…and I suspect you are at least a bit surprised that you are still subscribed to this very dusty mailing list.
Are you ready for some football?
Yes, ladies and gentlemen, tonight the NFL season begins anew, and today all 32 teams are undefeated. Before the sun rises again, the Dallas Cowboys will probably be the lowest ranked team in the league, which itself is a cause for celebration, even if it means that the Eagles will be at the top.
And if somehow Dallas wins? Well then the Eagles will be the last in the NFL for a full day, which is also a cause for celebration. At least, until Friday.
So, to avoid having to type three paragraphs about tonight’s game using only my middle fingers, I’m going to take a few minutes to celebrate a 30 year anniversary and talk about a distinctly related topic that doesn’t get much attention anymore: signal piracy.
But first… uh, hi! It’s been a long time since I put anything on this mailing list, and even longer since I’ve seen some of the familiar faces that are on it. If you’re done with me, or done with football, or done with email, go ahead and unsubscribe (there should be a link down at the bottom). However, if you’ve been missing my blend of snarky NFL commentary, and the occasional 2500 word rant about something only slightly related to the game, well then, welcome back. I’m going to try my best to post every Monday through this season — we’ll see how it goes.
Ok. On to the anniversary. This year marks 30 years of the general availability of NFL Sunday Ticket. It launched as a beta to selected viewers about halfway through the 1994 season, but it wasn’t until the 1995 season where it was easily available to anyone who could attach a DirecTV dish to their house. DirecTV itself had launched in 1994 and had about 250,000 subscribers by the end of the year. By 2000, it was just shy of 10 million. The Sunday Ticket package probably made that possible, and the $50M that they paid the NFL for the exclusive rights to have it was a bargain. (The NFL agreed, and when it was time to renew the contract in 2000, the price doubled. DirecTV signed the contract anyway.)
If you are wondering, a DirecTV subscription was about $32/month in 1995 (worth about $65 today), and the NFL package cost $130 for the season (about $280 today). DirecTV’s growth from 1995-2000 put them well on their way to becoming the dominant force in satellite TV that they are today.
[By comparison, a 2025 YouTube TV subscription is $83/month, and the Sunday Ticket package is an additional $378 on top of that. Google pays the NFL $2 Billion per season for the US rights. It is probably less of a bargain now.]
When it launched, DirecTV represented a pretty major shift in satellite broadcasting, and not just because it used small dishes that were easier to install and less offensive to your neighbors.
It has been legal to own and use a dish in the US since 1979, and the law was clarified in 1984 to make two things clear: 1) that any dish owner can legally use any unencrypted signal that they can receive on the public airwaves, whether they are the intended audience or not. and 2) that companies are allowed to encrypt their satellite transmissions for the purposes of access control.
At the time, the only “intended” audiences for satellite broadcasts were cable companies and local TV stations. HBO (and ESPN and dozens of others) would transmit their signal via satellite to your local cable company, and the local cable company would handle putting it on wires and sending it into homes. ABC and the other networks used satellites to transmit their national shows (and live sports) to local affiliates who would then broadcast it on the air. If you were a hobbyist with a big-ass dish in your yard and you happened to receive HBO or Monday Night Football from a satellite broadcast that was intended for your cable company or ABC affiliate, that was OK.
Owners of sports bars took notice though, and their roofs started to regularly support multiple dishes pointing in different directions, so in addition to what they could receive with an antenna or an early cable-TV system, they could start showing multiple out-of-market games that were on the satellites. This is when it started to be possible for a Jets fan in Los Angeles to get to see their own team play on Sunday.
In practice, there weren’t enough private owners of satellite receive equipment to bother with… until all of the sudden, there were. Between 1984 and 1986, almost 2 million satellite dishes were sold in the US. The Big-Ugly-Dish was at least briefly known as “The West Virginia State Flower”. So, naturally, it was time for the capitalists to beat it down.
Until sometime in 1985/86, essentially everything in the sky was unencrypted, and if you knew where/when to point your dish, you could legally receive anything that was up there, including the live-event backhauls and other things that weren’t really targeting end users. The catch was that the dishes were large (6-8 feet in diameter for a typical C-Band dish that would receive signals in the 3.5-5 GHz range) and they were expensive.
