Oh, Sony, So Much To Answer For

Before I left for America, I made a post about copy-protected CDs. While I was away, there was some rather big news on that front, in that for the past year, Sony has been shipping CDs that install a rootkit on Windows machines. And not just any rootkit, but one that cloaks itself and provides a mechanism for Sony to inject hidden code onto your computer. And, by an amazing coincidence, so can anybody else who discovers Sony's method. There are now several viruses and trojans floating around the Internet that abuse this feature to infect computers afflicted with the Sony software. This means that your computer may, even now, be part of what's called a 'botnet' and participating in computer attacks worldwide.

After an initial response from Sony of "most users don't know what a rootkit is, so why should they worry about it?", they eventually offered a fix, possibly because of the large amount of negative press being generated worldwide. As far as I know, though, they still haven't provided a list of all the CDs that have this 'protection' included.

Amazingly, though, the fix doesn't remove the rootkit, it only updates a few files, and removes the additional cloaking feature (or changes it, as Sony hasn't released details of what their fix actually does). Oh, and as a bonus side-effect, it actually makes your computer even more susceptible to attack from outside. Hurrah for Sony!

Today, though, things got even stranger. Because Sebastian Porst and Matti Nikki disassembled Sony's code, discovering something rather curious: the rootkit contains code from the open source MP3 encoder LAME, in a possible violation of the program's LGPL violation, and VideoLAN's FairPlay's circumvention code, in a clear violation of that program's licence (GPL) (even more amusingly, that code's sole purpose is to get around Apple's iTunes protection, possibly opening the door for Apple to sue Sony under the DMCA in the USA).

But how widespread is the infection? Well, happily, Sony provided a way of answering that potentially difficult question. Because, just to pile on misery, the rootkit also talks to Sony's servers to display advertising banners while you enjoy the privilege of listening to music that you've bought. Dan Kaminsky, who has in the past managed to bend the DNS specification to do all sorts of amazing things, looked at a list of DNS nameservers to make a rough guess of how many computers were asking for the banners. This is Planet Sony.

And finally, the company that supplied the software for Sony's CDs is called First4Internet. It's based somewhat close to home, in fact just up the road in Banbury. Perhaps now would be a time to recount some of the Computer Misuse Act of 1990:

3.—(1) A person is guilty of an offence if —
(a) he does any act which causes an unauthorised modification of the contents of any computer; and
(b) at the time when he does the act he has the requisite intent and the requisite knowledge

(2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing—
(a) to impair the operation of any computer;
(b) to prevent or hinder access to any program or data held in any computer; or
(c) to impair the operation of any such program or the reliability of any such data.

(3) The intent need not be directed at—
(a) any particular computer;
(b) any particular program or data or a program or data of any particular kind; or
(c) any particular modification or a modification of any particular kind.

So, do you think we should call the police?