Reality may now be mimicking fiction.
Last weekend, a loose-knit coalition of hackers around the world defeated the antipiracy software protecting several high-resolution movies in the HD DVD format. They then began distributing copies of the films--starting with Universal Pictures' Serenity--using BitTorrent, a popular file-sharing tool.
The move could send the technology companies behind the new wave of advanced DVDs scrambling back to the drawing board to improve their copy protection, and prompt Hollywood studios to rethink their alliances in the war between the HD DVD and Blu-ray formats.
The HD DVD standard is backed by Toshiba, Microsoft and Intel and uses copy protection technology known as the Advanced Access Content System. The rival Blu-ray format, supported by Sony, Hewlett-Packard and Dell, uses the same system but adds a level of software that acts as a backup when the first level is compromised, so it is considered to be slightly more secure.
A spokeswoman for Universal, the only film studio to back the HD DVD format exclusively, said no executives were available to discuss the HD DVD issue.
The new intrusions came less than a month after a programmer calling himself Muslix64 announced in a Web forum that he had unraveled at least part of the HD DVD protection system. Muslix64 released free software that allows users to insert HD DVDs into their computers and make copies of those films without the original encryption. However, to make it work, users still needed a special title key, generated by the AACS software, for each movie they were trying to copy.
Muslix did not provide any title keys--in a sense challenging others to finish his work. On Saturday, the response came in the form of dozens of keys for movies like King Kong, Mission Impossible: 3 and Superman Returns, posted on Web forums like those at Doom9.net. At least two Web sites were created to provide lists of the keys.
Security experts said that the hackers appeared to have discovered the secret keys on their own computers--stashed there by WinDVD, a commercial program for playing DVDs.
Michael Ayers, a lawyer for Toshiba who is chairman of the business group of the trade organization that administers AACS, acknowledged that the intrusion was serious, but said he viewed it as an attack on DVD-playing software and not the overall protection system for HD DVD.
"It?s like somebody picked the lock on an individual house, but he has not discovered the secrets to lock-making at the master padlock company," Ayers said.
He added that AACS was explicitly designed so that compromised players and programs like WinDVD can be disabled remotely by revoking their licenses. He said the AACS group might take that approach after an investigation.
Bill Rosenblatt, president of the consulting firm GiantSteps, which specializes in content protection issues, said the intrusion was less of a crisis than the 1999 defeat of the encryption that protects standard DVDs, which allowed movie files to be freely copied and shared online.
"It's a pretty nice victory for hackers, but this newer scheme was designed to fail more gracefully and not be as brittle as the DVD scheme," Rosenblatt said.
However, some security experts said the intrusions were more serious. Bruce Schneier, the chief technology officer of the security company BT Counterpane, said it was unclear what effect revoking licenses would have. If new discs of the movies are updated with new title codes, the old discs in stores will still be vulnerable. And hackers will surely redouble efforts to crack the new discs.
Schneier said the new DVDs would inevitably be vulnerable to hacking. "Data is inherently copyable, just as water is inherently wet," he said. "All the technology companies are doing is putting in tricks to make it harder to copy. But all they are is tricks."