Then, the market changed. In the second half of the 80s, the VideoCipher-II appeared. This was a “descrambler” specifically designed for both professional and direct-to-consumer encrypted satellite TV. Each box had a unique serial number such that a signal from the satellite could tell it which channels it was authorized for, and for how long. So, now it was possible to pay to subscribe to individual channels or packages of channels, and it was possible for NBC to encrypt its signal such that only authorized stations could use it. (Though, it was up to the descrambler box to “know” which stations it was authorized to descramble… so I’ll bet you know how this ends).
Naturally, pay stations like HBO and TV networks like NBC turned on their encryption as soon as they were allowed. HBO tried to charge legitimate users $13/month, at a time when the typical cable company was offering the channel for about $6. You can probably guess what happened next.
If you guessed that autistic ham radio operator Captain Midnight takes over the HBO Uplink in protest, and almost gets thrown in jail for it… Well, you’re right, but it’s not where I was going with this.
As the rest of you might have guessed instead, there almost immediately became a market for “chipped” VC-II boxes, which ignored the authorization codes, and went ahead and decrypted everything. A typical chipped box would cost a few hundred dollars to buy, and then a few hundred dollars a year for the patches/updates that would be required to keep it working. It didn’t cost much less than buying your satellite programming through legitimate means, but it did give you many more channels, including plenty that consumers weren’t able to subscribe to directly. Naturally, this created a multi-million dollar black market. It’s not that people weren’t willing to pay, it’s about what they were able to get for their money.
In 1994, Charles Platt expensed a trip to the Bahamas and then wrote an absolutely fantastic longform piece on this in one of the first issues of Wired. He wrote this just as the old VC-II boxes were becoming obsolete, the new VC-II+ boxes hadn’t been cracked yet, and there had recently been a massive Federal sting that resulted in a few dozen people going to jail over selling descrambling hardware. It’s worth a read.
Most of Platt’s reporting was from late 1993 and early 1994. In June of 1994, DirecTV enters that ecosystem. Instead of 8 foot dishes that received C-band (~5GHz), DirecTV used 18 inch dishes that could receive Ku-band (~12 GHz). This was a dish that could be mounted on a house in the suburbs just as easily as it could be put on the roof of a sports bar. It represented a premium product (the subscription fees were about 25% higher than cable, before adding Sunday Ticket), and to anyone who was coming from the C-Band descrambling world, it represented a very sweet decryption target.
RCA and Hughes designed the receivers for DirecTV, and having learned… something? from the VC-II debacle, they outsourced the security of the content. The DTV receivers handled decryption/authorization by offloading it to a smartcard inserted into the receiver. This allowed for future upgrades by replacing the card, which would be much cheaper than replacing the entire unit (like VC-II). In a movie, telling the story of this decision would be considered foreshadowing.
The smartcards were designed and produced by NDS (which was a subsidiary of NewsCorp at the time; more on that later). The first verson of smartcard (known as an F card) had a number of significant design flaws, and it was compromised within weeks. For about $75, you could buy a card programmer that (with the right knowhow and software) could manipulate the subscription settings on an F card to unlock every channel and wipe any PPV history on the card. Plug it back into your receiver and every channel was there and free. The card programmers had non-illicit uses as well, so the hardware was readily available and legal.
Shortly thereafter, card emulators and similar interfaces started to appear — which allowed you to plug your receiver into a PC, and let the PC handle decryption duties, with no smartcard necessary. NDS eventually responded by replacing DirecTV cards twice in the 1990s, first with the H card and then the Hu. These cards had custom ASICs in them, so they couldn’t be fully emulated, but it was not long before these too, were compromised.
And just like the VC-II ecosystem that came before it, there was a very active DirecTV hacking tools marketplace (mostly centered in Canada this time, where selling and developing these tools was effectively legal, because they couldn’t be used to pirate Canadian content and it wasn’t yet illegal to pirate US content if you are in Canada). For a while, it seemed like every bar in the Caribbean and Mexico was showing games from Sunday Ticket on a hacked card, and if you knew what to ask for, every town in North America had a satellite equipment dealer who happened to know someone who would reprogram your card for a fee, and would reflash it whenever it stopped working. In San Francisco at the time, there was a bookie who was a regular at a now gone 3rd Street sports bar who was rumored to sell H cards. It was widely assumed that the bar itself was using several of them. They really were everywhere and people were pretty open about it.
