hitch. Cable companies, though widely loathed, are not in fact staffed only with zombified morons. They had a further limitation in place on local lines: two identical MAC addresses couldn't exist on a single neighborhood segment, to prevent exactly this sort of fraud. So the hackers had to get social. Using tools like CoaxThief, they could sniff their local cable lines for the MAC addresses of other users, but they couldn't use the addresses themselves. Instead, they went online—to forums like those on TCNiSO.net—and they swapped with others who had done the same thing. Now the two hackers involved in the swap had a MAC address that came from outside their neighborhood. They just had to get it into the modem, which was designed to prevent such tampering. That's where Harris's other software came in. Released in 2003, the Sigma firmware exploited modem vulnerabilities to install itself into a modem's memory, allowing users to change the device's MAC addresses. The code had to stay continuously up-to-date, since cable companies regularly tweaked their own countermeasures in response. In 2005, for instance, Sigma became SigmaX and gained the ability to defeat cable-company initiated "probes" of cable modems on their lines. Despite the nature of his business, Harris was concerned about the piracy of his software. A 2006 version of his site warned that "all of the software found on this page is property of TCNiSO, INC" and said that it could not "be distributed or linked to, without the written consent of TCNiSO." With the right MAC address and the right software, suddenly the hacked cable modem provided a connection to the cable system. And it could get even faster. Cable modems use cable-provided profiles to limit users to specific speed tiers; Harris also found ways to uncap the modems by altering these profiles, upping their speeds dramatically.