Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Canada Crime Piracy

Police Department Accused of Updating Their Radios With Pirated Software (www.cbc.ca) 143

Winnipeg's police department used encrypted radios to stop the public from listening in to their conversations with police scanners. But did they pirate their software keys?

Long-time Slashdot reader Curtman shares this report from CBC News: Winnipeg police have arrested a manager with the city for allegedly updating police radios with fraudulent software he got from a person considered to be a security threat by the U.S. Department of Homeland Security, CBC News has learned. Back in 2011, Ed Richardson allegedly obtained millions of dollars worth of illegal software and instructed city employees to use it, police said in a January 2018 sworn affidavit, submitted to the Provincial Court of Manitoba when officers were seeking permission to search the man's emails...

In the affidavit, police said the Motorola radios needed frequent updating, which could only be done if the city purchased a "refresh key" or licence from the company to unlock the proprietary software. Motorola charged about $94 per update per radio, the document said, and a radio shop employee told police Richardson didn't like that. "[The employee] does not believe his actions were for personal gain; he believes that Richardson likes the idea of not giving more money to Motorola," the affidavit said.

The affidavit alleges that Richardson gave one employee 65,000 refresh keys, and told him that "you don't want to know where these came from."

In the affidavit, the employee adds that they "clearly" didn't come from Motorola.
This discussion has been archived. No new comments can be posted.

Police Department Accused of Updating Their Radios With Pirated Software

Comments Filter:
  • Sounds like (Score:4, Insightful)

    by Anonymous Coward on Saturday March 02, 2019 @12:42PM (#58204498)

    A certain company is bilking governments and the taxpayers. Hmmm.

    • by Calydor ( 739835 )

      Yeah, it sounds like these paid and required updates are a way of going around a ban on subscription services.

      • by Anonymous Coward

        Not to mention it sounds like a total ripoff... 94 dollars per update per radio? Thats highway robbery...

        • Re:Sounds like (Score:5, Insightful)

          by Calydor ( 739835 ) on Saturday March 02, 2019 @01:11PM (#58204590)

          I'm thinking it's been something like $7.95 per month per radio, but rounded off to a yearly 'update' payment. Still ridiculous, of course. They should be opening an investigation into Motorola to see just how much money they're getting across your country.

          • by Anonymous Coward

            They should've thrown the law at motorola, or at least not signed that stupid contract in the first place and instead should have demanded functional radios rather than artificially crippled them.

            As such I fully understand why and hey savings for the taxpayer is all dandy. But it's the police and they gotta abide by the rules better than anyone else. So no pirating, eh. So this is more of a tax on idiot buyers getting suckered by sleezy sales. Too bad the taxpayer gets to pay for it, and not the bureaucrat

          • What makes you believe being hightly profitable, including off government contracts is grounds for an investigation? What kind of mental gymnastics is required to even beging conteptating this when the starting point is âpolice gets caught utilizing illegal software licensesâ?

            • by Calydor ( 739835 )

              Now, I am not entirely well versed in US law and am certainly not a lawyer, but I seem to recall some law stating that any commercial offer extended to the state or government (and I'm assuming police falls under the state for this) must be the best possible available price-wise.

              This ... doesn't seem to match that. That's all.

              And as I said further up the thread, it sounds a lot like these paid updates only exist to get around calling it a subscription service, which in itself is borderline fraud.

              • by dryeo ( 100693 )

                Manitoba isn't covered by American law. What the Manitobian law actually is, I have no idea.

              • Now, I am not entirely well versed in US law and am certainly not a lawyer,

                You aren't too hot on geography either.

                This is aboot Canada, y'hoser.

                • by Calydor ( 739835 )

                  To be fair to myself I was running low on coffee and was just commenting off the replies, having forgotten exactly where this was going on. It just sounded like something you'd hear out of America.

          • by TXJD ( 5534458 )
            Why would they do this? Motorola is free to set whatever price they wish to set. Winnipeg could just move to another vendor if the pricing is objectionable.
            • Why would they do this? Motorola is free to set whatever price they wish to set. Winnipeg could just move to another vendor if the pricing is objectionable.

              No they can't. There is incredible vendor lock-in with systems like this. At best, they find a local dealer who will cut them a deal to make it cheaper, but moving to another vendor is a multi-million dollar deal, and city governments don't do this lightly.

              Disclaimer: I work in this industry but not for Motorola. Also, Motorola is known for shennigans like this, but they can generally get away with it because they are in the #1 position, sort like in the 80's where "you can't get fired for recommending IB

          • Still ridiculous, of course.

