Hackers Nab Unreleased Michael Jackson Tracks From Sony

wiredmikey writes "Sony once again has found itself in the news surrounding another hacking-related incident. This time around, the breach doesn't appear to involve any lost user data or customer accounts, but instead, some valuable property owned by the record company. Today, several British news outlets have reported that more than 50,000 music tracks have been illegally accessed and downloaded by hackers, including a large number from the late Michael Jackson. Sony bought the catalog from Jackson's estate for $250 million in 2010, giving the company distribution rights to the unreleased music. The attack reportedly occurred shortly after details of the massive PlayStation Network breach last April, but details were only revealed this past weekend."

why?

[MickyTheIdiot]

Not every system you have needs to be connected to the Internet. Why in the world was such valuable digital property on a system that had ANY connection to the Internet, thorough NAT or otherwise?

I'm sorry... it just doesn't make sense. It's like all the talk of the vulnerable power grid... just don't put those items on the open internet. Or better yet... don't network them at all and have a human attend it in a secure place.

Re:why?

[Loether]

Wow what a pain that would be to administer such a landlocked system. Patching, backups, updating the content, accessing the content. What do they do when they want to access the file to mix it, or to distribute, publish the new song. What do they do when they get a new artist signed and it's time to add a song to the collection. Send in Joe the Admin with his thumbdrive to download or upload the needed song. I agree with you that there security is beyond poor, but land-locking the entire system as a solution to me doesn't seem like the best course of action.

Re:why?

[Lennie]

It might have started with just a desktop with a browser you know. After one system gets compromised it might be possible to get deeper in the corporate networks of Sony.

Even the Nuclear facilities in Iran were not connected the Internet (it did have an air gap) but the Stuxnet virus still got in.

Re:why?

[AvitarX]

It's fucking music tracks they were not releasing to cash in at a later point.

This was going to be available at some point in the future, and it's better for society that it's available now. Locked up in a vault they had zero value.

Re:why?

[poetmatt]

Yep, this actually highlights some really supreme losses to society by virtue of the Jackson estate hoarding the shit out of Michael's music and Sony too.

Were it not for this we'd see Jackson remixes for the next 100 years if Sony had their way. Good on the hackers to get that stuff out there instead into society where *society* can benefit.

Talk about greed vs culture.

Re:why?

[jesseck]

I agree with you that there security is beyond poor, but land-locking the entire system as a solution to me doesn't seem like the best course of action.

I guess it depends on how valuable the item is- if RIAA were to be counting, what was stolen was trillions of dollars. A thumbdrive and a dedicated admin to administer the landlocked system is a fraction of the value in that case.

Of course, in the real world, Sony knew the music was not worth trillions, and that is why it was connected to the Internet.

Re:why?

[Richard_at_work]

I'm sorry, is "society" really entitled to everything a person created, ever? Even if they themselves never published it to the world?

My opinion is that, no, society isn't entitled to everything - a person is quite entitled to not release something and its no loss at all to society at large, because it never influenced it in the first place.

Re:why?

[Linuxmonger]

Wow what a pain that would be to administer such a landlocked system. Patching, backups, updating the content, accessing the content.

Do you really need to do those things on a machine that has no network connection?

Assuming that when the machine was put into place it did the functions it was required to, what is the point of updating? I remember doing an update on a machine once to find out that the single file changed was the software providers logo - they had changed a background color and listed it as a required update.

Re:why?

[betterunixthanunix]

Wow what a pain that would be to administer such a landlocked system

If you paid $250 million for the data stored on that system, and you know that there are lots of people who would love to download that data without your permission, would you really think that the administrative work is too much? That should have been one of the highest security systems Sony owned, and it should not have been connected to the Internet.

What do they do when they want to access the file to mix it, or to distribute, publish the new song

None of those require an Internet connection. You can connect the computers involved in mixing to a private network, where you can control who has access to the network and you can monitor the network as a whole, and then you can transfer the files. Likewise with machines that publish the music on physical media. Publishing electronically will be harder, but for the money they paid for that data, it seems like a reasonable effort.

What do they do when they get a new artist signed and it's time to add a song to the collection

Not store it on the same system as the collection that can never be updated, and that once leaked loses a lot of value. This sounds like a pretty typical MLS problem.

Re:why?

