November 02, 2009, 9:13 PM — An expert on cable modem hacking has been arrested by federal authorities on computer intrusion charges.
According to the U.S. Department of Justice (DOJ), Ryan Harris, 26, ran a San Diego company called TCNISO that sold customizable cable modems and software that could be used to get free Internet service or a speed boost for paying subscribers.
Harris, also known as DerEngel, was charged on Aug. 16, but the grand jury indictment was not unsealed until Monday, several days after his Oct. 23 arrest. He faces a maximum sentence of 20 years in prison and a US$250,000 fine, the DOJ said. The six-count indictment charges him with conspiracy, computer intrusion and wire fraud. He was charged in U.S. District Court for the District of Massachusetts.
The arrest follows a November 2008 undercover sting operation, where a U.S. Federal Bureau of Investigation agent bought modems and a book by Harris about cable-modem hacking. "These modems were capable of hacking a cable network and obtaining free Internet service," the indictment states.
Hackers have known for years that certain models of cable modem, such as the Motorola Surfboard 5100, can be hacked to run faster on a network, a process known as uncapping. However, the question of whether uncapping a modem is illegal is "not clear," according to Bill Pollock, founder of No Starch Press, which published Harris' 2006 how-to book, Hacking the Cable Modem.
Pollock said he published the book to give Internet users good information about how to tinker with their modems and get diagnostic information, some of which is blocked by Internet service providers. "If you buy a modem and you can hack the firmware, it's your piece of hardware," he said. "If you use it to steal service, you're breaking the law."
Cable modems can also be configured to use a paying customer's MAC (Media Access Control) address to steal service. According to the indictment, Harris helped develop tools that could be used to sniff MAC addresses in order to get on the network free.
Using a fake MAC address can also make Internet surfing untraceable, a feature that could help criminals hide their footsteps from law enforcement.
In January, Harris told Wired.com that changing MAC addresses in order to get free Internet service was "morally wrong and probably illegal."
"There's a gray area there, but theft of service is a crime no matter where you're at," he said.
Authorities say Harris' company, TCNISO, made more than $1 million selling cable-modem-hacking materials between 2003 and 2009, according to court documents. The company distributed cable-modem firmware called Sigma, along with a version of the Surfboard 5100 modem and some hacking software called Blackcat.
In 2005, the company developed a modified version of Sigma, called Sigma X, that could "block ISPs from 'probing' a modem to determine whether it was hacked," the indictment states. In March 2007, Harris asked users on the Tcniso.net forums for "verified Mac addresses and/or config files," it states.
One of TCNISO's more notorious customers was an unidentified teenager who used the hacker name Dshocker. Last year Dshocker pleaded guilty to hacking charges that dated back to 2005, when he was just 13 years old. Dshocker was charged with using stolen credit cards, phoning in bomb threats and operating a botnet of several thousand hacked computers.
Dshocker used Sigma to change his modem's MAC address and connect to a U.S. ISP, Charter Communications, without paying, the Harris indictment states. Later, he allegedly uncapped his modem, bumping up his access speed tenfold.
Harris isn't the first person to be charged with this type of activity. In January, Thomas Swingler was charged with selling cable modems that could be customized to get free Internet service.
TCNISO's Web site was offline Monday, but Swingler's site, cablehack.net, is still open for business. According to CableHack's site, the modems it sells are "for educational use only." The company "does not encourage its users to use these modems illegally in any way, shape, or form."
