Sony RootKit Still A Problem?

XMilkProject writes "Current research indicates that some "350,000 networks--many belonging to the military and government--contain computers affected by [Sony's rootkit]." This is down from over half a million last month. "The security researcher worked from a list of 9 million domain-name servers.. asking each to look up whether an address used by the XCP software--in this case, xcpimages.sonybmg.com--was in the systems' caches." Will Sony face future repercussions for this potentially long-term damage?"

Safe..

[seann (307009)]

Because new music sucks.

Makes you wonder....

[antek9 (305362)]

... what kind of person takes their Sony CDs to work in order to play them on PCs on a military network. Kinda bizarre that that's even possible.

Makes me sleep better, on the other hand, to see that there are music lovers even there.
You know how the saying goes: Where one sings you may sit down and sing along, bad people have no song. ;)

Re:Makes you wonder....

[Prophet of Nixon (842081)]

Well, the scenario of taking CDs to work to play them on networked military PCs is not implausible at all; there are thousands of GS/staff employees who do that. What is implausible, at least in my experience, is those users having admin access to their machines. Was this rootkit able to install on XP under a user or power user account?

Re:Makes you wonder....

[antiMStroll (664213)]

What's implausible is the Sony executives responsible for distributing a hidden exploit aren't basking in the Guantanamo sun. Had this been Swedish or Thai teens you can bet your ass their faces would adorn newpapers worldwide and software giants decrying the vandalism.

exactly correct

[by Anonymous Coward]

The sony rootkit fiasco is an example of criminal conduct, not a civil tort matter. Why some high level Sony USA execs aren't in the slammer now is beyond me. Like you said, if some teenage scripter had done this, they would be facing 30 years or something, but because it's a large important company they are facing a few fines.

Re:exactly correct

[BVis (267028)]

Why some high level Sony USA execs aren't in the slammer now is beyond me.

Rich people don't go to jail; also, the law hasn't caught up to this kind of crime, especially on this scale. (Martha Stewart went to prison because she was charged and convicted under well-understood and established laws.) Ask the average attorney what the crime is here and you'll get blank stares, not because it isn't blatantly illegal, but because the average person doesn't know or care about this kind of thing.

Like you said, if some teenage scripter had done this, they would be facing 30 years or something,

Unless Daddy is loaded. Then he'd get 20 hours community service and six month's probation. OTOH, if the teen in question was middle- or lower- class, its PMITA prison time.

Re:Makes you wonder....

[Tim Browse (9263)]

So the fact that you think that the Sony rootkit manages to bypass Windows admin/driver privileges is what you use as proof that the admin privileges scheme doesn't work?

There's a flaw in that logic somewhere, but I can't put my finger on it...

Re:Makes you wonder....

[Tim Browse (9263)]

I think I'll fall off my chair in shock.

While you're down there, pass me up Sony's reputation, will you? :-)

Re:Makes you wonder....

[Gonarat (177568)]

.. what kind of person takes their Sony CDs to work in order to play them on PCs on a military network. Kinda bizarre that that's even possible.

Once upon a time, bringing in the CD would have been the safest way to listen to music. Nothing can be copied to a CD, and nothing could be brought in on a pressed CD other than music. Nothing for Military Security to be worried about. Ipods and other MP3 players could potentially be used to sneak data out.

Of course now with the DRM crap on the "CD", this is no longer true. The once friendly store bought CD is now a potential risk. Way to go Music Industry! And you wonder why sales are down in 2005 from 2004...besides crappy offerings.

Re:Makes you wonder....

[drinkypoo (153816)]

IMO the problem is that the labeling restrictions for CDs are not strong enough. You can still put the "CD digital audio" logo on your audio CD if it is a CD-Extra and not just a good old Red Book CD. Without this, there might have been more consumer awareness. The properly paranoid will now note that the CD system was invented by Sony and Philips and Philips is the body behind the logos.

They might as well change their name to

[by Anonymous Coward]

NOSY

Get Back On Our Own - Boycott Sony

[Py to the Wiz (905662)]

I personally don't buy CDs so I wasn't affected but from what I've heard there are some serious problems with the "patch" Sony provided. I'm just a bit curious... Does the patch keep the rootkit permanently disabled and removed? It seems to me that if we put a deviant Sony CD back into our computer that the rootkit would just be reinstalled. Then do we have to run the patch again? This is rediculous. I've do not intend on purchasing any music that has the SONY lable on it. This to me is just plain stupid. What gives Sony the right to install deviant software on "MY" pc and then make it stealth so that I don't know it's there. As far as I'm concerned I think that's the lowest a company can go. That's stooping to the level of those bastard red headed step children Spammers/Spyware installer/Virus/worm pushing assholes.

