Next Generation Emulation banner

Sony, Rootkits and Digital Rights Management Gone Too Far

5048 Views 118 Replies 21 Participants Last post by  __Xzyx987X
Story can be found here.

This really makes me feel glad I don't listen to any music being published by Sony, seeing it installs stuff worse than spyware on my computer.

There's a few interesting posts underneath the blog, I'll quote a few.

INAL, but this appears to be illegal in the State of California, punishable by a $1000 fine per computer affected.

California Business & Protections Code Section 22947.3, Paragraph C:

A person or entity that is not an authorized user, as defined in Section 22947.1, shall not, with actual knowledge, with conscious avoidance of actual knowledge, or willfully, cause computer software to be copied onto the computer of a consumer in this state and use the software to do any of the following:
...
(c) Prevent, without the authorization of an authorized user, an authorized user's reasonable efforts to block the installation of, or to disable, software, by doing any of the following:
(1) Presenting the authorized user with an option to decline
installation of software with knowledge that, when the option is
selected by the authorized user, the installation nevertheless proceeds.
(2) Falsely representing that software has been disabled.

This is some horribly written legislation (difficult to parse), but it appears that you must be able to specifically decline to install software (regardless of EULA conditions).
Hi,

If this is a British company, or one which operates from the UK then they may have fallen foul of UK law, specifically the Computer Misuse Act 1990 as follows:

"3.-(1) A person is guilty of an offence if-
he does any act which causes an unauthorised modification of the contents of any computer; and
at the time when he does the act he has the requisite intent and the requisite knowledge.

(2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing-
to impair the operation of any computer;
to prevent or hinder access to any program or data held in any computer; or
to impair the operation of any such program or the reliability of any such data.

(3) The intent need not be directed at-
any particular computer;
any particular program or data or a program or data of any particular kind; or
any particular modification or a modification of any particular kind.

(4) For the purposes of subsection (1)(b) above the requisite knowledge is knowledge that any modification he intends to cause is unauthorised.
(5) It is immaterial for the purposes of this section whether an unauthorised modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary.
"

It would seems that this law would apply to any UK citizen who's PC was affected by this software. It would be interesting to see what the consiquences of this would be for the company in question.

Kind Regards

Simon
21 - 40 of 119 Posts
Sony Rootkit CD providers!

As stated on the story: Sony DRM Installs a Rootkit, it seems that some of Sony's disks install a rootkit on your system after you try to listen them on your PC.

Why does it matter?

A rootkit is A type of Trojan that keeps itself, other files, registry keys and network connections hidden from detection. It runs at the lowest level of the machine and typically intercepts common API calls."

It is dangerous because hackers and virus writers can use it to help the attacker [hacker] to maintain his or her access to the system and use it for malicious purposes

On this page one of the developers at SysInternals explains what and how is the rootkit installed WITHOUT ASKING YOU when you insert any of the affected AUDIO CD's to play them on your computer running WINDOWS

Which CD's?
I have made a list of the CD's that are "Enhanced" and "Copy Protected" from sony with the XCP copy protection that provides a Rootkit.

It is easy to get an "up to date" list with
this google query.

The list of CD's so far are:
Nothing Is Sound. Switchfoot
Unwritten [CONTENT/COPY-PROTECTED CD] [ENHANCED]
Natasha Bedingfield

