Advertisement

How the Super Bowl got hacked with porn

(Illustration by Amber Matsumoto/Yahoo Sports)
(Illustration by Amber Matsumoto/Yahoo Sports)

The Arizona Cardinals were closer than ever before. At around 7:48 p.m. MT on Feb. 1, 2009, Larry Fitzgerald sped away from Pittsburgh Steelers defenders to give the Cardinals a 3-point lead in Super Bowl XLIII. The Grand Canyon State rose as he did. The NFL’s most prolific losers were 2:37 away from their first Super Bowl title.

Cardinals fans watching on TV – grandfathers, mothers, fathers, their children – celebrated as Fitzgerald was mobbed by teammates.

And then, amid the euphoria, for a small subset of viewers in Tucson, Arizona, the game froze.

Then it flickered.

Then it cut to a man in a half-unbuttoned shirt, leaning back on a couch; and a woman in a pink tank top, unzipping his pants.

Precisely 13 seconds after what seemed like the greatest moment in Cardinals history, any of Comcast’s 80,000 subscribers watching KVOA’s Super Bowl broadcast in standard definition had their screens overrun by pornography.

[Ditch the pen and paper on football’s biggest day. Go digital with Squares Pick’em!]

It lasted 30 seconds. It nonetheless brought disturbed complaints and anger. It garnered national headlines. It scarred young eyes and ruined evenings.

It left Comcast employees befuddled – had it been an equipment malfunction? An act of sabotage? For months, it remained a mystery that even FBI special agents struggled to solve.

Not until more than two years later did their investigation bring about an arrest, an eventual guilty plea, and an answer to the question: What, on that dramatic day 10 years ago, went so horrifically wrong?

Moments after Larry Fitzgerald scored a go-ahead touchdown in Super Bowl XLIII, TVs in Tucson flickered and began airing a porn video. (Getty Images)
Moments after Larry Fitzgerald scored a go-ahead touchdown in Super Bowl XLIII, TVs in Tucson flickered and began airing a porn video. (Getty Images)

How did it happen?

The following morning, Comcast scrambled for an explanation. Harried employees exchanged messages and evidence. A thorough internal investigation yielded no suspects. But the lack of a definitive answer didn’t equate to a dead end.

That’s because Comcast’s Super Bowl feed had come from a neighboring cable company, Cox. The two entities maintained an amicable partnership. Certain channels, including NBC, were transmitted from one company’s Tucson control center to the other’s. The practice was commonplace and necessary.

Over at Cox, in the wake of the fiasco, some employees reasoned that because Cox did not provide the adult entertainment channels (Club Jenna and Shorteez) that interrupted Fitzgerald’s celebration, neither they nor their employer could have been at fault. One of the employees who made that point, according to FBI reports, was a 17-year company veteran named Frank Gonzalez.

But his reasoning could throw investigators off the scent only temporarily.

Gonzalez, a then-36-year-old “family man,” was the most skilled and seemingly reliable of a small team of technicians that manned Cox’s Tucson control center. He was, therefore, the one Comcast called on when it decided to implement more modern broadcast equipment in early 2008. So on multiple occasions, Gonzalez trekked to Comcast’s Tucson command center to help Comcast engineers configure a new server and multimedia router.

When he did, according to FBI interviews, at least one of two things happened. Gonzalez was either given the password required to access Comcast’s new equipment – so that he could help with the configuration. Or, he peered over a Comcast technician’s shoulder and saw a piece of white paper attached to the terminal. On that piece of white paper? Login credentials – which, according to multiple Comcast employees interviewed by the FBI, had not been changed from defaults after the equipment was purchased.

So Gonzalez, presumably, returned to Cox’s hub with two things: A Comcast multimedia router that would be installed in Cox’s control center to allow the transmission of channels from one company to the other; and a password – two things needed to pull off the kind of stunt that would interrupt Super Bowl XLIII.

In the meantime, Gonzalez played with his new toys. On June 9, 2008, he logged on to a Cox server. Via a router, an ethernet cable, a connection he’d physically altered in Cox’s control center, and those login credentials, he accessed the Comcast server. Less than 25 minutes later, he logged off, the unauthorized intrusion innocuous.

Or so he thought. In reality, he had dropped a few digital breadcrumbs.