I'm to the point now watching this rediculous attempt from Sony to attach it's controls on something that I purchase the rights to use/listen/backup and trying to enforce through deviant means. What is this rootkit supposed to do!? They just wanted to install it for the Hell Of It? Nope, it's supposed to reinforce their stupid DRM bullshit and keep me from listening to the music that I paid for. I'm to the end of my rope. I think that there needs to be a group or mutiple groups put together that should purposefully break what Sony is trying to do. I've been years out of the programming/Computer industry and thus lack the skills to do it, but I think that we should form Anti-DRM, anti-Sony groups to demolish the protection that they put on their stupid CD's. I will not from this day forward purchase anymore music from Sony until they drop their Bullshit practices. I call for a Boycot of Sony's Music. I'm not sure what one man can start, but I'll be damned if I'm going to stand around any longer and watch Sony impose itself on me! They want me to buy their shit, then they want to enforce by deviance their policy, and after all that they hijack my PC for WHo knows what! Ahhh! Time for a Revolution. I love my PS2, but am refusing to play it again until SONY stops all this Bullshit! No more video games purchased either. Damn you Sony! Leave me the Hell alone! Stay off of my Computer and my CD's! Damn you!

With that said, I feel somewhat better, but am still disturbed deep inside that they would have to stoop to that level to try and enforce their protection. Maybe they don't realize that as the sound comes out of the speakers it can be recorded with a MIC and pirated that way, or through LINE OUT. Damn them. Rant Over.

Re:Get Back On Our Own - Boycott Sony

[Luke PiWalker (946528)]

Better yet, you could take in an old box and drop it on the front desk and go "Excuse me, you've installed a virus on my PC via a Sony CD. Will you be removing it or should I charge by the hour at £X00(add as many 0s as you likee, but 2 sounds about right) for having to remove it via a repair guy (don't say you, it seems supicious).

Demand compensation (for petrol to get there), the money to fix it and if they refuse tell them you'll take them to court for the damages (claim the box was used for something important like hosting websites and the rootkit has not passed some safety tests that all servers must pass at your company).

Aww the fun of being a sick little geek :D

Re:Get Back On Our Own - Boycott Sony

[utexaspunk (527541)]

So... you're going to boycott Sony by not playing the PS2 that you already paid for? How is that hurting Sony? Why not sell your PS2? Then you've at least possibly deprived Sony of purchase.

But then, the division that makes the PS2 is fairly disparate within the company from the one you're attempting to hurt. But then you've already admitted that you don't buy CD's, the record company couldn't really care less about you. Still- why attempt to harm the folks within the company who make a cool product for th

The quote that sums it up

[by Anonymous Coward]

"While the security issues related to the copy-protection software have apparently affected U.S. government and military computers, the Department of Justice will not likely get involved, said Jennifer Granick, executive director of the Center for Internet and Society at Stanford Law School.

"I don't see the federal government suing a big company like Sony," she said. "The fact that military networks have likely been affected by this won't change that."

I for one, welcome our new corporate overlords.

[Dr. Evil (3501)]

The answer is clear. The U.S. must invade Japan to overthrow the government responsible for this cyber terrorism.

Apology?

[omeg (907329)]

By the way, regardless of the magnitude of this problem currently, has Sony ever formally apologized for their damaging rootkit? They've said that most people "shouldn't care", or that it was their "right" to cripple people's computers, but I've not once heard them say sorry. Can anyone clarify?

Re:Apology?

[ai3 (916858)]

There you go:

http://ars.userfriendly.org/cartoons/?id=20051117& mode=classic [userfriendly.org]

Repercussions? Nah.

[Alizarin Erythrosin (457981)]

Will Sony face future repercussions for this potentially long-term damage?

Probably not. They're already getting off somewhat easy for the original hubub.

Settled too soon.

