It would seem the day of website defacements just for the heck of it are long past. I mean, that was so 1990s, right? Today’s hacker, the ones who have meaningful targets, are having a field day. Even the huge guard at the gate, Linux server space, has been knocked aside in order to gain passage.
And yeah, Heartbleed and Shellshock turned out to be much less of a threat than the tech world predicted. However, in various forums and other places where tech folks choose to hang out, Windows folks had a field day with all variants of “told-ya-so.” I pictured server admins running in circles with their hands flailing in the air, shouting that Armageddon was indeed here.
Regardless of the potential damage from these two vulnerabilities, it turned out to be not so bad. Patches were immediately made ready for all Debian-based distros, and others followed suit shortly after. But when the dust did settle, many of us realized that our secure-by-design systems might have some weaknesses after all.
Many of us have now installed ClamAV and Rootkit Hunter. It’s the world we live in and we can no longer afford to take the chances we have in the past, even though at least one of these vulnerabilities has been around for years. On the good side of the issue, that evil genie has been lured back into the bottle and hopefully that cork is sealed tight.
Today’s hacker isn’t the script kiddie of old. Again, hacking for the sake of hacking isn’t as prevalent as it once was. Today’s hacker is mainly focused on the money to be made by wearing the black hat. Stories in the past week or so have revealed that ransomware from one operation was netting $30 million per year. If you think that couldn’t happen to you, think again. The poor folks across the street from me were stricken with a malware/virus, and it was only the quick thinking of one of the household that kept their retirement money where it belonged. I ended up helping them retrieve their files with a live Linux USB stick and replacing her hard drive. This particular variant of malware was as tenacious as I have ever seen.
But there are times when all the money in the world will not deter someone who wants revenge or payback. In some cases, even decade-long targeting doesn’t seem to lessen the anger many have.
One such target is Sony.
It’s well-known that in 2005, Sony placed what cannot be described as anything but a rootkit on some of their music CDs. The implemented code would make it all but impossible to rip those cds, and when someone attempted to circumvent the DRM, the IP number of that machine was recorded and sent back to Sony — supposedly in order for Sony to report the attempt to law enforcement. Bypassing tools to enforce DRM is strictly against the law, according to the Digital Millennium Copyright Act (DMCA).
Fortunately, that rootkit was discovered fairly soon by Mark Russinovich, co-founder of Winternals. After the disclosure, Microsoft didn’t waste any time moving toward the acquisition of Russinovich’s company, although for complete disclosure, Russinovich had been offered a job by Microsoft years before. It is suggested in some circles that Microsoft purchased the company so quickly in order to quell the entire Microsoft/Sony duplicity rumors, as some believe that Microsoft would have to know about the rootkit, given how deeply it burrowed into Redmond’s proprietary code.
Regardless of any reconciling actions or decisions, some people won’t be satisfied. Indeed, Sony has been the target of hack after hack since the 2005 incident, with even the hactivist group Anonymous getting in on the act. Last week, Bob Brown at Network World published a brief timeline of hacks on Sony that is by no means complete, but hits enough of the high points to give you an idea of just how much Sony is hated. It might be prudent for Sony to keep their collective mouths shut. Every time they make a public statement that their server infrastructure is stronger than ever, there is some guy in a two room walk-up proving them wrong.
So how much punishment is enough?
Since 2005, I have not purchased one Sony product. Neither has any member of my family. Seems kind of meaningless, huh? Yeah, really it does, but I can only hope that I am one grain of the sand it takes to screw up the inner works of the Sony machine. I despise Sony. How dare they betray the trust of their customers? A lot of people are brand-locked. Regardless of cost, once brand-locked, we will continue to buy that product. And yeah, there are more cases of other companies doing ass-hattery of one form or another, so Sony isn’t a lone wolf in the practice of screwing their customers.
So, I’ll just ask you now: Has Sony paid its debt?
Reglue needs a new delivery vehicle in order to continue its mission to deliver computers to school children who can’t afford them. You can help by visiting its Indiegogo page.
Help keep FOSS Force strong. If you like this article, become a subscriber.
Ken Starks is the founder of the Helios Project and Reglue, which for 20 years provided refurbished older computers running Linux to disadvantaged school kids, as well as providing digital help for senior citizens, in the Austin, Texas area. He was a columnist for FOSS Force from 2013-2016, and remains part of our family. Follow him on Twitter: @Reglue