Oct 31 2005: Security researcher Mark Russinovich blows the whistle on Sony-BMG, whose latest "audio CDs" were actually multi-session data-discs, deliberately designed to covertly infect Windows computers when inserted into their optical drives.
The malware installed by Sony blinded infected computers' immune systems. Any file that began with "$sys$" became invisible to the operating system, not displayed in directory listings nor process-managers. Antivirus programs could not see files that began with this string. Immediately, other virus creators started renaming their programs to start with $sys$, so that they could operate under the stealth-cloak installed by Sony. These opportunistic infections were also invisible to antivirus programs.
In the end, we discovered that more than 6,000,000 malware-infected CDs were shipped, comprising 51 titles. These infected 200,000-300,000 US government and military networks.
Russinovich was not the first researcher to discover the Sony Rootkit, just the first researcher to blow the whistle on it. The other researchers were advised by their lawyers that any report on the rootkit would violate section 1201 of the DMCA, a 1998 law that prohibits removing "copyright protection" software. The gap between discovery and reporting gave the infection a long time to spread.
Today, 1201 is used to restrict reporting on everything from tractors to cars, insulin pumps, as more and more industries use digital locks to prevent their customers and competitors from changing the products they own to be more valuable and useful to them.
In January, I went back to work at EFF on a project to kill DMCA 1201 and its equivalents around the world.
But Sony BMG's president, Thomas Hesse, dismissed the issue completely, and was quoted saying "Most people, I think, don't even know what a Rootkit is, so why should they care about it?". The press published what Sony was secretly doing to people's personal property and Sony was forced to settle numerous lawsuits and repair customers' trust as soon as possible.
Despite the fallout of Sony's rootkit experiment, 10 years later restrictions on users' personal property are more prevalent than ever. Restrictions are commonly found in legitimately purchased ebooks, video game hardware, and all manner of proprietary software. It has even found ways into our cars, and coffee machines. Even Steve Jobs lamented the forceful implementation of restriction software, software his own company was well known for using.
Revisiting the Sony Rootkit [FSFE]