[gasmonso (929871)]

If you look at the settlement in the New York District court it is nothing more than a slap on the wrist. Sony knowingly infected computers with what amounts to a trojan horse. In return they have to pay a little money and promise not to do it again. That's insane when you consider the witch hunts that have taken place for 16 year-old kids releasing a virus. Sony needs to pay and pay dearly for their deliberate criminal actions. The government always wants to send hackers a strong message...well then the same applies to corporations!

http://religiousfreaks.com/ [religiousfreaks.com]

You obviously didn't read the settlement

[TubeSteak (669689)]

As part of the settlement, Sony is agreeing not to enforce two key portions of the EULA

1. A $5 limit on damages
2. The requirement that you must sue Sony in New York

Once the settlement is official, Sony will have opened themselves up, such that they can be sued in court anywhere in the United States.

Small claims court is the most likely venue, because you don't really need a lawyer to represent yourself and if Sony doesn't send a representative, you get a default judgement.

Collecting might be a bitch, but in this case, it definitely won't be the lawyers making all the money.

I'm not sure how the EULA is relevant...

[blorg (726186)]

...if you clicked 'Don't Agree' to it and the rootkit installs itself anyway.

Repurcussions? No.

[mindaktiviti (630001)]

"Will Sony face future repercussions for this potentially long-term damage?"

No they won't because they're a huge multinational corporation who will probably layoff some employees and reward their top execs from the whole ordeal. I'm not trying to be some hippie about this, it's just the way the world works.

Sony's unintended consequences hurts them

[digitaldc (879047)]

Robert K. Merton listed [atfreeweb.com] five causes of unanticipated consequences:
(I have applied them to Sony's decision to use rootkits)

1. Ignorance (It is impossible for Sony to anticipate everything.)

2. Error (Incomplete analysis of the rootkit problem, or following habits that worked in the past but may not apply to the current situation.)

3. Immediate interest in stopping a computer from copying something, may override long-term interests of sustaining their reputation as honest and trustworthy.

4. Basic values of trusting your customers may require or prohibit certain actions like installing a rootkit, even if the long-term result might be unfavorable. (These long-term consequences may eventually cause changes in those same basic values.)

5. Installing malware on people's computers is always a self-defeating prophesy (Fear of some consequence drives people to find solutions before the problem occurs, thus the non-occurrence of the problem is unanticipated.)

Re:Sony's unintended consequences hurts them

[hackstraw (262471)]

1. Ignorance (It is impossible for Sony to anticipate everything.)

2. Error (Incomplete analysis of the rootkit problem, or following habits that worked in the past but may not apply to the current situation.)

3. Immediate interest in stopping a computer from copying something, may override long-term interests of sustaining their reputation as honest and trustworthy.

4. Basic values of trusting your customers may require or prohibit certain actions like installing a rootkit, even if the long-term result might

Simple answer..

[ThePatrioticFuck (640185)]

Will Sony face future repercussions for this potentially long-term damage?

Of course not. They may pay a (relatively) small fine or two, but a quick a donation to a politician here and there, and that'll be all she wrote.

Government and Military

[mendaliv (898932)]

The whole concentration on the fact that military and government computers were infected is a tad sensationalist. You hear military or government and see DARPA or CIA.

In all odds the machines they're talking about are your typical office machines, used mostly for clerical work. Your network admin might not really worry or care about someone screwing it up; in all odds the people using them don't know enough to mess stuff up that badly.

I think all this is going to entail is the IT divisions of the important branches of the US government running rebuilds a little ahead of schedule...

Sony won't be harmed, users will

[Perl-Pusher (555592)]

"Will Sony face future repercussions for this potentially long-term damage?"

Sony won't be harmed at all. But since this incident an Air Force unit I used to belong to can no play music cd's on computers. Doing so can result in corporal punishment.

Re:Sony won't be harmed, users will

[FirstTimeCaller (521493)]

Doing so can result in corporal punishment.

Typical military! Meanwhile, the sergeants, lieutenants, captains, colonels and generals can do whatever they please.

Re: Sony won't be harmed, users will

[Black Parrot (19622)]

> They give spankings in the Air Force?

Yeah, and they have a "don't ask, don't tell" policy regarding whether you like it, too.

Re:Sony won't be harmed, users will

[Perl-Pusher (555592)]

It's also a slang term for non-judicial punishment,letter of reprimand, article 15 etc. Yes, it also means spanking. The term corporal punishment, is a variation from the term "slap on the wrist".

