Ryan Harris, known by his pen name DerEngel, was charged in Boston with a conspiracy count, and charges of aiding and abetting computer intrusion and wire fraud.
“I read the indictment — it’s complete bullshit,” says 26-year-old Harris, author of the 2006 book Hacking the Cable Modem. “They’re filling in their own blanks. From my website I would never sell to anyone who had the intent to break the law.”
Harris is the project organizer of TCNiSO, a band of tinkerers specializing in cable modem hacking. For five years the group has been producing tutorials on how to bypass the firmware locks on Motorola Surfboard modems — a process that sometimes involves soldering a special cable to a hidden terminal inside the device, or exploiting a buffer overflow in the modem’s web interface.
TCNiSO also openly sells pre-modded modems for $100 which are already loaded with the group’s custom firmware, which lets the user control the modem’s functionality. Harris sold two unlocked Motorola Surfboard modems to an FBI agent through TCNiSO.net.
The group’s work has been a boon to cable modem “uncappers,” who use the customized modems to crank up the speed of their internet access by downloading special configuration files from an ISP’s server. Users have also wielded the hacked modems to get free service by spoofing another customer’s MAC address — an attack that only works from a home that’s wired to the cable network but hasn’t had service officially activated.
But Harris has long publicly distanced himself from the criminal applications of his work. “I never had instructions on my website to teach people how to do this,” he says. “I never condoned this type of behavior.”
Indeed, most of the charges in the six-count indictment announced Monday focus on the activities of others. Four wire-fraud charges are based entirely on the fact that a juvenile computer hacker known as “Dshock” downloaded TCNiSO’s firmware and used it to steal broadband.
Dshock pleaded guilty in Boston last year to computer intrusion and interstate threats in connection with DDoS and swatting attacks, and has since been sentenced to 11 months in custody. But the feds don’t allege that he knew or worked with Harris; just that he was one of the thousands of people to use the TCNiSO site.
The indictment notes, however, that users openly sought and shared advice on uncapping and stealing cable (.pdf) on TCNiSO.net’s public forums. And the FBI allegedly found a single damning message on the forum posted personally by “DerEngel” in 2007. “Does anyone have any verified MAC addresses and/or config files for Phoenix (Az)? If sensitive, just pm me. Rewards will follow :)”
The government says that TCNiSO has generated revenues of more than $1 million since 2003.
Harris is free on his own recognizance and scheduled to appear in court in Boston later this month. He vows to fight the case. “I’ll tell you right now I’m not going to plead guilty.”
He’s making a list of the legitimate uses of unlocked modems — he says he’s sold some to cable-modem companies as diagnostic gear — and is trying to raise funds for a private attorney.
“The only evidence they have is the business I’ve been running for the last five years,” says Harris. “It’s like arresting every firearms dealer, because handguns can be used to commit murder.”