In an effort to protect their music, Sony used a rootkit tool on their CDs. However, the tool did more harm than good, as consumers were experiencing a wave of malicious software, but what exactly happened here?
In 2005, Sony shipped out over 22 million CDs that installed highly invasive malware that hid from computer users. It prevented CDs from being copied and collected listening history. It was known as the Sony Rootkit Scandal.
The Sony Rootkit Scandal
Tech security expert Mark Russinovich published his discovery on his blog about spyware he found. The expert wrote on his blog on October 31, 2005, about this spyware known as a rootkit. The rootkit secretly installed itself on Russinovich’s computer.
Upon further investigation, the tech security expert discovered that the rootkit was connected to the music player included in Sony music CDs. The program was hidden from users, secretly collecting their listening history. The spyware also prevented other third-party audio programs from reading and copying the disc. Earlier, F-Secure, a computer security firm in Helsinki, reached out to Sony to report on the exact same thing Russinovich would discover in the next two weeks.
It was estimated that the rootkit was loaded into around 25 million CDs. Reports claimed that the spyware infected more than 550,000 networks in more than one hundred countries. It was discovered that US military and defense networks were also compromised.
Upon discovery, Sony BMG’s president, Thomas Hesse, said that he thinks most people don’t know what a rootkit is and shouldn’t worry about it. But the company was forced to settle many lawsuits with customers and attempted to repair the lost trust of the public. (Source: FSFE)
The rootkit’s initial purpose was to hide software that prevented listeners from making more than three copies of Sony BMG’s proprietary music. It was created as a copy protection software but in effect, what it did was open up the users’ computers for worms, viruses, and other malware. (Source: Technology Review)
How Did Sony Build the Rootkit?
To safeguard their music from being illegally copied, Sony BMG enlisted the help of two tech companies. A UK company called First 4 Internet and Arizona-based company SunnComm.
Initially, First 4 Internet wasn’t hired to create the system for Sony BMG. They were tasked to deter the copying of pre-release music by Sony’s employees and other contractors and their recipients. They later developed a more robust system that would work with consumer CDs. The CD had to be playable on any device its owner may own, but the system would ensure that if the CD were copied, the copy wouldn’t play.
What’s more trivial with the approach First 4 Internet took was that the system was invisible. Another thing worth noting about the system’s design is that when a third-party music player attempts to play the music, the system detects it and plays random noise.
The system was also created to copy multiple files and drivers and burrow itself deep within system files and programs. The company’s hiding technique was highly effective because no security expert noticed it for at least six months. (Source: Technology Review)