Revisiting the Infamous Sony BMG Rootkit Scandal 10 Years Later

alphadogg writes: Hackers really have had their way with Sony over the past year, taking down its Playstation Network last Christmas Day and creating an international incident by exposing confidential data from Sony Pictures Entertainment in response to The Interview. Some say all this is karmic payback for what's become known as a seminal moment in malware history: Sony BMG sneaking rootkits into music CDs 10 years ago in the name of digital rights management. 'In a sense, it was the first thing Sony did that made hackers love to hate them,' says Bruce Schneier, CTO for Resilient Systems. Sony's scheme was revealed on Halloween of 2005, and was followed by a botched response, issuing and reissuing of rootkit removal tools, and lawsuits. There are object lessons from the incident which are relevant today.

Me too!

[fizzer06]

made hackers love to hate them

I'm not a hacker, but I hate Sony too.

Re:Me too!

[pr0t0]

I just posted this the other day, but is relevant and bears repeating:

More than a few years ago, Sony put rootkits on some of their music CD's. It was abhorrently wrong, they knew it, they did it anyway. That was the last straw for me. It came after SOE released Everquest II incomplete and broken. It came after proprietary audio formats (strong push against MP3) and proprietary media. It was during a time of suing grandmothers for music downloading. It was during a time of Sony's clear (ongoing?) campaign against its customers and fans.

Since that time, I have not purchased Sony music, will not buy Sony consumer electronics, and won't even see a Sony pictures movie. I boycott ALL Sony related products and services, and have for the last ten years. People need to wake up and exercise the only power they have by voting with their wallets. We have to keep these companies terrified that such missteps will lead to their ruin, or else sleep in the bed we made without complaint.

FYI - Here's a pretty comprehensive list of Sony's subsidiaries: https://en.wikipedia.org/wiki/...

Yup paving the way

[silas_moeckel]

To show that the government is unwilling to play fairly. The Rootkit should have gotten executives jailed and massive fines. Instead it was a fairly minor lawsuit and move on with business.

Schneier is not just a blog!

It contains priceless discussions, too! Often more technical and polite than most forums..

In case you missed them, here is some coverage of the Sony BMG Rootkit and a few later articles which reference it:

https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/essay...
https://www.schneier.com/blog/...
https://www.schneier.com/essay...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...

The Object lessons

[MrKaos]

For Sony there is little doubt the object lessons were "Now how do we do this and not get caught?"

Re:The Object lessons

[whoever57]

For Sony there is little doubt the object lessons were "Now how do we do this? "

FTFY

Given the tiny fine that Sony was required to pay for the rootkit fiasco, I doubt that they really care about getting caught.

Re:Please: You WISH you were me... apk

[bigfinger76]

No one gives a shit, APK. Not one person here gives a shit about anything you have to "say".