Problem not eliminated

[gbobeck (926553)]

Part of the problem with the Sony Rootkit is the fact that many stores **STILL** are selling the rootkit enhanced CDs.

I personally have seen this at several Borders stores in my area, and each time I mention this to the management I recieve blank "deer in the headlights" looks.

Re:Problem not eliminated

[quokkapox (847798)]

You would receive a similar blank stare if you remarked about mercury levels in the cans of tuna you are buying at the grocery store.

The retail checkout line is not the place to wage these types of battles.

Re:Problem not eliminated

[jonfelder (669529)]

The original post said management.

While the person replying said "checkout line", the original post still makes sense.

Re:Problem not eliminated

[meringuoid (568297)]

rootkit enhanced CDs

This battle is one of propaganda as much as anything else. If you use the enemy's terminology, you've already lost.

These are rootkit infected CDs. Use that phrase in conversation with your non-techie friends. 'Damn, I got an infected CD from Sony.' They'll not grasp all the geek details, but they'll get the picture.

Similarly, call what it is trying to do 'Digital Restrictions Management' whenever you have to explain what 'DRM' is. It's a far truer portrayal of what's going on.

Sony, the new ELO?

[by Anonymous Coward]

...I heard somewhere that if you play these new Sony CD(s) backwards, the rootkit data will say, "yur sole iss miiine. yur sole iss miine. Haaaaale Goooooogle! Whaaaaaat issss thigh bidding miii massster? RaaaaaaaaaaAaAaaAaaa!" ...and a plume of blood will shoot out of your CD tray and melt your face like that dude from Raiders of the Lost Ark.

\\//_

End result

[quokkapox (847798)]

These CDs will be out there forever, in users' libraries and bought and sold by used CD shops and flea markets. The end result of this fiasco is that Sony discs are something you watch out for and don't risk sticking in your computer, unless you're running the latest antivirus/antispyware software.

Sony == Dangerous to my PC

What a great way to promote a brand.

Sadly, no.

[sethadam1 (530629)]

Sadly, not only will Sony face no long term damage, but this will be a blockbuster year for them as they release PS3 and millions of quick-to-forget Slashdotters rush out to buy a PS3.

If consumers were smart, they'd go buy a Nintendo Revolution - or even an Xbox - and intentionally skip the next Playstation. Unfortunately, they won't, because their souls are fueled by acquisition and shiny-new-toy syndrome.

Nah they will get off scott free

[falcon5768 (629591)]

They are a company, and a VERY large one to boot. They honestly can do no wrong unless it involves actually stealing money and getting caught doing it, and even then they would get away with it after they make a big scene to asure the public.

See Sony does things like this and its called a mistake. A hacker does something much less, and its call terrorism. Go USA!

Governement PCs

[ArchAbaddon (946568)]

"350,000 networks--many belonging to the military and government..."

I used to do assistant net admn in the armed forces, and it's amazing how little security there is on most military computer networks. They don't allow DHCP, but as the admin I found that there were no lockdowns on installing software like AIM and such. Only problem was, network security was dictated by higher commands, so I could do nothing but watchdog the system.

So it's really no suprise to me to so this rootkit affecting so many military and government compys, given their lack of conecern about system security.

Re:Governement PCs

[SydBarrett (65592)]

A few years ago a friend of mine gave me some old hard drives he got from the Army which was going to be tossed out. I tossed one of them in an old 486 I had lying around and after windows 95 bitched about missing hardware etc., up came a notice that THIS IS ARMY DATA BLAH BLAH BLAH. It didn't have any super secret documents but it did have MS Word, some shareware card games, and about 3 different viruses. Any AV software installed? Nah.

Pwned

[Nom du Keyboard (633989)]

Sony only agreed not to ship more CD's with the existing rootkits. Nothing against improved versions. In fact...

Your new Sony-BMG non-standards compliant music disc contains the Pwned.exe wonderful pretty music player. Click here to hear the music you've already paid for. Remember, you cannot return opened CD's for any refund. Have a nice day!

Never made sense

[SiliconEntity (448450)]

Those figures reported for the rootkit infections never made sense. Half a million computers? As respected security expert Bruce Schneier noted: [schneier.com]

"Even more interesting is that there may be at least half a million infected computers... I say 'may be at least' because the data doesn't smell right to me. Look at the list of infected titles, and estimate what percentage of CD buyers will play them on their computers; does that seem like half a million sales to you? It doesn't to me, although I readily admit that I don't know the music business."

