Resignations Signal Generational Change at Apache Foundation
Why Gnome 2 Continues to Win the Desktop Popularity Contest
Where Open Hardware Is Today
Writing in Style With LibreOffice
Huawei and Other Mobile 'Tech Giants': You Should (Really) Break Free from Google/Android
November 3rd, 2015

Online Vigilantes: Hacking Sony for a Cause?

It would seem the day of website defacements just for the heck of it are long past. I mean, that was so 1990s, right? Today’s hacker, the ones who have meaningful targets, are having a field day. Even the huge guard at the gate, Linux server space, has been knocked aside in order to gain passage.

hacked site

And yeah, Heartbleed and Shellshock turned out to be much less of a threat than the tech world predicted. However, in various forums and other places where tech folks choose to hang out, Windows folks had a field day with all variants of “told-ya-so.” I pictured server admins running in circles with their hands flailing in the air, shouting that Armageddon was indeed here.

Regardless of the potential damage from these two vulnerabilities, it turned out to be not so bad. Patches were immediately made ready for all Debian-based distros, and others followed suit shortly after. But when the dust did settle, many of us realized that our secure-by-design systems might have some weaknesses after all.

Many of us have now installed ClamAV and Rootkit Hunter. It’s the world we live in and we can no longer afford to take the chances we have in the past, even though at least one of these vulnerabilities has been around for years. On the good side of the issue, that evil genie has been lured back into the bottle and hopefully that cork is sealed tight.

Today’s hacker isn’t the script kiddie of old. Again, hacking for the sake of hacking isn’t as prevalent as it once was. Today’s hacker is mainly focused on the money to be made by wearing the black hat. Stories in the past week or so have revealed that ransomware from one operation was netting $30 million per year. If you think that couldn’t happen to you, think again. The poor folks across the street from me were stricken with a malware/virus, and it was only the quick thinking of one of the household that kept their retirement money where it belonged. I ended up helping them retrieve their files with a live Linux USB stick and replacing her hard drive. This particular variant of malware was as tenacious as I have ever seen.

Playstation hackBut there are times when all the money in the world will not deter someone who wants revenge or payback. In some cases, even decade-long targeting doesn’t seem to lessen the anger many have.

One such target is Sony.

It’s well-known that in 2005, Sony placed what cannot be described as anything but a rootkit on some of their music CDs. The implemented code would make it all but impossible to rip those cds, and when someone attempted to circumvent the DRM, the IP number of that machine was recorded and sent back to Sony — supposedly in order for Sony to report the attempt to law enforcement. Bypassing tools to enforce DRM is strictly against the law, according to the Digital Millennium Copyright Act (DMCA).

Fortunately, that rootkit was discovered fairly soon by Mark Russinovich, co-founder of Winternals. After the disclosure, Microsoft didn’t waste any time moving toward the acquisition of Russinovich’s company, although for complete disclosure, Russinovich had been offered a job by Microsoft years before. It is suggested in some circles that Microsoft purchased the company so quickly in order to quell the entire Microsoft/Sony duplicity rumors, as some believe that Microsoft would have to know about the rootkit, given how deeply it burrowed into Redmond’s proprietary code.

Regardless of any reconciling actions or decisions, some people won’t be satisfied. Indeed, Sony has been the target of hack after hack since the 2005 incident, with even the hactivist group Anonymous getting in on the act. Last week, Bob Brown at Network World published a brief timeline of hacks on Sony that is by no means complete, but hits enough of the high points to give you an idea of just how much Sony is hated. It might be prudent for Sony to keep their collective mouths shut. Every time they make a public statement that their server infrastructure is stronger than ever, there is some guy in a two room walk-up proving them wrong.

So how much punishment is enough?

Since 2005, I have not purchased one Sony product. Neither has any member of my family. Seems kind of meaningless, huh? Yeah, really it does, but I can only hope that I am one grain of the sand it takes to screw up the inner works of the Sony machine. I despise Sony. How dare they betray the trust of their customers? A lot of people are brand-locked. Regardless of cost, once brand-locked, we will continue to buy that product. And yeah, there are more cases of other companies doing ass-hattery of one form or another, so Sony isn’t a lone wolf in the practice of screwing their customers.

So, I’ll just ask you now: Has Sony paid its debt?

**********

Reglue needs a new delivery vehicle in order to continue its mission to deliver computers to school children who can’t afford them. You can help by visiting its Indiegogo page.

Help keep FOSS Force strong. If you like this article, become a subscriber.