Ride [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD]
Shelly Fairchild
12 Songs [CONTENT/COPY-PROTECTED CD]
Neil Diamond
Touch [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD]
Amerie
Bloom Remix Album [CONTENT/COPY-PROTECTED CD] [ENHANCED]
Sarah McLachlan
Kasabian [CONTENT/COPY-PROTECTED CD]
Kasabian
The Essential Pete Seeger [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD] [ORIGINAL RECORDING REMASTERED]
Pete Seeger
Jeru [CONTENT/COPY-PROTECTED CD] [ENHANCED] [ORIGINAL RECORDING REMASTERED]
Gerry Mulligan
imes Like These [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD]
Buddy Jewell,
Bob Brookmeyer & Friends [CONTENT/COPY-PROTECTED CD] [ORIGINAL RECORDING REMASTERED]
Bob Brookmeyer
Healthy In Paranoid Times [CONTENT/COPY-PROTECTED CD] [ENHANCED]
Our Lady Peace
Cautivo [CONTENT/COPY-PROTECTED CD] [DUALDISC]
Chayanne
The Invisible Invasion [CONTENT/COPY-PROTECTED CD]
Coral, The Coral
Defined [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD]
Amici Forever
Suspicious Activity [CONTENT/COPY-PROTECTED CD] [ENHANCED]
The Bad Plus
Manhattan Symphonie [CONTENT/COPY-PROTECTED CD] [ORIGINAL RECORDING REMASTERED]
Dexter Gordon
Phantoms [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD]
Acceptance
On Ne Change Pas [CONTENT/COPY-PROTECTED CD]
Celine Dion

Get Right with the Man [CONTENT/COPY-PROTECTED CD]
Van Zant
To Love Again [CONTENT/COPY-PROTECTED CD] [ENHANCED]
Chris Botti
Life [CONTENT/COPY-PROTECTED CD] [DUALDISC]
Ricky Martin
The Essential Dion [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD] [ENHANCED] [ORIGINAL RECORDING REMASTERED]
Dion
Faso Latido [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD]
A Static Lullaby
Change It All [CONTENT/COPY-PROTECTED CD]
Goapele

Susie Suh [CONTENT/COPY-PROTECTED CD]
Susie Suh

My Very Special Guests [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD] [ORIGINAL RECORDING REMASTERED]
George Jones

Broken Valley [CONTENT/COPY-PROTECTED CD]
Life of Agony
Silver's Blue [CONTENT/COPY-PROTECTED CD] [ENHANCED] [ORIGINAL RECORDING REMASTERED]
Horace Silver
Z [CONTENT/COPY-PROTECTED CD] [ENHANCED]
My Morning Jacket
The Dead 60s [CONTENT/COPY-PROTECTED CD]
The Dead 60s

What Can I do?
It is important to note that if you have tried to listen any of the above mentioned CD's your computer may have the rootkit installed. Hence, your system may be in danger of being hacked.

If you feel outraged because of this, you can write to the artists and complain about the problem. Tell them that their CD breaks your system as it opens a security hole.

If you think that there are other CD's which should be on this list please feel free to list them in a comment, also if you think any of the listed CD's DOES NOT actually have this problem please also state it in a comment.

Thank you!.
here is the removal tool for any victims:
http://cp.sonybmg.com/xcp/english/updates.html

Update:
Sony BMG rootkit hides Warden hackers
Two stories merge in bizarre twist
TWO STORIES of the week have spectacularly merged today. Apparently hackers are using the Sony BMG rootkit cloaking system to cover up their cheating on Blizzard's World of Warcraft, by hiding from Warden.

Warden, which is designed to monitor cheating in the game was named by electronic freedom group as major spyware.

Apparently all the hackers have to do to hide from Warden is buy a Sony BMG copy protected CD.

Warden, the anti-cheating program cannot detect any files that are hidden with Sony BMG's content protection, which only requires that the hacker add the prefix "$sys$" to file names.

More here. µ
unfortunately I seem to be having trouble acessing http://www.securityfocus.com/brief/34
to give you news directly from the source
On the other hand you can stop piracy by making your crap so good that people actuaily want to buy them
brilliant point. there are tons of cds/games that i have busted my behind to find and purchase because they were that good
Player-X said:
Sony BMG rootkit hides Warden hackers
Two stories merge in bizarre twist
TWO STORIES of the week have spectacularly merged today. Apparently hackers are using the Sony BMG rootkit cloaking system to cover up their cheating on Blizzard's World of Warcraft, by hiding from Warden.

Warden, which is designed to monitor cheating in the game was named by electronic freedom group as major spyware.

Apparently all the hackers have to do to hide from Warden is buy a Sony BMG copy protected CD.