As Schneir notes, these are not big selling CDs. Here is the list from the EFF link above:

Trey Anastasio, Shine (Columbia)
Celine Dion, On ne Change Pas (Epic)
Neil Diamond, 12 Songs (Columbia)
Our Lady Peace, Healthy in Paranoid Times (Columbia)
Chris Botti, To Love Again (Columbia)
Van Zant, Get Right with the Man (Columbia)
Switchfoot, Nothing is Sound (Columbia)
The Coral, The Invisible Invasion (Columbia)
Acceptance, Phantoms (Columbia)
Susie Suh, Susie Suh (Epic)
Amerie, Touch (Columbia)
Life of Agony, Broken Valley (Epic)
Horace Silver Quintet, Silver's Blue (Epic Legacy)
Gerry Mulligan, Jeru (Columbia Legacy)
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
The Bad Plus, Suspicious Activity (Columbia)
The Dead 60s, The Dead 60s (Epic)
Dion, The Essential Dion (Columbia Legacy)
Natasha Bedingfield, Unwritten (Epic)
Ricky Martin, Life (Columbia) (labeled as XCP, but, oddly, our disc had no protection)

While Dan Kaminsky's methodology seems basically sound, if the results don't add up it suggests that there is something else going on. Maybe somehow each computer queried more than one DNS server, or some similar effect occured to artifically inflate the number of computers he is counting.

Boycott *ALL* Sony products ...

[Micah (278)]

... for at least a year. That's what I'm doing, even though I didn't buy any affected CDs. Yes, they did make token attempts to make things better for some victims, but they NEED to suffer a while for such a stupid decision. Any company that thinks it's OK to install malware on their paying customers' computers does not deserve my business, and it does not deserve yours.

Yes, I know that SONY is a huge company with lots of independent decisions. But it's all one corporation, and it needs to feel pain for this stupidity. Its size just gives us more opportunities to boycott it. No Sony tapes, no Sony TVs, no Sony cameras, no SONY nothing until this year is over.

The boycott needs to be for a limited time; that's why I said a year. If we never start buying from them again, then they lost us no matter what. If the boycott is for a finite time, then they know they can sell to us again ---- as long as they don't repeat this silliness. If they do, they should expect more pain.

Re:Boycott *ALL* Sony products ...

[Jurph (16396)]

Boycotts are basically ineffective unless tied to a publicity effort. A good way to get this to work is to volunteer to write consumer electronics articles for a local paper. Anytime a SONY product comes out, volunteer to review it, and call SONY and ask them if they think "accusations that they have violated customers' privacy" and "threats of boycotts" will impact their sales of this product. Include it in a basically favorable review, but close with a line like "Can this product's performance sway the

The right thing:

[jafac (1449)]

I think that what is needed, is an Explorer plugin, to be made freely and widely available, which circumvents this "cloaking" technology (using Mark Russinovich's term).

If all of this "cloaking" crap were to be made irrelevant, then these kinds of things would no longer be a security issue - it would return administrative control over machines to the machine's owner. Whether that's Symantec's cloaking for their recycle bin, or whether it's Sony's rootkit, or anything else.

Computer owners don't need a corporate nanny protecting them from shooting themselves in the foot. Good software design does that. Not sneak tactics.

Of Course, that is Sony's Security Policy

[slashbob22 (918040)]

Security through Obscurity.

Re:Of Course, that is Sony's Security Policy

[BrynM (217883)]

Security through Obscurity.

You missspelled "obsurdity". Why do people keep doing that? ;)

Re:Nothing for you to see here. Please move along.

[by Anonymous Coward]

Er no you didn't. $sys$ is what you want.

Re:How-to?

[earthloop (449575)]

You do a non-recursive lookup.


[root@kryten pete]# nslookup
> set norecurse
> www.xmob.co.uk
Server: 192.168.0.1
Address: 192.168.0.1#53

Name: www.xmob.co.uk
Address: 217.77.184.55

> www.microsoft.com
Server: 192.168.0.1
Address: 192.168.0.1#53

Non-authoritative answer:
*** Can't find www.microsoft.com: No answer
>