            Hardly. For public safety infrastructure it's a small cost compared to the total ownership cost of the system itself. Last I checked with a Motorola TETRA system (the USA favours even more expensive P25) we were looking for 2 base stations in one system covering 400 radios a cost of $100k per year for license and maintenance. Radios are in the order of $2k each. And don't get me started on their cloud offerings. We balked at the cost as well and went to a competitor only to be greeted with figures that were

        • Not to mention it sounds like a total ripoff... 94 dollars per update per radio? Thats highway robbery...

          Highway robbery is the bane of traffic cops.

        • Comment removed based on user account deletion
        • I see you've never had to deal with critical infrastructure before.

  • by Joe_Dragon ( 2206452 ) on Saturday March 02, 2019 @12:52PM (#58204524)

    jail / prison maybe the wrong way. an government did this and the government may have to face fines.
    As for this manager what pressure was put on him from higher up's?
    Did they have the funds to even buy the keys?
    Why is the key giver not in jail?
    Will they be able to read the EULA line by line in court?
    What about the government contract with Motorola what is in that and will they be able to read that line by line?
    What is the real cost of the software???

    1. if they can't go over both any EULA and the contract then the case should be removed from criminal court. But moved to an civil court.

    • by Anonymous Coward

      Is there any proof that an EULA was agreed on or even shown to any party?

      If there is a contract then that is what matters.
      Digital EULAs are nothing but hearsay.

      • what about vendor / distributorship contract? vs the Motorola contract / EULA?

        • by Anonymous Coward

          As I said, the contract is what matters.

          If there is any claims of a digital EULA the response can be "I never saw it" or "this isn't what I agreed to" and then you have word against word.

    • Why is the key giver not in jail?

      The article doesn't go into technical details, but if this guy developed an independent programmer and key generator, he may not be under contract with Motorola at all and it's not [yet] illegal to write software to mod devices.

      The police department more than likely is under contract and apparently used that software to engage in theft of services (and possibly copyrighted software) from Motorola.

      I'm sure they'll want to scapegoat him anyway, as cops very rarely face punishm

      • it's not [yet] illegal to write software to mod devices.

        If the programmer is in the US, then it most certainly is illegal, for better or worse. If the DMCA can be used by John Deere, it can be used by Motorola. They are circumventing a digital restriction.

  • by Anonymous Coward

    >> Real transcription from an encrypted broadcast -->

    Ex sea tollit torquatos 302.32 definitionem. Graeco imperdiet vim in, facete delicata 411 principes nam ad, no elit tota qualisque vis.

    Invenire abhorreant cum ea. Per te dicant facete detracto. Ludus perpetua nec et, affert suavitate ad duo, saepe 112th semper habemus est et. Has sint possim detraxit ex.

    After decryption -->

    dispatch -- on route to investigate the 302.32 call. Send backup.
    okay car 411, proceed past the dunkin donuts on 112th st

    • by dryeo ( 100693 )

      >> Real transcription from an encrypted broadcast -->

      Ex sea tollit torquatos 302.32 definitionem. Graeco imperdiet vim in, facete delicata 411 principes nam ad, no elit tota qualisque vis.

      Invenire abhorreant cum ea. Per te dicant facete detracto. Ludus perpetua nec et, affert suavitate ad duo, saepe 112th semper habemus est et. Has sint possim detraxit ex.

      After decryption -->

      dispatch -- on route to investigate the 302.32 call. Send backup.
      okay car 411, proceed past the dunkin donuts on 112th street. and by the way, please pick up
      2 dozen donut-holes for the second shift. we'll pay you when they're delivered.

      Seriously, why are they using encrypted transmissions?

      CAP === 'scorch'

      To prevent outrage that the cops are buying dunkin donuts instead of timmies.

    • by HiThere ( 15173 )

      I don't believe you, but my latin isn't good enough to check your translation.

  • The real criminals (Score:4, Insightful)

    by Anonymous Coward on Saturday March 02, 2019 @01:04PM (#58204574)

    The real criminals here are Motorola for charging $94 per radio per update to let them change settings on hardware the police dept already owns.

    • The real criminals here are Motorola for charging $94 per radio per update to let them change settings on hardware the police dept already owns.

      Owning the radio and having a license to use them on a system are two different things. $94 is nothing, it's pennies when it comes to public safety radio systems. The radios cost thousands. The infrastructure 100s of thousands. The management and licenses hundreds of thousands again.

  • Quod licet Iovi, non licet bovi [wikipedia.org]. In other words, laws are for little people ...

