Nearly a week ago, a loose confederation of hackers announced that they had breached the security software designed to protect next-generation DVDs from unauthorized copying. To prove their claims, the hackers distributed copies of “Serenity,” a Universal Pictures film, on the file-sharing site BitTorrent.
Michael Ayers, the chairman of the security consortium behind the Advanced Access Content System (AACS), said it was too early determine the extent of the breach.
“There are reports that indicate success by a number of hackers,” Ayers said. “We're still evaluating and determining what the most appropriate course of action is.”
Although the breached title was an HD DVD release — Universal uses the format exclusively — a hole in the security software could potentially affect both formats. Blu-ray uses the same encryption system, but adds an additional layer of proprietary protection not provided by AACS.
Ayers said he viewed the attack as serious, but not catastrophic.
“It’s like somebody picked the lock on an individual house, but he has not discovered the secrets to lock-making at the master padlock company,” Ayers said. “We look at it as an attack on one particular implementation. It doesn't breach the security of the AACS technology as a whole, because that one implementation can be fixed. Once it's fixed, then that attack no longer works.”
Bill Rosenblatt, president of security consulting firm GiantSteps, agreed with Ayers, putting the breach in historic perspective.
The 1999 breach hackers exploited for standard DVDs was far worse, Rosenblatt said.
Bruce Schneier of security firm BT Counterpane said the breach was more serious than Ayers or Rosenblatt were willing to admit.
“Data is inherently copyable, just as water is inherently wet,” he said. “All the technology companies are doing is putting in tricks to make it harder to copy. But all they are is tricks.”
Ayers would not say which DVD-viewing software the hackers had targeted.
A report in the New York Times identified the software as WinDVD.
InterVideo, which was bought by Canada-based Corel last month, manufacturs the WinDVD software. Company spokesman Andy Markin said Corel couldn’t be certain if a breach had occurred, but added that the firm had disabled several software codes as a precaution.
