Technology

Cable Modem Hacking Goes Mainstream


From a pitiable 56kbps AOL dial-up somewhere in suburban Colorado,

19-year-old Myko Hein would like to tap out this sad, regretful message to

the powers-that-be at his former cable Internet provider, AT&T Broadband: I

was wrong. It'll never happen again. Please take me back.

Just last month Hein thought of AT&T's service as unbearably slow --

acceptable, perhaps, for sending e-mail, but pure molasses when it came to

trading software in Internet chat rooms. Hein's thirst for speed finally

drove him to employ a sophisticated hack that "uncapped" his cable modem,

obliterating the bandwidth limit imposed by the company, and granting him

speed beyond the dreams of hotwired youth.

But it only took six hours for AT&T to catch Hein, cut him off, and ban him

from their network for life. "They said they considered it theft of

service," recalls Hein. "There were no second chances."

It's easy to see the hot rod appeal of tinkering with one's cable modem to

tap into ridiculously high data speeds, and uncapping has become a popular

exercise in the bandwidth-hungry "warez" and movie-trading underground.

Today, the most common target is Motorola's popular Surfboard line of cable

modems. Hackers generate a replacement configuration file for the modem that

omits the capacity limits installed by the service provider. They then trick

the modem into accepting the bogus file.

In addition to violating the typical broadband service agreement, there can

be an anti-social aspect to uncapping. Providers put capacity limits in

their subscriber's modems to prevent each user from taking more than their

fair share of the bandwidth available on each node. In other words, if a

user uncaps his or her modem and starts hogging bandwidth during peak hours,

neighbors will suffer reduced performance. Uncapping sometimes robs Peter to

pay Paul.

Instructions for pulling off the configuration file hack have been on the

Web for at least a year, and chat rooms and Web boards are crowded with

uncappers trading tips and experiences. But AT&T Broadband describes it as a

minor problem, at worst. "I don't think it's something that's rampant," says

spokesperson Sarah Eder. "It's not widespread."

UNCAPPING PROMETHEUS. If cable modem hacking

hasn't become a huge problem for service providers, it's probably because

the process remains intimidating for non-technical users. The subscriber has

to program a DOCSIS configuration file with a special editor, run their own

TFTP server, change their IP address and run an DHCP server that tricks the

modem into pulling the config file from their host. Dedicated hobbyists have

refined the procedure and written tools to automate key portions of it, but

pitfalls and caveats abound.

But that's all about to change, with the pending release of "OneStep," a

user-friendly all-in-one tool that promises to make cable modem uncapping a

point-and-click sport.

The work of a dangerously unemployed U.S. coder who calls himself

"DerEngel," working with a colleague named "Byter", OneStep is described as

a 30 megabyte monster of a program that rolls up all the various servers and

spoofers needed to pull off a cable modem hack. It then hides it all behind

a pretty interface with pull-down menus for selecting your service provider,

modem make and model, and even the new speed limit you'd like to put on your

modem -- in case you don't want the full 10 Mbs Ethernet speed.

So far, the beta version is closely held, but few in the uncapping scene

dismiss OneStep as vaporware. DerEngel is already famous as the underground

Prometheus of super-broadband -- the author of several publicly released

programs that automate some of the steps in the uncapping process, and the

host of a popular how-to site and chat system dedicated to uncapping. In an

IRC interview, DerEngel said he plans to release OneStep in late May, and he

expects it to open up the arcane art of uncapping to the masses. "It will be

the first program of its kind," says the coder.

SPEED KILLS?. But what about the consequences? Myko Hein suffers a low-bandwidth exile as

a result of his six hours of living dangerously. His father, who shared the

household cable modem, now has to slog into work every day -- the dial-up is

too slow for telecommuting. The only other broadband available in his

neighborhood is IDSL service from the phone company, which would break his

family's budget at over $100 a month.

Hein insists he didn't even know he was violating his service agreement, and

claims the uncapping was done by an automated script passed to him by a

friend on IRC -- a kind of OneStep Lite, written specifically for his

service provider, modem and operating system, which he mistook for a

perfectly normal connection optimizing tool. Without commenting on any

particular case, AT&T Broadband claims it doesn't automatically ban a user

for uncapping, and wouldn't have cut Hein off without warning unless there

were aggravating factors. "We handle this on a case-by-case basis, and if

someone is uncapping their service they could have their service

terminated," says AT&T's Eder. "But there are all kinds of things that we

have to take into account in an investigation."

DerEngel says smart uncappers know how to avoid detection. In any case,

OneStep will provide disclaimers and warning statements so that the

easy-to-use program will not tempt the truly innocent. Hein, who wanted more

and wound up with far less, offers this advice: "Don't uncap your stuff," he

says miserably. "Just don't." By Kevin Poulsen


The Good Business Issue
LIMITED-TIME OFFER SUBSCRIBE NOW

Sponsored Links

Buy a link now!

 
blog comments powered by Disqus