Closed-Circuit Telecast of Death Is Expected to Tempt Hackers
As Timothy J. McVeigh is put to death early Monday morning, about 300 of his victims and their family members will be watching and listening on closed-circuit television. That private broadcast presents a tempting target for hackers, a few of whom may be skillful enough and determined enough to successfully pirate it.
“This is the first time they’re going to televise an execution,” said computer security expert Jerry Halasz. “To capture it would be a big deal, a big token. It’s like living forever.”
Government officials stress they’re employing every possible safeguard with the broadcast, which will be digitally scrambled and sent over high-speed phone lines from the federal penitentiary in Terre Haute, Ind., to a secure auditorium in Oklahoma City. Because federal law prohibits the recording of executions, it will be shown live.
Halasz, a senior information engineer with Secure Info Corp., estimates there’s a 50% chance that the broadcast will be hacked and turn up on the Internet. Others give much lower odds, saying the difference between typical hacking--defacing a Web site, for example--and stealing a live encrypted broadcast is as vast as that between a stroll along the beach and climbing Mt. Everest.
But they all concede that it’s possible and that many hackers will find it irresistible to try.
“I’m tempted to say the really smart people who know how this works have some sort of ethics,” said Joel de la Garza, a security expert at the Silicon Valley firm Securify. “But that isn’t always the case. The Internet encourages sociopathic behavior.”
McVeigh wanted his execution televised. Entertainment Network, a Florida company best known for its Voyeurdorm.com site, sued to be able to broadcast it on the Web. A federal judge put an end to that possibility.
Justice Department spokeswoman Susan Dryden declined comment Thursday except to say that “every precaution has been taken.”
The world of hackers is a shadowy one, and it’s as easy to overestimate as underestimate the havoc that can be wreaked. Because the McVeigh execution isn’t being transmitted over the Internet, any potential hacker would have to know his way around phone companies.
“Phone phreaks” were the original hackers, but their heyday was a long time ago, from the early 1970s to the mid-’80s. “Hacking into the phone company is extremely esoteric these days,” said David Brumley, a Silicon Valley security consultant. “Finding someone who knows something about it is like looking for someone who can make horseshoes.”
Capturing a signal as it moves through a phone company switching network is called a “man in the middle” attack. “A few thousand hackers know how to do it,” said Mark Rasch, a former head of the Justice Department’s computer crime unit who now works for the security consulting firm Predictive Systems. “Not to mention several thousand more employees of the phone company.”
Once a hacker caught the signal, he could decrypt it at his leisure, but he might need quite a lot of that. “Given that it’s the government, the cryptography should be good,” said Steve Bellovin, a network security researcher at AT&T; Labs.
And if it’s good cryptography, Bellovin added, it doesn’t matter how the signal is transmitted or even if it’s captured. “The model a cryptographer is supposed to live up to is this: After you encrypt something, you can give it to the enemy to deliver. I suspect the government can get to that level of security fairly easily.”
Naturally, things would be much easier for any would-be hacker if those charged with making the transmission secure don’t do their job properly.
For instance, the video file might be improperly hashed with a faulty software program, making decryption possible, said Amit Yoran, president of the security company Riptech.
The difficulty of hacking the execution doesn’t mean that a copy won’t emerge. In fact, nearly all the security experts were quite sure that a bootleg video, or at least photographs, would show up on the Net, probably sooner rather than later.
“I very much doubt that they’ll tap the phone line and break the encryption. Hackers aren’t that good,” said Bruce Sterling, author of “The Hacker Crackdown: Law and Disorder on the Electronic Frontier.”
“If the thing shows up, it’ll be an inside job by someone at the prison or among the audience who tapes it with a dinky little videocam as it’s displayed on the screen. This is how movies are commonly pirated in Asia, and it requires no technical expertise.”
*
Times staff writer Charles Piller contributed to this story.
