Author Topic: Sony's Rootkits  (Read 3468 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Sony's Rootkits
« on: November 14, 2005, 02:12:48 pm »
I think this was discussed somewhere else here, but I don't feel like looking.  What Sony's done is preposterous.  I love that word :).  Anyway, it "cloaks" all files names $sys$ by kernel level hooks, making it extremely easy for a virus to cloak itself (just a filename; and it's been done already).  If you attempt to remove it yourself, you will more than likely trash your system.  To remove it, you have to get Sony's tool, but to get that, you have to sign up for their spam.  Thanks!

Also, it phones back to Sony every time you play a song off their CDs.  It's a very small step for them to phone home every time you play a song off a competitor's cd.  An invisible, hidden rootkit, with kernel hooks, that could be used for marketing? This is worse than spyware. 

Here's instructions on how to cloak your very own virus/malware!
Quote
How to use Sony cloaking

1) Write standard virus/trojan
2)  Trick poor person to run on computer (easy right?)
3) Name it with $sys$
4) It is now cloaked by the Sony DRM.

Here are a couple statements by real people:
Quote
Sony needs to pay big for this.  I'll never buy a Sony/BMG item again... no apology is enough.

The way I see it, this is no different than a company orchestrating a mass breaking and entering on all of their customers.  This is like if Matag hid the Matag man* INSIDE the dish washer so that he could rummage through your home in the middle of the night.

There is no excuse for what they've done... and there needs to be a very real public acknowledgment and discussion about what to do about the RIAA/MPAA -- let's face facts; what Sony has done is not an isolated case.  This is only the logical conclusion in a string of damn near or should be criminal actions either committed or proposed by the big media names of the world.

They need to be reminded that the consumer base are not cattle to be used.  They exist to service us, not vice versa... and the base of corporate leadership which harbors the idea that we exist to supply them with money exclusively... the ethically challanged of our world if you will... must be purged from all positions of power, whatever the cost.

This is only a symptom of a greater problem.

            -bkfsec


* Only an example.  I have no intention of maligning Matag with it.
p.s. Some people refuse to say that this is a malicious action on Sony's part.  Now I'm going to speak truth to the situation.  There is no mistake that this is a malicious act against their customers.  If it was not malicious, they would not have had to hide it.

Quote
I agree with Barry 100%. If they are allow to contiune down this road,
then all companies will follow (not just record companies). They should
have never used kernel hooks, it is very clear they have no idea what a
rootkit is and they have no idea how dangerous it can be for the normal
user. Remind me why I should give them money again?

They treat us all like cattle, as Barry said.

Does this stop a person from getting the songs off BitTorrent? No
Does this stop a person from ripping the songs off of the CD? No, use
linux...noobs can even use a bootable Linux CD.

So who is this act really hurting? Normal CUSTOMERS that paid money to
buy a product they offer.

This outcome of this will hurt more than normal customers, it will hurt
companies that do everything they can to protect their employees and the
public from the danger. There was talk that the Sophos UnMasking Tool
may be against the DMCA. WTF?

Are you kidding me....forget the RIAA, buy Indie

-Todd

Quote
They treat us like cattle?  I think this treatment is worse than
convicted child molesters.
- You have a EULA that no reasonable person can understand
- If you go bankrupt, you loose rights to the music.
- If you loose the orignals, you loose rights to the music.
- Sony has the right to install anything they want on your computer
and do anything they want.
- Right now the program phones home with info every time you play a
song.  How long before it phones home when you play competitors songs?
 Or prevent you from going to an independent music site?
- Trying to remove the rootkit can trash your system
- To get the removal program, you need to sign up for Sony marketing.

And as long as we're speculating on how they're going to use the data they're collecting from the removal process, note that everyone is provided with a "case ID".  Roll this around for a minute and think to yourself "Why would Sony want a list of people that they know have removed DRM software from their computers?"

If the term "future law suits for copyright infringement" pops into your head, you wouldn't be alone.

I think that collecting marketing information is only the tip of the iceberg for what they could choose to do with that data.

Quote
I hope that this triggers a DMCA battle.  It will either invalidate a portion of the DMCA or show that the DMCA actually hurts normal people rather than helping them.  We all know that the DMCA is too broad, and until now it's largely only hurt researchers and entrepreneurs.  So I say let's let the whole thing circle the drain.  Let's force the issue.  Let's bring this to its ultimate extent.