[MightyYar]

While I don't condone the theft, your comment is striking in how it highlights the way copyright has gone astray. Some of Micheal's music has been in copyright for close to 40 years already. And yet for a lucid, rational person for yourself, it seems reasonable to put forward that his kids need another shot of royalties so that they will have a "legacy". Now, I have nothing against providing your children (especially young children) with a bundle of cash to get them through early life and their educations - hell, maybe even a nice starter-mansion and first Rolls-Royce... but all of that could have been done through saving his money, investments, and life insurance... they sure don't need society to grant them welfare payments just because their dad(?) was a good singer.

Copyright is supposed to be about convincing artists to produce their creative works. It's supposed to be about making it a reasonable career choice to become a singer, painter, artist, etc. Why? So that we, as a society, get more creative output. It is not about making sons-of-good-singers rich. When the artist you are providing an incentive to dies, the incentive should die as well. At the very least, it should die within the number of years that a typical corporation plans for. If I'm being generous, Sony might have a 10-year plan.

As for the pizza parlor and the UPS man, this is beginning to sound an awful lot like the broken window fallacy to me. I have a sneaking suspicion that UPS could ship works based upon Michael Jackson's songs that fell into public domain just as well as they ship his 20-30 year-old stuff.

Re:why?

[Stizark]

As I see it, you're the only one referring to it as 'free' music. Most of the rest of us see it as just music-- and, arguably, art. Art which, while already created, was kept in a vault for the sake of corporate profit. The artist didn't profit from it, his estate did-- and they were already paid. And the company would have waited until 'experts' tell them that such music would have been at most value. Then, they would slowly drip out small albums at exorbitant (IMHO) costs.

So while I understand the need for corporations to make profit-- and, while I understand your general, apparent disdain for piracy-- the gp did have a point. Sociey-- that being, human beings and our culture-- are quite a bit more 'wealthy' because of it. At least, if the priates ever intend to release the music without extorting it in some way, or hoarding it. Heh.

If Sony were smart, they'd come out with their music before the hackers torrent them. Then again, as this happened a year ago, and Sony still hasn't released the files, it seems to me that they have no interest in that idea. I'm glad someone out there is enjoying the music.

Re:why?

[Wraithlyn]

Pretty sure he knows what the actual definition of landlocked is.

And yet, everyone instantly knew what he meant. Perfectly intuitive metaphor (ie, the internet as ocean).

Re:why?

[Isaac+Remuant]

Ohhhhhh, so that's where Clouds come from. I get it now.

Re:why?

[Toze]

because it never influenced it in the first place.

Except that Michael Jackson was influenced by Little Richard, James Brown, and Diana Ross. And Michelangelo lifted Ghiberti's Gates of Paradise for the posing of the Sistine Chapel. And every artist ever is influenced tremendously by all the artists that preceded them, and no art is created ex nihilo. The arguments for not releasing an artist's work (ie copyright) are never that the artist doesn't owe anything to society, but that the artist needs to make a living, or to ensure that their children are provided for.

In other words, yes, society really is entitled to everything a person creates, ever, even if they never published it, because that person appropriated the majority of their work from society in the first place. Our societies have, in the last 400 years, been willing to trade some of what we're owed in free speech in order to provide monetary reward to the artists, but we're still owed that speech. Disney didn't invent Cinderella, Dan Brown didn't invent the Catholic church, Dan Bull didn't invent either rapping or Skyrim (nor did Bioware invent fantasy adventure or videogames, nor did Tolkien invent magic rings or elves, etc.., etc., etc.).

Re:why?

[mcgrew]

I'm sorry, is "society" really entitled to everything a person created, ever? Even if they themselves never published it to the world?

Yes. Article 2, section 8 of the US Constitution:

The Congress shall have power to... promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries;

Copyright is granted in order for more works to become the public domain's. I don't own the stories I write, you do, as does everyone else. I merely have a limited time monopoly on its publication.

My opinion is that, no, society isn't entitled to everything

Your opinion is completely unimportant. It doesn't matter of your opinion is that the sky is green, it's still not green. Your opinion is ignorant and wrong.

And I'd like to add that were copyright lengths sane, this stuff wouldn't be locked up in the first place.

Re:why?

[Em+Adespoton]

I'm sorry, is "society" really entitled to everything a person created, ever? Even if they themselves never published it to the world?

My opinion is that, no, society isn't entitled to everything - a person is quite entitled to not release something and its no loss at all to society at large, because it never influenced it in the first place.

