Sony’s rootkit

This entry was published at least two years ago (originally posted on November 18, 2005). Since that time the information may have become outdated or my beliefs may have changed (in general, assume a more open and liberal current viewpoint). A fuller disclaimer is available.

In one of the (many) stories that have been flying by my radar without being remarked on over the past few weeks, it recently came to light that Sony has been using some incredibly nasty “copy protection” schemes on many of its audio CDs — surreptitiously installing software on Windows-based PCs that cloaks itself, sends customer data back to Sony via the ‘net, leaves a ‘backdoor’ wide open for malicious hackers to take advantage of, and is incredibly difficult to remove (to the point of requiring a re-install of Windows). Sony initially tried to claim that they’d done nothing wrong, and it was only through constant investigation and hammering, first by tech-centric weblogs and then by more mainstream media, before they finally backed down.

Wired News has an excellent rundown of the situation that’s worth reading. This is how the major corporations are treating their customers these days. It’s not a pretty thing.

On Oct. 31, Mark Russinovich broke the story in his blog: Sony BMG Music Entertainment distributed a copy-protection scheme with music CDs that secretly installed a rootkit on computers. This software tool is run without your knowledge or consent — if it’s loaded on your computer with a CD, a hacker can gain and maintain access to your system and you wouldn’t know it.

The Sony code modifies Windows so you can’t tell it’s there, a process called “cloaking” in the hacker world. It acts as spyware, surreptitiously sending information about you to Sony. And it can’t be removed; trying to get rid of it damages Windows.

[…] The outcry was so great that on Nov. 11, Sony announced it was temporarily halting production of that copy-protection scheme. That still wasn’t enough — on Nov. 14 the company announced it was pulling copy-protected CDs from store shelves and offered to replace customers’ infected CDs for free.

[…] When its actions were first discovered, Sony offered a “fix” that didn’t remove the rootkit, just the cloaking.

[…] Sony claimed the rootkit didn’t phone home when it did. On Nov. 4, Thomas Hesse, Sony BMG’s president of global digital business, demonstrated the company’s disdain for its customers when he said, “Most people don’t even know what a rootkit is, so why should they care about it?” in an NPR interview. Even Sony’s apology only admits that its rootkit “includes a feature that may make a user’s computer susceptible to a virus written specifically to target the software.”

[…] Sony’s latest rootkit-removal tool actually leaves a gaping vulnerability. And Sony’s rootkit — designed to stop copyright infringement — itself may have infringed on copyright. As amazing as it might seem, the code seems to include an open-source MP3 encoder in violation of that library’s license agreement.

[…] The rootkit has even been found on computers run by the Department of Defense, to the Department of Homeland Security’s displeasure. While Sony could be prosecuted under U.S. cybercrime law, no one thinks it will be.

[…] Initial estimates are that more than half a million computers worldwide are infected with this Sony rootkit. Those are amazing infection numbers, making this one of the most serious internet epidemics of all time — on a par with worms like Blaster, Slammer, Code Red and Nimda.