Maybe then we can get some real public outcry.  Maybe then, when the vaunted ideal of capitalism, the sanctity of personal property, is being trampled by the corporate sector and the government, people will realize that the man behind the curtain does not have their best intentions in mind.

Until then, I don't think that one can morally accept and go along with the actions of corrupt individuals.  I say that if Sophos' removal tool is struck down, the international nature of the internet must be leveraged to ensure that the removal tools themselves can never disappear.  Treaties only reach so far.  What Sophos has done is honorable and just.  They deserve our support... as does their cause in this case.  It is important for people to control what is within their realm of property.  What's next?  TVs with CCTV cameras in them sitting on a wall in our apartments and only a small nook to hide in ourselves?  I see no difference between that and what Sony has done...

            -bkfsec


...... and a response from Sony:
Quote
[snip]

Beleaguered Sony BMG will temporarily suspend the manufacture of copy-protected CDs and re-examine its digital-rights management strategy, the media giant said on Friday.

The company has been widely criticized by consumers, security experts and digital-rights advocates for the surreptitious copy-protection programs that Sony BMG CDs install on consumers' computers. Digital-rights advocates and consumer attorneys are preparing nearly a half dozen legal actions against the music giant.

While the company is re-evaluating its inclusion of the Extended Copy Protection (XCP) technology produced by U.K.-based First 4 Internet, the company stood by its right to protect its music.

Here is the full statement:

We are aware that a computer virus is circulating that may affect computers with XCP content protection software. The XCP software is included on a limited number of SONY BMG content protected titles. This potential problem has no effect on the use of these discs in conventional, non-computer-based, CD and DVD players.

In response to these events, SONY BMG has swiftly provided a patch to all major anti-virus companies and to the general public that guards against precisely the type of virus now said to exist. The patch fixes the possible software problem, and still allows CDs to be played on personal computers. It can be downloaded at http://cp.sonybmg.com/xcp/. Starting today, we will also be adding this link to the SONY BMG label and corporate sites. We deeply regret any possible inconvenience this may cause.

We stand by content protection technology as an important tool to protect our intellectual property rights and those of our artists. Nonetheless, as a precautionary measure, SONY BMG is temporarily suspending the manufacture of CDs containing XCP technology. We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use. More information about our content protection initiative can also be found at: http://cp.sonybmg.com/xcp.

[snip]

Translation:
Quote
We're going to get our asses kicked in court.  In fact, truth be told, we know that if we didn't take some kind of action immediately, some of our executives stand a chance of going to jail - possibly even in foreign countries.

Having said that, we still see you cattle as a source of limitless resources and refuse to accept that you have rights.  Fair Use?  Hahahah... The only fair use is our use of you to make ourselves rich and to screw our artists.

All your base are belong to us and all that jazz.

Anyway, the bottom line is, I'm going to start to tread Sony like Cisco: not worthy of my trust/business. 

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: Sony's Rootkits
« Reply #1 on: November 14, 2005, 04:11:23 pm »
All our base, are belong to them. :(

This is why I don't buy music, other then from a select few.  ;)
And like a fool I believed myself, and thought I was somebody else...

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Sony's Rootkits
« Reply #2 on: November 20, 2005, 10:42:26 pm »
"Your One-Stop Shop for Sony Lawsuit Information"

http://www.sonysuit.com/

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Sony's Rootkits
« Reply #3 on: November 21, 2005, 01:29:31 am »
"Your One-Stop Shop for Sony Lawsuit Information"

http://www.sonysuit.com/

LMFAO!

I was actually telling one of my teachers about this (one who has a pretty strong interest in technology), she was pretty shocked.

When I first read this, I was moderatly surprised, but I didn't even realize the full potential of the problem.  I'm glad you shared this with us, iago.
« Last Edit: November 21, 2005, 01:31:37 am by Sidoh »

Offline Armin

  • Honorary Leader
  • x86
  • Hero Member
  • *****
  • Posts: 2480
    • View Profile
Re: Sony's Rootkits
« Reply #4 on: November 22, 2005, 05:48:27 pm »
You can also use this to hide hacks and cracks from Warden.
Hitmen: art is gay