Warden, the anti-cheating program cannot detect any files that are hidden with Sony BMG's content protection, which only requires that the hacker add the prefix "$sys$" to file names.

LMFAO....copy protection has come so far that not only are we cracking their copy protection, we are using it to crack other copy protections. They are making the industries screw each other over!!! LMFAO!!!! :lol: :lol: :lol: :lol:
Wow... Beats having to make a custom stealth mechanism to hide bots.

Almost died laughing there. :lol:
How the MPAA killed the movie theater experience: a first-hand report

How the MPAA killed the movie theater experience: a first-hand report


[I'd be glad to share other experiences, or a reply from the MPAA should
they choose to send one along. --Declan]

-------- Original Message --------
Subject: MPAA kills movie experience.
Date: Fri, 4 Nov 2005 11:22:20 -0500 (EST)
From: James Reid <[email protected]>
To: [email protected]


Hi Declan,

My girlfriend and I are writers here in Toronto and
I thought I'd share this, as if you needed evidence
that privacy abuses are out of hand, here's our
completely insane experience with the MPAA from
last night.



OMGMPAA1984WTF?


I wonder what kind of dystopian cyberpunk
future we live in when you are physically
searched before entering a movie theatre.

Last night (November 3rd), my girlfriend brought me
along to see a screening of Derailed at the Paramount
theatre in Toronto, which she had to
review for a magazine she works for. The lineup
for the screening was unusually long, as I think
they also fill seats at press screenngs with radio
call-in winners, who in hindsight, might have
accepted such poor treatment in exchange for
the ostensible privilege of paying for $30 worth
of parking and fast food at a free $13 movie.

Anyway, the line was moving slowly because they were asking
customers to raise their arms so that they could be
electronically frisked with a metal detector, and
women's purses were being searched by uniformed
security guards. Try to remember that this is
Toronto, Canada we're talking about here, not
New York, Tel Aviv or London.

People who submitted to the search (everyone from
what I could tell) had their cellphones taken from
them and checked at a table set up in front of
the theatre and they were given a ticket to reclaim
it when they left.

I was having none of this, and checked
the back of my ticket stub to ensure that there
was no mention of being required to submit to a
search listed as a condition of sale. As my girlfriend
and I made it to the front of the line, the guard
looked at me and asked me to raise my arms for the
search. I politely declined saying "No, thank
you", and proceeded to the ticket taker. I could hear
him calling "Sir! Sir!" behind me, but even though
I slowed my pace in case he was really going to do
something about it, as I had expected, I wasn't
stopped.

The ticket taker took my ticket and I waited for my
girlfriend just inside the gate, as her purse was
being subjected to a thorough going through by one
of the guards.

Since she was there for work, and her deadline was
that night, she was not ready to risk not seeing the
movie. Her 150 words won't have room for what
happened next.

Her phone was taken from her and put in a sealed
plastic bag with a claim ticket, and she
joined me where I was waiting, past the gate, and
we walked into the theatre together.

To add further insult to the debacle at the
gate, near the exits at stage right and left
were two uniformed security guards at each door,
all four with video cameras scanning the crowd
and making themselves very conspicuous.

This was not just a bit of pre-show MPAA theatre,
they stood there for the entirity of the movie, red
LED's glowing, scanning the crowd to remind
us that we were under close surviellence and our
actions were being recorded.

If you have sat in a chair in a dark room watching
disturbing scenes unfold in front of you, while four
uniformed people with video cameras stand in front
of your, silently recording your reactions, you might
be reminded of scenarios from a Clockwork Orange,
Brazil, 1984, Videodrome, and strangely,
that 90's relic: SFW.

Security guards regularly use handheld video
cameras to harrass and intimidate people,
particularly during political rallies and protests,
as the guards know that the cameras carry with
them a clear implication of future retribution
against those being recorded. The cameras are
quite literally, a threat.

( The threat is that if you do not behave as
the camera holder asks, the recording of your
actions will be used to persecute or discrace you.)