  • Police on a leash. (Score:4, Insightful)

    by Gravis Zero ( 934156 ) on Saturday March 02, 2019 @01:15PM (#58204598)

    If you find you are suddenly in danger of being unable to use some functionality of your device then you have leashed yourself with closed-source software. If they had invested in contributing to an open source software then they would not be leashed. The real problem is that when people think of open source software, they think that because it's free that they should not allocate money toward supporting the software. [slashdot.org] This short-term MBA style thinking has kept open source projects very weak ("Why financially support a project if there is no immediate benefit?") and thus caused so many fools to put themselves on a software leash. In the case of expiring licenses, that leash is really a noose that slowly tightens around their neck until they pay.

    If businesses were smart then there would be billions of dollars invested to build/improve open source software. Instead there are peanuts because corporations are only looking out for "number one" as they cut their own face.

    • If you find you are suddenly in danger of being unable to use some functionality of your device then you have leashed yourself with closed-source software. If they had invested in contributing to an open source software then they would not be leashed. The real problem is that when people think of open source software, they think that because it's free that they should not allocate money toward supporting the software.

      This is delusional. People buy "closed source" software from known companies because t

      • by dryeo ( 100693 )

        People can sell support for open source just like closed source. Redhat for example has made a business of selling support for mostly GPL software.
        Likewise, Motorola could be selling GPL software with a support contract, only drawback is that if they charge too much, someone else can offer support as the actual source code would be available.

      • by sjames ( 1099 )

        So you are saying they spend massive bux and leash themselves so someone calling himself Bob will tell them it will be goodly if they will reboot the device?

    • Disclaimer: I work in this industry but not for Motorola.

      Nice sentiment, but completely unrealistic. There is a lot of work to be done to create systems like this and the market is pretty small, compared to many things in tech. These are multi-million dollar systems and don't get changed just because someone feels like it. That creates incredible vendor lock-in. Also the expertise to create these systems can be hard to find. "Public safety" systems are not easy to do and really take a company to stand beh
    • If they had invested in contributing to an open source software then they would not be leashed.

      If it existed then it may be viable. But quite frankly there is no competitor to a P25 or TETRA based public safety system in the open source world. Unlike Oracle you can't just download an alternative off the internet. Just like you wouldn't download a car.

  • by wwphx ( 225607 ) on Saturday March 02, 2019 @01:15PM (#58204600) Homepage
    I was working for a fairly large police department, and our mobile data terminals (MDTs) were not Y2K compliant. They were 386's running Windows 3, I can't remember if it was Windows for Workgroups, and Moto told us they wouldn't roll over properly and would cost on the order of $300+ per terminal to update, and we had over 1000 cars.

    After researching further, we learned that when the officers logged on to our dispatch system that it downloaded the correct date/time from the Unisys mainframe, overriding the Windows clock. Y2K endrun, Motorola doesn't get a trunkfull of money from us. Everybody working 3rd shift on 31 December 1999 were instructed to log off just before midnight and sign back in just after. Everything worked just fine. The MDTs continued working properly for years until they were eventually replaced.

    The only Y2K casualty that we had was the Dispatch system on the HP minis! A patch was supposed to self-deploy at midnight: it was compiled and ready to go, but someone didn't run the link/edit step, and when it deployed, crashed it crashed the whole shebang. At least our Windows network was flawless.

    While I can understand the guy not wanting to pay Motorola a ridiculous amount of money to update the radios, if you sign the contract, you're obligating yourself to the licensing fees. Motorola was infamous for this, so either read the fine print and negotiate a better contract, or find a vendor that will give you a better deal - you don't have to deal with Motorola directly to buy Motorola equipment!
    • and our mobile data terminals (MDTs) were not Y2K compliant
      This does not make sense ...
      Everybody working 3rd shift on 31 December 1999 were instructed to log off just before midnight and sign back in just after. Everything worked just fine. The MDTs continued working properly for years until they were eventually replaced.
      Then obviously it had no Y2K problem.


      if (XX99 < YY00) ...

      Works completely different if XX and YY exist or not and one is 19 and one is 20 ...

      • by HiThere ( 15173 )

        Well, yes, but if they didn't have any log files, then restarting after the century rollover would fix things. Only when you need to keep dates from both centuries is this a problem.

