Thoughts on Indictment of Ryan Harris, Hacking the Cable Modem Author

Ryan Harris, author of our Hacking the Cable Modem, has been indicted on charges of Computer Fraud and Wire Fraud. You can read the complete indictment here. These charges carry a maximum of 20 years in prison and a $250,000 fine.

I’ve known Ryan for several years and I worked closely with him as editor and publisher of his book, Hacking the Cable Modem. Having read the indictment it’s clear to me that Harris is being made an example of by cable companies that won’t implement DOCSIS correctly or who won’t put the effort in to manage their users and their bandwidth. Whether you like Harris or not, this is a travesty. (Now, why Harris wouldn’t simply be sued over this instead of being arrested is anyone’s guess.)

According to the Indictment,

“Cable modem hacking” involves the alteration of the modem’s software for the purposes of accessing an ISP’s network without authorization in order to obtain internet service without an account and without paying for the service.

The first part is correct; the last part is not necessarily the case.

Harris visited our office a few years back to demonstrate his cable modem hacking abilities. He’s quite skilled and I think he rooted a Motorola Surfboard 5100 in about two minutes. I was pretty impressed. He had hacked the modem, altered its firmware, and was able to access its admin page. But guess what? He wasn’t stealing anyone’s service. In fact, the modem was only connected to his computer. It wasn’t even on the Internet. But, but . . . it was hacked!

And that’s exactly the point. Hardware can be hacked just for the fun of it or simply to gain control over a piece of hardware that one owns. In fact, that’s why I originally contacted Ryan to express interest in publishing a book on hacking cable modems. I don’t like black boxes (unless they’re Shuttles), and I like to understand how hardware works. I also don’t like the fact that my cable company pushes out a config file to my modem that blocks the admin page. (I didn’t even know that my cable modem had an admin page until Ryan explained that it was being blocked.)

Here’s the thing: If I own a piece of hardware, I can do whatever I want to it. I can modify it; disassemble it; load DD-WRT on it; overclock it; even repurpose it. Why? Because I own it. And there’s nothing more American than that.

I’m breaking the law if I use that piece of hardware to steal something. I’m not breaking the law if I tell someone how that piece of hardware can be used to steal something any more than I’m breaking the law if I publish a book about how to make bombs or commit suicide. (Not that we do or ever would.)

Our country grants us certain rights. One of those is freedom of speech. Another is freedom of press which is probably why No Starch Press has yet to be indicted, I suppose. (Although I’m guessing I now have an FBI file. Woohoo!) Yeah, we bad.

I take just a bit of credit for this bit of the Indictment:

20. HARRIS and TCNISO also offered for sale a book entitled “Hacking the Cable Modem,” which Harris wrote under his alias “DerEngel”

Harris offered this book for sale and so do we. Unfortunately, due to this recent bit of publicity, Hacking the Cable Modem is currently out-of-stock but we’ve got a quick reprint on the way. (PDF available now if you’d like to buy it.)

And yes, we’ll keep printing and publishing Hacking the Cable Modem as well as any other books about hardware hacking or modding that are interesting, compelling, and worth reading. That’s why we call our line “The finest in geek entertainment.”

Stay tuned.


so when can I buy the paper

so when can I buy the paper book version?

Re: Thoughts on Indictment of Ryan Harris, Hacking

This dynamic has been repeated many times, as corporations try to silence anyone who finds an "unapproved" way to use a product. It's a very shortsighted corporate strategy, but then again much of the corporate decision-making is inherently shortsighted because it is tied into quarterly profits and stock prices.

In general, if someone finds a security hole in your product, then publishes a detailed description of it, you should publicly thank them even if privately you are angry. It is an opportunity to send a message, and the message should be that quality is your top priority.

When corporations instead respond by attempting to punish people who expose their product's flaws (here I am categorizing the cable modem's hack-ability as a flaw from the manufacturer's viewpoint), they send a very different message: profit, not quality, is the top priority. Of course, everyone knows the importance of profit. But customers care about quality first. Profit should be a consequence of selling a quality product at a fair price, not a consequence of selling anything you offer at any level of quality for whatever price you demand.

Large, successful corporations unfortunately have a tendency to develop an attitude of entitlement to profit. The reality is that no one is entitled to profit. Over the long haul, profit is a consequence of quality. The critic is a proponent of quality, and the hacker is one specific type of critic. Therefore, the hacker is also a proponent of quality and by extension is also a proponent of profit. Since profit is the lifeblood of the corporation, corporations should view hackers as allies, not as enemies.