In 1999, it was not unreasonable to believe that 1 in 10 DirecTV receivers was unauthorized. That included 100% of the receivers being used outside of the US (the early satellites couldn’t focus their broadcast signals very well, so any signal that’s receivable in Key West would also be plenty strong in Nassau or Caracas. Likewise for places like Toronto.)
This ended in January 2001, a week before the super bowl. After years of making no attempt to thwart pirates, DirecTV put together a series of ECM (electronic countermeasures) that are still regarded as nearly legendary in their elegance. While Black Sunday didn’t end DirecTV piracy, it cut it at least in half. It still may be the only time where the greater hacking community expressed such a high level of respect for something that the anti-piracy side pulled off.
And the timing was perfect. With a week’s notice, the pirates who were planning a super bowl party could make other arrangements, including subscribing legally (or sticking a piece of metal in the air and receiving the game the old-fashioned way).
So, what took care of the rest of DirecTV piracy? Well, in 2003, the feds indicted 17 people near the top of the pyramid. Even for the ones who didn’t serve time or pay fines, this action made a lot of them step away from the business.
And then there’s this: Shortly after NewsCorp (remember them?) made a deal to buy DirecTV, it seems that NDS (remember them? they’re part of NewsCorp) leaked information to the underground community that made it remarkably easy to break Nagravision, which was the encryption used by DirecTV competitor, Dish Network. It turns out that there were people on the NDS payroll who were actively reverse-engineering the competitor’s encryption system, and when they broke it, they leaked the details to the pirates. The timing of this was of course, not at all influenced by NewsCorp’s recent purchase of DirecTV. The pirates took the details of Dish network’s encryption and ran with them, and it was almost 10 years before Dish or ExpressVu got control of their signals again.
There were lawsuits, but there were almost no disagreements on fact. NDS never denied hacking Nagravision or leaking the information that made Dish Network piracy a problem for the next decade. They just claimed that it was a normal part of doing business, in their particularly sleazy business.
Ultimately, NDS lost the lawsuit, but was only required to pay a $1500 fine. Poorly behaving encryption companies pissing on each other was not a matter for the courts to decide, and this verdict made that clear… but it took years to get there. $1500 strikes me as a normal cost of doing business, and I’m quite sure it was intended to send that message.
In hindsight, those were some crazy times.
In 2025, satellite piracy is almost gone, both because the encryption has gotten a lot better, and because satellite TV isn’t as prevalent as it used to be. Signal piracy through streaming is still a thriving business (and it has a lot of parallels to the satellite hacking scene of the early 2000s). What, did you think the folks in the Bahamas were going to stop watching the NFL?
Would you be surprised if I told you that for a fee, you can get access to high quality, reliable streams of NFL Sunday Ticket (and much, much more), anywhere in the world, ultimately being run by people living in a place where it’s legal, and sold to you through a shady network of resellers operating in a legal grey-area?
Because that definitely exists, today (and it is unfathomably cheap). Someday, it will probably meet the same fate as the Hu card. But, today, they really are everywhere, and people are really open about it.
…which brings us to tonight’s game.
Tonight the 0-0 Philadelphia Eagles host the 0-0 Dallas Cowboys on the freshly installed HERO hybrid grass system of Lincoln Financial Field. This field was installed over the summer, to conform with FIFA requrements for World Cup Soccer matches. It is a 95% bermudagrass mixed with 5% polypropylene fake grass (think: sushi grass, not grandma’s doormat, which is polyvinyl-chloride). The light, fast soccer players like it. It remains to be seen how the heavy, slow offensive linemen feel about it.
The smart money takes no position on this game, but would like to remind you that OJ Simpson was ordered to pay restitution for possession of illegal satellite TV decryption hardware years after his other legal problems.
Even among those who can afford to pay for the legal product, the pirates usually offer a better solution.
Welcome to September.
May the NFL season treat you well and the Cowboys go 0-17.
-Jeff