Upon leaving the theatre, my girlfriend and I
had to stop at the security desk to claim her
phone, which involved them searching through a
pile of bagged cellphones for the correct one.
We took another moment to turn the phone on
and wait for signal in the threatre to validate
that we in fact had the correct phone.

My girlfriend had said that if she hadn't already
agreed to her deadline, she would have made
a point of walking out of the screening and
giving the PR person a talking to. I did not
confront the camera wielding guards in the
theatre because she was my host she had a job
to do.

Only people who think they have done something
wrong, or deserve to be searched, submit to that
kind of authority, which is why guards get away
with it, and the rest of us continue to be
subjected to it and it becomes "normal".

Anyway, apparently this is Alliance Atlantis'
idea of how to treat an audience, then I for
one can certainly live without seeing any of
their films, and we will be skipping movies
at the Paramount theatre. I also know that
at least one reviewer will also be seeing
her movies elsewhere too.

I would also say that this is further evidence
that movie studios are losing revenue because
of the increasingly poor movie-going experience
and general low-quality of the movies they are
making, as after this, I can certainly undertstand
why someone would prefer to watch a movie on their
14 inch screen than suffer the indignity of a multiplex.
--
batz
This may be a little off topic but after reading that I can see kids buying a music cd from them and needing a security guard following them home watching thier every move and installing monitoring equiptment everywhere they go just to make sure they don't "pirate" it
That's insane!, Besides how much do they have to pay these security guards? probably a lot!, so not only are people avoiding the movies!, they're paying extra for security guards! pure stupidity!

I'll write a email to paramount and tell them to make me VD because I must be a 1000 times smarter than the people in charge :p ( I'm not claiming to be that smart either :D )
ChankastRules said:
I'll write a email to paramount and tell them to make me VD because I must be a 1000 times smarter than the people in charge :p ( I'm not claiming to be that smart either :D )
Well, 0 * 1000 = ???

...just kidding :p
Well, 0 * 1000 = ???

...just kidding
HAhahaha, You've got a point, although if they had 0.... they wouldn't be able to walk I guess :p and they can ( at least I think so )
Really? I thought that those gorillaz were just to stand somewhere and to look big... You don't need your cortex for that :D (your "thinking" parts, at least)
HAhahaha, You've got a point, although if they had 0.... they wouldn't be able to walk I guess :p and they can ( at least I think so )
Tapeworms can't walk
Meanwhile, back to rootkits and DRM...

If Sony is suicidal enough to install hidden rootkits on users' HDs that can still be detected but hardly removable at all, don't you think that means it's planning hardware lock-ins as well in the furute?

The Playstation 3 will probably ship with a HD unit, with a GNU/Linux system preinstalled to provide emulation of PS1 and PS2 games "in software and hardware".
Don't you think this could also mean such rootkits might be present BY DEFAULT on the HD, and any tampering with these could mean lost functionnality for your PS3, as it is the case currently with the XboX (tampering with hardware means your console will be banned from XboX Live FOREVER, even if nothing actually occured)

With hardware lock-ins, it will (most) definitely impossible to remove such a piece of scumware from your HD unit, even for skilled techs...

Dudes, watch out for anything with SONY on it, keep your computers safe, this scheme surely isn't restricted to music CDs, probably doable on anything with a HD (computers, consoles, huh...iPods?)
See less See more
This could cause interesting things to happen quite soon. The tension is building; will there be an explosion? How long will people put up with this? I've no intention of ever putting up with it, and haven't yet encountered such a problem that couldn't be easily bypassed.

This new stuff of installing crap on the machine without my consent is just plain criminal. They aren't the only ones doing it, and they're going to step all over each other and create a huge mess... on my machine. No thanks.