Ken Starks writes and publishes The Blog of Helios, a finalist in our Best FOSS or Linux Blog competition. In addition, he's the person behind the Reglue project, which refurbishes older computers and gives them to disadvantaged school kids in the Austin, Texas area. Follow him on Twitter @Reglue

6 comments to Online Vigilantes: Hacking Sony for a Cause?

  • Duncan

    Sony paid their debt? Hardly. They’re digging themselves further in the hole. See selling people playstations that run Linux, then turning around and killing the feature after purchase, among other things.

    They’ve never properly apologized or made-right the victims for being either “Sony, The Rootkit People”(TM), /or/ for deliberately killing features on products once purchased.

    And I’ve not bought anything Sony since the rootkit episode either, that I’ve known of, tho somehow I ended up with a pair of AA batteries from them, and was wondering what sort of rootkit they might attempt on the flashlight I installed them in…

    OTOH, I can’t /entirely/ blame Sony for the rootkit thing, given the precedent MS set with eXPrivacy. I knew where that was going, and jumped to Linux instead of taking the eXPrivacy downgrade from 9x, because deliberately adding mis-features that deactivate the main install if MS doesn’t like the upgrades you’ve done was crossing a line that I simply wasn’t going to cross, and given that, MS left me two choices, pirating to avoid the misfeature, or switch to Linux. By that point I knew I wanted to go freedomware, but after a decade invested in learning the MS platform, I’m honestly not sure I would have ever made the switch had MS not pushed me. But they did and I jumped, and every since I’m oh so thankful they /did/ push me.

    But as I said it was clear then where things were headed, with MS setting the precedent in not only allowing but deliberately installing malware as part of its platform, and most folks simply took it and stood there waiting for more, so it’s little surprise that Sony thought they could do it too.

    OTOH, recinding a feature after purchase, there are laws against that, and I’m still not clear how Sony legally got away with killing the Linux feature on the playstations… unless they simply bribed the folks tasked with enforcing the law to look the other way, which apparently they did given the evidence, that being the only real explanation as to why they didn’t have to effectively refund all purchasers their money and still let them keep the hardware.

    Which also explains why the US got involved in the Sony hacks as if they were attacking the US government itself.

  • Mike

    > “Which also explains why the US got involved in the Sony hacks as if they were attacking the US government itself.”

    I always thought that was fishy and am surprised no one ever mentions it.

    I stopped buying Sony stuff even before the rootkit incident. They are every bit as evil as Microsoft.

    The DMCA is also the root of much evil in the world today and needs to be abolished.

    DRM = evil
    DMCA = evil law protecting evil DRM
    Sony, Microsoft, et.al. = evil companies hiding behind an evil law.

    If a sixteen year old hacker had done what Sony did, he’d be facing years in prison as an adult, while Sony just handwaves everything away with a half-assed apology. Then a hack on Sony (a Japanese multinational conglomerate corporation) is interpreted by the U.S. govenrment as a potential act of war on the U.S. by North Korea. WTF is going on?

  • CFWhitman

    It is funny how corporations can get away completely with stuff that would get an individual a double digit prison sentence.

    I stopped buying Sony hardware long before the 2005 rootkit because it was as expensive as ever, but the quality had gone downhill. Also, they made several attempts to lock people into various technologies. However, I admit that I don’t check music discs or movies to see whether they are published by Sony or not. I already used Linux at home in 2005, so the rootkit incident was something I watched from a distance with dropped jaw (though I guess I shouldn’t have been so surprised given the sense of entitlement every member of the RIAA and MPAA seem to have).

    To forgive someone, you need to have a sense that they’ve repented (or never realized what they’d done). I’ve never gotten that kind of vibe from Sony.

  • nonya

    I agree with the other comments. Sony and others have not repented, and have not changed their ways, so why should they be forgiven. I do not buy anything Sony including anything blu-ray (Sony patented and licensed to LG among others).

  • vern

    I work in a TV station and get a vote on studio cameras. Real studio cameras start in the 10s of thousands and go up from there. Yes, the last two rounds of purchases went to the non-Sony cameras.

  • I had a PlayStation 3 for one reason and one reason only: Linux. Then came the day a couple of weeks after I bought it (used fat PS3 16GB from GameStop), I decided to play Madden NFL with a friend who brought his disc and forgot to reset it back to “Other OS” before going out. We left to a bar, and when we came back, automatic mandatory system update that removed the Other OS option. Rebooted too. I sold it after I found out that stupid mistake from Sony. I then swore, and my friend too, we’re not buying the PlayStation 4 when it’s released. Good thing we didn’t. I got him hooked on retrogaming.