In the first case of its kind, a Pennsylvania man faces federal criminal charges for allegedly selling hacked cable modems capable of stealing free, anonymous internet service from broadband providers.
Thomas Swingler was charged Thursday in federal court in New York with trafficking in unlawful access devices for his online business cablehack.net. The site, still in operation, sells "pre-modded" Motorola Surfboard modems for between $38 and $58 that can be customized by the owner without a cable company's knowledge. Among other things, the user can set their own upload and download rates, and change the MAC address — the unique identifier normally hard-coded into a modem.
"If you decide to use one of these modems to get free internet, then you're committing theft of service and we will take no responsibility for what may happen to you if you're caught," the site cautions in its FAQ.
The prosecution treads on a gray area largely avoided by federal law enforcement until now. Modified modems and detailed hacking tutorials have long been available over the internet, with much of the hacking aimed at "uncapping" modems to get higher speeds than offered by providers. The hacking is effective because, unlike old-fashioned telephone service, in which the phone company exerts independent control of every line, cable modem systems hang an entire neighborhood off a common backbone in the field. To bill customers and set individual bandwidth limits, they rely on their ability to track and control the modems attached to their network.
Customizable modems can also have legitimate uses. But despite his public disclaimer, Swingler knew exactly why people were buying his hacked modems, according to the FBI, which set an informant on Swingler last June. "The modem steals the internet," he allegedly said in an online chat with the snitch. He described his business as "modem modification where you can get free cable internet."
"It's 100 percent legal," he boasted. "What the end user does is theft-of-service. Not my problem."
"You could do mad fraud off it," Swingler allegedly explained in another chat session. Swingler declined to comment for this story.
It's not clear how many modems Swingler has sold, but the online forum attached to his site boasts over 4,000 users, and the FBI's review of Swingler's PayPal account showed "numerous sales of modems to individuals around the world."
In July, FBI agent Milan Patel ordered a modem (.pdf) from Swingler and sent it to Motorola for analysis. The company verified for the FBI that the device had been hacked to allow users to change their MAC address.
Because the hacked modems have legitimate uses, Swingler's statements to the informant could make all the difference in the case, says Mark Rasch, a former Justice Department cybercrime prosecutor.
"I think the law is pretty clear that if you can convincingly say that you didn't know it was going to be used illegally, you shouldn't be prosecuted," says Rasch. "I don't think that argument will fly here."
The author of Hacking the Cable Modem: What Cable Companies Don't Want You to Know, who goes by the name DerEngel, says he's familiar with cablehack.net. Last year the site licensed DerEngel's custom cable-modem firmware, called Sigma, for a flat $150 fee. "They used to just steal it," he says.
Like cablehack.net, DerEngel's website sells pre-modded modems loaded with Sigma, which allows users to reconfigure the modem through a built-in web interface. Among other things, the custom interface lets users to change their MAC address. But DerEngel says he doesn't support fraud, and that MAC address tinkering has legitimate uses, and is just one step in the complicated process that allows a modem to get free, untraceable internet.
"I think that's morally wrong and probably illegal," DerEngel says. "There's a gray area there, but theft-of-service is a crime no matter where you're at."
According to the FBI, Swingler took up modem-modding after retiring from a career managing botnets — fleets of hacked computers used to steal consumer information and launch denial-of-service attacks.