Also note I'm not just talking Sony - it also includes StarForce (and any company that uses it), and similar things. I'm kind of curious how Microsoft is going to take its final stance (completely supporting it or eventually throwing it off), as I note that though they seem to be leaning towards supporting it (by not including it in their malicious software removal tool), they still only employ what I'd call "reasonable" copy protection schemes (make as many copies of your OS & office suite as you want - just use only one of each).
See less See more
Player-X said:
This may be a little off topic but after reading that I can see kids buying a music cd from them and needing a security guard following them home watching thier every move and installing monitoring equiptment everywhere they go just to make sure they don't "pirate" it
going off-topic too....and defending the MPAA in this post (which I hardly do) diserves special treatment :p

Everyone thinks the MPAA runs the movie theaters....well they don't. Movie theaters do not take direct orders from the MPAA, instead they have their own organization, called NATO (National Association of Theatre Owners)....them and the movie theater company set the rules. And those rules (for my theater anyways) is to plaster a anti-piracy poster at the box office, and to only inspect really really big backbacks (like duffel bags, but we don't even do that :p ) Ocassionally, we have a police officer working inside on the busy nights, cause it tends to get a bit roudy with all the inter-city kids. But none of this security guards and metal detectors and any of this ****.

but other then that, blame Canada :D
Hard core Rikki said:
Meanwhile, back to rootkits and DRM...

If Sony is suicidal enough to install hidden rootkits on users' HDs that can still be detected but hardly removable at all, don't you think that means it's planning hardware lock-ins as well in the furute?

The Playstation 3 will probably ship with a HD unit, with a GNU/Linux system preinstalled to provide emulation of PS1 and PS2 games "in software and hardware".
Don't you think this could also mean such rootkits might be present BY DEFAULT on the HD, and any tampering with these could mean lost functionnality for your PS3, as it is the case currently with the XboX (tampering with hardware means your console will be banned from XboX Live FOREVER, even if nothing actually occured)

With hardware lock-ins, it will (most) definitely impossible to remove such a piece of scumware from your HD unit, even for skilled techs...

Dudes, watch out for anything with SONY on it, keep your computers safe, this scheme surely isn't restricted to music CDs, probably doable on anything with a HD (computers, consoles, huh...iPods?)
Well, In my opinion the scenario you described is pretty unlikely to happen.

First of all, if SONY releases an operating system for the PS3, it will definitely NOT be Windows which seems to be especially vulnerable to rootkits due to its API system. It'll more likely be a Linux distribution which can be easily patched against stuff like that. Furthermore such a Linux disribution (similar to the PS2 Linux Kit) might be built by SONY themselves, making it possible to integrate such crap directly into the OS kernel. Again, this should be no problem to patch.

Last, but not least, why should they even bother with crap like that? I suppose that they'll integrate such mechanisms directly in the BIOS, so in the end you will again have to chip your console in order to circumvent that DRM crap.
First of all, if SONY releases an operating system for the PS3, it will definitely NOT be Windows which seems to be especially vulnerable to rootkits due to its API system. It'll more likely be a Linux distribution which can be easily patched against stuff like that. Furthermore such a Linux disribution (similar to the PS2 Linux Kit) might be built by SONY themselves, making it possible to integrate such crap directly into the OS kernel. Again, this should be no problem to patch.
You do realise we already said SONY is going to be using GUNU/linux on the PS3 HD and they are the ones who use rootkits on thier own music CDs right? therefore it's more likely they have this kind of crapware copyprotection built in to the PS3 hardware and the PS3 OS, there is a good chance that the ps3 will also have some kind of DRM mechinism that reports back to SONY or some other greedy bastards everytime you play a "personalrightsprotected"(I am making a new term that will hopefully spread around here, it means it stops you from using your right to copy, rip or even play your cds in certain devices) CD/DVD/BRD(Blue Ray Disc)

Last, but not least, why should they even bother with crap like that? I suppose that they'll integrate such mechanisms directly in the BIOS, so in the end you will again have to chip your console in order to circumvent that DRM crap.
It could be intergrated into the CPU and other components making it harder to crack than a simple modchip