      • by AHuxley ( 892839 )
        The entire system was not having a complex problem...
        Parts of a much wider network had to be considered and worked on.
    • I was working for Computer Dealer News in Toronto for the y2k roll-over, and the only system that died was a little monochrome 286 box that was custom programmed to be our punch-in, punch-out station died, so HR finally gave up trying to have us punch a clock.
  • I highly doubt that there are 'software' on the iButtons, they are basically just another 'small' storage media like a diskette, or a USB flashdrive.
    Are the $94 covering:
    1) Are they paying a one time fee to unlock the encrypted communication feature.
    2) A fee to get special trusted X509 time limited certificates to create trust between the radios.
    3) A combination of 1 and 2.
    For certificates to be used within an organization having its own chain of trust, getting a certificate from a third-party is less secur

    • by Luthair ( 847766 )
      I don't think there is anything that could legitimately cost $94 dollars a year. Its a straight up rip-off from Motorola.
    • by Anonymous Coward

      The firmware updates for the radios mentioned are downloadable for free from Motorola's website as long as you create a free account, but to legally install them you are required to purchase a hardware "key" from Motorola. The key is nothing but a counter containing how many "updates" you purchased, and authentication from the firmware upgrading program telling you that you have upgrades available. The counter goes down by one every time you attempt a firmware update, whether it's successful or not. Flaky p

      • This remind me of the Shell car wash back in the early 2000's, where an iButton fob was used as a prepaid token for a number of car washes.
        It was possible to do a 'backup' of a new fob, and 'restore' it again when it was empty.

    • I highly doubt that there are 'software' on the iButtons, they are basically just another 'small' storage media like a diskette, or a USB flashdrive.

      While you are almost certainly correct about what's on these iButtons, they actually have "Java iButtons" which have a processor onboard capable of running simple Java code. They are intended for upgradeable crypto tokens. Think SIM card.

  • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Saturday March 02, 2019 @01:20PM (#58204628) Homepage Journal

    Once upon a time, you could just buy a scanner and listen in on what the police are up to. They didn't like that, so they went to encrypted radios, and they give access to the system to cherry-picked journalists that won't hold their feet to the fire. The whole reason they even have radios that need updating is to keep us from keeping tabs on their misdeeds.

    • by jwymanm ( 627857 )
      Yeah it's great. Tax payers pay their salaries and they go to block us from listening in by using more tax payer dollars to do so. Absolutely insane.
    • by dryeo ( 100693 )

      Which is probably very true for the Winnipeg police. Don't want to publish dropping people off 10 miles out of town when its 40 below.

    • Once upon a time, the vast majority of the people did the right because it was the right thing. Someone had something, it stayed put, and no one was bothered. That meant you could leave your house, with your front door unlocked, and return later to find that nothing had been stolen -- ever.

      Now, we have locks on our front doors because we have to to keep people from stealing things. Now, the police have to encrypt their radio systems otherwise some [negative word of your choice] people will not only use sc
      • Now, we have locks on our front doors because we have to to keep people from stealing things. Now, the police have to encrypt their radio systems otherwise some [negative word of your choice] people will not only use scanners, but will also use their radios on the police networks and create nuisances of themselves at best,

        We have to have unencrypted police radio because if we don't, [a subset of] the police will use the radio system to facilitate crimes against The People.

    • Wow, what an amazing conspiracy theory you have there. How'd you get modded up? I used to listen to police scanners all the time and they're boring as hell. A lot of mundane business. When they switched to trunked systems it wasn't a conspiracy to keep TEH CRIMEZ from the honest (giggle) journalists, it was to make better use of scarce frequencies. Just a quick question, do you listen to Alex Jones? And have you been checked for schizophrenia lately? The disease often manifests itself with paranoia and cons
  • ... security threat. The details that they are dancing around is that encrypted public service radios have been hacked. The information is out there, just like DVD and Blu-ray rippers. Patches are available for digital trunking scanners and SDR receivers.

    This is more about Motorola having made a promise to their customers which they can not keep. And as anyone involved with software knows, nobody can keep in the long term.

  • ... Richardson likes the idea of not giving more money to Motorola ...

    Giving money to and paying for a product/service are not the same thing.

    ... police said the Motorola radios needed frequent updating.

    This is the bigger question - why? Do radio signals get stale?

    • by xlsior ( 524145 )

      ... police said the Motorola radios needed frequent updating.

      This is the bigger question - why? Do radio signals get stale?

      Digital encryption certificates expire and may need to be updated, allocated radio frequencies may change and need to be re-programmed in, and more.

      • ... police said the Motorola radios needed frequent updating.

        This is the bigger question - why? Do radio signals get stale?

        Digital encryption certificates expire and may need to be updated, allocated radio frequencies may change and need to be re-programmed in, and more.

        Okay... but frequently? Certificates should last a while, unless the vendor is trying to rip-off customers and I can't imagine cities re-allocating their EMT frequencies that often. Sounds more like a business model designed to generate income for Motorola. I imagine that they're probably locked-in at this point and finding an alternative secure radio vendor *and* migrating over would be a HUGE hassle. Still not an excuse for a LEO to get the certificates illegally.

        • Not just that, but the department should be able to load their own certs, or program their own frequencies.

  • Ask yourself, would Donald Trump do this??

Every successful person has had failures but repeated failure is no guarantee of eventual success.

Working...