logo

10 years ago: Sony infects millions of computers

Sony Pictures Entertainment gained truck loads of publicity portraying it as a victim after its computers were breached by hackers in November 2014. The company has often resorted computer hacking to further its business.

Experts labeled the People's Republic of North Korea as criminals. North Korea sought revenge over the release of Sony's "The Interview," a parody of North Korea's dictator Kim Jung-un. The film had lackluster box office income of a mere $11 million. Critics panned it.

Weeks earlier FBI Director James Comey made a prophetic remark about foreign hackers during an interview with CBS 60 Minutes.

"There are those who've been hacked by the Chinese and those who don't know they've been hacked by the Chinese," Comey said. See the video here http://www.cbsnews.com/news/fbi-director-james-comey-on-threat-of-isis-. Read the transcript here.

Investigators never officially blamed the Sony hack on China or North Korea, but the guilt by innuendo was strong. Not only did Sony officials not know the hack was underway, they weren't sure when it actually began.

Flip the calendar back to Oct. 31, 2005. See bytewriter.com's report.

russinovich260x260Mark RussinovichSecurity researcher Mark Russinovich sounded the alarm on Sony-BMG, because the company's  "audio CDs" were actually multi-session data-discs. The CDs covertly infect Windows computers when inserted into a computer optical drive.

The "root kit" malware installed by Sony blocked infected computers' basic immune systems. File names that began with "$sys$" were invisible to the operating system. Antivirus programs could not see files that began with this string.

Virus creators immediately began renaming viruses to start with $sys$, so that they could be hidden by the stealth-cloak installed by Sony. These opportunistic infections were also invisible to antivirus programs.

Sony-BMG loaded the malware on 51 album titles. The company shipped more than 6,000,000 malware-infected CDs. These infected 200,000-300,000 U.S. government and military networks.

Russinovich was the first researcher to blow the whistle about the Sony rootkit. He was not the first researcher to discover it. Lawyers advised other researchers that reports on the rootkit violated §1201 of the Digitial Millenium Copyright Act. The 1998 law prohibits removing "copyright protection" software. The gap between discovery and reporting gave the infection a long time to spread.

thomas hesse260x260Thomas Hesse"Most people, I think, don't even know what a rootkit is, so why should they care about it?" said Sony Music president Thomas Hesse in an interview with NPR. He dismissed the issue completely.

Sony's secret hacking of personal computers was widely reported. Consumers were unaware of the damage to their personal property. Sony settled many lawsuits. It took years to repair customers' trust.

Hesse left Sony in 2011 to work for their competitor, Bertlesman. He is now a consultant for dozens of music companies and is living New York City

Over at Boing Boing, Corey Bergman reports:

Despite the fallout of Sony's rootkit experiment, 10 years later restrictions on users' personal property are more prevalent than ever. Restrictions are commonly found in legitimately purchased ebooks, video game hardware, and all manner of proprietary software. It has even found ways into our cars, and coffee machines. Even Steve Jobs lamented the forceful implementation of restriction software, software his own company was well known for using.

Today, §1201 is used to restrict reporting on everything from tractors to cars, insulin pumps, as more and more industries use digital locks to prevent their customers and competitors from changing the products they own to be more valuable and useful to them.
!

Sometimes the law can do more harm than good.

Reasearchers at West Virginia University discovered that embedded software in many models built by Volkswagen allows vehicles to violate federal emissions requirements. The software also exagerates EPA mileage estimates.

The revelations about the Volkswagen software may bring the company down or lead to billions of dollars in damages. Researchers also violated the law to discover Volkswagen's illegal activities.

Sony-BMG's rootkit violated federal anti-hacking statutes. Discovering those violates was also a crime.