If the copyprotection system is something like using bad sectors like the PS2 or early securom it's fine by me but if it installs crap like starforce or this SONY copyprotection I am boycotting it
Being searched at an airport by members of the country's security force I can understand, but installing things onto hardware that can't be uninstalled and... MOVIE THEATERS? Something is seriously wrong, and I don't think it has anything to do with the "average joe."
Player-X said:
You do realise we already said SONY is going to be using GUNU/linux on the PS3 HD and they are the ones who use rootkits on thier own music CDs right? therefore it's more likely they have this kind of crapware copyprotection built in to the PS3 hardware and the PS3 OS, there is a good chance that the ps3 will also have some kind of DRM mechinism that reports back to SONY or some other greedy bastards everytime you play a "personalrightsprotected"(I am making a new term that will hopefully spread around here, it means it stops you from using your right to copy, rip or even play your cds in certain devices) CD/DVD/BRD(Blue Ray Disc)
Of course I do know that. You didn't seem to get my point entirely. The question was whether Sony was to put some data hiding rootkit onto the PS3 HD to protect contents in a similar way as they do on regular PCs. My answer was NO, because a SONY-built OS will more likely have such things integrated directly making a simple rootkit obsolete. And I still think that it might be circumvented by patching unless there's some tricky watching program in the BIOS to prevent you from doing such things.

Player-X said:
It could be intergrated into the CPU and other components making it harder to crack than a simple modchip
That's what I was trying to say. Sorry if I didn't express that thought properly.
Acctually I think Sony will be careful with such a things in the PS3 because they just have too much of there future running on that machine to make people pissed off with it.
Player-X said:
You do realise we already said SONY is going to be using GUNU/linux on the PS3 HD and they are the ones who use rootkits on thier own music CDs right? therefore it's more likely they have this kind of crapware copyprotection built in to the PS3 hardware and the PS3 OS, there is a good chance that the ps3 will also have some kind of DRM mechinism that reports back to SONY or some other greedy bastards everytime you play a "personalrightsprotected"(I am making a new term that will hopefully spread around here, it means it stops you from using your right to copy, rip or even play your cds in certain devices) CD/DVD/BRD(Blue Ray Disc)


It could be intergrated into the CPU and other components making it harder to crack than a simple modchip

If the copyprotection system is something like using bad sectors like the PS2 or early securom it's fine by me but if it installs crap like starforce or this SONY copyprotection I am boycotting it

Instead of heavy DRM on each disc, we will undoubtedly have a "feature" similar to XboX's "Chain Of Trust". This stuff checks for hardware IDs+ disc IDs as well and creates a single ID wich can be used to identify if hardware has been tampered with and/or game disc is legitimate. The actual identification process is tamper-proof as it is actually available on distant Microsoft servers. Didn't anyone wonder why the next XboX will feature AT LEAST XboX Live by default (without online gaming capability tough)? Next-generation DVD players might also include MANDATORY broadband connections. You people get the big picture now?

the PS3's Chain of Trust will probably have the same functionnalty as XboX's and XboX 360's. Just a proprietary version of it. It could (i guess WILL) also be used to identify what DVD movies you watch, how often... Once the Chain of Trust is broken (creating weird IDs, sent to the hardware) and your console is online, you willmight lose some gaming/movie playing features as a "sanction" for exercising your fair use rights.

This rootkit/DRM stuff isn't exclusive to Sony. It's only the beginning too.
A good piece of advice for everyone: choose your next-gen home console wisely...

For more information related, see:

http://www.xbox-linux.org/wiki/The_Hidden_Boot_Code_of_the_Xbox

http://en.wikipedia.org/wiki/Digital_rights_management

http://en.wikipedia.org/wiki/Sony_Connect
http://en.wikipedia.org/wiki/SonicStage
for info on Sony's OpenMG new DRM scheme for online music.
Didn't like DRM for Sony's Audio CDs? You won't like it for its MP3s then.


you might want to check www.futureofmusic.org as well
See less See more
For all purchasers of Sony music in Italia, rejoice. Sony's DRM ends up in court in Italy as the Italian EFF is suing Sony for illegitimate deployment of software that is alike to a virus.

http://www.engadget.com/entry/1234000650066981/
21 - 40 of 119 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top