A flow chart investigators used to determine who could have hacked into Comcast’s system. On the right, a piece of paper on top of a computer holds the passwords needed to hack the system. (Courtesy of Arizona attorney general’s office)
A flow chart investigators used to determine who could have hacked into Comcast’s system. On the right, a piece of paper on top of a computer holds the passwords needed to hack the system. (Courtesy of Arizona attorney general’s office)

On another occasion that summer, according to Comcast employees interviewed by the FBI, Gonzalez used his newfound access productively. With Comcast technicians having trouble arranging a new channel, Gonzalez – rather than instructing his counterparts over the phone – went into the system behind their backs and configured the channel for them.

It’s unclear how many times Gonzalez cracked into the Comcast network. It’s also unclear if he had any connection to an incident recalled by a fellow Cox employee, who told the FBI that his DVR recording of a classic boxing match a few months prior to the Super Bowl had been briefly interrupted by porn.

However, “it is clear that he had the access,” says Scott Steiner, who led Cox’s arm of the investigation. “And that he saved the prank for the right moment.”

The logistics of the hack itself transcend layman’s terms. But essentially, by physically connecting a router to Cox’s server – to which Gonzalez had remote access via a VPN – he paved the way to the entire Comcast network. All he then needed to control Comcast’s broadcast feeds were a username and password – which he had.

And so, “from his home while his wife and children were watching the football game” – as court documents state – Gonzalez virtually snuck into Comcast’s underbelly. Once he was in, all the ill-conceived stunt required was a simple “drag and drop.” Or at least that’s how FBI reports characterize it. Their source? An interview with none other than Frank Gonzalez.

Gonzalez covered his virtual tracks remarkably well, the Super Bowl breach alone leaving no trace that would tie it to any one individual. The FBI seized computers and conducted multiple rounds of interviews. Still, more than six months after it set out in search of a perpetrator, it was empty-handed.

But there was one footprint, uncovered by Cox’s investigative team and forensics experts. The June 9 intrusion had been snared by authentication software, which logged the username “corp\fgonzale.” Fgonzale’s path to Comcast’s server that afternoon linked him to the “administrator” responsible for the Feb. 1 fiasco. The dots finally connected. Gonzalez, when presented with the evidence, could not refute it.

Frank Gonzalez (Marana Police Department)
Frank Gonzalez (Marana Police Department)

Why did he hack the Super Bowl broadcast?

Gonzalez was finally arrested in 2011. After admitting he lied to investigators, and confessing to the crime, he was charged with computer tampering. His eventual guilty plea, in October 2011, left only one question unanswered:

Why?

A decade later, it remains a mystery. Gonzalez himself could not be reached for this story. Friends and family members did not return phone calls or text messages. Their 2011 letters to Pima County Superior Court Judge Clark Munger vouch for Gonzalez as “caring,” “trustworthy” and “dependable,” but don’t explain his motive.

Steiner mentions “rumors” that Gonzalez was a “jokester” and a “prankster.” In FBI interviews, prior to the identification of Gonzalez as the perpetrator, one Comcast employee speculated that the hacker might have wanted to “screw with Comcast.” A Cox employee theorized that the motivation could have been to show off. Gonzalez himself, playing dumb, mentioned the possibility of a disgruntled employee. Gonzalez initially told the FBI he didn’t know why a Cox employee would want to access Comcast’s system, other than to “play around or something.”

Says Steiner: “My understanding is that he was only trying to prank a friend, unaware of who else would be watching or the consequences. It turned out a federal prosecutor was a Comcast subscriber, and was hosting a Super Bowl party” – and, unfortunately for Gonzalez, presumably watching in standard definition.

Prior to his sentencing – three years of probation, no jail time, a “ridiculously lenient” punishment, according to the judge – a court report stated that his “criminal behavior suggests a sense of power derived by impacting the entire community.” The same pre-sentence report speculated that his “covert criminal act may have offered him an inflated sense of importance.”

Ten years later, an incident as confounding as it was peculiar and reprehensible still leaves that question of motive to conjecture.

Related video:

– – – – – – –

Henry Bushnell is a features writer for Yahoo Sports. Have a tip? Question? Comment? Email him at henrydbushnell@gmail.com, or follow him on Twitter @HenryBushnell, and on Facebook.