This is an excellent point that just helped me clarify my own views on copyright:
A person or organization should not be allowed unlimited control over something they have used to influence society.
A person or organization SHOULD be allowed unlimited control over the choice of whether to use some work to influence society.

Pedants aside, and following the "Limited" discussion in the AT&T story, restricting socialization of works artificially in order to "create" value for the producer is anti-social. Therefore, it should also be anti-copyright. Someone deciding to create something based on what society has provided, but deciding not to make it available to society at large should be just fine. They should never be forced to cede control - that would be anti-social and anti-copyright.

As an analogue: If I think something but hold my tongue, it should not be legal for someone to use all means available to force me to reveal what I didn't say. But if I thoughtlessly choose to say something, I shouldn't be able to restrict who hears it and how, outside of some very limited controls agreed to by all other parties present at time of performance (speech).

The place where all this falls into trouble in copyright is that the general public is no longer the audience for the product. Consumer, yes -- but not audience. As such, by the time the work is "published" it has long since been performed, and the true audience has decided what to release to the public and how. Muddy waters indeed.

Smooth

Some smooth criminals!

Re:Smooth

[TheCarp]

Sony are you ok? Are you ok Sony?

Good marketing

[asdbffg]

Really. This will get some good buzz going in advance of Sony formally releasing the tracks.

Re:Good marketing

[DarkOx]

I certainly how those were the only copies and the hackers deleted them. If there is one thing Sony does not need its more money, and if there is one thing I don't want to have to suffer hearing on the play list of every pub, is more of that man's terrible music.

Including a large number from Michael Jackson

[Barbara,+not+Barbie]

including a large number from the late Michael Jackson

And nothing of value was lost ...

I wonder

[ooshna]

Will Sony finally get their heads out of their asses and get some adequate security now that they have gotten something important stolen from them instead of their customers?

Re:I wonder

[ZeroSumHappiness]

No. They can now just conflate crackers, hackers AND pirates and get even stricter laws into enforcement. This isn't a security problem on their end of course. This is because we're too soft on those dirty music downloaders.

Re:I wonder

[ZeroSumHappiness]

Okay, I really can't let that go.

Whoosh.

Where's the music?

[Dan+East]

So where is this music? Why hasn't it spread far and wide over the net? I suspect the hackers are holding onto it in an attempt to blackmail Sony for a big chunk of cash.

Re:Where's the music?

[ZombieBraintrust]

Hackers likely didn't know what they had. They grabbed a ton of data and used software to sift through it for passwords, credit cards and email addresses. Going through all the music and finding the songs that were unrealeased would take plenty of ears or a music matching database. That is why Sony waited a full year before talking about this.

Bad

[langelgjm]

Really, really bad.

Re:Bad

[arelas]

It's not as Black or White as you make it seem.

Re:Bad

[Metabolife]

Whatever security measure Sony had in place, these hackers beat it.

In further news ...

[Barbara,+not+Barbie]

Reporter: "So you're saying that these are unreleased tracks that were made before Michael Jacksons' death?"
Sony: "No, no - these are tracks from the LATE Michael Jackson!"
Reporter: "You mean, this is stuff from AFTER he died?"
Sony: "Exactly! This is music he created after death."
Reporter: "That's didiculous! How can he write music if he's dead?"
Sony: "He's de-composing, duh!"
Sony: "It's all in the contract. When you sign with us, we really do own your soul!"

distribution rights :)

[ciderbrew]

Sony, distribution is not a right. Well it's not now anyway.

Re:Unreleased = No Copyright?

[langelgjm]

If the songs were created anytime in the past few decades, copyright applies automatically upon fixation of the work in a tangible medium of expression. Publication is not necessary. The rules for older works get much more complicated, but unlikely to apply here.

Service to man kind

[Shivetya]

You know, Weapons of Mass Distortion...

and not all of these tracks are by artist people want to hear, I mean, there are good chances of unreleased Celine Dion tracks in there. Think of the children

Arrests will be made

Anyone want to bet that Sony will put a lot more time and money into this round of hacking versus the loss of customer data that happened previously?

Truly baffling

Ok. So 50,000 tracks got downloaded.

