Netflix Hack: Sign of Things To Come for Blockbuster?
By Richard Koman / Top Tech News. Updated August 09, 2007.
On Thursday, Blockbuster announced the purchase of Movielink, a Web site that offers online streaming of Hollywood movies. The acquisition positions Blockbuster to compete head-to-head with Netflix's "Watch Instantly" service, launched in January.
"We're taking a fresh look at the future of Blockbuster," Blockbuster CEO James Keyes said. "The popularity of (online rentals) convinced us that customers are ready for more convenient forms of digital delivery that we think Blockbuster can successfully enter."
But news of a hack emerging to get around the Netflix program's digital rights management (DRM) software, supplied by Microsoft, might give Blockbuster some pause. Movielink relies, in part, on Microsoft-supplied DRM.
The hack is really a complex set of procedures for finding the key to unlock the DRM-protected file, explained Damien Stolarz, author of "Mastering Internet Video" and an Internet video consultant to major media companies.
DRM as Secure as Hide-a-Key
"Software-based DRM is hide-a-key," Stolarz said. "Any key hidden in a little black box is eminently findable. These systems are like the Kryptonite bicycle lock; they work well enough until someone shows it can be opened up with a paper clip," he said, referring to revelations a few years ago that the supposedly secure locks were actually quite vulnerable.
"Everybody knows it's just a matter of time until these things get hacked. The real thing people are signing off on is, can we validate and can we update it in the networked world," he added. In other words, even though the key can be found, if the content owners can change or move the key quickly enough, they might be able to stay one step ahead of the hackers.
But in the long run, that "move-a-key" strategy won't work, Stolarz said. "Even though the keys have been moved, the basic technique for finding it is the same." Hacking hardware-based DRM is much harder, he said. "If you need an electrical engineer, it's hard; but while you only need a computer scientist or a Visual Basic script coder, it's going to keep getting cracked and cracked and cracked."
'Script Kiddies' Automate Hacks
Media companies rely on a two-pronged approach to keep those easy solutions out of users' hands, Stolarz explained. Lawsuits and marketing have convinced many users that it's morally wrong to pirate content. And by tweaking the DRM, they can stop one-click solutions from making it easy for users to pirate. "As long as the key isn't hanging from the hook, most users won't bother," he said.
For instance, the Netflix hack posted by "DIzzIE," which purports to allow users to download -- instead of stream -- the videos, is an 18-step process beyond the capability or interest of most users. As long as that remains the case, the hack will have limited impact on video services.
However, the solution is unlikely to stay that obscure, Stolarz pointed out. "Now that the hack is out," he said, "some script kiddy will put that into a script called Netflix on the Go." He explained that when that happens, the difficulty for an average user will be reduced to double-clicking on an executable file to remove DRM from the service.
But, he concluded, anyone who automates the hack with a single executable will have to worry about the legal implications.