Frank Gonzalez was caught for the 2009 Super Bowl porn hack.

Back in 2009, some of those watching Super Bowl XLIII got an unexpected surprise. After Larry Fitzgerald’s touchdown put the Arizona Cardinals up by three points with 2:37 left, Comcast customers in the Tucson, Arizona region who were watching the standard definition feed of local NBC affiliate KVOA had their signal replaced by 37 seconds of porn from channels “Club Jenna” and “Shorteez,” featuring full frontal male nudity (NSFW screenshots available at Deadspin) and an amazing quote from one viewer of “I just figured it was another commercial until I looked up. Then he did his little dance with everything hanging out.”

In 2011, after a FBI investigation, long-time Cox employee Frank Gonzalez (seen above in a Marana Police Department mugshot) was arrested and eventually pled guilty to two counts of computer tampering, receiving three years of probation under a plea deal. But there wasn’t much written at the time about Gonzalez actually pulled this off, and Yahoo’s Henry Bushnell dove into those details in a piece published Thursday:

Comcast’s Super Bowl feed had come from a neighboring cable company, Cox. The two entities maintained an amicable partnership. Certain channels, including NBC, were transmitted from one company’s Tucson control center to the other’s.

…Gonzalez, a then-36-year-old “family man,” was the most skilled and seemingly reliable of a small team of technicians that manned Cox’s Tucson control center. He was, therefore, the one Comcast called on when it decided to implement more modern broadcast equipment in early 2008. So on multiple occasions, Gonzalez trekked to Comcast’s Tucson command center to help Comcast engineers configure a new server and multimedia router.

When he did, according to FBI interviews, at least one of two things happened. Gonzalez was either given the password required to access Comcast’s new equipment – so that he could help with the configuration. Or, he peered over a Comcast technician’s shoulder and saw a piece of white paper attached to the terminal. On that piece of white paper? Login credentials – which, according to multiple Comcast employees interviewed by the FBI, had not been changed from defaults after the equipment was purchased.

So Gonzalez, presumably, returned to Cox’s hub with two things: A Comcast multimedia router that would be installed in Cox’s control center to allow the transmission of channels from one company to the other; and a password – two things needed to pull off the kind of stunt that would interrupt Super Bowl XLIII.

What’s fascinating about this story is how this wasn’t a hack at all, really; it wasn’t someone breaking through firewalls or decrypting passwords. Instead, it was someone who had legitimate access to Comcast’s area command center, and either was given their password legitimately or saw it lying around. If Gonzalez was given that password as part of this configuration, that’s almost impossible to defend against; he’d been working for Cox for 17 years at that point, and there was no reason to suspect that he’d pull something like this. If he picked up that password from it being attached to the terminal, that’s more problematic, but still, he wasn’t exactly a suspicious figure at this point.

You can argue that Comcast should have probably changed their passwords from the default, or altered them later on after having other companies’ employees in their building, but Gonzalez certainly didn’t seem like someone they should be worried about. And even access to Comcast’s network from the Cox headquarters wouldn’t have been enough to pull this off, as Gonzalez’s stunt would have been noticed by others there. What he managed to do, though, was physically connect a router to the Cox system, gain remote access to that with a virtual private network (or VPN), and then get into the linked Comcast network with the password he’d taken, allowing him to drop the porn feed from the adult channels onto the SD feed of the Super Bowl.

The other really interesting part of Bushnell’s piece is what it says about just how Gonzalez got caught. At Cox in the wake of the incident, some employees argued that they couldn’t be responsible because their company didn’t offer Shorteez and Club Jenna, including Gonzalez. But that wasn’t enough for him to dodge responsibility forever. The Super Bowl breach itself left nothing that directly tied to him, only an “administrator” username, and that was part of why the FBI investigation didn’t come up with anything for over six months.

But Cox’s own investigative team eventually found that a similar June 2008 intrusion (which didn’t actually cause any problems, and appears to have just been a test) had been logged by their monitoring software with the username “corp\fgonzale.” They were able to connect that to the administrator account used for the actual Super Bowl breach, and then to confront Gonzalez. If that test run hadn’t happened, though, maybe the culprit never would have been caught.

Eventually, this wound up creating plenty of bad headlines for Comcast, and they wound up offering a $10 credit to each of their 80,000 subscribers in the area who could have been affected (the actual number of those who saw this is probably much lower; not everyone watches the Super Bowl, and especially not in standard definition), so that’s $800,000 in losses. And that’s to say nothing of the negative publicity, or of the time spent investigating this.

So Gonzalez’s stunt did a fair bit of damage, and probably more than he expected. Cox’s Scott Steiner, who led their investigation, told Bushnell “My understanding is that he was only trying to prank a friend, unaware of who else would be watching or the consequences. It turned out a federal prosecutor was a Comcast subscriber, and was hosting a Super Bowl party.” That helps explain some of the response, but there probably would have been outcry anyway, especially with this coming around the Super Bowl and making national headlines. But the real takeaway from all this may be that a lot of problems can be caused not by an outside hacker, but by someone who gains at least some legitimate access and then exploits that. That’s very hard to defend against, but it’s something that cable and satellite companies certainly should be aware of in the wake of what happened here.

[Yahoo Sports]

About Andrew Bucholtz

Andrew Bucholtz is a staff writer for Awful Announcing and The Comeback. He previously worked at Yahoo! Sports Canada and Black Press.