Let's say for sake of argument, and since this was from their digital archive according to news radio this morning, that each of these tracks were in format of uncompressed audio. Would they really keep tracks as AAC, MP3, or MPA in their digital archive? I'm gonna be generous here and say each track was 25MB. That's roughly, 125GB of data to be downloaded. That isn't something you do overnight. That's something that takes days if not weeks, and possibly a month. Massive net security failure here, or what?

You have an obviously massive amount of money invested in that archive, and yet you don't protect it with approriate network security? I have to wonder how much their yearly network security expenditure was to protect that investment. $10,000? Clearly, they still haven't gotten the message that network security is important, even after the PSN lashing.

As little as I want to sympathize with Sony and it's continual targetting by subverts of the net, I just can't. They're a multi-Billion dollar a year company who have been in business for DECADES! How are you still in business with blunders like this?!?!? How the hell can you go around dropping hundreds of Millions on music catalogues and not protect your investment?

On a personal note, I wrote off Sony in 2000 when I bought my last TV whose components shorted at half their estimated life-time. I'm just truly baffled that a company this large, and with such massive influence and monies, can't take its online presence seriously.

Support your artists

[GodfatherofSoul]

If you don't want to more and more corporate-produced, demographically-designed artists, start buying your damned CDs from the people you like instead of downloading it for free and complaining about how crappy music is nowadays. I'm not even a huge music fan, but I make a point to buy CDs when I hear something I like.

Tiny violins?

[mindcandy]

filetype:torrent "tiny violins"

Legal lock down of digital media in 5..4..3..2...

[whovian]

No matter whether Sony should've kept this on an isolated network or they weren't really planning to do anything with the tracks, I expect them to portray this incident as evidence in support of legally locking down all digital media. I would not be surprised if the "look what can happen" card will be played with renewed vigor.

Re: $50,000 Tracks

[TaoPhoenix]

Wait a minute, the Spin Doctor got here and led us right where he wants us.

So the real story is that Sony lost security on 50,000 tracks and the title became "Michael Jackson tracks copied"?! Really? They had to pick one of only about 10 Flamebait artists?

Re:But did data get out?

[Dog-Cow]

All my servers are landlocked. Unless the data center gets flooded.

Data wants to be free - arts and music need to be

[Pf0tzenpfritz]

• Michael Jackson is dead - so he is not going to finish or republish anything
• Jackson -if you liked him or not- had massive influence on pop music during his creative phase
• SONY kept unpublished works as "property" and locked away from the public
• they had no right to do so

They might be legally entitled to do so but this only shows how screwed up IP is as a concept. You can not seriously keep unpublished works of an artist locked away after his death, as they are of common interest. History of culture and especially contemporary music would be plain incomplete and partially wrong if noone can find out which pieces a major artist did not publish and for what reasons. In fine arts and literature this is considered obvious, in music it always has been - before major labels and their absurd ideas about "owning" works arose. No need to mention that creative works are not solitary, isolated entities but results and part of their cultural context. To lock this context away, means to cripple culture itself. It doesn't matter if you agree. Progress won't matter. It will just happen elsewhere.

Re:But did data get out?

[tlhIngan]

Sure, data got in, Stuxnet got in. But no data got out. If you want to protect your IP from "theft" (they still have the data, so any file sharing evangelist won't call it theft) landlocking seems like a perfect layer of security. Trusting just the one layer is not very smart, but as security layers come, in this case, it would be quite effective.
 

If Stuxnet could get in, it could leak data out (It just wasn't designed to). The fact it got in meant people with thumbdrives were regularly plugging stuff into airgapped computers, and that's your method out.

So you have an infected PC - that infected PC grabs interesting files and copies them to the thumbdrive. It also bundles in a way to infect the next PC.

The next infection, the virus determines if it can access the 'net. If it can, it transmits the secret data. If not, it assumes it's still on a secret network and goes hunting around for information to steal, waiting for someone else to plug in another thumbdrive. Maybe it also caches the previous stolen data just in case it's a mobile device that doesn't temporarily have internet connectivity.

Stuff got in and infected the secure network. Unless everything is wiped, there's no way you can assume stuff can't get back out. It'll be slow and tedious, but I'm sure Stuxnet went through a long period of debugging like that.

the "S" is for "sieve"

[swschrad]

if you got your CS skills from matchbook U, there's a job for you at Sony.

Re:50000 tracks?

[CodeHxr]

I don't think that all 50k tracks were MJ. Some were other artists, I'm sure...