Hardware Hacker Charged With Selling Cable Modems That Get Free Broadband

Jan. 13, 2008— -- In the first case of its kind, a Pennsylvania man faces federal criminal charges for allegedly selling hacked cable modems capable of stealing free, anonymous internet service from broadband providers.

Thomas Swingler was charged Thursday in federal court in New York with trafficking in unlawful access devices for his online business cablehack.net. The site, still in operation, sells "pre-modded" Motorola Surfboard modems for between $38 and $58 that can be customized by the owner without a cable company's knowledge. Among other things, the user can set their own upload and download rates, and change the MAC address — the unique identifier normally hard-coded into a modem.

"If you decide to use one of these modems to get free internet, then you're committing theft of service and we will take no responsibility for what may happen to you if you're caught," the site cautions in its FAQ.

The prosecution treads on a gray area largely avoided by federal law enforcement until now. Modified modems and detailed hacking tutorials have long been available over the internet, with much of the hacking aimed at "uncapping" modems to get higher speeds than offered by providers. The hacking is effective because, unlike old-fashioned telephone service, in which the phone company exerts independent control of every line, cable modem systems hang an entire neighborhood off a common backbone in the field. To bill customers and set individual bandwidth limits, they rely on their ability to track and control the modems attached to their network.

Customizable modems can also have legitimate uses. But despite his public disclaimer, Swingler knew exactly why people were buying his hacked modems, according to the FBI, which set an informant on Swingler last June. "The modem steals the internet," he allegedly said in an online chat with the snitch. He described his business as "modem modification where you can get free cable internet."

"It's 100 percent legal," he boasted. "What the end user does is theft-of-service. Not my problem."